{"id":"https://openalex.org/W4205302952","doi":"https://doi.org/10.1109/access.2022.3142022","title":"Anomaly Detection for Insider Attacks From Untrusted Intelligent Electronic Devices in Substation Automation Systems","display_name":"Anomaly Detection for Insider Attacks From Untrusted Intelligent Electronic Devices in Substation Automation Systems","publication_year":2022,"publication_date":"2022-01-01","ids":{"openalex":"https://openalex.org/W4205302952","doi":"https://doi.org/10.1109/access.2022.3142022"},"language":"en","primary_location":{"id":"doi:10.1109/access.2022.3142022","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2022.3142022","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9668973/09676687.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/9668973/09676687.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047824108","display_name":"Xuelei Wang","orcid":"https://orcid.org/0000-0001-9436-4654"},"institutions":[{"id":"https://openalex.org/I160993911","display_name":"Queensland University of Technology","ror":"https://ror.org/03pnv4752","country_code":"AU","type":"education","lineage":["https://openalex.org/I160993911"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Xuelei Wang","raw_affiliation_strings":["School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia","institution_ids":["https://openalex.org/I160993911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071276579","display_name":"Colin Fidge","orcid":"https://orcid.org/0000-0002-9410-7217"},"institutions":[{"id":"https://openalex.org/I160993911","display_name":"Queensland University of Technology","ror":"https://ror.org/03pnv4752","country_code":"AU","type":"education","lineage":["https://openalex.org/I160993911"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Colin Fidge","raw_affiliation_strings":["School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia","institution_ids":["https://openalex.org/I160993911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022722624","display_name":"Ghavameddin Nourbakhsh","orcid":"https://orcid.org/0000-0001-9679-7306"},"institutions":[{"id":"https://openalex.org/I160993911","display_name":"Queensland University of Technology","ror":"https://ror.org/03pnv4752","country_code":"AU","type":"education","lineage":["https://openalex.org/I160993911"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Ghavameddin Nourbakhsh","raw_affiliation_strings":["School of Electrical Engineering and Robotics, Queensland University of Technology (QUT), Brisbane, QLD, Australia"],"affiliations":[{"raw_affiliation_string":"School of Electrical Engineering and Robotics, Queensland University of Technology (QUT), Brisbane, QLD, Australia","institution_ids":["https://openalex.org/I160993911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014449585","display_name":"Ernest Foo","orcid":"https://orcid.org/0000-0002-3971-6415"},"institutions":[{"id":"https://openalex.org/I11701301","display_name":"Griffith University","ror":"https://ror.org/02sc3r913","country_code":"AU","type":"education","lineage":["https://openalex.org/I11701301"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Ernest Foo","raw_affiliation_strings":["School of Information and Communication Technology, Griffith University, Brisbane, QLD, Australia"],"affiliations":[{"raw_affiliation_string":"School of Information and Communication Technology, Griffith University, Brisbane, QLD, Australia","institution_ids":["https://openalex.org/I11701301"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080148923","display_name":"Zahra Jadidi","orcid":"https://orcid.org/0000-0002-6694-7753"},"institutions":[{"id":"https://openalex.org/I11701301","display_name":"Griffith University","ror":"https://ror.org/02sc3r913","country_code":"AU","type":"education","lineage":["https://openalex.org/I11701301"]},{"id":"https://openalex.org/I160993911","display_name":"Queensland University of Technology","ror":"https://ror.org/03pnv4752","country_code":"AU","type":"education","lineage":["https://openalex.org/I160993911"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Zahra Jadidi","raw_affiliation_strings":["School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia","School of Information and Communication Technology, Griffith University, Brisbane, QLD, Australia"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Queensland University of Technology (QUT), Brisbane, QLD, Australia","institution_ids":["https://openalex.org/I160993911"]},{"raw_affiliation_string":"School of Information and Communication Technology, Griffith University, Brisbane, QLD, Australia","institution_ids":["https://openalex.org/I11701301"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5046848324","display_name":"Calvin Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Calvin Li","raw_affiliation_strings":["Asset and Operations, Jemena Ltd., Sydney, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"Asset and Operations, Jemena Ltd., Sydney, NSW, Australia","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5047824108"],"corresponding_institution_ids":["https://openalex.org/I160993911"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":5.9418,"has_fulltext":true,"cited_by_count":44,"citation_normalized_percentile":{"value":0.96669211,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"10","issue":null,"first_page":"6629","last_page":"6649"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.832388162612915},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.674828827381134},{"id":"https://openalex.org/keywords/sliding-window-protocol","display_name":"Sliding window protocol","score":0.5943960547447205},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5077308416366577},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4835962653160095},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.4707527756690979},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.45944535732269287},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.44270074367523193},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.442155659198761},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.43822893500328064},{"id":"https://openalex.org/keywords/sass","display_name":"Sass","score":0.4256308674812317},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.42550987005233765},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.3756362497806549},{"id":"https://openalex.org/keywords/window","display_name":"Window (computing)","score":0.34477946162223816},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2984873652458191},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.10788500308990479}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.832388162612915},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.674828827381134},{"id":"https://openalex.org/C102392041","wikidata":"https://www.wikidata.org/wiki/Q592860","display_name":"Sliding window protocol","level":3,"score":0.5943960547447205},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5077308416366577},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4835962653160095},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.4707527756690979},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.45944535732269287},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.44270074367523193},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.442155659198761},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.43822893500328064},{"id":"https://openalex.org/C2778917941","wikidata":"https://www.wikidata.org/wiki/Q1572865","display_name":"Sass","level":2,"score":0.4256308674812317},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.42550987005233765},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.3756362497806549},{"id":"https://openalex.org/C2778751112","wikidata":"https://www.wikidata.org/wiki/Q835016","display_name":"Window (computing)","level":2,"score":0.34477946162223816},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2984873652458191},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.10788500308990479},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/access.2022.3142022","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2022.3142022","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9668973/09676687.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:e457d79a04a745f99d9ca8e3ae12ac39","is_oa":true,"landing_page_url":"https://doaj.org/article/e457d79a04a745f99d9ca8e3ae12ac39","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 10, Pp 6629-6649 (2022)","raw_type":"article"},{"id":"pmh:oai:research-repository.griffith.edu.au:10072/411613","is_oa":true,"landing_page_url":"http://hdl.handle.net/10072/411613","pdf_url":null,"source":{"id":"https://openalex.org/S4306402548","display_name":"Griffith Research Online (Griffith University, Queensland, Australia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I11701301","host_organization_name":"Griffith University","host_organization_lineage":["https://openalex.org/I11701301"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Journal article"}],"best_oa_location":{"id":"doi:10.1109/access.2022.3142022","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2022.3142022","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9668973/09676687.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320315885","display_name":"Australian Government","ror":"https://ror.org/0314h5y94"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4205302952.pdf","grobid_xml":"https://content.openalex.org/works/W4205302952.grobid-xml"},"referenced_works_count":51,"referenced_works":["https://openalex.org/W595508426","https://openalex.org/W1550654601","https://openalex.org/W1966809779","https://openalex.org/W1970978220","https://openalex.org/W2048934802","https://openalex.org/W2071164745","https://openalex.org/W2112158239","https://openalex.org/W2507403165","https://openalex.org/W2514382028","https://openalex.org/W2515527499","https://openalex.org/W2516619066","https://openalex.org/W2546929003","https://openalex.org/W2553389691","https://openalex.org/W2562173243","https://openalex.org/W2612926065","https://openalex.org/W2743967296","https://openalex.org/W2747428077","https://openalex.org/W2781662152","https://openalex.org/W2783069543","https://openalex.org/W2796646760","https://openalex.org/W2807619819","https://openalex.org/W2807891910","https://openalex.org/W2887912225","https://openalex.org/W2890688913","https://openalex.org/W2891642265","https://openalex.org/W2904349623","https://openalex.org/W2912105969","https://openalex.org/W2921305286","https://openalex.org/W2936667289","https://openalex.org/W2970377031","https://openalex.org/W2980039056","https://openalex.org/W2997967197","https://openalex.org/W3031028459","https://openalex.org/W3038373665","https://openalex.org/W3081002445","https://openalex.org/W3082158500","https://openalex.org/W3087552752","https://openalex.org/W3090111074","https://openalex.org/W3107270903","https://openalex.org/W3161881368","https://openalex.org/W3167525063","https://openalex.org/W3169577313","https://openalex.org/W3177983580","https://openalex.org/W4210313304","https://openalex.org/W4237959271","https://openalex.org/W4240793192","https://openalex.org/W4254133509","https://openalex.org/W4254366156","https://openalex.org/W4256462504","https://openalex.org/W6639175750","https://openalex.org/W6736087642"],"related_works":["https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W2018332730","https://openalex.org/W4387194049","https://openalex.org/W2286217954"],"abstract_inverted_index":{"In":[0,76],"recent":[1],"decades,":[2],"cyber":[3],"security":[4],"issues":[5],"in":[6],"IEC":[7],"61850-compliant":[8],"substation":[9,159],"automation":[10],"systems":[11],"(SASs)":[12],"have":[13,19],"become":[14],"growing":[15],"concerns.":[16],"Many":[17],"researchers":[18],"developed":[20],"various":[21],"strategies":[22],"to":[23,86,123,131,144,182,195,217],"detect":[24,62,115,229],"malicious":[25],"behaviours":[26,138],"of":[27,73,173,177,240],"SASs":[28],"during":[29],"the":[30,121,170,174],"system":[31],"operational":[32],"stage,":[33],"such":[34],"as":[35],"anomaly-based":[36,41],"detection.":[37],"However,":[38],"most":[39],"existing":[40],"detection":[42,112,184],"methods":[43,59,85],"identify":[44],"an":[45],"abnormal":[46],"behaviour":[47],"by":[48],"checking":[49],"every":[50],"single":[51],"network":[52,154],"packet":[53],"without":[54,120],"any":[55],"association.":[56],"These":[57],"traditional":[58],"cannot":[60],"effectively":[61],"“stealthy”":[63],"attacks":[64,95,231],"which":[65],"modify":[66],"legitimate":[67],"messages":[68,162],"slightly":[69],"while":[70],"imitating":[71],"patterns":[72],"benign":[74],"behaviours.":[75],"this":[77],"paper,":[78],"we":[79,148,190,204],"present":[80],"feature":[81],"selection":[82],"and":[83,88,135,150,163,186,219],"extraction":[84],"generalise":[87,132],"summarise":[89,136],"critical":[90,133,153],"features":[91,134,155,167],"when":[92],"detecting":[93],"insider":[94,230],"triggering":[96],"from":[97,127,156],"untrusted":[98],"control":[99],"devices":[100,119,234],"within":[101],"SASs.":[102],"By":[103],"applying":[104],"a":[105,206,224,237],"sliding":[106,192],"window-based":[107,201],"sequential":[108,207],"classification":[109,208],"mechanism,":[110],"our":[111,226],"method":[113,227],"can":[114,228],"anomalies":[116],"across":[117,232],"multiple":[118,233],"need":[122],"learn":[124],"datasets":[125,197],"collected":[126],"all":[128,146],"devices.":[129],"Firstly,":[130],"systems’":[137],"so":[139],"that":[140],"it":[141],"is":[142],"unnecessary":[143],"collect":[145],"datasets,":[147],"selected":[149],"extracted":[151],"six":[152],"generic":[157],"object-oriented":[158],"events":[160],"(GOOSE)":[161],"seven":[164],"summarised":[165],"physical":[166],"based":[168,210],"on":[169,211],"general":[171],"architecture":[172],"primary":[175],"plant":[176],"distribution":[178],"substations.":[179],"After":[180],"that,":[181],"improve":[183],"accuracy":[185],"reduce":[187],"computational":[188],"costs,":[189],"applied":[191,205],"window":[193],"algorithms":[194],"divide":[196],"into":[198],"different":[199],"overlapped":[200],"snippets.":[202],"Then":[203],"model":[209],"Bidirectional":[212],"Long":[213],"Short-Term":[214],"Memory":[215],"networks":[216],"train":[218],"test":[220],"those":[221],"datasets.":[222],"As":[223],"result,":[225],"accurately":[235],"with":[236],"false-negative":[238],"rate":[239],"less":[241],"than":[242],"1%.":[243]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":16},{"year":2024,"cited_by_count":15},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}