A system for detecting MITM for SCADA communication networks includes secure substation-substation communication links for providing secure and reliable paths to exchange OT data between substations for OT data consistency check; a SIB in each substation for sampling CT and PT measurements to calculate voltage magnitude and phase angle thereof; a S&C server in each substation coupled to the SIB for receiving the voltage magnitude and phase angle from the SIB and obtaining a packet carrying active power flow in transmission lines between two substations and a time stamp; an IDS server placed in a SCADA center for collecting the packet of each substation sent by the S&C server; analyzing the received packet from every adjacent substation; inspecting the payload of the received packet; and triggering an intrusion alarm to a SCADA operator when the power flow is not the same as the payload of the packets.
US 20200314142 A1
Board of Trustees of the University of Arkansas (Little Rock, AR)
McCann, R. A., & Albunashee, H. M. (2021). Methods and systems for detection of man-in-the-middle attacks for SCADA communication networks and applications of same. Patents Granted. Retrieved from https://scholarworks.uark.edu/pat/428