Defensible IEC 61850 Substation Network Security Monitoring with Zeek

This study introduces a Zeek-based monitoring framework that leverages transport layer and layer two invariants, such as MAC and VLAN integrity, multicast group membership, traffic rates, and MMS connection behavior, to detect the most consequential precursors to substation misoperation. Using...

By

Elliot Lee

January 26, 2026

All papers are copyrighted. No re-posting of papers is permitted

Related Content

Cyber Defense Essentials

October 6, 2021

Can We Move Past Blocklists to Automated Takedowns?

Penetration Testing and Ethical Hacking

October 6, 2021

Striking from the Shadows: Applying and Analyzing Mitigation Techniques to Bypass Antivirus Payload Detection

September 16, 2021

Cloud Multi-Account Policy Enforcement