A lightweight intrusion alert fusion system

In this paper, we present some practical experience on implementing an alert fusion mechanism from our project. After investigation on most of the existing alert fusion systems, we found the current body of work alternatively weighed down in the mire of insecure design or rarely deployed because of their complexity. As confirmed by our experimental analysis, unsuitable mechanisms could easily be submerged by an abundance of useless alerts. Even with the use of methods that achieve a high fusion rate and low false positives, attack is also possible. To find the solution, we carried out analysis on a series of alerts generated by well-known datasets as well as realistic alerts from the Australian Honey-Pot. One important finding is that one alert has more than an 85% chance of being fused in the following 5 alerts. Of particular importance is our design of a novel lightweight Cache-based Alert Fusion Scheme, called CAFS. CAFS has the capacity to not only reduce the quantity of useless alerts generated by IDS (Intrusion Detection System), but also enhance the accuracy of alerts, therefore greatly reducing the cost of fusion processing. We also present reasonable and practical specifications for the target-oriented fusion policy that provides a quality guarantee on alert fusion, and as a result seamlessly satisfies the process of successive correlation. Our experimental results showed that the CAFS easily attained the desired level of survivable, inescapable alert fusion design. Furthermore, as a lightweight scheme, CAFS can easily be deployed and excel in a large amount of alert fusions, which go towards improving the usability of system resources. To the best of our knowledge, our work is a novel exploration in addressing these problems from a survivable, inescapable and deployable point of view

An improved DC fault protection scheme independent of boundary components for MMC based HVDC grids

For Modular Multilevel Converter (MMC) based DC grids, current-limiting reactors (CLRs) are mainly employed to suppress the fault current and provide boundary effects to detect internal faults. Thus, most existing protection schemes are highly dependent on the larger CLRs to guarantee high selectivity. However, in existing MMC based HVDC projects, the size of CLRs is restrained by the cost, weight and system stability under normal state. Thus, boundary protections may fail to detect high-resistance faults and pole-to-ground faults. To overcome these shortcomings, this paper proposes a fast and selective DC fault detection algorithm independent of boundary components. The propagation characteristics of line-mode backward traveling-waves (TW) are analyzed to identify external and internal faults. The polarities of zero-mode backward TWs are employed to select faulted poles. To detect remote faults, a pilot protection scheme based on the directional overcurrent is adopted as the complementary criterion. The detection speed of the proposed protection is fast, with a delay less than 1.1ms. Besides, it is robust to fault resistance and immune to noise. Various simulation results in PSCAD/EMTDC demonstrate that the proposed method is not affected by AC faults, fault distances and fault type

ANN-based robust DC fault protection algorithm for MMC high-voltage direct current grids

Fast and reliable protection is a significant technical challenge in modular multilevel converter (MMC) based DC grids. The existing fault detection methods suffer from the difficulty in setting protective thresholds, incomplete function, insensitivity to high resistance faults and vulnerable to noise. This paper proposes an artificial neural network (ANN) based method to enable DC bus protection and DC line protection for DC grids. The transient characteristics of DC voltages are analysed during DC faults. Based on the analysis, the discrete wavelet transform (DWT) is used as an extractor of distinctive features at the input of the ANN. Both frequency-domain and time-domain components are selected as input vectors. A large number of offline data considering the impact of noise is employed to train the ANN. The outputs of the ANN are used to trigger the DC line and DC bus protections and select the faulted poles. The proposed method is tested in a four-terminal MMC based DC grid under PSCAD/EMTDC. The simulation results verify the effectiveness of the proposed method in fault identification and the selection of the faulty pole. The intelligent algorithm based protection scheme has good performance concerning selectivity, reliability, robustness to noise and fast action