Cyber Attacks Detection, Prevention, and Source Localization in Digital Substation Communication using Hybrid Statistical-Deep Learning

• URL: http://arxiv.org/abs/2507.00522v1
• Date: Tue, 01 Jul 2025 07:38:22 GMT
• Title: Cyber Attacks Detection, Prevention, and Source Localization in Digital Substation Communication using Hybrid Statistical-Deep Learning
• Authors: Nicola Cibin, Bas Mulder, Herman Carstens, Peter Palensky, Alexandru Ştefanov,
• Abstract summary: This paper proposes a novel method using hybrid statistical-deep learning for the detection, prevention, and source localization of IEC 61850 SV injection attacks.<n>It effectively discards malicious SV frames with minimal processing overhead and latency, maintains robustness against communication network latency variation and time-synchronization issues.<n>Results demonstrate the method's suitability for practical deployment in IEC 61850-compliant digital substations.
• Score: 39.58317527488534
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The digital transformation of power systems is accelerating the adoption of IEC 61850 standard. However, its communication protocols, including Sampled Values (SV), lack built-in security features such as authentication and encryption, making them vulnerable to malicious packet injection. Such cyber attacks can delay fault clearance or trigger unintended circuit breaker operations. While most existing research focuses on detecting cyber attacks in digital substations, intrusion prevention systems have been disregarded because of the risk of potential communication network disruptions. This paper proposes a novel method using hybrid statistical-deep learning for the detection, prevention, and source localization of IEC 61850 SV injection attacks. The method uses exponentially modified Gaussian distributions to model communication network latency and long short-term memory and Elman recurrent neural network to detect anomalous variations in the estimated probability distributions. It effectively discards malicious SV frames with minimal processing overhead and latency, maintains robustness against communication network latency variation and time-synchronization issues, and guarantees a near-zero false positive rate in non-attack scenarios. Comprehensive validation is conducted on three testbeds involving industrial-grade devices, hardware-in-the-loop simulations, virtualized intelligent electronic devices and merging units, and high-fidelity emulated communication networks. Results demonstrate the method's suitability for practical deployment in IEC 61850-compliant digital substations.

Related papers

• CANDoSA: A Hardware Performance Counter-Based Intrusion Detection System for DoS Attacks on Automotive CAN bus [45.24207460381396]
  This paper presents a novel Intrusion Detection System (IDS) designed for the Controller Area Network (CAN) environment.<n>A RISC-V-based CAN receiver is simulated using the gem5 simulator, processing CAN frame payloads with AES-128 encryption as FreeRTOS tasks.<n>Results indicate that this approach could significantly improve CAN security and address emerging challenges in automotive cybersecurity.
  arXiv  Detail & Related papers  (2025-07-19T20:09:52Z)
• ML-Enabled Eavesdropper Detection in Beyond 5G IIoT Networks [0.0]
  This paper focuses on the utilization of Machine and Deep Learning (ML/DL) techniques to tackle with the common problem of eavesdropping detection.<n> ML/DL models classify users as either legitimate or malicious ones based on channel state information (CSI), position data, and transmission power.<n>According to the presented numerical results, DCNN and RF models achieve a detection accuracy approaching 100% in identifying eavesdroppers with zero false alarms.
  arXiv  Detail & Related papers  (2025-05-05T08:49:18Z)
• MDHP-Net: Detecting an Emerging Time-exciting Threat in IVN [42.74889568823579]
  We identify a new time-exciting threat model against in-vehicle network (IVN)<n>These attacks inject malicious messages that exhibit a time-exciting effect, gradually manipulating network traffic to disrupt vehicle operations and compromise safety-critical functions.<n>To detect time-exciting threat, we introduce MDHP-Net, leveraging Multi-Dimentional Hawkes Process (MDHP) and temporal and message-wise feature extracting structures.
  arXiv  Detail & Related papers  (2025-04-16T08:41:24Z)
• CRUPL: A Semi-Supervised Cyber Attack Detection with Consistency Regularization and Uncertainty-aware Pseudo-Labeling in Smart Grid [0.5499796332553707]
  Cyberattacks on smart grids can compromise data integrity and jeopardize the reliability of the power supply.<n>Traditional intrusion detection systems often need help to effectively detect novel and sophisticated attacks.<n>This work proposes a semi-supervised method for cyber-attack detection in smart grids by leveraging the labeled and unlabeled measurement data.
  arXiv  Detail & Related papers  (2025-03-01T05:49:23Z)
• Communication-Efficient Federated Learning by Quantized Variance Reduction for Heterogeneous Wireless Edge Networks [55.467288506826755]
  Federated learning (FL) has been recognized as a viable solution for local-privacy-aware collaborative model training in wireless edge networks.<n>Most existing communication-efficient FL algorithms fail to reduce the significant inter-device variance.<n>We propose a novel communication-efficient FL algorithm, named FedQVR, which relies on a sophisticated variance-reduced scheme.
  arXiv  Detail & Related papers  (2025-01-20T04:26:21Z)
• CryptoFormalEval: Integrating LLMs and Formal Verification for Automated Cryptographic Protocol Vulnerability Detection [41.94295877935867]
  We introduce a benchmark to assess the ability of Large Language Models to autonomously identify vulnerabilities in new cryptographic protocols. We created a dataset of novel, flawed, communication protocols and designed a method to automatically verify the vulnerabilities found by the AI agents.
  arXiv  Detail & Related papers  (2024-11-20T14:16:55Z)
• MDHP-Net: Detecting an Emerging Time-exciting Threat in IVN [42.74889568823579]
  We identify a new time-exciting threat model against in-vehicle network (IVN)<n>These attacks inject malicious messages that exhibit a time-exciting effect, gradually manipulating network traffic to disrupt vehicle operations and compromise safety-critical functions.<n>To detect time-exciting threat, we introduce MDHP-Net, leveraging Multi-Dimentional Hawkes Process (MDHP) and temporal and message-wise feature extracting structures.
  arXiv  Detail & Related papers  (2024-11-15T15:05:01Z)
• A Novel Generative AI-Based Framework for Anomaly Detection in Multicast Messages in Smart Grid Communications [0.0]
  Cybersecurity breaches in digital substations pose significant challenges to the stability and reliability of power system operations. This paper proposes a task-oriented dialogue system for anomaly detection (AD) in datasets of multicast messages. It has a lower potential error and better scalability and adaptability than a process that considers the cybersecurity guidelines recommended by humans.
  arXiv  Detail & Related papers  (2024-06-08T13:28:50Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• SDN-Based Dynamic Cybersecurity Framework of IEC-61850 Communications in Smart Grid [0.5399800035598186]
  Cyber breaches into power grid substations present a risk. Nowadays, software-defined network (SDN) is being widely used in the substation automation system. We propose a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented substation event (GOOSE) messages.
  arXiv  Detail & Related papers  (2023-11-20T21:49:41Z)
• Cross-Layered Distributed Data-driven Framework For Enhanced Smart Grid Cyber-Physical Security [3.8237485961848128]
  Cross-Layer Ensemble CorrDet with Adaptive Statistics is presented. It integrates the detection of faulty SG measurement data as well as inconsistent network inter-arrival times and transmission delays. Results show that CECD-AS can detect multiple False Data Injections, Denial of Service (DoS) and Man In The Middle (MITM) attacks with a high F1-score.
  arXiv  Detail & Related papers  (2021-11-10T00:00:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.