Cyberattacks identification in IEC 61850 based substation using proximal support vector machine

Issue title: Digital transformation through advances in artificial intelligence and machine learning

Guest editors: Hasmat Malik, Gopal Chaudhary and Smriti Srivastava

Article type: Research Article

Authors: Malik, Hasmat^a | Alotaibi, Majed A.^{b; c} | Almutairi, Abdulaziz^{d; *}

Affiliations: [a] BEARS, University Town, NUS Campus, Singapore | [b] Deparment of Electrical Engineering, College of Engineering, King Saud University, Riyadh, Saudi Arabia | [c] Saudi Electricity Company Chair in Power System Reliability and Security, King Saud University, Riyadh, Saudi Arabia | [d] Deparment of Electrical Engineering, College of Engineering, Majmaah University, Riyadh, Saudi Arabia

Correspondence: [*] Corresponding author. Abdulaziz Almutairi, Deparment of Electrical Engineering, College of Engineering, Majmaah University, Riyadh, Saudi Arabia. E-mail: [email protected].

Abstract: Maintaining the reliable, efficient, secure and multifunctional IEC 61850 based substation is an extremely challenging task, especially in the ever-evolving cyberattacks domain. This challenge is also exacerbated with expending the modern power system (MPS) to meet the demand along with growing availability of hacking tools in the hacker community. Few of the most serious threats in the substation automation system (SAS) are DoS (Denial of Services), MS (Message Suppression) and DM (Data Manipulation) attacks, where DoS is due to flood bogus frames. In MS, hacker inject the GOOSE sequence (sqNum) and GOOSE status (stNum) number. In the DM attacks, attacker modify current measurements reported by the merging units, inject modified boolean value of circuit breaker and replay a previously valid message. In this paper, an intelligent cyberattacks identification approach in IEC 61850 based SAS using PSVM (proximal support vector machine) is proposed. The performance of the proposed approach is demonstrated using experimental dataset of recorded signatures. The obtained results of the demonstrated study shows the effectiveness and high level of acceptability for real side implementation to protect the SAS from the cyberattacks in different scenarios.

Keywords: False data injection, Man-In-The-Middle, intrusion detection system, GOOSE, MMS, SVM, information and communication technologies, substation automation system, telephone switching based remote control unit, digital communication network

DOI: 10.3233/JIFS-189783

Journal: Journal of Intelligent & Fuzzy Systems, vol. 42, no. 2, pp. 1213-1222, 2022