As an advanced power system infrastructure, the smart grid integrates modern information and communication technologies to enhance the efficiency, reliability, and sustainability of power transmission. With the recent widespread adoption of digital substations in compliance with the IEC-61850 network interface within the country, these next-generation smart grid infrastructures offer applications such as smart meters, demand response, and carbon footprint calculations. However, the increase in networked devices has also significantly raised the risk of malicious traffic attacks, such as injection attacks, high sequence number attacks, and random replay attacks. To address these threats, this study proposes an Intrusion Detection System (IDS) designed for multi-class attack detection. Initially, an autoencoder is utilized for dimensionality reduction, providing input to the LSTM. By applying Focal Loss Regulation, the proposed method effectively detects various types of multi-class attacks while maintaining a low false alarm rate. Ultimately, this approach achieves average model metrics exceeding 0.95 in multi-classification tasks, with the false alarm rate (FAR) remaining at an extremely low level. The experimental results demonstrate that by applying Focal Loss Regulation, the proposed method can effectively detect various types of multi-class attacks, including normal, random replay, inverse replay, poisoned high rate, high StNum, injection, and masquerade fake fault attacks, while maintaining a low false alarm rate. This traffic identification approach effectively detects different attack patterns, yielding satisfactory results in both methodology and detection performance.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Intrusion Detection in IEC-61850 with LSTM and Focal Loss Regulation

  • Yu-Xiang Lin,
  • Chin-Shiuh Shieh,
  • Mong-Fong Horng,
  • Lawton Liao,
  • Prasun Chakrabarti

摘要

As an advanced power system infrastructure, the smart grid integrates modern information and communication technologies to enhance the efficiency, reliability, and sustainability of power transmission. With the recent widespread adoption of digital substations in compliance with the IEC-61850 network interface within the country, these next-generation smart grid infrastructures offer applications such as smart meters, demand response, and carbon footprint calculations. However, the increase in networked devices has also significantly raised the risk of malicious traffic attacks, such as injection attacks, high sequence number attacks, and random replay attacks. To address these threats, this study proposes an Intrusion Detection System (IDS) designed for multi-class attack detection. Initially, an autoencoder is utilized for dimensionality reduction, providing input to the LSTM. By applying Focal Loss Regulation, the proposed method effectively detects various types of multi-class attacks while maintaining a low false alarm rate. Ultimately, this approach achieves average model metrics exceeding 0.95 in multi-classification tasks, with the false alarm rate (FAR) remaining at an extremely low level. The experimental results demonstrate that by applying Focal Loss Regulation, the proposed method can effectively detect various types of multi-class attacks, including normal, random replay, inverse replay, poisoned high rate, high StNum, injection, and masquerade fake fault attacks, while maintaining a low false alarm rate. This traffic identification approach effectively detects different attack patterns, yielding satisfactory results in both methodology and detection performance.