Integrating Lightweight Models With Synthesized Data to Boost Intrusion Detection for IEC104 Protocol in Smart Grids

In the contemporary landscape of power systems, smart grids (SGs) play a pivotal role in optimizing electricity management and distribution. However, their enhanced connectivity and dependency on interconnected networks heighten the risk of cyber vulnerabilities. Machine learning (ML) applications are poised to deter cyber threats on SGs, particularly concerning critical exchange protocols such as the IEC 60870 standard, a globally recognized framework for communication in electric power systems. Yet, the growing sophistication of cyber adversaries poses a significant challenge, as they increasingly target critical infrastructure with sophisticated tools and techniques, thereby threatening the security of SGs. In this study, we focus on notorious MITM attacks that challenge the SG communication networks, focusing on the IEC 60870-5-104 protocol. We propose an innovative detection system based on an ML model tailored to the IEC-104 protocol. Our approach is built upon a dataset of IEC-104 traffic simulated in a power grid model developed on Matlab/Simulink in combination with synthetic data generated by Generative Adversarial Networks (GANs) and fed into heavy and lightweight neural network (NN) models. Additionally, we assessed our NN model’s robustness and effectiveness against ML performance metrics, and the results obtained were compared with those of other models.

The findings affirm that incorporating GANs data with the heavy and lightweight NN models outperformed the other models, yielding a detection accuracy of more than 90%. This study highlights the potential of integrating GANs into the model training process, promising a substantial step forward in the predictive accuracy and reliability of cyber threat detection mechanisms in SG networks.