Machine Learning-Based Intrusion Detection for Achieving Cybersecurity in Smart Grids Using IEC 61850 GOOSE Messages

Creative Commons License

Ustun T. S., Hussain S. M. S., ULUTAŞ A., ÖNEN A., Roomi M. M., Mashima D.

SYMMETRY-BASEL, vol.13, no.5, 2021 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 13 Issue: 5
  • Publication Date: 2021
  • Doi Number: 10.3390/sym13050826
  • Journal Name: SYMMETRY-BASEL
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, Aerospace Database, Communication Abstracts, INSPEC, Metadex, zbMATH, Directory of Open Access Journals, Civil Engineering Abstracts
  • Keywords: smart grid cybersecurity, GOOSE message security, IEC 62351, intrusion detection, artificial intelligence, COMMUNICATION, MANAGEMENT, SYSTEM
  • Abdullah Gül University Affiliated: Yes


Increased connectivity is required to implement novel coordination and control schemes. IEC 61850-based communication solutions have become popular due to many reasons-object-oriented modeling capability, interoperable connectivity and strong communication protocols, to name a few. However, communication infrastructure is not well-equipped with cybersecurity mechanisms for secure operation. Unlike online banking systems that have been running such security systems for decades, smart grid cybersecurity is an emerging field. To achieve security at all levels, operational technology-based security is also needed. To address this need, this paper develops an intrusion detection system for smart grids utilizing IEC 61850's Generic Object-Oriented Substation Event (GOOSE) messages. The system is developed with machine learning and is able to monitor the communication traffic of a given power system and distinguish normal events from abnormal ones, i.e., attacks. The designed system is implemented and tested with a realistic IEC 61850 GOOSE message dataset under symmetric and asymmetric fault conditions in the power system. The results show that the proposed system can successfully distinguish normal power system events from cyberattacks with high accuracy. This ensures that smart grids have intrusion detection in addition to cybersecurity features attached to exchanged messages.