Artificial Intelligence Based Intrusion Detection System for IEC 61850 Sampled Values Under Symmetric and Asymmetric Faults

Creative Commons License

Ustun T. S., Hussain S. M. S., YAVUZ L., ÖNEN A.

IEEE ACCESS, vol.9, pp.56486-56495, 2021 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 9
  • Publication Date: 2021
  • Doi Number: 10.1109/access.2021.3071141
  • Journal Name: IEEE ACCESS
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
  • Page Numbers: pp.56486-56495
  • Keywords: IEC Standards, Power systems, Computer security, Intrusion detection, Machine learning, Substations, Object oriented modeling, Smartgrid cybersecurity, SV message security, IEC 62351, intrusion detection, artificial intelligence, IEEE 14-bus system, renewable energy, GOOSE, MANAGEMENT, NETWORKS
  • Abdullah Gül University Affiliated: Yes


Modern power systems require increased connectivity to implement novel coordination and control schemes. Wide-spread use of information technology in smartgrid domain is an outcome of this need. IEC 61850-based communication solutions have become popular due to a myriad of reasons. Object-oriented modeling capability, interoperable connectivity and strong communication protocols are to name a few. However, power system communication infrastructure is not well-equipped with cybersecurity mechanisms for safe operation. Unlike online banking systems that have been running such security systems for decades, smartgrid cybersecurity is an emerging field. A recent publication aimed at equipping IEC 61850-based communication with cybersecurity features, i.e. IEC 62351, only focuses on communication layer security. To achieve security at all levels, operational technology-based security is also needed. To address this need, this paper develops an intrusion detection system for smartgrids utilizing IEC 61850's Sampled Value (SV) messages. The system is developed with machine learning and is able to monitor communication traffic of a given power system and distinguish normal data measurements from falsely injected data, i.e. attacks. The designed system is implemented and tested with realistic IEC 61850 SV message dataset. Tests are performed on a Modified IEEE 14-bus system with renewable energy-based generators where different fault are applied. The results show that the proposed system can successfully distinguish normal power system events from cyberattacks with high accuracy. This ensures that smartgrids have intrusion detection in addition to cybersecurity features attached to exchanged messages.