IEEE ACCESS, vol.9, pp.56486-56495, 2021 (SCI-Expanded)
Modern power systems require increased connectivity to implement novel coordination and control schemes. Wide-spread use of information technology in smartgrid domain is an outcome of this need. IEC 61850-based communication solutions have become popular due to a myriad of reasons. Object-oriented modeling capability, interoperable connectivity and strong communication protocols are to name a few. However, power system communication infrastructure is not well-equipped with cybersecurity mechanisms for safe operation. Unlike online banking systems that have been running such security systems for decades, smartgrid cybersecurity is an emerging field. A recent publication aimed at equipping IEC 61850-based communication with cybersecurity features, i.e. IEC 62351, only focuses on communication layer security. To achieve security at all levels, operational technology-based security is also needed. To address this need, this paper develops an intrusion detection system for smartgrids utilizing IEC 61850's Sampled Value (SV) messages. The system is developed with machine learning and is able to monitor communication traffic of a given power system and distinguish normal data measurements from falsely injected data, i.e. attacks. The designed system is implemented and tested with realistic IEC 61850 SV message dataset. Tests are performed on a Modified IEEE 14-bus system with renewable energy-based generators where different fault are applied. The results show that the proposed system can successfully distinguish normal power system events from cyberattacks with high accuracy. This ensures that smartgrids have intrusion detection in addition to cybersecurity features attached to exchanged messages.