Machine Learning based Post Event Analysis for Cybersecurity of Cyber-Physical System

TL;DR

This paper introduces machine learning models, including neural networks, for post-event analysis in power systems to differentiate faults from cyber-attacks and identify fault types and locations, enhancing cybersecurity in digital substations.

Contribution

It presents a novel ML-based approach using ANN and other models trained on fault and attack data for improved cybersecurity analysis in power systems.

Findings

Models successfully distinguish faults from cyber-attacks

Identifies 10 fault types and their locations

Enhances cybersecurity response capabilities

Abstract

As Information and Communication Technology (ICT) equipment continues to be integrated into power systems, issues related to cybersecurity are increasingly emerging. Particularly noteworthy is the transition to digital substations, which is shifting operations from traditional hardwired-based systems to communication-based Supervisory Control and Data Acquisition (SCADA) system operations. These changes in the power system have increased the vulnerability of the system to cyber-attacks and emphasized its importance. This paper proposes a machine learning (ML) based post event analysis of the power system in order to respond to these cybersecurity issues. An artificial neural network (ANN) and other ML models are trained using transient fault measurements and cyber-attack data on substations. The trained models can successfully distinguish between power system faults and cyber-attacks. Furthermore, the results of the proposed ML-based methods can also identify 10 different fault types and the location where the event occurred.