On specification-based cyber-attack detection in smart grids

Abstract The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, development, validation, and testing data-driven countermeasures against such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack incidents, infrastructure knowledge standards are accessible through expert domain knowledge. Our proposed approach uses to define behavior a smart grid under non-attack conditions detect patterns anomalies. Using graph-based specification formalism, we combine cross-domain that enables generation whitelisting rules not only statically defined protocol fields communication flows technical operation boundaries. Finally, evaluate our specification-based intrusion system various scenarios assess quality performance. In particular, investigate manipulation in future-orientated use case an IEC 60870-based SCADA controls distributed energy resources distribution grid. can severe attacks with high accuracy timely reliable manner.