The introduction of the cyber-physical system (CPS) into power systems has created a variety of communication requirements and functions that existing legacy systems do not support. To this end, the IEEE 1815.1 standard defines the mapping between existing distributed network protocol networks and IEC 61850 networks that reflect new requirements. However, advanced CPS cyberattacks have been reported, and in order to address cyberattacks, security research on new power systems that use network devices and heterogeneous communication is necessary. In this study, we propose an intrusion detection system for an IEEE 1815.1-based power system using CPS. We 1) analyze an IEEE 1815.1-based power system network and propose a suitable application method for an intrusion detection system, 2) suggest a bidirectional recurrent neural network-based anomaly detection system for an IEEE 1815.1-based network, and 3) demonstrate the verification of the proposed technique using various power system-specific attack data, including real power system using CPS network traffic, CPS malware behavior (CMB), false data injection (FDI), and disabling reassembly (DR) attacks. Proposed technique successfully detected five types of CMB attacks, three types of FDI and DR attacks.
This work was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT, and Future Planning under Grant NRF-2018R1D1A1B07043349.
