An Advanced Generative AI-Based Anomaly Detection in IEC61850-Based Communication Messages in Smart Grids
Security incidents in digital substations can create notable difficulties for the consistent and stable functioning of power systems. To address these issues, implementing defense and mitigation strategies is essential. Identifying and detecting irregularities in information and communication techno...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11008602/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849762345106014208 |
|---|---|
| author | Aydin Zaboli Yong-Hwa Kim Junho Hong |
| author_facet | Aydin Zaboli Yong-Hwa Kim Junho Hong |
| author_sort | Aydin Zaboli |
| collection | DOAJ |
| description | Security incidents in digital substations can create notable difficulties for the consistent and stable functioning of power systems. To address these issues, implementing defense and mitigation strategies is essential. Identifying and detecting irregularities in information and communication technology (ICT) is vital to maintaining secure interactions between devices in digital substations. This paper proposes a task-oriented dialogue (ToD) system for anomaly detection (AD) in multicast message datasets, such as generic object-oriented substation events (GOOSE) and sampled values (SV) in digital substations using generative AI (GenAI). The proposed ToD model demonstrates significant advantages over the human-in-the-loop (HITL) approach, particularly in error rate, adaptability, and scalability. Specifically, compared to HITL, the ToD model achieves a reduction in false positives (FPs) of up to 20% and enhances the accuracy of AD by up to 17.5%, resulting in a general accuracy of 97.5%. Moreover, the system shows a substantial improvement in advanced evaluation metrics, including a Matthews Correlation Coefficient (MCC) of 0.95, highlighting its robust capability to accurately differentiate between normal and anomalous events. The ToD model adapts effectively to new attack scenarios without extensive retraining, unlike traditional machine learning (ML) models or HITL, which require frequent updates. This adaptability significantly reduces implementation time compared to HITL, as the model requires fewer manual interventions and updates. These findings are supported by a comparative analysis using standard and advanced evaluation metrics. The generation and extraction of datasets of IEC 61850 communications were performed using a hardware-in-the-loop (HIL) testbed, ensuring the robustness of the proposed approach in practical scenarios. |
| format | Article |
| id | doaj-art-bcbf650fa8cd4c2d97f956e407bbe633 |
| institution | DOAJ |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-bcbf650fa8cd4c2d97f956e407bbe6332025-08-20T03:05:45ZengIEEEIEEE Access2169-35362025-01-0113899979001610.1109/ACCESS.2025.357188111008602An Advanced Generative AI-Based Anomaly Detection in IEC61850-Based Communication Messages in Smart GridsAydin Zaboli0https://orcid.org/0000-0001-9052-1851Yong-Hwa Kim1https://orcid.org/0000-0003-2183-5085Junho Hong2https://orcid.org/0000-0001-5035-8260Department of Electrical and Computer Engineering, University of Michigan–Dearborn, Dearborn, MI, USADepartment of AI Data Engineering, Korea National University of Transportation, Uiwang-si, Gyeonggi-do, South KoreaDepartment of Electrical and Computer Engineering, University of Michigan–Dearborn, Dearborn, MI, USASecurity incidents in digital substations can create notable difficulties for the consistent and stable functioning of power systems. To address these issues, implementing defense and mitigation strategies is essential. Identifying and detecting irregularities in information and communication technology (ICT) is vital to maintaining secure interactions between devices in digital substations. This paper proposes a task-oriented dialogue (ToD) system for anomaly detection (AD) in multicast message datasets, such as generic object-oriented substation events (GOOSE) and sampled values (SV) in digital substations using generative AI (GenAI). The proposed ToD model demonstrates significant advantages over the human-in-the-loop (HITL) approach, particularly in error rate, adaptability, and scalability. Specifically, compared to HITL, the ToD model achieves a reduction in false positives (FPs) of up to 20% and enhances the accuracy of AD by up to 17.5%, resulting in a general accuracy of 97.5%. Moreover, the system shows a substantial improvement in advanced evaluation metrics, including a Matthews Correlation Coefficient (MCC) of 0.95, highlighting its robust capability to accurately differentiate between normal and anomalous events. The ToD model adapts effectively to new attack scenarios without extensive retraining, unlike traditional machine learning (ML) models or HITL, which require frequent updates. This adaptability significantly reduces implementation time compared to HITL, as the model requires fewer manual interventions and updates. These findings are supported by a comparative analysis using standard and advanced evaluation metrics. The generation and extraction of datasets of IEC 61850 communications were performed using a hardware-in-the-loop (HIL) testbed, ensuring the robustness of the proposed approach in practical scenarios.https://ieeexplore.ieee.org/document/11008602/Cybersecuritydigital substationsgenerative AIGOOSEhuman-in-the-loopanomaly detection |
| spellingShingle | Aydin Zaboli Yong-Hwa Kim Junho Hong An Advanced Generative AI-Based Anomaly Detection in IEC61850-Based Communication Messages in Smart Grids IEEE Access Cybersecurity digital substations generative AI GOOSE human-in-the-loop anomaly detection |
| title | An Advanced Generative AI-Based Anomaly Detection in IEC61850-Based Communication Messages in Smart Grids |
| title_full | An Advanced Generative AI-Based Anomaly Detection in IEC61850-Based Communication Messages in Smart Grids |
| title_fullStr | An Advanced Generative AI-Based Anomaly Detection in IEC61850-Based Communication Messages in Smart Grids |
| title_full_unstemmed | An Advanced Generative AI-Based Anomaly Detection in IEC61850-Based Communication Messages in Smart Grids |
| title_short | An Advanced Generative AI-Based Anomaly Detection in IEC61850-Based Communication Messages in Smart Grids |
| title_sort | advanced generative ai based anomaly detection in iec61850 based communication messages in smart grids |
| topic | Cybersecurity digital substations generative AI GOOSE human-in-the-loop anomaly detection |
| url | https://ieeexplore.ieee.org/document/11008602/ |
| work_keys_str_mv | AT aydinzaboli anadvancedgenerativeaibasedanomalydetectioniniec61850basedcommunicationmessagesinsmartgrids AT yonghwakim anadvancedgenerativeaibasedanomalydetectioniniec61850basedcommunicationmessagesinsmartgrids AT junhohong anadvancedgenerativeaibasedanomalydetectioniniec61850basedcommunicationmessagesinsmartgrids AT aydinzaboli advancedgenerativeaibasedanomalydetectioniniec61850basedcommunicationmessagesinsmartgrids AT yonghwakim advancedgenerativeaibasedanomalydetectioniniec61850basedcommunicationmessagesinsmartgrids AT junhohong advancedgenerativeaibasedanomalydetectioniniec61850basedcommunicationmessagesinsmartgrids |