A Laboratory Set-Up for Cyber Attacks Simulation Using Protocol Analyzer and RTU Hardware Applying Semi-Supervised Detection Algorithm

Abstract

The integration of Information and Communication Technologies (ICT) into the modern power system makes it a complicated cyber-physical system (CPS). In this case, an adversary may find some loopholes, penetrate to CPS layer, compromise data, and consequently result in security and stability issues. In this paper, we proposed a laboratory set up to emulate the attacker's behavior and then detect the injected false data. To this end, RTU hardware and software are used to simulate a typical SCADA system. A protocol analyzer software is also employed to simulate a cyber-attack, inject false data, and send it to the control center. In the second stage, we developed a two-stage framework to detect FDIA. First, the LSTM, as a supervised learning algorithm, is utilized to build a predictive model. In this process, hyperparameter optimization is implemented to improve the accuracy of the developed model. In the second stage, an unsupervised scoring algorithm is applied to the real-time data to find the sequences of injected false data. Also, a penalty factor is considered during the detection procedure to prevent the algorithm from greedy search behavior. Simulation results on a real-world data set (Chicago load/weather) show the proposed method's effectiveness in the cyberattack implementation and FDIA detection problem.