Detection and classification of concurrent attacks in substation automation systems using wavelet design and deep learning

IF 4.8 2区工程技术 Q2 ENERGY & FUELS

Sustainable Energy Grids & Networks Pub Date : 2025-06-06 DOI:10.1016/j.segan.2025.101768

M. Oinonen, W.G. Morsi

{"title":"Detection and classification of concurrent attacks in substation automation systems using wavelet design and deep learning","authors":"M. Oinonen, W.G. Morsi","doi":"10.1016/j.segan.2025.101768","DOIUrl":null,"url":null,"abstract":"<div><div>This paper presents a novel approach to detect and classify cyberattacks using wavelet design and deep learning. Existing works fail to investigate concurrent cyberattacks and works that utilize time-frequency features for cyberattack detection only use the existing standard wavelet filters that have not been designed for cybersecurity applications. This work proposes a detection scheme for concurrent attacks using new wavelet filters with the Discrete Wavelet Transform (DWT) to better extract time-frequency features from substation automation system (SAS) data. A set of new wavelet filters are generated from parameterized equations. The wavelet filter that best suits SAS cyberattack detection is used to extract the salient features of cyberattacks using the DWT. Unlike existing detection approaches, the use of wavelet design allows the generation of new wavelet filters that better match the time-frequency features of SAS data. The proposed approach has been tested on a publicly available dataset as well as experimentally using OPAL-RT. The results demonstrate its effectiveness in detecting four popular cyberattack types as well as the challenging concurrent attacks, which involve two or more attacks occurring simultaneously. The use of wavelets not only enables the detection of the attacks but also their classification by type from power disturbances with an accuracy reaching 99.12 % on a synthetic dataset and 95.47 % on an experimental dataset. Furthermore, the results have shown that the use of the newly designed wavelets leads to an increase in the detection accuracy by 9.36 % and a significant reduction in the computational complexity of the feature extraction process by up to 99.16 % over the existing time-frequency transforms.</div></div>","PeriodicalId":56142,"journal":{"name":"Sustainable Energy Grids & Networks","volume":"43 ","pages":"Article 101768"},"PeriodicalIF":4.8000,"publicationDate":"2025-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sustainable Energy Grids & Networks","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S235246772500150X","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENERGY & FUELS","Score":null,"Total":0}

引用次数: 0

Abstract

This paper presents a novel approach to detect and classify cyberattacks using wavelet design and deep learning. Existing works fail to investigate concurrent cyberattacks and works that utilize time-frequency features for cyberattack detection only use the existing standard wavelet filters that have not been designed for cybersecurity applications. This work proposes a detection scheme for concurrent attacks using new wavelet filters with the Discrete Wavelet Transform (DWT) to better extract time-frequency features from substation automation system (SAS) data. A set of new wavelet filters are generated from parameterized equations. The wavelet filter that best suits SAS cyberattack detection is used to extract the salient features of cyberattacks using the DWT. Unlike existing detection approaches, the use of wavelet design allows the generation of new wavelet filters that better match the time-frequency features of SAS data. The proposed approach has been tested on a publicly available dataset as well as experimentally using OPAL-RT. The results demonstrate its effectiveness in detecting four popular cyberattack types as well as the challenging concurrent attacks, which involve two or more attacks occurring simultaneously. The use of wavelets not only enables the detection of the attacks but also their classification by type from power disturbances with an accuracy reaching 99.12 % on a synthetic dataset and 95.47 % on an experimental dataset. Furthermore, the results have shown that the use of the newly designed wavelets leads to an increase in the detection accuracy by 9.36 % and a significant reduction in the computational complexity of the feature extraction process by up to 99.16 % over the existing time-frequency transforms.

查看原文本刊更多论文

基于小波设计和深度学习的变电站自动化系统并发攻击检测与分类

本文提出了一种基于小波设计和深度学习的网络攻击检测与分类新方法。现有的工作未能调查并发网络攻击，并且利用时频特征进行网络攻击检测的工作仅使用现有的标准小波滤波器，而这些小波滤波器并未为网络安全应用而设计。本文提出了一种基于离散小波变换（DWT）的新型小波滤波器的并发攻击检测方案，以更好地从变电站自动化系统（SAS）数据中提取时频特征。利用参数化方程生成了一组新的小波滤波器。采用最适合SAS网络攻击检测的小波滤波器，利用DWT提取网络攻击的显著特征。与现有的检测方法不同，使用小波设计可以生成新的小波滤波器，更好地匹配SAS数据的时频特征。所提出的方法已经在公开可用的数据集上进行了测试，并使用OPAL-RT进行了实验。结果表明，该方法在检测四种常见的网络攻击类型以及涉及两个或多个攻击同时发生的具有挑战性的并发攻击方面是有效的。使用小波不仅可以检测攻击，还可以从功率干扰中按类型对其进行分类，在合成数据集上的准确率达到99.12 %，在实验数据集上的准确率达到95.47 %。此外，结果表明，与现有的时频变换相比，使用新设计的小波可以将检测精度提高9.36 %，并将特征提取过程的计算复杂度显著降低99.16 %。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Sustainable Energy Grids & Networks Energy-Energy Engineering and Power Technology

CiteScore

7.90

自引率

13.00%

发文量

206

审稿时长

49 days

期刊介绍： Sustainable Energy, Grids and Networks (SEGAN)is an international peer-reviewed publication for theoretical and applied research dealing with energy, information grids and power networks, including smart grids from super to micro grid scales. SEGAN welcomes papers describing fundamental advances in mathematical, statistical or computational methods with application to power and energy systems, as well as papers on applications, computation and modeling in the areas of electrical and energy systems with coupled information and communication technologies.