A Collaborative Intelligent Intrusion Response Framework for Smart Electrical Power and Energy Systems

Smart grid systems build upon existing electrical grid infrastructure by integrating power and information technologies allowing electrical power service providers to optimise their services. The combination of complex networks formed by interconnected heterogeneous devices, and the bidirectional nature of communications between end users and service providers makes security a challenging task. As implicit trust relations formed by smart grid components expand the attack surface considerably, a highly adaptable solution is required to secure these systems. In this paper, the design of an intelligent intrusion response system is explored, which can respond to ongoing multi-stage attacks in an optimal manner with respect to service availability. The smart grid infrastructure’s vulnerabilities are modelled with a graphical network security model allowing the application of probabilistic risk management methods for quantifying threats and their corresponding risks. A game-theoretic approach has been implemented that leverages the security models to efficiently respond to cyber-attacks, whose performance is tightly coupled with the system’s attack detection capabilities. To achieve better results and ensure inter-component privacy a federated learning approach was adopted. Preliminary testing on a simulated home area network with attacks against the Modbus, BACnet, and MQTT protocols, in addition to Mirai and BlackEnergy attacks, was performed to test the viability of this approach. The results illustrated the successful mitigation of attacks but also highlighted the need to implement collaborative mechanisms into the intrusion response part of the model.