Deep learning-based integrated attack detection framework to protect distance relays against cyberattacks

Abstract

The cyber security of communication-assisted intelligent relays at the IEC61850-enabled modern digital substations has become a prime concern among power companies and regulatory bodies. Particularly, distance relay IEDs are easy to manipulate to send false trip command to circuit breakers through random false data injection and replay attacks. With these attacks evolving and becoming more sophisticated, existing intrusion detection techniques can be easily compromised, resulting in unwanted line outages. This work proposes a convolutional-based autoencoder and Siamese neural network deep learning integrated attack detection framework (IADF) to differentiate these attacks from actual faults. The framework works in conjunction with distance relay IEDs to issue genuine trip commands to circuit breakers. The autoencoder, trained on fault voltage and current signals, detects the false data injection attacks using reconstruction error, while the siamese neural network trained on similar and dissimilar pairs of the fault voltage and current signals detects the fully synchronized replay attacks using similarity estimation with fault data stored on database. The validity of the proposed framework is assessed using IEEE 39 and 118 bus test system simulated on PSCAD/EMTDC software. The validation results suggest that the proposed IADF can accurately discriminate the faults from attacks and is resilient to various system parameter changes.