IEEE Access (Jan 2023)
Deception Technology Based Intrusion Protection and Detection Mechanism for Digital Substations: A Game Theoretical Approach
Abstract
Securing substations from cyber attacks is essential to safeguard critical power infrastructure. However, digital substations that are based on the IEC-61850 standard have Generic Object Oriented Substation Events (GOOSE) messages and Sampled Value (SV) messages that are time-critical and thus cannot be protected using encryption techniques. This work presents a study on deception technology (decoys) for mitigating cyber attacks on GOOSE message virtual LAN (VLAN) which is a non-observable strongly connected biography. In this paper, the deployment of defender decoys is proposed by defining observable subgraphs in the VLAN. The defender-attacker interaction is modeled as a single-leader single-follower game with the defender as the leader. The optimal allocation of decoys for asset protection and attack detection is then formulated as a bi-level optimisation problem. Simultaneous allocation and sequential allocation of protection and detection decoys are considered for defender resource allocation. The existence of equilibrium of the defender-attacker game is proven. The model is illustrated in a 3-IED VLAN and performance is evaluated in a 12-IED VLAN system in the PSRC-I5 protection relay report. The results are compared with the zero-sum game model and it is found that the proposed model is capable of mitigating attacks in the GOOSE VLAN
Keywords