IEEE Access (Jan 2023)

Deception Technology Based Intrusion Protection and Detection Mechanism for Digital Substations: A Game Theoretical Approach

  • Devika Jay

DOI
https://doi.org/10.1109/ACCESS.2023.3279504
Journal volume & issue
Vol. 11
pp. 53301 – 53314

Abstract

Read online

Securing substations from cyber attacks is essential to safeguard critical power infrastructure. However, digital substations that are based on the IEC-61850 standard have Generic Object Oriented Substation Events (GOOSE) messages and Sampled Value (SV) messages that are time-critical and thus cannot be protected using encryption techniques. This work presents a study on deception technology (decoys) for mitigating cyber attacks on GOOSE message virtual LAN (VLAN) which is a non-observable strongly connected biography. In this paper, the deployment of defender decoys is proposed by defining observable subgraphs in the VLAN. The defender-attacker interaction is modeled as a single-leader single-follower game with the defender as the leader. The optimal allocation of decoys for asset protection and attack detection is then formulated as a bi-level optimisation problem. Simultaneous allocation and sequential allocation of protection and detection decoys are considered for defender resource allocation. The existence of equilibrium of the defender-attacker game is proven. The model is illustrated in a 3-IED VLAN and performance is evaluated in a 12-IED VLAN system in the PSRC-I5 protection relay report. The results are compared with the zero-sum game model and it is found that the proposed model is capable of mitigating attacks in the GOOSE VLAN

Keywords