Double-Edged Defense: Thwarting Cyber Attacks and Adversarial Machine Learning in IEC 60870-5-104 Smart Grids

Smart grids (SGs), a cornerstone of modern power systems, facilitate efficient management and distribution of electricity. Despite their advantages, increased connectivity and reliance on communication networks expand their susceptibility to cyber threats. Machine learning (ML) can radically transform cyber security in SGs and secure protocols as in IEC 60870 standard, an international standard for electric power system communication. Notwithstanding, cyber adversaries are now exploiting ML-based intrusion detection systems (IDS) using adversarial ML attacks, potentially undermining SG security. This article addresses cyber attacks on the communication network of SGs, specifically targeting the IEC 60870-5-104 protocol. We introduce a novel ML-based IDS framework for the IEC 60870-5-104 protocol. Specifically, we employ an artificial neural network (ANN) to analyze a new and realistically representative dataset of IEC 60870-5-104 traffic data, unlike previous research that relies on simulated or unrelated data. This approach assists in identifying anomalies indicative of cyber attacks more accurately. Furthermore, we evaluate the resilience of our ANN model against adversarial attacks, including the fast gradient sign method, projected gradient descent, and Carlini and Wagner attacks. Our results demonstrate that the proposed framework can accurately detect cyber attacks and remains robust to adversarial attacks. This offers efficient and resilient IDS capabilities to detect and mitigate cyber attacks in real-world ML-based adversarial environments.