The power grid is a critical infrastructure that plays a vital role in modern society. Its availability is of utmost importance, as a loss can endanger human lives. However, with the increasing digitalization of the power grid, it also becomes vulnerable to new cyberattacks that can compromise its availability. To counter these threats, intrusion detection systems are developed and deployed to detect cyberattacks targeting the power grid. Among intrusion detection systems, anomaly detection models based on machine learning have shown potential in detecting unknown attack vectors. However, the scarcity of data for training these models remains a challenge due to confidentiality concerns. To overcome this challenge, this study proposes a model for generating synthetic data of multi-stage cyber attacks in the power grid, using attack trees to model the attacker's sequence of steps and a game-theoretic approach to incorporate the defender's actions. This model aims to create diverse attack data on which machine learning algorithms can be trained.

翻译：电网作为关键基础设施，在现代社会中发挥着重要作用。其可用性至关重要，一旦丧失可能危及人类生命。然而，随着电网数字化程度不断提高，其也面临新型网络攻击的威胁，可能破坏电网可用性。为应对这些威胁，入侵检测系统被开发并部署以检测针对电网的网络攻击。在各类入侵检测系统中，基于机器学习的异常检测模型在检测未知攻击向量方面展现出潜力。然而，由于保密性限制，训练这些模型所需数据稀缺仍是一大挑战。为攻克这一难题，本研究提出了一种生成电网多阶段网络攻击合成数据的模型，该模型利用攻击树建模攻击者的步骤序列，并通过博弈论方法融入防御者行为。此模型旨在生成多样化的攻击数据，供机器学习算法训练使用。