The power grid is a critical infrastructure essential for public safety and welfare. As its reliance on digital technologies grows, so do its vulnerabilities to sophisticated cyber threats, which could severely disrupt operations. Effective protective measures, such as intrusion detection and decision support systems, are essential to mitigate these risks. Machine learning offers significant potential in this field, yet its effectiveness is constrained by the limited availability of high-quality data due to confidentiality and access restrictions. To address this, we introduce a simulation environment that replicates the power grid's infrastructure and communication dynamics. This environment enables the modeling of complex, multi-stage cyber attacks and defensive responses, using attack trees to outline attacker strategies and game-theoretic approaches to model defender actions. The framework generates diverse, realistic attack data to train machine learning algorithms for detecting and mitigating cyber threats. It also provides a controlled, flexible platform to evaluate emerging security technologies, including advanced decision support systems. The environment is modular and scalable, facilitating the integration of new scenarios without dependence on external components. It supports scenario generation, data modeling, mapping, power flow simulation, and communication traffic analysis in a cohesive chain, capturing all relevant data for cyber security investigations under consistent conditions. Detailed modeling of communication protocols and grid operations offers insights into attack propagation, while datasets undergo validation in laboratory settings to ensure real-world applicability. These datasets are leveraged to train machine learning models for intrusion detection, focusing on their ability to identify complex attack patterns within power grid operations.

翻译：电网是保障公共安全与福祉的关键基础设施。随着其对数字技术的依赖日益加深，其面临复杂网络威胁的脆弱性也随之增加，这些威胁可能严重干扰电网运行。有效的防护措施，如入侵检测与决策支持系统，对于缓解此类风险至关重要。机器学习在该领域展现出巨大潜力，但由于保密性和访问限制导致高质量数据稀缺，其有效性受到制约。为此，我们提出一种仿真环境，用于复现电网基础设施及其通信动态。该环境支持对复杂的多阶段网络攻击与防御响应进行建模：采用攻击树描述攻击者策略，并运用博弈论方法模拟防御者行为。该框架能生成多样化、贴近现实的攻击数据，用于训练机器学习算法以检测和缓解网络威胁；同时提供一个可控、灵活的平台，用于评估包括先进决策支持系统在内的新兴安全技术。该环境采用模块化、可扩展的设计，便于集成新场景且无需依赖外部组件。它在一个连贯的流程中支持场景生成、数据建模、映射、潮流仿真及通信流量分析，确保在一致条件下捕获网络安全研究所需的所有相关数据。通过对通信协议和电网运行的精细化建模，该环境可深入揭示攻击传播机制；生成的数据集在实验室环境中经过验证，以确保其现实适用性。这些数据集被用于训练机器学习模型进行入侵检测，重点评估模型识别电网运行中复杂攻击模式的能力。