Electrical substations are becoming more prone to cyber-attacks due to increasing digitalization. Prevailing defense measures based on cyber rules are often inadequate to detect attacks that use legitimate-looking measurements. In this work, we design and implement a bad data detection solution for electrical substations called ResiGate, that effectively combines a physics-based approach and a machine-learning-based approach to provide substantial speed-up in high-throughput substation communication scenarios, while still maintaining high detection accuracy and confidence. While many existing physics-based schemes are designed for deployment in control centers (due to their high computational requirement), ResiGate is designed as a security appliance that can be deployed on low-cost industrial computers at the edge of the smart grid so that it can detect local substation-level attacks in a timely manner. A key challenge for this is to continuously run the computationally demanding physics-based analysis to monitor the measurement data frequently transmitted in a typical substation. To provide high throughput without sacrificing accuracy, ResiGate uses machine learning to effectively filter out most of the non-suspicious (normal) data and thereby reducing the overall computational load, allowing efficient performance even with a high volume of network traffic. We implement ResiGate on a low-cost industrial computer and our experiments confirm that ResiGate can detect attacks with zero error while sustaining a high throughput.

翻译：变电站因日益数字化而更容易受到网络攻击。基于网络规则的现有防御措施通常不足以检测使用看似合法测量的攻击。在本工作中，我们设计并实现了一种针对变电站的不良数据检测解决方案ResiGate，该方案有效结合基于物理的方法和基于机器学习的方法，在高通量变电站通信场景中大幅提升速度，同时保持高检测精度和置信度。尽管许多现有的基于物理的方案因计算需求高而专用于控制中心部署，ResiGate被设计为一种可部署在智能电网边缘低成本工业计算机上的安全设备，从而能够及时检测本地变电站级攻击。其中关键挑战在于持续运行计算密集型的物理分析，以监控典型变电站中频繁传输的测量数据。为在不牺牲精度的前提下实现高通量，ResiGate利用机器学习有效过滤大部分非可疑（正常）数据，从而降低整体计算负载，即使在高网络流量下也能高效运行。我们在低成本工业计算机上实现了ResiGate，实验证实ResiGate在保持零错误率检测攻击的同时，能够维持高通量。