Cybersecurity breaches targeting electrical substations constitute a significant threat to the integrity of the power grid, necessitating comprehensive defense and mitigation strategies. Any anomaly in information and communication technology (ICT) should be detected for secure communications between devices in digital substations. This paper proposes large language models (LLM), e.g., ChatGPT, for the cybersecurity of IEC 61850-based digital substation communications. Multicast messages such as generic object oriented system event (GOOSE) and sampled value (SV) are used for case studies. The proposed LLM-based cybersecurity framework includes, for the first time, data pre-processing of communication systems and human-in-the-loop (HITL) training (considering the cybersecurity guidelines recommended by humans). The results show a comparative analysis of detected anomaly data carried out based on the performance evaluation metrics for different LLMs. A hardware-in-the-loop (HIL) testbed is used to generate and extract dataset of IEC 61850 communications.

翻译：针对变电站的网络攻击对电网完整性构成重大威胁，需制定全面的防御与缓解策略。为保障数字变电站设备间通信安全，需检测信息与通信技术（ICT）中的任何异常。本文提出利用大型语言模型（LLM，如ChatGPT）增强基于IEC 61850标准的数字变电站通信网络安全。以通用面向对象变电站事件（GOOSE）和采样值（SV）组播报文为案例开展研究。本文首次提出基于LLM的网络安全框架，涵盖通信系统数据预处理及人在环（HITL）训练（充分考虑人类建议的网络安全指南）。基于不同LLM的性能评估指标，对异常数据检测结果进行对比分析。采用硬件在环（HIL）测试平台生成并提取IEC 61850通信数据集。