The digital transformation of power systems is accelerating the adoption of IEC 61850 standard. However, its communication protocols, including Sampled Values (SV), lack built-in security features such as authentication and encryption, making them vulnerable to malicious packet injection. Such cyber attacks can delay fault clearance or trigger unintended circuit breaker operations. While most existing research focuses on detecting cyber attacks in digital substations, intrusion prevention systems have been disregarded because of the risk of potential communication network disruptions. This paper proposes a novel method using hybrid statistical-deep learning for the detection, prevention, and source localization of IEC 61850 SV injection attacks. The method uses exponentially modified Gaussian distributions to model communication network latency and long short-term memory and Elman recurrent neural network to detect anomalous variations in the estimated probability distributions. It effectively discards malicious SV frames with minimal processing overhead and latency, maintains robustness against communication network latency variation and time-synchronization issues, and guarantees a near-zero false positive rate in non-attack scenarios. Comprehensive validation is conducted on three testbeds involving industrial-grade devices, hardware-in-the-loop simulations, virtualized intelligent electronic devices and merging units, and high-fidelity emulated communication networks. Results demonstrate the method's suitability for practical deployment in IEC 61850-compliant digital substations.

翻译：电力系统的数字化转型正在加速IEC 61850标准的应用。然而，其通信协议（包括采样值协议）缺乏认证与加密等内置安全特性，使其易受恶意数据包注入攻击。此类网络攻击可能延迟故障清除或引发非预期的断路器动作。尽管现有研究大多关注数字化变电站中的网络攻击检测，但由于可能造成通信网络中断的风险，入侵防御系统一直未受重视。本文提出一种基于混合统计-深度学习的新方法，用于IEC 61850采样值注入攻击的检测、防御与溯源定位。该方法采用指数修正高斯分布对通信网络时延进行建模，并利用长短期记忆网络与Elman递归神经网络检测估计概率分布的异常变化。该方法能以最小的处理开销和时延有效丢弃恶意采样值帧，保持对通信网络时延变化与时间同步问题的鲁棒性，并在非攻击场景下保证接近零的误报率。研究在三个测试平台上进行了全面验证，这些平台涉及工业级设备、硬件在环仿真、虚拟化智能电子设备与合并单元以及高保真仿真通信网络。结果表明，该方法适用于在实际符合IEC 61850标准的数字化变电站中部署。