Anomaly Detection for GOOSE Spoofing Attacks in Digital Substations Using Deep Learning Models: A DNN and LSTM Approach

Digital substations have significantly increased the accuracy of power grid operations thus advancing high efficiency and reliability in grid operations. While this advancement has brought new cybersecurity challenges, in particular, for security of communication protocols such as Generic Object-Ori...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 13; pp. 129709 - 129720
Main Authors Fernando, Trinal, Ramachandran, Gowri, Vilathgamuwa, Mahinda, Jayalath, Dhammika
Format Journal Article
LanguageEnglish
Published IEEE 2025
Subjects
Adaptation models
Analytical models
Anomaly detection
autoencoders
Deep learning
digital substations
DNN
Feature extraction
GOOSE protocol
Long short term memory
LSTM
machine learning
Object oriented modeling
Protocols
Real-time systems
Spoofing attacks
Substations
Online AccessGet full text

Cover

More Information
Summary:Digital substations have significantly increased the accuracy of power grid operations thus advancing high efficiency and reliability in grid operations. While this advancement has brought new cybersecurity challenges, in particular, for security of communication protocols such as Generic Object-Oriented Substation Event (GOOSE) messages are subject to spoofing attacks. These attacks can disrupt substation operations such that incorrect control actions are taken by operators, equipment gets damaged and large scale blackouts can occur. One of the contributions of this research is the proposal of a novel approach of detecting GOOSE spoofing attacks in digital substations using deep learning models, such as Deep Neural Networks (DNN) and Long Short Term Memory (LSTM) networks. To achieve this, the proposed models are trained on a multi-modal dataset consisting of GOOSE message attributes and physical electrical system measurements, and achieve the ability to accurately detect anomalies. Furthermore, we present an autoencoder based anomaly detection system in order to augment the deep learning models in discovering the subtle changes in system behavior. Extensive experiments show the effectiveness of the models in obtaining high detection accuracy on both training and test datasets. This result demonstrates that the integrated deep learning technique, capable of handling dynamic attack patterns, real time data, provides a robust and scalable cyber security solution to digital substations. The proposed methodology is contributing significantly to the field of anomaly detection in critical infrastructure, and acts as foundations for future research on real time threat mitigation strategies.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2025.3591695