Implementation of Risk-Aggregated Substation Testbed Using Generative Adversarial Networks

Capturing the anomalies of a cyber system in power control networks would promote operational awareness. Correlation of such events, e.g., intrusion attempts, traffic flow, and other signatures, together with control alarm events gives operators an in-depth understanding in order to make an informed decision. This paper proposes a threat inference framework to promote real-time vulnerability assessment associated with cyber intrusions on power communication networks. Wasserstein Generative Adversarial Networks (WGAN) is proposed to estimate the performance of the adversarial model. Additionally, a machine-learning framework is introduced to model the filtering process of the security devices, i.e., firewalls, isolation, and encryption devices, and the posterior fitting method is incorporated to establish an accurate probabilistic formulation. Finally, a testbed is established to coordinate system evaluation. Verification of the intrusion model is part of the implementation to quantify system risks based on the anomalies using (1) the open-source emulator, and (2) an externally imported system analyzer to characterize resulting impacts. The effectiveness and feasibility of the generative models are verified in a comparison study where the proper parameter settings could be obtained. The proposed framework is justified with extensive studies of substation networks using real-world settings.