Mitigating IEC-60870-5-104 Vulnerabilities: Anomaly Detection in Smart Grid based on LSTM Autoencoder

Advanced Information Communication Technology (ICT) is used in smart grid systems to introduce intelligence and efficiency, potentially outperforming conventional power systems. A fundamental component of a smart grid system is the Smart Meters (SMs), which are integrated with billing utilities, such as national control centers (NCC), and advanced metering infrastructure (AMI). However, like most emerging technologies, some security vulnerabilities and attacks were found. In this paper, we address such vulnerabilities, specifically associated with SMs, that occur when energy consumption is reported to the billing system, specifically through the IEC-60870-5-104(IEC-104) protocol. Since existing datasets do not include sufficient data related to such vulnerabilities, especially in SM with IEC-104 protocol communication, we developed a testbed with a virtual environment and generated a dataset with and without attack vectors. We then proposed a novel anomaly detection algorithm based on LSTM autoencoder, which combines the functional benefits of LSTM and the deep learning of autoencoders. The model's performance is evaluated against two popular attacks, MITM and Replay, and our result shows that the replay attack is harder to find since the attack is executed without data alteration.