Fundamental components of the distribution systems of electric energy are primary and secondary substation networks. Considering the incorporation of legacy communication infrastructure in these systems, they often have in- herent cybersecurity vulnerabilities. Moreover, traditional intrusion defence strategies for IT systems are often not applicable. With the aim to improve cybersecurity in substation networks, in this paper we present two methods for monitoring SCADA system: the first one exploiting neural networks, while the second one is based on formal methods. To evaluate the effective- ness of the proposed methods, we conducted experiments on a real test bed representing the substation domain as close to real-world as possible. From this test bed we collect data during normal operation and during situations where the system is under attack. To this end several different types of attack are conducted. The data collected is used to test two versions of the mon- itoring system: one based on machine learning with a neural network and one using a model-checking approach. Moreover, the two proposed models are tested with new data to evaluate their performance. The experiments demonstrate that both methods obtain an accuracy greater than 90%. In particular, the methodology based on formal methods achieves better per- formance if compared to the one based on neural networks.

电能分配系统的基本组成部分是一次和二次变电站网络。考虑到将这些遗留通信基础结构合并到这些系统中，它们通常具有固有的网络安全漏洞。此外，IT系统的传统入侵防御策略通常不适用。为了提高变电站网络的网络安全性，本文提出了两种监控SCADA系统的方法：第一种利用神经网络，第二种基于形式化方法。为了评估所提出方法的有效性，我们在代表变电站域的真实测试台上进行了尽可能接近真实世界的实验。在正常运行期间以及系统受到攻击的情况下，我们将从该测试台收集数据。为此，进行了几种不同类型的攻击。收集到的数据用于测试两种版本的监控系统：一种基于神经网络机器学习，另一种采用模型检查方法。此外，使用新数据测试了两个提议的模型，以评估其性能。实验表明，两种方法均获得了大于90％的精度。特别是，与基于神经网络的方法相比，基于形式方法的方法具有更好的性能。实验表明，两种方法均获得了大于90％的精度。特别是，与基于神经网络的方法相比，基于形式方法的方法具有更好的性能。实验表明，两种方法均获得了大于90％的精度。尤其是，与基于神经网络的方法相比，基于形式方法的方法具有更好的性能。