The interconnected and heterogeneous nature of the next-generation Electrical Grid (EG), widely known as Smart Grid (SG), bring severe cybersecurity and privacy risks that can also raise domino effects against other Critical Infrastructures (CIs). In this paper, we present an Intrusion Detection System (IDS) specially designed for the SG environments that use Modbus/Transmission Control Protocol (TCP) and Distributed Network Protocol 3 (DNP3) protocols. The proposed IDS called MENSA (anoMaly dEtection aNd claSsificAtion) adopts a novel Autoencoder-Generative Adversarial Network (GAN) architecture for (a) detecting operational anomalies and (b) classifying Modbus/TCP and DNP3 cyberattacks. In particular, MENSA combines the aforementioned Deep Neural Networks (DNNs) in a common architecture, taking into account the adversarial loss and the reconstruction difference. The proposed IDS is validated in four real SG evaluation environments, namely (a) SG lab, (b) substation, (c) hydropower plant and (d) power plant, solving successfully an outlier detection (i.e., anomaly detection) problem as well as a challenging multiclass classification problem consisting of 14 classes (13 Modbus/TCP cyberattacks and normal instances). Furthermore, MENSA can discriminate five cyberattacks against DNP3. The evaluation results demonstrate the efficiency of MENSA compared to other Machine Learning (ML) and Deep Learning (DL) methods in terms of Accuracy, False Positive Rate (FPR), True Positive Rate (TPR) and the F1 score.

中文翻译：

---

用于智能电网环境的统一深度学习异常检测和分类方法

下一代电网 (EG) 的互连和异构特性，即广为人知的智能电网 (SG)，带来了严重的网络安全和隐私风险，还会对其他关键基础设施 (CI) 产生多米诺骨牌效应。在本文中，我们提出了一种专为使用 Modbus/传输控制协议 (TCP) 和分布式网络协议 3 (DNP3) 协议的 SG 环境设计的入侵检测系统 (IDS)。提议的 IDS 称为门萨（异常检测和分类）采用新颖的自动编码器生成对抗网络 (GAN) 架构，用于 (a) 检测操作异常和 (b) 对 Modbus/TCP 和 DNP3 网络攻击进行分类。特别是，门萨将前面提到的深度神经网络 (DNN) 结合到一个通用架构中，同时考虑到对抗性损失和重建差异。提出的 IDS 在四个真实的 SG 评估环境中得到验证，即（a）SG 实验室，（b）变电站，（c）水电站和（d）电厂，成功解决了异常检测（即异常检测）问题作为一个具有挑战性的多类分类问题，由 14 个类（13 个 Modbus/TCP 网络攻击和正常实例）组成。此外，门萨可以区分五种针对 DNP3 的网络攻击。评估结果证明了效率门萨 与其他机器学习 (ML) 和深度学习 (DL) 方法在准确性、误报率 (FPR)、真阳性率 (TPR) 和 F1 分数方面相比。