Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ChatGPT and Other Large Language Models for Cybersecurity of Smart Grid Applications

Aydin Zaboli, Seong Lok Choi, Tai-Jin Song, Junho Hong

TL;DR

The paper addresses cybersecurity threats to IEC 61850-based digital substations, focusing on GOOSE and SV multicast traffic. It proposes a large language model (LLM)–based, human-in-the-loop (HITL) intrusion detection framework evaluated on a hardware-in-the-loop (HIL) testbed, comparing ChatGPT-4.0, Claude-2, and PaLM 2 under varying training regimes. A key contribution is the data pre-processing guided by human recommendations, transforming IDS logic into text for LLM training, and demonstrating that HITL improves detection while reducing retraining needs. The results show that ChatGPT-4.0 achieves the best anomaly-detection performance across metrics, suggesting practical viability for grid cybersecurity while highlighting privacy considerations and opportunities for task-oriented dialogues and fine-tuning in future work.

Abstract

Cybersecurity breaches targeting electrical substations constitute a significant threat to the integrity of the power grid, necessitating comprehensive defense and mitigation strategies. Any anomaly in information and communication technology (ICT) should be detected for secure communications between devices in digital substations. This paper proposes large language models (LLM), e.g., ChatGPT, for the cybersecurity of IEC 61850-based digital substation communications. Multicast messages such as generic object oriented system event (GOOSE) and sampled value (SV) are used for case studies. The proposed LLM-based cybersecurity framework includes, for the first time, data pre-processing of communication systems and human-in-the-loop (HITL) training (considering the cybersecurity guidelines recommended by humans). The results show a comparative analysis of detected anomaly data carried out based on the performance evaluation metrics for different LLMs. A hardware-in-the-loop (HIL) testbed is used to generate and extract dataset of IEC 61850 communications.

ChatGPT and Other Large Language Models for Cybersecurity of Smart Grid Applications

TL;DR

The paper addresses cybersecurity threats to IEC 61850-based digital substations, focusing on GOOSE and SV multicast traffic. It proposes a large language model (LLM)–based, human-in-the-loop (HITL) intrusion detection framework evaluated on a hardware-in-the-loop (HIL) testbed, comparing ChatGPT-4.0, Claude-2, and PaLM 2 under varying training regimes. A key contribution is the data pre-processing guided by human recommendations, transforming IDS logic into text for LLM training, and demonstrating that HITL improves detection while reducing retraining needs. The results show that ChatGPT-4.0 achieves the best anomaly-detection performance across metrics, suggesting practical viability for grid cybersecurity while highlighting privacy considerations and opportunities for task-oriented dialogues and fine-tuning in future work.

Abstract

Cybersecurity breaches targeting electrical substations constitute a significant threat to the integrity of the power grid, necessitating comprehensive defense and mitigation strategies. Any anomaly in information and communication technology (ICT) should be detected for secure communications between devices in digital substations. This paper proposes large language models (LLM), e.g., ChatGPT, for the cybersecurity of IEC 61850-based digital substation communications. Multicast messages such as generic object oriented system event (GOOSE) and sampled value (SV) are used for case studies. The proposed LLM-based cybersecurity framework includes, for the first time, data pre-processing of communication systems and human-in-the-loop (HITL) training (considering the cybersecurity guidelines recommended by humans). The results show a comparative analysis of detected anomaly data carried out based on the performance evaluation metrics for different LLMs. A hardware-in-the-loop (HIL) testbed is used to generate and extract dataset of IEC 61850 communications.
Paper Structure (10 sections, 2 figures, 1 table)

This paper contains 10 sections, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Cybersecurity of Digital Substations Using Large Language Models
  3. Cybersecurity of Digital Substations
  4. Large Language Model-Based Human-in-the-loop Process
  5. IEC 61850-based Communication Datasets and Human Recommendations Process
  6. GOOSE and SV Datasets
  7. Human Recommendations for Intrusion Detection Systems
  8. Results and Discussion
  9. Case Studies: GOOSE and SV Anomaly Detection
  10. Conclusion

Figures (2)

  • Figure 1: HIL Testbed considering the IDS with human recommendations.
  • Figure 2: A pre-processing step based on the feature extraction for a log of GOOSE message (actual data from an HIL testbed).