{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T00:06:20Z","timestamp":1764720380205,"version":"3.46.0"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T00:00:00Z","timestamp":1764720000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T00:00:00Z","timestamp":1764720000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Cybersecurity incidents targeting the power grid have been increasing in recent years. The IEC 61850 protocol serves as a safeguard for substation communications, and its security plays an important role in the safe and stable operation of the power grid. Aiming at the problem of low accuracy of intrusion detection of IEC 61850 communication protocols, this paper proposes ATCV model by combining feature selection and triadic concept analysis. The ATCV model includes three parts: data preprocessing, feature selection, and FL (Fuzzy Triadic Concept Analysis) classification model construction. Firstly, due to the different forms of datasets, the training set and test set are preprocessed separately, and for the test set the data grammar library is used to standardize it; Then, redundant features are eliminated based on feature contribution to generate a streamlined dataset; Finally, fuzzy triadic backgrounds are generated based on the streamlined dataset, fuzzy triadic concepts are constructed and transformed into feature triadic concept vectors. Construct a vector group based on the representation vectors and set the initial weight values, then dynamically adjust the weight values through the vector group to the classification results of the test data to generate the FL classification model. In order to test the classification effect of the ATCV model, the model was validated through horizontal and longitudinal comparison experiments. Experiments show that the accuracy, precision, recall and F1-Score of the ATCV model reach 93.92, 93.26, 99.96 and 96.5% respectively, which are significantly better than those of the SVM, KNN, CNN, DPL-FSAD and FSL-SCNN models; And the more the amount of data, the better the detection effect of ATCV.<\/jats:p>","DOI":"10.1186\/s42400-025-00463-5","type":"journal-article","created":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T00:02:52Z","timestamp":1764720172000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Research on intrusion detection of IEC 61850 protocol based on feature selection and triadic concept analysis"],"prefix":"10.1186","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8748-3401","authenticated-orcid":false,"given":"Hong-Min","family":"Wang","sequence":"first","affiliation":[]},{"given":"Qiang","family":"Wei","sequence":"additional","affiliation":[]},{"given":"Shao-Yun","family":"Han","sequence":"additional","affiliation":[]},{"given":"Hui-Hui","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Yang-Yang","family":"Geng","sequence":"additional","affiliation":[]},{"given":"Yun-Kai","family":"Song","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,12,3]]},"reference":[{"key":"463_CR1","doi-asserted-by":"publisher","unstructured":"Andrews A, Oikonomou G, Armour S, Thomas P, Cattermole T (2023) Granular IoT device identification using TF-IDF and cosine similarity. In: Proceedings of the 5th workshop on CPS and IoT security and privacy (CPSIoTSec \u201923), Nov 26 2023 Copenhagen, Denmark. ACM, New York, NY, USA, p 9. https:\/\/doi.org\/10.1145\/3605758.3623492","DOI":"10.1145\/3605758.3623492"},{"key":"463_CR2","doi-asserted-by":"publisher","unstructured":"Shaker BN, Al-Musawi BQ, Hassan MF (2023) A comparative study of ids-based deep learning models for IoT network. In: Proceedings of the 2023 international conference on Advances in Artificial Intelligence and Applications (AAIA 2023), Nov 18\u201320, 2023 (pp. 15\u201321). Wuhan, China. ACM, New York, NY, USA, p 7, 3635058. https:\/\/doi.org\/10.1145\/3603273","DOI":"10.1145\/3603273"},{"key":"463_CR3","doi-asserted-by":"crossref","unstructured":"Biedermann K (1997) How triadic diagrams represent conceptual structures. International conference on conceptual structures, Springer, Berlin, Heidelberg. pp 304\u2013317","DOI":"10.1007\/BFb0027879"},{"key":"463_CR4","doi-asserted-by":"publisher","unstructured":"Chen B (2024) Research on the architecture of digital enabling detection of data anomalies in intelligent distribution network. In: Proceedings of the 2024 international conference on machine intelligence and digital applications (MIDA 2024), May 30 2024 (pp. 892\u2013898), Ningbo, China. ACM, New York, NY, USA, p 7. https:\/\/doi.org\/10.1145\/3662739.3673686","DOI":"10.1145\/3662739.3673686"},{"key":"463_CR5","unstructured":"Commission (2019) International electrotechnical. Communication networks and systems in substations\u2013All Parts. [S.l.]: IET"},{"key":"463_CR6","doi-asserted-by":"publisher","unstructured":"Costa J, Apolin\u00e1rio F, Ribeiro C (2024) ARGAN-IDS: adversarial resistant intrusion detection systems using generative adversarial networks. In: Proceedings of the 19th international conference on availability, reliability and security (ARES 2024), Jul 30\u2013Aug 02, 2024, Vienna, Austria. ACM, New York, NY, USA, p 10. https:\/\/doi.org\/10.1145\/3664476.3669928","DOI":"10.1145\/3664476.3669928"},{"key":"463_CR7","doi-asserted-by":"crossref","unstructured":"Fritz JJ, Sagisi J, James J, Leger AS, King K, Duncan KJ ( 2019) Simulation of man in the middle attack on smart grid testbed. Proceeding of 2019 IEEE SoutheastCon","DOI":"10.1109\/SoutheastCon42311.2019.9020426"},{"issue":"169","key":"463_CR8","doi-asserted-by":"publisher","first-page":"107094","DOI":"10.1016\/j.comnet.2019.107094","volume":"14","author":"MZ Gunduz","year":"2020","unstructured":"Gunduz MZ, Das R (2020) Cyber-security on smart grid: threats and potential solutions. Comput Netw 14(169):107094","journal-title":"Comput Netw"},{"issue":"1","key":"463_CR9","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1109\/TSG.2017.2737826","volume":"10","author":"J Hong","year":"2017","unstructured":"Hong J, Liu CC (2017) Intelligent electronic devices with collaborative intrusion detection systems. IEEE Trans Smart Grid 10(1):271\u2013281","journal-title":"IEEE Trans Smart Grid"},{"issue":"4","key":"463_CR10","doi-asserted-by":"publisher","first-page":"3150","DOI":"10.1109\/TSG.2022.3230730","volume":"14","author":"C Hu","year":"2022","unstructured":"Hu C, Yan J, Liu X (2022) Reinforcement learning-based adaptive feature boosting for smart grid intrusion detection. IEEE Trans Smart Grid 14(4):3150\u20133163","journal-title":"IEEE Trans Smart Grid"},{"key":"463_CR11","unstructured":"Kimball KA (2023) Draft NIST framework and roadmap for smart grid interoperability standards. Release 3.0[J].[2023-08-26]"},{"key":"463_CR12","doi-asserted-by":"crossref","unstructured":"Lehmann F, Wille R (1995) A triadic approach to formal concept analysis. International conference on conceptual structures, Aug 13, pp. 32\u201343. Springer Berlin Heidelberg","DOI":"10.1007\/3-540-60161-9_27"},{"issue":"2","key":"463_CR13","doi-asserted-by":"publisher","first-page":"807","DOI":"10.1090\/S0002-9947-01-02785-4","volume":"354","author":"CK Li","year":"2002","unstructured":"Li CK, Zaharia A (2002) Induced operators on symmetry classes of tensors. Trans Amer Math Soc 354(2):807\u2013836","journal-title":"Trans Amer Math Soc"},{"key":"463_CR14","doi-asserted-by":"publisher","unstructured":"Lopez JA, Angulo I, Martinez S (2022) Substation-aware. An intrusion detection system for the IEC 61850 protocol. In the 17th International conference on availability, reliability and security (ARES 2022), Aug 23\u201326, 2022, Vienna, Austria. ACM, New York, NY, USA, 7 pages. https:\/\/doi.org\/10.1145\/3538969.3543818","DOI":"10.1145\/3538969.3543818"},{"key":"463_CR15","doi-asserted-by":"publisher","unstructured":"Maseno EM, Wang Z, Sun Y (2024) Performance evaluation of intrusion detection systems on the TON_IoT datasets using a feature selection method. In 2024 8th International Conference on Computer Science and Artificial Intelligence (CSAI) (CSAI 2024), Dec 06\u201308, 2024, Beijing, China. ACM, New York, NY, USA, 7 pages. https:\/\/doi.org\/10.1145\/3709026.3709048","DOI":"10.1145\/3709026.3709048"},{"issue":"4","key":"463_CR16","doi-asserted-by":"publisher","first-page":"262","DOI":"10.13140\/RG.2.2.15457.79206","volume":"3","author":"J McHugh","year":"2022","unstructured":"McHugh J (2022) ERENO: an extensible tool for generating realistic IEC-61850 intrusion detection datasets. Proc ACM TiSSEC 3(4):262\u2013294. https:\/\/doi.org\/10.13140\/RG.2.2.15457.79206","journal-title":"Proc ACM TiSSEC"},{"issue":"1","key":"463_CR17","doi-asserted-by":"publisher","first-page":"7075","DOI":"10.1038\/scientificamerican0711-70","volume":"305","author":"DM Nicol","year":"2011","unstructured":"Nicol DM (2011) Hacking the lights out. Sci Am 305(1):7075","journal-title":"Sci Am"},{"key":"463_CR18","doi-asserted-by":"publisher","unstructured":"Nisha TN, Pramod D (2024) GA-based feature selection for improved malware detection. In 2024 sixteenth international conference on contemporary computing (IC3\u20132024) (IC3 2024), Aug 08\u201310, 2024, Noida, India. ACM, New York, NY, USA, p 7, 3676021.https:\/\/doi.org\/10.1145\/3675888","DOI":"10.1145\/3675888"},{"key":"463_CR19","doi-asserted-by":"crossref","unstructured":"O\u2019Raw J, Laverty DM, Morrow DJ (2017). IEC 61850 substation configuration language as a basis for automated security and SDN configuration. In 2017 IEEE power and energy society general meeting [S.l.: s.n.], pp. 1-5. IEEE","DOI":"10.1109\/PESGM.2017.8274265"},{"issue":"11","key":"463_CR20","doi-asserted-by":"publisher","first-page":"4512","DOI":"10.1109\/TNNLS.2019.2955857","volume":"31","author":"S Paul","year":"2020","unstructured":"Paul S, Ni Z, Mu C (2020) A learning-based solution for an adversarial repeated game in cyber\u2013physical power systems. IEEE Trans Neural Netw Learn Sys 31(11):4512\u20134523","journal-title":"IEEE Trans Neural Netw Learn Sys"},{"issue":"2","key":"463_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3578366","volume":"7","author":"N Sahani","year":"2023","unstructured":"Sahani N, Zhu R, Cho JH, Liu CC (2023) Machine learning-based intrusion detection for smart grid computing: a survey. ACM Trans Cyber-Phys Sys 7(2):1\u201331. https:\/\/doi.org\/10.1145\/3578366","journal-title":"ACM Trans Cyber-Phys Sys"},{"issue":"3","key":"463_CR22","first-page":"189","volume":"3","author":"A Sayl\u0131","year":"2018","unstructured":"Sayl\u0131 A, Akbulut C, Kosuta K (2018) Multiple regression analysis system in machine learning and estimating effects of data transformation and min-max normalization. J Eng Technol Appl Sci 3(3):189\u2013204","journal-title":"J Eng Technol Appl Sci"},{"issue":"97","key":"463_CR23","doi-asserted-by":"publisher","first-page":"105524","DOI":"10.1016\/j.asoc.2019.105524","volume":"1","author":"D Singh","year":"2020","unstructured":"Singh D, Singh B (2020) Investigating the impact of data normalization on classification performance. Appl Soft Comput 1(97):105524","journal-title":"Appl Soft Comput"},{"key":"463_CR24","doi-asserted-by":"publisher","unstructured":"Sun H, Huang Y, Zhou C et al (2024) Space decoupled prototype learning for few-shot attack detection in cyber\u2013physical\nsystems[J]. IEEE Trans Indus Inform 20(10). https:\/\/doi.org\/10.1109\/TII.2024.3423327","DOI":"10.1109\/TII.2024.3423327"},{"issue":"3","key":"463_CR25","doi-asserted-by":"publisher","first-page":"2476","DOI":"10.1109\/TSG.2019.2956161","volume":"11","author":"F Wei","year":"2020","unstructured":"Wei F, Wan Z, He H (2020) Cyber-attack recovery strategy for smart grid based on deep reinforcement learning. IEEE Trans Smart Grid 11(3):2476\u20132486","journal-title":"IEEE Trans Smart Grid"},{"key":"463_CR26","doi-asserted-by":"crossref","unstructured":"Wille R (1982) Restructuring lattice theory: an approach based on hierarchies of concepts. Ordered sets. Dordrecht: Reidel, pp 445\u2013470.","DOI":"10.1007\/978-94-009-7798-3_15"},{"issue":"10","key":"463_CR27","doi-asserted-by":"publisher","first-page":"1429","DOI":"10.1109\/TSMC.2015.2503399","volume":"46","author":"Q Zhang","year":"2015","unstructured":"Zhang Q, Zhou C, Xiong N, Qin Y, Li X, Huang S (2015) Multimodel-based incident prediction and risk assessment in dynamic cybersecurity protection for industrial control systems. IEEE Trans Sys Man Cybern Sys 46(10):1429\u20131444. https:\/\/doi.org\/10.1109\/TSMC.2015.2503399","journal-title":"IEEE Trans Sys Man Cybern Sys"},{"issue":"8","key":"463_CR28","doi-asserted-by":"publisher","first-page":"5790","DOI":"10.1109\/TII.2020.3047675","volume":"17","author":"X Zhou","year":"2021","unstructured":"Zhou X, Liang W, Shimizu S, Ma J, Jin Q (2021) Siamese neural network based few-shot learning for anomaly detection in industrial cyberphysical systems. IEEE Trans Ind Inform 17(8):5790\u20135798","journal-title":"IEEE Trans Ind Inform"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00463-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00463-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00463-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T00:02:54Z","timestamp":1764720174000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-025-00463-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,3]]},"references-count":28,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["463"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00463-5","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,3]]},"assertion":[{"value":"1 April 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 August 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"No conflict of interest exits in the submission of this manuscript,and manuscript is approved by all authors for publication. I would like to declare on behalf of my co-authors that the work described was original research that has not been published previously, and not under consideration for publication elsewhere, in whole or in part.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"109"}}