{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T10:03:52Z","timestamp":1767261832260,"version":"build-2065373602"},"reference-count":55,"publisher":"MDPI AG","issue":"19","license":[{"start":{"date-parts":[[2022,10,3]],"date-time":"2022-10-03T00:00:00Z","timestamp":1664755200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"SPC RAS","award":["RSF #21-71-20078"],"award-info":[{"award-number":["RSF #21-71-20078"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The article discusses an approach to the construction and operation of a proactive system for protecting smart power grids against cyberattacks on service data transfer protocols. It is based on a combination of computational intelligence methods: identifying anomalies in network traffic by evaluating its self-similarity, detecting and classifying cyberattacks in anomalies, and taking effective protection measures using Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU) cells. Fractal analysis, mathematical statistics, and neural networks with long short-term memory are used as tools in the development of this protection system. The issues of software implementation of the proposed system and the formation of a data set containing network packets of a smart grid system are considered. The experimental results obtained using the generated data set demonstrated and confirmed the high efficiency of the proposed proactive smart grid protection system in detecting cyberattacks in real or near real-time, as well as in predicting the impact of cyberattacks and developing efficient measures to counter them.<\/jats:p>","DOI":"10.3390\/s22197506","type":"journal-article","created":{"date-parts":[[2022,10,10]],"date-time":"2022-10-10T05:12:21Z","timestamp":1665378741000},"page":"7506","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["A Proactive Protection of Smart Power Grids against Cyberattacks on Service Data Transfer Protocols by Computational Intelligence Methods"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6859-7120","authenticated-orcid":false,"given":"Igor","family":"Kotenko","sequence":"first","affiliation":[{"name":"Laboratory of Computer Security Problems, St. Petersburg Federal Research Center of the Russian Academy of Sciences (SPC RAS), 39, 14th Liniya, 199178 St. Petersburg, Russia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9051-5272","authenticated-orcid":false,"given":"Igor","family":"Saenko","sequence":"additional","affiliation":[{"name":"Laboratory of Computer Security Problems, St. Petersburg Federal Research Center of the Russian Academy of Sciences (SPC RAS), 39, 14th Liniya, 199178 St. Petersburg, Russia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Oleg","family":"Lauta","sequence":"additional","affiliation":[{"name":"Department of Integrated Information Security, Admiral Makarov State University of Maritime and Inland Shipping, 5\/7 Dvinskaya st., 198035 St. Petersburg, Russia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexander","family":"Kribel","sequence":"additional","affiliation":[{"name":"Laboratory of Computer Security Problems, St. Petersburg Federal Research Center of the Russian Academy of Sciences (SPC RAS), 39, 14th Liniya, 199178 St. Petersburg, Russia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,10,3]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Kaur, S., and Goel, R. (2016, January 23\u201325). A Review on Data Transmission Techniques for Energy Efficiency in Wireless Sensor Networks. Proceedings of the 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, India.","DOI":"10.1109\/WiSPNET.2016.7566223"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Vyshnavi, S.B., Sree, S.R., and Jayapandian, N. (2019, January 12\u201314). Network Security Tools and Applications in Research Perspective. Proceedings of the 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India.","DOI":"10.1109\/I-SMAC47947.2019.9032526"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Mellia, M., Zincir-Heywood, N., and Diao, Y. (2021). Overview of Network and Service Management. Communication Networks and Service Management in the Era of Artificial Intelligence and Machine Learning, IEEE.","DOI":"10.1002\/9781119675525"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Belej, O., Nestor, N., Polotai, O., and Sadeckii, J. (2019, January 2\u20136). Features of Application of Data Transmission Protocols in Wireless Networks of Sensors. Proceedings of the 2019 3rd International Conference on Advanced Information and Communications Technologies (AICT), Lviv, Ukraine.","DOI":"10.1109\/AIACT.2019.8847878"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"U\u00e7tu, G., Alkan, M., Do\u011fru, \u0130.A., and D\u00f6rterler, M. (2019, January 11\u201313). Perimeter Network Security Solutions: A Survey. Proceedings of the 2019 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT), Ankara, Turkey.","DOI":"10.1109\/ISMSIT.2019.8932821"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Kotenko, I., Saenko, I., Lauta, O., and Kribel, A. (2020). An Approach to Detecting Cyber Attacks against Smart Power Grids Based on the Analysis of Network Traffic Self-Similarity. Energies, 13.","DOI":"10.3390\/en13195031"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Ageev, S., Kotenko, I., Saenko, I., and Kopchak, Y. (2015, January 19\u201321). Abnormal Traffic Detection in Networks of the Internet of Things Based on Fuzzy Logical Inference. Proceedings of the IEEE International Conference on Soft Computing and Measurements (SCM), St. Petersburg, Russia.","DOI":"10.1109\/SCM.2015.7190394"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Desnitsky, V.A., Kotenko, I.V., and Nogin, S.B. (2015, January 19\u201321). Detection of Anomalies in Data for Monitoring of Security Components in the Internet of Things. Proceedings of the IEEE International Conference on Soft Computing and Measurements (SCM), St. Petersburg, Russia.","DOI":"10.1109\/SCM.2015.7190452"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"10153","DOI":"10.1016\/j.eswa.2012.02.125","article-title":"CART-based selection of bankruptcy predictors for the logit model","volume":"39","author":"Masten","year":"2012","journal-title":"Expert Syst. Appl."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"114565","DOI":"10.1016\/j.eswa.2021.114565","article-title":"Fast knot optimization for multivariate adaptive regression splines using hill climbing methods","volume":"171","author":"Ju","year":"2021","journal-title":"Expert Syst. Appl."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1016\/j.ins.2022.03.041","article-title":"Global optimization on non-convex two-way interaction truncated linear multivariate adaptive regression splines using mixed integer quadratic programming","volume":"597","author":"Ju","year":"2022","journal-title":"Inf. Sci."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1267","DOI":"10.1016\/j.enconman.2019.06.082","article-title":"Wind farm layout optimization based on support vector regression guided genetic algorithm with consideration of participation among landowners","volume":"196","author":"Ju","year":"2019","journal-title":"Energy Convers. Manag."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Kotenko, I., Saenko, I., Lauta, O., and Karpov, M. (2021). Methodology for Management of the Protection System of Smart Power Supply Networks in the Context of Cyberattacks. Energies, 14.","DOI":"10.3390\/en14185963"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"104459","DOI":"10.1016\/j.micpro.2022.104459","article-title":"Ensuring the survivability of embedded computer networks based on early detection of cyber attacks by integrating fractal analysis and statistical methods","volume":"90","author":"Kotenko","year":"2022","journal-title":"Microprocess. Microsyst."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1145\/167954.166255","article-title":"On the self-similar nature of Ethernet traffic","volume":"23","author":"Leland","year":"1993","journal-title":"SIGCOMM Comput. Commun."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"116","DOI":"10.7763\/IJMO.2018.V8.635","article-title":"Application of Hurst Exponent (H) and the R\/S Analysis in the Classification of FOREX Securities","volume":"8","author":"Raimundo","year":"2018","journal-title":"Int. J. Model. Optim."},{"key":"ref_17","unstructured":"Dang, T.D., Sonkoly, B., and Molnar, S. (2004, January 13\u201316). Fractal analysis and modeling of VoIP traffic. Proceedings of the 11th International Telecommunications Network Strategy and Planning Symposium (NETWORKS 2004), Vienna, Austria."},{"key":"ref_18","first-page":"1","article-title":"Introducing fractal dimension algorithms to calculate the Hurst exponent of financial time series","volume":"85","year":"2012","journal-title":"Eur. Phys. J. B"},{"key":"ref_19","unstructured":"Labetoulle, J., and Roberts, J.W. (1994). Personal Communication Services and Teletraffic Standardization in ITU-T. The Fundamental Role of Teletraffic in the Evolution of Telecommunications Networks, Proceedings of the 14th International Teletraffic Congress\u2014ITC 14, Antibes Juan-les-Pins, France, 6-10 June 1994, Elsevier."},{"key":"ref_20","first-page":"8","article-title":"Spline-Extrapolation Method in Traffic Forecasting in 5G Networks","volume":"3","author":"Strelkovskaya","year":"2019","journal-title":"J. Telecommun. Inf. Technol."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Ju, F., Yang, J., and Liu, H. (2009, January 6\u20138). Analysis of Self-Similar Traffic Based on the On\/Off Model. Proceedings of the 2009 International Workshop on Chaos-Fractals Theories and Applications, Shenyang, China.","DOI":"10.1109\/IWCFTA.2009.69"},{"key":"ref_22","unstructured":"(2022, January 15). Fractal Objects and Self-Similar Processes. Available online: https:\/\/archive.physionet.org\/tutorials\/fmnc\/node3.html."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"269","DOI":"10.3923\/itj.2012.269.275","article-title":"Hurst Parameter for Security Evaluation of LAN Traffic","volume":"11","author":"Ruoyu","year":"2012","journal-title":"Inf. Technol. J."},{"key":"ref_24","unstructured":"Ably, P., Flandrin, P., Taqqu, M.S., and Veitch, D. (2002). Self-Similarity and long-range dependence through the wavelet lens. Theory and Applications of Long Range Dependence, Birkhauser Press."},{"key":"ref_25","unstructured":"Canadian Electricity Association (2010). Canadian Smart Grid Framework, Canadian Electricity Association."},{"key":"ref_26","unstructured":"Federal Office for Information Security (2014). Protection Profile for the Gateway of a Smart Metering System, Federal Office for Information Security. V.1.2."},{"key":"ref_27","unstructured":"European Network and Information Security Agency (ENISA) (2015). Smart Grid Security: Recommendations for Europe and Member States."},{"key":"ref_28","unstructured":"(2008). Information Technology\u2014Security Techniques\u2014Information Security Risk Management (Standard No. ISO\/IEC 27005)."},{"key":"ref_29","unstructured":"(2013). Information Security Management Guidelines based on ISO\/IEC 27002 for Process Control Systems Specific to the Energy Utility Industry (Standard No. ISO\/IEC TR 27019:2013)."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1136\/ip.2006.013862","article-title":"\u201cRisk Watch\u201d: Cluster randomised controlled trial evaluating an injury prevention program","volume":"13","author":"Kendrick","year":"2007","journal-title":"Inj. Prev."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1109\/MNET.2012.6246750","article-title":"Managing smart grid information in the cloud: Opportunities, model, and applications","volume":"26","author":"Fang","year":"2012","journal-title":"IEEE Netw."},{"key":"ref_32","first-page":"9533","article-title":"Smart Grid Technology: Application and Control","volume":"3","author":"Prasad","year":"2014","journal-title":"Int. J. Adv. Res. Electr. Electron. Instrum. Eng."},{"key":"ref_33","first-page":"547","article-title":"Verordnete Sicherheit\u2014Das Schutzprofil f\u00fcr das Smart Metering Gateway","volume":"35","year":"2014","journal-title":"Datenschutz Datensicherheit"},{"key":"ref_34","unstructured":"(2022, January 15). Protection Profile for the Security Module of a Smart Metering System (Security Module PP). Available online: http:\/\/www.commoncriteriaportal.org\/files\/ppfiles\/pp0077b_pdf.pdf."},{"key":"ref_35","unstructured":"Anwar, A., and Mahmood, A. (2014). Cyber Security of Smart Grid Infrastructure. The State of the Art in Intrusion Prevention and Detection, CRC Press."},{"key":"ref_36","first-page":"339","article-title":"Risk management in information technology using facilitated risk analysis process (FRAP) (case study: Academic information systems of Satya Wacana Christian University)","volume":"68","author":"Bale","year":"2014","journal-title":"J. Theor. Appl. Inf. Technol."},{"key":"ref_37","first-page":"16","article-title":"Risk assessment method for insider threats in cyber security: A review","volume":"9","author":"Nurul","year":"2018","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/S1353-4858(11)70086-1","article-title":"Advanced persistent threats and how to monitor and deter them","volume":"2011","author":"Tankard","year":"2011","journal-title":"Netw. Secur."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Lekidis, A. (2022, January 23\u201326). Cyber-Security Measures for Protecting EPES Systems in the 5G Area. Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES \u201922), Vienna, Austria.","DOI":"10.1145\/3538969.3544476"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Bella, H.K., and Vasundra, S. (2022, January 20\u201322). A study of Security Threats and Attacks in Cloud Computing. Proceedings of the 2022 4th International Conference on Smart Systems and Inventive Technology (ICSSIT), Tirunelveli, India.","DOI":"10.1109\/ICSSIT53264.2022.9716317"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"1245","DOI":"10.1016\/j.comnet.2010.03.005","article-title":"Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines","volume":"54","author":"Sterbenz","year":"2010","journal-title":"Comput. Netw."},{"key":"ref_42","first-page":"428","article-title":"A Comparative Study of Risk Assessment Methods, MEHARI & CRAMM with a New Formal Model of Risk Assessment (FoMRA) in Information Systems","volume":"Volume 7564","author":"Cortesi","year":"2012","journal-title":"Computer Information Systems and Industrial Management. CISIM 2012. Lecture Notes in Computer Science"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Syalim, A., Hori, Y., and Sakurai, K. (2009, January 16-19). Comparison of Risk Analysis Methods: Mehari, Magerit, NIST800-30 and Microsoft\u2019s Security Management Guide. Proceedings of the 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan.","DOI":"10.1109\/ARES.2009.75"},{"key":"ref_44","unstructured":"MEHARI (2022, January 15). Overview. Available online: http:\/\/meharipedia.x10host.com\/wp\/wp-content\/uploads\/2019\/05\/MEHARI-Overview-2019.pdf."},{"key":"ref_45","unstructured":"(2022, January 15). Microsoft Security Center of Excellence. Available online: http:\/\/www.microsoft.com\/rus\/technet\/security."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"790","DOI":"10.1016\/j.comcom.2004.11.001","article-title":"Lognormal and Pareto distributions in the Internet","volume":"28","author":"Downey","year":"2005","journal-title":"Comput. Commun."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"387","DOI":"10.1007\/BF01158964","article-title":"A Storage Model with Self-Similar Input","volume":"16","author":"Norros","year":"1994","journal-title":"Queueing Syst."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Kotenko, I., Saenko, I., Kribel, A., and Lauta, O. (2021, January 10\u201312). A technique for early detection of cyberattacks using the traffic self-similarity property and a statistical approach. Proceedings of the 29th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), Valladolid, Spain.","DOI":"10.1109\/PDP52278.2021.00052"},{"key":"ref_49","first-page":"127","article-title":"LSTM neural networks for detecting anomalies caused by web application cyber attacks","volume":"337","author":"Kotenko","year":"2021","journal-title":"Front. Artif. Intell. Appl."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Visoottiviseth, V., Sakarin, P., Thongwilai, J., and Choobanjong, T. (2020, January 16\u201319). Signature-based and behavior-based attack detection with machine learning for home IoT devices. Proceedings of the 2020 IEEE Region 10 Conference (TENCON), Osaka, Japan.","DOI":"10.1109\/TENCON50793.2020.9293811"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"2511","DOI":"10.1109\/TNSM.2020.3022799","article-title":"A Statistical Approach for Detection of Denial of Service Attacks in Computer Networks","volume":"17","author":"Amma","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Zhe, W., Wei, C., and Chunlin, L. (2020, January 28\u201330). DoS attack detection model of smart grid based on machine learning method. Proceedings of the 2020 IEEE International Conference on Power, Intelligent Computing and Systems (ICPICS), Shenyang, China.","DOI":"10.1109\/ICPICS50287.2020.9202401"},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Shaukat, S., Ali, A., Batool, A., Alqahtani, F., Khan, J.S., and Ahmad, J. (2020, January 17\u201318). Intrusion Detection and Attack Classification Leveraging Machine Learning Technique. Proceedings of the 2020 14th International Conference on Innovations in Information Technology (IIT), Al Ain, United Arab Emirated.","DOI":"10.1109\/IIT50501.2020.9299093"},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"G\u00f3rski, T. (2022). Reconfigurable Smart Contracts for Renewable Energy Exchange with Re-Use of Verification Rules. Appl. Sci., 12.","DOI":"10.3390\/app12115339"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"G\u00f3rski, T. (2022). Continuous Delivery of Blockchain Distributed Applications. Sensors, 22.","DOI":"10.3390\/s22010128"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/19\/7506\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:45:58Z","timestamp":1760143558000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/19\/7506"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,3]]},"references-count":55,"journal-issue":{"issue":"19","published-online":{"date-parts":[[2022,10]]}},"alternative-id":["s22197506"],"URL":"https:\/\/doi.org\/10.3390\/s22197506","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2022,10,3]]}}}