AI-based Intrusion Detection for RISC-V Platforms in Electric Power and Energy Systems (AID4RISC-V-EPES)

The AID4RISC-V-EPES lab access enabled a continuation of a previous innovative validation 
activities of intrusion detection in digital substations of Electric Power and Energy Systems 
(EPES). In a previous lab access at NSGL in Trondheim, we managed to design and imple
ment a wide area testbench offering hardware-in-the-loop substation operational environment 
with emulated PowerGrid data. This allowed us to perform advanced validation of a private 
company’s R&D asset of anomaly-based intrusion detection of high impact attacks.  
This lab access extended the previous testbench with a focused Edge computing and RISC-V 
processor architecture to enable validation of our intrusion detection on edge.   
This new application is strongly aligned with an ongoing EU co-funded project CROSSCON1, 
and allows us to implement a new (external) use case for the project of protecting edge appli
cations executed on RISC-V processor platforms in digital substations. In our context, the edge 
application is an implementation of IEC 61850 GOOSE/SV protection function and communi
cations in a physical bus in a substation testbed. 
There is a strong innovation direction in the EU on adoption of open-source hardware-based 
solutions, such as those based on RISC-V, for a range of application domains including HPC, 
IoT, Cloud-edge continuum, automotive, etc. 
The main results of this lab access can be summarised as (i) Optimised deep learning models 
for detection of cyber-attacks on the Edge; and (ii) Performance evaluation of deep learning 
models on embedded systems and restricted IoT devices, such as Xilinx Arty Z7.    
Regarding optimisation, we managed to co-relate DL model architecture and parameters size 
to the efficiency of ARM and RISC-V processors. Particularly, we found an optimal state of 
the size of model parameters that allowed efficient execution of models and at the same time 
maintain an excellent detection rate of attacks. 
Furthermore, the size of the model is a factor of several times smaller in memory than the 
full model parameters size, and the prediction time per single flow telemetry improved 99%.  
We do, however, recognise that there is always a price on decreasing the parameters’ state 
size where some deviations of traffic may not be detected as in full state, but in our experi
ments, we did not observe any deficiency or any limit of detection.  
We evaluated the performance of our deep learning models on (i) bare-metal RISC-V imple
mentation on Xilinx Arty Z7 board; and (ii) Linux system on ARM Cortex A76 on Raspberry 
Pi 5. 
We concluded that our intrusion detection solution is efficient and scalable on edge compu
ting either as a full system deployed on ARM processors, or using RISC-V as a hardware 
accelerator for our model execution on bare metal. The benefit of RISC-V bare metal model 
execution is the constant performance in prediction per second of deep learning, and also in 
terms of energy efficiency of the RISC-V instruction set.  
A follow up joint publication is planned on the results of the lab access application.