Abstract
A substation is integral to the functioning of a power grid, enabling the efficient and safe transmission and distribution of electrical energy to meet the demands of consumers. The digital transformation of critical infrastructures, particularly in the electric power sector, such as the emergence of intelligent substations, is a double-edged sword. While it brings about efficiency improvements and consumer-centric advancements, it raises concerns about the heightened vulnerability to cyberattacks. This article proposes a new static-dynamic strategy for host security detection by implementing a system prototype and evaluating its detection accuracy. To reduce the subjectivity in manually selecting features, we combine classified protection for cybersecurity-related standards and construct the requirement generation algorithm to construct a network security detection standard library for the substation host. Based on this, we develop strategy generation algorithm to match the list of host detection projects to obtain the security detection strategy of the target host. Moreover, we output and analyze the detection logs to obtain a security detection report. The prototype is efficient and effective through practical use, and it serves as a practical tool in substation host security detection. The experiments suggest that the mechanism proposed in our study can operate at a high speed and demonstrates satisfactory performance in terms of detection.