Cyber-Physical Fusion for GNN-Based Attack Detection in Smart Power Grids
Recent research has shown promise in using machine learning for cyberattack detection in power systems. However, current studies face limitations: a) dependence on either physical or cyber features, overlooking multi-modal cyber-physical (CP) correlations; b) unrealistic full observability assumptions; c) focus on detecting basic attacks instead of advanced threats such as ransomware (RW); and d) use of deep learning (DL) models built for 2D data, despite the graph-structured nature of power systems. To address these gaps, we develop a CP testbed using OPAL-RT and a cyber range to simulate both physical and cyber layers under full and partial observability. The testbed produces a realistic multi-modal dataset covering normal operations and various cyberattacks, including RW, brute force, false data injection, reverse shell, and backdoor. Using this dataset, we design graph neural network (GNN)-based multi-modal intrusion detection systems (IDSs) that fuse CP features and capture spatio-temporal dependencies. Results show that CP fusion improves detection rates (DRs) by up to 16% compared to single-modal inputs. The proposed GNN-based IDSs outperform benchmarks by up to 26% in DR, remain effective under partial observability, and demonstrate up to 6% improvement in scalability when applied to larger system topologies.
Item Type | Article |
---|---|
Additional information | © 2025 The Authors. This work is licensed under a Creative Commons Attribution-Non Commercial-No Derivatives 4.0 License. For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ |
Keywords | cyber-physical, cyberattack detection, graph neural networks, machine learning, power systems, smart grids, energy engineering and power technology, electrical and electronic engineering |
Date Deposited | 22 Aug 2025 10:56 |
Last Modified | 22 Aug 2025 10:56 |