Hybrid AI framework for detecting cyberattacks and predicting cascading failures in power systems

Abstract

The power grid is a critical infrastructure, relies on Supervisory Control and Data Acquisition (SCADA), a computer-based system for real-time monitoring and control of the grid. However, these systems are increasingly being targeted by cyberattackers, posing significant risks to grid stability and security. Existing security solutions focus on either attack detection by verifying their signatures or predicting their cascading failure to isolate the failed component from the rest of the working components. In the current paper, our objective is to detect new or existing attacks and predict their cascading failure. This research accomplish the objective by introducing a new multi-model framework that combines three models, XGBoost, Transformer, and Graph Neural Networks (GNNs), to identify both known and unknown cyberattacks with forecast their cascading impacts on power grid systems. The XGBoost model detects the known attack patterns, which includes Data Injection, Remote Tripping Command Injection, Relay Setting Change Attacks. The Transformer model identifies the deviations from established attack patterns, which result in the discovery of new threats. Our evaluation of grid infrastructure attacks utilizes a GNN-based cascading failure prediction model that represents the power grid as a graph to forecast failure propagation through interconnected nodes. Through rigorous testing using an real world dataset, our framework shows exceptional detection performance while maintaining effective generalization to new attacks and strong cascading failure prediction capabilities. The results showcase accuracy up to 98. 6% and a score of 0.98 F1 in multisource datasets, outperforming single-model baselines.