Cyber-Physical Fusion for GNN-Based Attack Detection in Smart Power Grids
Recent research has shown promise in using machine learning for cyberattack detection in power systems. However, current studies face limitations: a) dependence on either physical or cyber features, overlooking multi-modal cyber-physical (CP) correlations; b) unrealistic full observability assumptio...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Open Access Journal of Power and Energy |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11105456/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849239089857953792 |
|---|---|
| author | Jacob Sweeten Amr Elshazly Abdulrahman Takiddin Muhammad Ismail Shady S. Refaat Rachad Atat |
| author_facet | Jacob Sweeten Amr Elshazly Abdulrahman Takiddin Muhammad Ismail Shady S. Refaat Rachad Atat |
| author_sort | Jacob Sweeten |
| collection | DOAJ |
| description | Recent research has shown promise in using machine learning for cyberattack detection in power systems. However, current studies face limitations: a) dependence on either physical or cyber features, overlooking multi-modal cyber-physical (CP) correlations; b) unrealistic full observability assumptions; c) focus on detecting basic attacks instead of advanced threats such as ransomware (RW); and d) use of deep learning (DL) models built for 2D data, despite the graph-structured nature of power systems. To address these gaps, we develop a CP testbed using OPAL-RT and a cyber range to simulate both physical and cyber layers under full and partial observability. The testbed produces a realistic multi-modal dataset covering normal operations and various cyberattacks, including RW, brute force, false data injection, reverse shell, and backdoor. Using this dataset, we design graph neural network (GNN)-based multi-modal intrusion detection systems (IDSs) that fuse CP features and capture spatio-temporal dependencies. Results show that CP fusion improves detection rates (DRs) by up to 16% compared to single-modal inputs. The proposed GNN-based IDSs outperform benchmarks by up to 26% in DR, remain effective under partial observability, and demonstrate up to 6% improvement in scalability when applied to larger system topologies. |
| format | Article |
| id | doaj-art-451e88098fb945d58a8577be98ff6b50 |
| institution | Kabale University |
| issn | 2687-7910 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Open Access Journal of Power and Energy |
| spelling | doaj-art-451e88098fb945d58a8577be98ff6b502025-08-20T04:01:15ZengIEEEIEEE Open Access Journal of Power and Energy2687-79102025-01-011251552810.1109/OAJPE.2025.359462511105456Cyber-Physical Fusion for GNN-Based Attack Detection in Smart Power GridsJacob Sweeten0Amr Elshazly1https://orcid.org/0009-0005-5224-0721Abdulrahman Takiddin2https://orcid.org/0000-0003-4793-003XMuhammad Ismail3https://orcid.org/0000-0002-8051-9747Shady S. Refaat4https://orcid.org/0000-0001-9392-6141Rachad Atat5https://orcid.org/0000-0001-8075-6243Cybersecurity Education, Research, and Outreach Center (CEROC), Tennessee Technological University, Cookeville, TN, USACybersecurity Education, Research, and Outreach Center (CEROC), Tennessee Technological University, Cookeville, TN, USADepartment of Electrical and Computer Engineering, FAMU-FSU College of Engineering, Florida State University, Tallahassee, FL, USACybersecurity Education, Research, and Outreach Center (CEROC), Tennessee Technological University, Cookeville, TN, USASchool of Physics, Engineering, and Computer Science, University of Hertfordshire, Hatfield, U.K.Department of Computer Science and Mathematics, Lebanese American University, Beirut, LebanonRecent research has shown promise in using machine learning for cyberattack detection in power systems. However, current studies face limitations: a) dependence on either physical or cyber features, overlooking multi-modal cyber-physical (CP) correlations; b) unrealistic full observability assumptions; c) focus on detecting basic attacks instead of advanced threats such as ransomware (RW); and d) use of deep learning (DL) models built for 2D data, despite the graph-structured nature of power systems. To address these gaps, we develop a CP testbed using OPAL-RT and a cyber range to simulate both physical and cyber layers under full and partial observability. The testbed produces a realistic multi-modal dataset covering normal operations and various cyberattacks, including RW, brute force, false data injection, reverse shell, and backdoor. Using this dataset, we design graph neural network (GNN)-based multi-modal intrusion detection systems (IDSs) that fuse CP features and capture spatio-temporal dependencies. Results show that CP fusion improves detection rates (DRs) by up to 16% compared to single-modal inputs. The proposed GNN-based IDSs outperform benchmarks by up to 26% in DR, remain effective under partial observability, and demonstrate up to 6% improvement in scalability when applied to larger system topologies.https://ieeexplore.ieee.org/document/11105456/Cyber-physicalcyberattack detectionpower systemsgraph neural networksmachine learningsmart grids |
| spellingShingle | Jacob Sweeten Amr Elshazly Abdulrahman Takiddin Muhammad Ismail Shady S. Refaat Rachad Atat Cyber-Physical Fusion for GNN-Based Attack Detection in Smart Power Grids IEEE Open Access Journal of Power and Energy Cyber-physical cyberattack detection power systems graph neural networks machine learning smart grids |
| title | Cyber-Physical Fusion for GNN-Based Attack Detection in Smart Power Grids |
| title_full | Cyber-Physical Fusion for GNN-Based Attack Detection in Smart Power Grids |
| title_fullStr | Cyber-Physical Fusion for GNN-Based Attack Detection in Smart Power Grids |
| title_full_unstemmed | Cyber-Physical Fusion for GNN-Based Attack Detection in Smart Power Grids |
| title_short | Cyber-Physical Fusion for GNN-Based Attack Detection in Smart Power Grids |
| title_sort | cyber physical fusion for gnn based attack detection in smart power grids |
| topic | Cyber-physical cyberattack detection power systems graph neural networks machine learning smart grids |
| url | https://ieeexplore.ieee.org/document/11105456/ |
| work_keys_str_mv | AT jacobsweeten cyberphysicalfusionforgnnbasedattackdetectioninsmartpowergrids AT amrelshazly cyberphysicalfusionforgnnbasedattackdetectioninsmartpowergrids AT abdulrahmantakiddin cyberphysicalfusionforgnnbasedattackdetectioninsmartpowergrids AT muhammadismail cyberphysicalfusionforgnnbasedattackdetectioninsmartpowergrids AT shadysrefaat cyberphysicalfusionforgnnbasedattackdetectioninsmartpowergrids AT rachadatat cyberphysicalfusionforgnnbasedattackdetectioninsmartpowergrids |