Machine Learning in Smart Grid Security: A Survey on Cyber Threat Identification and Prevention Methods
Keywords:
Advanced Metering Infrastructure (AMI), Anomaly detection, Cyber threat detection, Cybersecurity, Machine learning, Smart gridsAbstract
The revolution of old power systems into smart grids has greatly improved efficiencies, reliabilities, and sustainability of electricity distribution due to the increased ability to use advanced communications technologies, distributed energy resources and digital infrastructures. Advanced cyber-attacks, such as fake data injection, denial-of-service, malware, and ransomware, have become more common despite this technological milestone leading to a stronger defense of vital assets, including AMI, SCADA, PMUs, and DERs. This research delves into how smart grids are utilizing ML techniques for cyber threat detection, specifically looking at how these methods might offer data-driven, adaptable, and scalable solutions. Models such as KNN, SVM, RF, GNN, Transformer encoders, and federated learning are evaluated for their proficiency in detecting both existing and new threats. ML techniques, such as supervised and unsupervised learning, as well as RL, are also considered. The study's findings show that these intelligent methods may significantly improve operational risk countering, live-time anomaly detection, and detection precision. They outline the problems with data quality, model interpretability, dependability, and data privacy, and provide solutions to address them. To make next-gen smart grid systems more cybersecurity resilient, the results demonstrate the importance of developing lightweight ML frameworks that are scalable and protect users' privacy when handling high-dimensional, multidimensional data.
References
V. Thapliyal and P. Thapliyal, “Machine Learning for Cybersecurity: Threat Detection, Prevention, and Response,” Darpan International Research Analysis, vol. 12, no. 1, pp. 1–7, Feb. 2024, doi: https://doi.org/10.36676/dira.v12.i1.01.
Abhishek and P. Khare, “Cloud Security Challenges: Implementing Best Practices for Secure SaaS Application Development - Inpressco,” Inpressco.com, 2025. https://inpressco.com/cloud-security-challenges-implementing-best-practices-for-secure-saas-application-development/
S. B. Shah, “Machine Learning for Cyber Threat Detection and Prevention in Critical Infrastructure,” Journal of Global Research in Electronics and Communication, 2025, doi: https://zenodo.org/records/14955016.
I. Qiqieh, O. Alzubi, J. Alzubi, K. C. Sreedhar, and A. M. Al-Zoubi, “An intelligent cyber threat detection: A swarm-optimized machine learning approach,” Alexandria Engineering Journal, Dec. 2024, doi: https://doi.org/10.1016/j.aej.2024.12.039.
C. P. Ohanu, S. A. Rufai, and U. C. Oluchi, “A comprehensive review of recent developments in smart grid through renewable energy resources integration,” Heliyon, vol. 10, no. 3, p. e25705, Feb. 2024, doi: https://doi.org/10.1016/j.heliyon.2024.e25705.
W. Wang and Z. Lu, “Cyber security in the Smart Grid: Survey and challenges,” Computer Networks, vol. 57, no. 5, pp. 1344–1371, Apr. 2013, doi: https://doi.org/10.1016/j.comnet.2012.12.017.
P. Jindal and B. Singh, “Optimization of the Security-Performance Tradeoff in RC4 Encryption Algorithm,” Wireless Personal Communications, vol. 92, no. 3, pp. 1221–1250, Aug. 2016, doi: https://doi.org/10.1007/s11277-016-3603-3.
Z. E. Mrabet, N. Kaabouch, H. E. Ghazi, and H. E. Ghazi, “Cyber-security in smart grid: Survey and challenges,” Computers & Electrical Engineering, vol. 67, pp. 469–482, Apr. 2018, doi: https://doi.org/10.1016/j.compeleceng.2018.01.015.
S. Narang and A. Gogineni, “Zero-Trust Security in Intrusion Detection Networks: An AI-Powered Threat Detection in Cloud Environment,” International Journal of Scientific Research and Modern Technology, pp. 60–70, Jun. 2025, doi: https://doi.org/10.38124/ijsrmt.v4i5.542.
T. T. Khoei, H. O. Slimane, and N. Kaabouch, “A Comprehensive Survey on the Cyber-Security of Smart Grids: Cyber-Attacks, Detection, Countermeasure Techniques, and Future Directions,” arXiv:2207.07738 [cs], Jun. 2022, Available: https://arxiv.org/abs/2207.07738
H. Chandu, “Efficient Machine Learning Approaches for Energy Optimization in Smart Grid Systems,” 2024. Accessed: Sep. 19, 2025. [Online]. Available: https://ijsart.com/public/storage/paper/pdf/IJSARTV10I999428.pdf
I. Khanza, F. D. Yulian, N. Khairunnisa, and N. A. Yusuf, “Evaluating the Effectiveness of Machine Learning in Cyber Threat Detection,” Journal of Computer Science and Technology Application, vol. 1, no. 2, pp. 172–179, Aug. 2024, doi: https://doi.org/10.33050/ysdncf0
V. Thangaraju, “Enhancing Web Application Performance and Security Using AI-Driven Anomaly Detection and Optimization Techniques,” International Research Journal of Innovations in Engineering and Technology, vol. 09, no. 03, pp. 205–212, 2025, doi: https://doi.org/10.47001/irjiet/2025.903027
N. K. Prajapati, “Federated Learning for Privacy-Preserving Cybersecurity: A Review on Secure Threat Detection,” International Journal of Advanced Research in Science, Communication and Technology, pp. 520–528, Apr. 2025, doi: https://doi.org/10.48175/ijarsct-25168.
I. Lopez and A. Sargolzaei, “Smart Grid Cyber Security: An Overview of Threats and Countermeasures -David Publishing Company,” Davidpublisher.com, 2015. https://www.davidpublisher.com/index.php/Home/Article/index?id=14626.html .
R. Patel, “Automated Threat Detection and Risk Mitigation for ICS (Industrial Control Systems) Employing Deep Learning in Cybersecurity Defence - Inpressco,” Inpressco.com, 2025. https://inpressco.com/automated-threat-detection-and-risk-mitigation-for-ics-industrial-control-systems-employing-deep-learning-in-cybersecurity-defence/
V. S. Thokala, “Improving Data Security and Privacy in Web Applications: A Study of Serverless Architecture,” Tijer - International Research Journal, vol. 11, no. 12, pp. a74–a82a74–a82, Dec. 2024, Accessed: Sep. 19, 2025. Available: https://tijer.org/tijer/viewpaperforall.php?paper=tijer2412011
I. Achaal, M. Berger, H. Ibrahim, and A. Awde, “Study of smart grid cyber-security, examining architectures, communication networks, cyber-attacks, countermeasure techniques, and challenges,” Cybersecurity, vol. 7, no. 1, May 2024, doi: https://doi.org/10.1186/s42400-023-00200-w.
A. Gopstein, C. Nguyen, C. O’Fallon, N. Hastings, and D. A. Wollman, “NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0,” NIST, Feb. 2021, Available: https://www.nist.gov/publications/nist-framework-and-roadmap-smart-grid-interoperability-standards-release-40
M. Kallitsis, S. Bhattacharya, S. Stoev, and G. Michailidis, “Adaptive statistical detection of false data injection attacks in smart grids,” 2016 IEEE Global Conference on Signal and Information Processing (GlobalSIP), Dec. 2016, doi: https://doi.org/10.1109/globalsip.2016.7905958.
P. Siano, “Demand response and smart grids A survey,” Renewable and Sustainable Energy Reviews, vol. 30, pp. 461–478, Feb. 2014, doi: https://doi.org/10.1016/j.rser.2013.10.022.
J. Zhou, R. Qingyang Hu, and Y. Qian, “Scalable Distributed Communication Architectures to Support Advanced Metering Infrastructure in Smart Grid,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 9, pp. 1632–1642, Sep. 2012, doi: https://doi.org/10.1109/tpds.2012.53.
K. McKenna, P. Gotseff, M. Chee, and E. Ifuku, “Advanced Metering Infrastructure for Distribution Planning and Operation: Closing the loop on grid-edge visibility,” IEEE Electrification Magazine, vol. 10, no. 4, pp. 58–65, Dec. 2022, doi: https://doi.org/10.1109/mele.2022.3211102.
M. A. Alomari, M. N. Al-Andoli, M. Ghaleb, R. Thabit, G. Alkawsi, and AbdulGuddoos S. A. Gaid, “Security of Smart Grid: Cybersecurity Issues, Potential Cyberattacks, Major Incidents, and Future Directions,” Energies, vol. 18, no. 1, pp. 141–141, Jan. 2025, doi: https://doi.org/10.3390/en18010141.
A. Monti, C. Muscas, and F. Ponci, Phasor measurement units and wide area monitoring systems: from the sensors to the system. Amsterdam: Elsevier, 2016.
J. Hu, X. Yang, and L.-X. Yang, “A Framework for Detecting False Data Injection Attacks in Large-Scale Wireless Sensor Networks,” Sensors, vol. 24, no. 5, p. 1643, Jan. 2024, doi: https://doi.org/10.3390/s24051643.
A. Singh and B. B. Gupta, “Distributed Denial-of-Service (DDoS) Attacks and Defence Mechanisms in Various Web-enabled Computing Platforms,” International Journal on Semantic Web and Information Systems, vol. 18, no. 1, Jan. 2022, doi: https://doi.org/10.4018/ijswis.297143.
A. Kapoor, A. Gupta, R. Gupta, S. Tanwar, G. Sharma, and I. E. Davidson, “Ransomware Detection, Avoidance, and Mitigation Scheme: A Review and Future Directions,” Sustainability, vol. 14, no. 1, p. 8, Dec. 2021, doi: https://doi.org/10.3390/su14010008.
S. Pandya, “Predictive Analytics in Smart Grids: Leveraging Machine Learning for Renewable Energy Sources - Inpressco,” Inpressco.com, 2025. https://inpressco.com/predictive-analytics-in-smart-grids-leveraging-machine-learning-for-renewable-energy-sources/
S. A. Pahune, P. Matapurkar, S. Mathur, and H. Sinha, “Generative Adversarial Networks for Improving Detection of Network Intrusions in IoT Environments,” In 2025 4th International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE) pp. 1–6, Apr. 2025, doi: https://doi.org/10.1109/icdcece65353.2025.11035844.
K. Shaukat, S. Luo, S. Chen, and D. Liu, “Cyber Threat Detection Using Machine Learning Techniques: A Performance Evaluation Perspective,” IEEE Xplore, Oct. 01, 2020. https://ieeexplore.ieee.org/abstract/document/9292388/
B. Srinivas, “Enhancing Cybersecurity with Machine Learning: Algorithms and Approaches,” International Journal of Intelligent Systems and Applications in Engineering, vol. 12, no. 22s, pp. 210–220, Mar. 2023, Available: https://ijisae.org/index.php/IJISAE/article/view/6410
R. Brewer, “Cyber threats: reducing the time to detection and response,” Network Security, vol. 2015, no. 5, pp. 5–8, May 2015, doi: https://doi.org/10.1016/s1353-4858(15)30037-4.
A. Oyetoro and J. Mart, “Using Machine Learning Techniques, Random Forest and Neural Network to Detect Cyber Attacks,” ScienceOpen Preprints, Apr. 2023, doi: https://doi.org/10.14293/pr2199.000059.v1.
A. N. Saud, N. W. Khalid, and B. H. Ali, “The importance of the clustering model to detect new types of intrusion in data traffic,” arXiv.org, 2024. https://arxiv.org/abs/2411.14550
K. Chahar and Dr. F. Prakash, “Enhancing Cyber Threat Detection Through Big Data Analytics and ChatGPT,” International Journal of Research Publication and Reviews, vol. 5, no. 3, pp. 4141–4148, Mar. 2024, doi: https://doi.org/10.55248/gengpi.5.0324.07100.
J. Anda, V. Kulugh, G. Aimufua, Y. Ozogwu, and H. Bala, “Applications and Challenges of Artificial Intelligence in Cybersecurity,” Dutse Journal of Pure and Applied Sciences, vol. 11, no. 1c, pp. 130–143, 2025, Accessed: Jul. 26, 2025. Available: https://www.ajol.info/index.php/dujopas/article/view/293446
Q. Yang, “Applications and Challenges of Artificial Intelligence in the Field of Cybersecurity,” Transactions on Computer Science and Intelligent Systems Research, vol. 9, pp. 515–521, Jul. 2025, doi: https://doi.org/10.62051/syb39j62.
R. G. Nikhita and R. Ugander G. J., “A Study of Cyber Security Challenges and Its Emerging Trends on Latest Technologies,” arXiv.org, 2014. https://arxiv.org/abs/1402.1842
A. A, K. S, P. C. Saranya, and D. Arumugam, “Securing Smart Grid IoT System using A Robust RNN based Cyberattack Detection Framework,” 2022 International Conference on Electronics and Renewable Systems (ICEARS), pp. 617–622, Feb. 2025, doi: https://doi.org/10.1109/icears64219.2025.10940607.
M. Sethi and V. Verma, “Improving Intrusion Detection Systems using Reinforcement Learning: Responding to New Cyber Attacks and Threats,” 2021 International Conference on Emerging Smart Computing and Informatics (ESCI), pp. 1–6, Mar. 2025, doi: https://doi.org/10.1109/esci63694.2025.10988432.
R. Dali, S. H. Fouad, and S. Djennoune, “Detection of Cyber-Attacks on the Smart Grid Using an Unknown Input Observer,” 2021 International Conference on Electrical, Computer and Energy Technologies (ICECET), pp. 1–7, Jul. 2024, doi: https://doi.org/10.1109/icecet61485.2024.10698525.
L. M, M. M. Adnan, R. A. Reddy, G. Vasukidevi, and A. G., “A Graph Neural Network and Transformer Encoder Technique for Anomaly and Cyber Threat Detection in Smart Grids,” 2024 International Conference on Intelligent Algorithms for Computational Intelligence Systems (IACIS), pp. 1–4, Aug. 2024, doi: https://doi.org/10.1109/iacis61494.2024.10721753.
S. Sheikhi and P. Kostakos, “Cyber threat hunting using unsupervised federated learning and adversary emulation,” 2023 IEEE International Conference on Cyber Security and Resilience (CSR), Jul. 2023, doi: https://doi.org/10.1109/csr57506.2023.10224990.
I. Liu, D. Du, C. Zhang, C. Peng, and M. Fei, “Observability Analysis of Networked Control Systems Under DoS Attacks,” IECON 2023- 49th Annual Conference of the IEEE Industrial Electronics Society, pp. 1–6, Oct. 2023, doi: https://doi.org/10.1109/iecon51785.2023.10312197.
B. Hyder and M. Govindarasu, “A Novel Methodology for Cybersecurity Investment Optimization in Smart Grids using Attack-Defense Trees and Game Theory,” IEEE Xplore, Apr. 01, 2022. https://ieeexplore.ieee.org/document/9817467.
