Abstract
Modern power systems are subjected to natural disruptions and cyberattacks, both of which have the potential to have catastrophic consequences on the grid’s stability and security. Besides, due to the sophistication of cyber-physical threats, including techniques like false data injection and command tampering, comprehensive detection strategies to counter the vulnerabilities have become an absolute necessity. Traditional detection methods are inherently constrained in their capabilities since they treat physical failures and cyber intrusions as independent problems and use unclear models that hardly suffice for the enormous trustworthiness required in making high-stakes decisions. This study presents a heterogeneous data-driven framework that seeks to unify disturbance and intrusion detection using time-synchronized measurements. This framework utilizes advanced pre-processing techniques, multi-strategy feature selection approaches, and ensemble machine learning model implementations, all of which were optimized using Optuna. The framework employed permutation SHAP to enhance explainability and transparency by delivering interpretable insights regarding feature contributions. The experiments performed across 37 different event scenarios in binary, three-class, and multi-class settings prove the superior performance of the proposed framework. The best models showed precision, recall, F1-score, accuracy, and specificity exceeding 96%. Besides, the average performance across the aggregated datasets surpassed 93%. These results prove the effectiveness and the practicality of the framework toward the awareness and resilience of the smart grid, serving as an interpretable and scalable approach to countering ever-evolving cyber-physical threats.
Similar content being viewed by others
Data availibility
The dataset utilized in this study was developed collaboratively by researchers at Mississippi State University and ORNL. The dataset is available at: https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets
References
Abdelkader, S. et al. Securing modern power systems: Implementing comprehensive strategies to enhance resilience and reliability against cyber-attacks. Results Eng. 23, 102647 (2024).
Latvakoski, J., Mäki, K., Ronkainen, J., Julku, J. & Koivusaari, J. Simulation-based approach for studying the balancing of local smart grids with electric vehicle batteries. Systems 3, 81–108 (2015).
Nafees, M. N., Saxena, N., Cardenas, A., Grijalva, S. & Burnap, P. Smart grid cyber-physical situational awareness of complex operational technology attacks: A review. ACM Comput. Surv. 55, 1–36 (2023).
Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C. & Lopez, J. A survey of IOT-enabled cyberattacks: Assessing attack paths to critical infrastructures and services. IEEE Commun. Surv. Tutor. 20, 3453–3495 (2018).
Nandanwar, H. & Katarya, R. Securing industry 5.0: An explainable deep learning model for intrusion detection in cyber-physical systems. Comput. Electric. Eng. 123, 110161 (2025).
Illiano, V. P. & Lupu, E. C. Detecting malicious data injections in wireless sensor networks: A survey. ACM Comput. Surv. (CSUR) 48, 1–33 (2015).
Nandanwar, H. & Katarya, R. Privacy-preserving data sharing in blockchain-enabled IOT healthcare management system. Comput. J. bxaf065 (2025).
Xing, W. & Shen, J. Security control of cyber-physical systems under cyber attacks: A survey. Sensors 24, 3815 (2024).
Duo, W., Zhou, M. & Abusorrah, A. A survey of cyber attacks on cyber physical systems: Recent advances and challenges. IEEE/CAA J. Autom. Sin. 9, 784–800 (2022).
Nandanwar, H. & Katarya, R. Optimized intrusion detection and secure data management in IOT networks using gao-xgboost and ecc-integrated blockchain framework. Knowl. Inf. Syst. 1–56 (2025).
Pan, S., Morris, T. & Adhikari, U. Classification of disturbances and cyber-attacks in power systems using heterogeneous time-synchronized data. IEEE Trans. Indus. Inform. 11, 650–662 (2015).
Nandanwar, H. & Katarya, R. A secure and privacy-preserving ids for IOT networks using hybrid blockchain and federated learning. In International Conference on Next-Generation Communication and Computing. 207–219 (Springer, 2024).
Timusk, M., Lipsett, M. & Mechefske, C. K. Fault detection using transient machine signals. Mech. Syst. Signal Process. 22, 1724–1749 (2008).
Xu, X. & Karney, B. An overview of transient fault detection techniques. In Modeling and Monitoring of Pipelines and Networks: Advanced Tools for Automatic Monitoring and Supervision of Pipelines. 13–37 (2017).
Deng, R., Xiao, G., Lu, R., Liang, H. & Vasilakos, A. V. False data injection on state estimation in power systems-attacks, impacts, and defense: A survey. IEEE Trans. Indus. Inform. 13, 411–423 (2016).
Chakrabarty, S. & Sikdar, B. Detection of malicious command injection attacks on phase shifter control in power systems. IEEE Trans. Power Syst. 36, 271–280 (2020).
Ramanan, P., Li, D. & Gebraeel, N. Blockchain-based decentralized replay attack detection for large-scale power systems. IEEE Trans. Syst. Man Cybern. Syst. 52, 4727–4739 (2021).
Abdi, N. M. Deep Reinforcement Learning Based Moving Target Defense for Mitigating False Data Injection Attacks in Power Grids. Master’s Thesis, Hamad Bin Khalifa University (Qatar) (2024).
Alserhani, F. & Aljared, A. Evaluating ensemble learning mechanisms for predicting advanced cyber attacks. Appl. Sci. 13, 13310 (2023).
Aljabri, M. et al. Intelligent techniques for detecting network attacks: Review and research directions. Sensors 21, 7070 (2021).
Nandanwar, H. & Katarya, R. A hybrid blockchain-based framework for securing intrusion detection systems in internet of things. Cluster Comput. 28, 471 (2025).
Negi, M. Towards the integration of IT/OT technologies in electricity based digitalized energy systems. (University of VAASA, 2024).
Mchirgui, N., Quadar, N., Kraiem, H. & Lakhssassi, A. The applications and challenges of digital twin technology in smart grids: A comprehensive review. Appl. Sci. 14, 10933 (2024).
Ma, R., Chen, H.-H., Huang, Y.-R. & Meng, W. Smart grid communication: Its challenges and opportunities. IEEE Trans. Smart Grid 4, 36–46 (2013).
Kumar, P. et al. Smart grid metering networks: A survey on security, privacy and open research issues. IEEE Commun. Surv. Tutor. 21, 2886–2927 (2019).
Nandanwar, H. & Katarya, R. Tl-bilstm IOT: Transfer learning model for prediction of intrusion detection system in IOT environment. Int. J. Inf. Secur. 23, 1251–1277 (2024).
Bekara, C. Security issues and challenges for the IOT-based smart grid. Proc. Comput. Sci. 34, 532–537 (2014).
Dalipi, F. & Yayilgan, S. Y. Security and privacy considerations for IOT application on smart grids: Survey and research challenges. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW). 63–68 (IEEE, 2016).
Ankitdeshpandey & Karthi, R. Development of intrusion detection system using deep learning for classifying attacks in power systems. In Soft Computing: Theories and Applications: Proceedings of SoCTA 2019. 755–766 (Springer, 2020).
Hink, R. C. B. et al. Machine learning for power system disturbance and cyber-attack discrimination. In 2014 7th International Symposium on Resilient Control Systems (ISRCS). 1–8 (IEEE, 2014).
Pan, S., Morris, T. & Adhikari, U. Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans. Smart Grid 6, 3104–3113 (2015).
Pan, S., Morris, T. H. & Adhikari, U. A specification-based intrusion detection framework for cyber-physical environment in electric power system. Int. J. Netw. Secur. 17, 174–188 (2015).
Zaman, M., Upadhyay, D. & Lung, C.-H. Validation of a machine learning-based ids design framework using ornl datasets for power system with scada. IEEE Access 11, 118414–118426 (2023).
Panthi, M. & Das, T. K. Intelligent intrusion detection scheme for smart power-grid using optimized ensemble learning on selected features. Int. J. Crit. Infrastruct. Protect. 39, 100567 (2022).
Naeem, H., Ullah, F. & Srivastava, G. Classification of intrusion cyber-attacks in smart power grids using deep ensemble learning with metaheuristic-based optimization. Expert Syst. 42, e13556 (2025).
Tian, J. et al. Evade: targeted adversarial false data injection attacks for state estimation in smart grid. In IEEE Transactions on Sustainable Computing (2024).
Tian, J. et al. Lesson: Multi-label adversarial false data injection attack for deep learning locational detection. IEEE Trans. Depend. Secure Comput. 21, 4418–4432 (2024).
Tian, J. et al. Joint adversarial example and false data injection attacks for state estimation in power systems. IEEE Trans. Cybern. 52, 13699–13713 (2021).
Jia, W., Sun, M., Lian, J. & Hou, S. Feature dimensionality reduction: A review. Complex Intell. Syst. 8, 2663–2693 (2022).
Hopf, K. & Reifenrath, S. Filter methods for feature selection in supervised machine learning applications—Review and benchmark. arXiv:2111.12140 (2021).
Learning, U. M. & Reduction, D. Principal Component Analysis. PCA–A Primer, Employing PCA, Introd. k (2023).
Jeon, H. & Oh, S. Hybrid-recursive feature elimination for efficient feature selection. Appl. Sci. 10, 3211 (2020).
Leiva-Murillo, J. M. & Artes-Rodriguez, A. Maximization of mutual information for supervised linear feature extraction. IEEE Trans. Neural Netw. 18, 1433–1441 (2007).
Omar, E. D. et al. Comparative analysis of logistic regression, gradient boosted trees, svm, and random forest algorithms for prediction of acute kidney injury requiring dialysis after cardiac surgery. Int. J. Nephrol. Renovasc. Dis. 197–204 (2024).
Akiba, T., Sano, S., Yanase, T., Ohta, T. & Koyama, M. Optuna: A next-generation hyperparameter optimization framework. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 2623–2631 (2019).
Watanabe, S. Tree-structured Parzen estimator: Understanding its algorithm components and their roles for better empirical performance. arXiv:2304.11127 (2023).
Zhan, D. & Xing, H. Expected improvement for expensive optimization: A review. J. Glob. Optim. 78, 507–544 (2020).
Hassanali, M., Soltanaghaei, M., Javdani Gandomani, T. & Zamani Boroujeni, F. Software development effort estimation using boosting algorithms and automatic tuning of hyperparameters with optuna. J. Softw. Evol. Process 36, e2665 (2024).
Huber, K. T., Moulton, V., Lockhart, P. & Dress, A. Pruned median networks: A technique for reducing the complexity of median networks. Mol. Phylogenet. Evol. 19, 302–310 (2001).
He, Y. & Xiao, L. Structured pruning for deep convolutional neural networks: A survey. IEEE Trans. Pattern Anal. Mach. Intell. 46, 2900–2919 (2023).
Vujović, Ž et al. Classification model evaluation metrics. Int. J. Adv. Comput. Sci. Appl. 12, 599–606 (2021).
Barratt, S. & Sharma, R. Optimizing for generalization in machine learning with cross-validation gradients. arXiv:1805.07072 (2018).
Sathyanarayanan, S. & Tantri, B. R. Confusion matrix-based performance evaluation metrics. Afr. J. Biomed. Res. 4023–4031 (2024).
Lundberg, S. M. & Lee, S.-I. A unified approach to interpreting model predictions. Adv. Neural Inf. Process. Syst. 30 (2017).
Enemosah, A. & Ifeanyi, O. G. Scada in the era of IOT: Automation, cloud-driven security, and machine learning applications. Int. J. Sci. Res. Arch. 13, 3417–3435 (2024).
Šenk, I., Tegeltija, S. & Tarjan, L. Machine learning in modern scada systems: Opportunities and challenges. In 2024 23rd International Symposium INFOTEH-JAHORINA (INFOTEH). 1–5 (IEEE, 2024).
Kumar, R. & Sharma, A. Edge Ai: A review of machine learning models for resource-constrained devices. Artif. Intell. Mach. Learn. Rev. 5, 1–11 (2024).
Ngo, D., Park, H.-C. & Kang, B. Edge intelligence: A review of deep neural network inference in resource-limited environments. Electronics 14, 2495 (2025).
Smith, J. Explainable AI for threat intelligence and incident response. Available at SSRN 5140447 (2020).
Asaye, L. et al. Predicting and understanding emergency shutdown durations level of pipeline incidents using machine learning models and explainable AI. Processes 13, 445 (2025).
Author information
Authors and Affiliations
Contributions
Conceptualization, M.F. and M.A.; Data curation, S.A.A. and M.A.; Formal analysis, M.M.A. and A.I.S.; Investigation, S.A.A. and A.I.S.; Methodology, M.F., H.M.B., and M.A.E.; Software, M.F, M.M.A. , H.M.B., and A.I.S.; Validation, M.M.A. and S.A.A.; Visualization, S.A.A., M.A., and M.B.; Writing—review and editing, M.F., M.A.E., and M.B.; Supervision, M.A.E.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
About this article
Cite this article
Farsi, M., Alwateer, M., Alsaedi, S.A. et al. Detection of disturbances and cyber-attacks in smart grids using explainable machine learning. Sci Rep (2026). https://doi.org/10.1038/s41598-026-35449-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41598-026-35449-x
