<p>Digitalisation of the power grid, through advanced metering, wide-area measurement, and IP-based control has improved visibility and automation, but it has also widened the cyber-attack surface. This review examines how machine learning is being applied to protect grid operational technology (OT) and the associated information and communication technology (ICT) stack. Most studies focus on intrusion/anomaly detection for supervisory control and data acquisition (SCADA) and industrial control systems (ICS) traffic and logs, measurement-integrity protection (including false-data-injection attacks), and detection of malware, botnets, or access abuse. Supervised and ensemble methods remain common where reliable labels exist, while unsupervised detectors and deep sequence/graph models are used to capture temporal behaviour and rare events. Across the literature, higher detection accuracy often comes with practical costs: false alarms, detection latency, compute limits in the field, and limited interpretability, constraints that matter in real-time control environments. These trade-offs into a conceptual taxonomy, an evaluation/reporting checklist, and a deployment-oriented roadmap that emphasises benchmarks, stress testing, and operator-facing explainability. The study is close by outlining open problems in data availability, reproducibility, adversarial robustness, and secure deployment that must be addressed to move from promising prototypes to reliable, field-ready systems.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Machine learning for power-grid cybersecurity: a review

  • Michael Adelani Adewusi,
  • Mundu M. Mustafa

摘要

Digitalisation of the power grid, through advanced metering, wide-area measurement, and IP-based control has improved visibility and automation, but it has also widened the cyber-attack surface. This review examines how machine learning is being applied to protect grid operational technology (OT) and the associated information and communication technology (ICT) stack. Most studies focus on intrusion/anomaly detection for supervisory control and data acquisition (SCADA) and industrial control systems (ICS) traffic and logs, measurement-integrity protection (including false-data-injection attacks), and detection of malware, botnets, or access abuse. Supervised and ensemble methods remain common where reliable labels exist, while unsupervised detectors and deep sequence/graph models are used to capture temporal behaviour and rare events. Across the literature, higher detection accuracy often comes with practical costs: false alarms, detection latency, compute limits in the field, and limited interpretability, constraints that matter in real-time control environments. These trade-offs into a conceptual taxonomy, an evaluation/reporting checklist, and a deployment-oriented roadmap that emphasises benchmarks, stress testing, and operator-facing explainability. The study is close by outlining open problems in data availability, reproducibility, adversarial robustness, and secure deployment that must be addressed to move from promising prototypes to reliable, field-ready systems.