Machine learning for power-grid cybersecurity: a review
摘要
Digitalisation of the power grid, through advanced metering, wide-area measurement, and IP-based control has improved visibility and automation, but it has also widened the cyber-attack surface. This review examines how machine learning is being applied to protect grid operational technology (OT) and the associated information and communication technology (ICT) stack. Most studies focus on intrusion/anomaly detection for supervisory control and data acquisition (SCADA) and industrial control systems (ICS) traffic and logs, measurement-integrity protection (including false-data-injection attacks), and detection of malware, botnets, or access abuse. Supervised and ensemble methods remain common where reliable labels exist, while unsupervised detectors and deep sequence/graph models are used to capture temporal behaviour and rare events. Across the literature, higher detection accuracy often comes with practical costs: false alarms, detection latency, compute limits in the field, and limited interpretability, constraints that matter in real-time control environments. These trade-offs into a conceptual taxonomy, an evaluation/reporting checklist, and a deployment-oriented roadmap that emphasises benchmarks, stress testing, and operator-facing explainability. The study is close by outlining open problems in data availability, reproducibility, adversarial robustness, and secure deployment that must be addressed to move from promising prototypes to reliable, field-ready systems.