Large Language Model-Based Framework for Explainable Cyberattack Detection in Automatic Generation Control Systems
Muhammad Sharshar, Ahmad Mohammad Saber, Davor Svetinovic, Amr M. Youssef, Deepa Kundur, Ehab F. El-Saadany
TL;DR
This paper introduces a hybrid AI framework combining lightweight machine learning attack detection with large language models to provide real-time, interpretable cybersecurity alerts for smart grid control systems.
Contribution
It presents a novel hybrid approach that integrates fast attack detection with LLM-generated explanations, enhancing trust and usability in smart grid cybersecurity.
Findings
LightGBM classifier achieves 95.13% detection accuracy.
GPT-4o mini provides 93% attack target identification accuracy.
Framework balances real-time detection with human-readable explanations.
Abstract
The increasing digitization of smart grids has improved operational efficiency but also introduced new cybersecurity vulnerabilities, such as False Data Injection Attacks (FDIAs) targeting Automatic Generation Control (AGC) systems. While machine learning (ML) and deep learning (DL) models have shown promise in detecting such attacks, their opaque decision-making limits operator trust and real-world applicability. This paper proposes a hybrid framework that integrates lightweight ML-based attack detection with natural language explanations generated by Large Language Models (LLMs). Classifiers such as LightGBM achieve up to 95.13% attack detection accuracy with only 0.004 s inference latency. Upon detecting a cyberattack, the system invokes LLMs, including GPT-3.5 Turbo, GPT-4 Turbo, and GPT-4o mini, to generate human-readable explanation of the event. Evaluated on 100 test samples,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.