The Wisdom of the Crowd: High-Fidelity Classification of Cyber-Attacks and Faults in Power Systems Using Ensemble and Machine Learning

TL;DR

This study evaluates machine learning models for classifying cyber-attacks and faults in power systems, emphasizing real-time performance and robustness over offline accuracy, using electromagnetic transient simulations and digital substation emulation.

Contribution

It introduces a high-fidelity evaluation framework that assesses ML models in real-time streaming environments, highlighting the importance of realistic testing for dependable classification.

Findings

ML models achieved up to 99.9% offline accuracy.

MLP maintained 98-99% coverage in streaming, outperforming ensembles.

Offline accuracy is not a reliable indicator of field performance.

Abstract

This paper presents a high-fidelity evaluation framework for machine learning (ML)-based classification of cyber-attacks and physical faults using electromagnetic transient simulations with digital substation emulation at 4.8 kHz. Twelve ML models, including ensemble algorithms and a multi-layer perceptron (MLP), were trained on labeled time-domain measurements and evaluated in a real-time streaming environment designed for sub-cycle responsiveness. The architecture incorporates a cycle-length smoothing filter and confidence threshold to stabilize decisions. Results show that while several models achieved near-perfect offline accuracies (up to 99.9%), only the MLP sustained robust coverage (98-99%) under streaming, whereas ensembles preserved perfect anomaly precision but abstained frequently (10-49% coverage). These findings demonstrate that offline accuracy alone is an unreliable indicator of field readiness and underscore the need for realistic testing and inference pipelines to ensure dependable classification in inverter-based resources (IBR)-rich networks.