AI-based Detection Against Cyberattacks in Cyber-Physical Distribution Systems

TR Number



Journal Title

Journal ISSN

Volume Title


Virginia Tech


Integration of a cyber system and communication systems with the traditional power grid has enabled better monitoring and control of the smart grid making it more reliable and resilient. This empowers the system operators to make informed decisions as a result of better system visibility. The grid has moved from a completely air-gapped structure to a well-connected network. However, this remote-control capability to control distributed physical components in a distribution system can be exploited by adversaries with malicious intent to disrupt the power supply to the customers. Therefore, while taking advantage of the cyber-physical posture in the smart grid for improved controllability, there is a critical need for cybersecurity research to protect the critical power infrastructure from cyberattacks.

While the literature regarding cybersecurity in distribution systems has focused on detecting and mitigating the cyberattack impact on the physical system, there has been limited effort towards a preventive approach for detecting cyberattacks. With this in mind, this dissertation focuses on developing intelligent solutions to detect cyberattacks in the cyber layer of the distribution grid and prevent the attack from impacting the physical grid. There has been a particular emphasis on the impact of coordinated attacks and the design of proactive defense to detect the attacker's intent to predict the attack trajectory.

The vulnerability assessment of the cyber-physical system in this work identifies the key areas in the system that are prone to cyberattacks and failure to detect attacks timely can lead to cascading outages. A comprehensive cyber-physical system is developed to deploy different intrusion detection solutions and quantify the effect of proactive detection in the cyber layer. The attack detection approach is driven by artificial intelligence to learn attack patterns for effective attack path prediction in both a fully observable and partially observable distribution system. The role of effective communication technology in attack detection is also realized through detailed modeling of 5G and latency requirements are validated.



Abductive Reasoning, Artificial Intelligence, Cause-effect Correlation, Coordinated Cyberattacks, Cyber-physical Systems, Cybersecurity, Distribution Systems, Intrusion Detection, Machine Learning, Model-based Reinforcement Learning