Manzoor, Faizan2025-05-262025-05-262025-05-25vt_gsexam:43657https://hdl.handle.net/10919/134226The occurrences of cyber attacks, with novel attack techniques, on the electrical power grids have been increasing every year. In this thesis, we address the critical challenge of detecting novel/zero-day attacks in digital substations that employ the IEC-61850 communication protocol. While many heuristic and ML-based methods have been proposed for attack detection in IEC-61850 digital substations, generalization to novel or zero-day attacks remains challenging. We propose an approach that leverages the in-context learning (ICL) capability of the transformer architecture, the fundamental building block of large language models. The ICL approach enables the model to detect zero-day attacks and learn from a few examples of that attack without explicit retraining. Our experiments on the IEC-61850 dataset demonstrate that the proposed method achieves more than 85% detection accuracy on zero-day attacks while the existing state-of-the-art baselines fail. This work paves the way for building more secure and resilient digital substations of the future.ETDenIn CopyrightIn-context learningIEC-61850intrusion detection systemszero-day attacksGPT-2 transformerThesis