Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning

Research output: Contribution to journalArticleScientificpeer-review

3 Citations (Scopus)
47 Downloads (Pure)


Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods.
Original languageEnglish
Pages (from-to)4007-4020
Number of pages14
JournalIEEE Transactions on Smart Grid
Issue number5
Publication statusPublished - 2023

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.


This work was supported by Designing Systems for Informed Resilience Engineering (DeSIRE) Program of the 4TU Center for Resilience Engineering (4TU.RE). DeSIRE is funded by the 4TU-program High Tech for a Sustainable Future (HTSF). 4TU is the federation of the four technical universities in the Netherlands.


  • Cyber Attacks
  • Power Grids
  • Anomaly Detection
  • Throughput
  • Telecommunication Traffic
  • Power Systems
  • Long Short-Term Memory
  • Cyber-Physical Systems
  • Graph Neural Networks
  • Network Security
  • Software Defined Networking
  • Time Series Analysis
  • Time Series Classification
  • Co-simulation
  • Deep Learning
  • Artificial Intelligence
  • Cyber Security


Dive into the research topics of 'Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning'. Together they form a unique fingerprint.

Cite this