Semi-supervised Deep Learning-Driven Anomaly Detection Schemes for Cyber-Attack Detection in Smart Grids

Abdelkader Dairi, Fouzi Harrou*, Benamar Bouyeddou, Sidi Mohammed Senouci, Ying Sun

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

11 Scopus citations


Modern power systems are continuously exposed to malicious cyber-attacks. Analyzing industrial control system (ICS) traffic data plays a central role in detecting and defending against cyber-attacks. Detection approaches based on system modeling require effectively modeling the complex behavior of the critical infrastructures, which remains a challenge, especially for large-scale systems. Alternatively, data-driven approaches which rely on data collected from the inspected system have become appealing due to the availability of big data that supports machine learning methods to achieve outstanding performance. This chapter presents an enhanced cyber-attack detection strategy using unlabeled data for ICS traffic monitoring and detecting suspicious data transmissions. Importantly, we designed two semi-supervised hybrid deep learning-based anomaly detection methods for intrusion detection in ICS traffic of smart grid. The first approach is a Gated recurrent unit (GRU)-based stacked autoencoder (AE-GRU), and the second is constructed using a generative adversarial network (GAN) model with a recurrent neural network (RNN) for both generator and discriminator that we called GAN-RNN. The employment of GRU and RNN in AE and GAN models is expected to improve the ability of these models to learn the temporal dependencies of multivariate data. These models are used for feature extraction and anomaly detection methods (Isolation forest, Local outlier factor, One-Class SVM, and Elliptical Envelope) for cyber-attack in power systems. These approaches only employ normal events data for training without labeled attack types, making them more attractive for detecting cyber-attack in practice. The detection performance of these approaches is demonstrated on IEC 60870-5-104 (aka IEC 104) control communication that is often utilized for substation control in smart grids. Results showed that GAN-GRU and AE-GRU-based LOF methods achieved enhanced detection with an averaged F1-score of 0.98, among others.

Original languageEnglish (US)
Title of host publicationPower Systems
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages31
StatePublished - 2023

Publication series

NamePower Systems
ISSN (Print)1612-1287
ISSN (Electronic)1860-4676

Bibliographical note

Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.


  • Anomaly detection
  • Cyber-attack detection
  • Deep learning
  • Protocol IEC 104
  • Semi-supervised methods

ASJC Scopus subject areas

  • Energy Engineering and Power Technology
  • Electrical and Electronic Engineering


Dive into the research topics of 'Semi-supervised Deep Learning-Driven Anomaly Detection Schemes for Cyber-Attack Detection in Smart Grids'. Together they form a unique fingerprint.

Cite this