Smart Grid Security: Proactive Prediction of Advanced Persistent Threats

Document Type : Special Issue

Authors

1 Tarbiat Modares University

2 Department of Mechanical Engineering, Payame Noor University (PNU), Tehran, Iran

Abstract

The increasing reliance on Internet of Things devices in smart grids has introduced significant cybersecurity challenges, particularly in the detection and prevention of Advanced Persistent Threats. These threats, characterized by their stealth and persistence, can compromise the integrity and functionality of critical grid infrastructure. This paper proposes the use of Deep Reinforcement Learning to enhance cybersecurity in smart grids by leveraging the ProAPT model, which is specifically designed to predict and mitigate Advanced Persistent Threats. The ProAPT model utilizes a Markov Decision Process to simulate and assess potential threats, dynamically adapting to the evolving security landscape. The model is trained using the CICAPT-IIoT dataset, which includes simulated attack scenarios in industrial IoT networks. The results of our experiments demonstrate the effectiveness of the ProAPT model in detecting and preventing APTs in smart grid environments. Experimental results show that the ProAPT model significantly outperforms traditional machine learning algorithms like Random Forest, Support Vector Machines, and Logistic Regression, achieving 93.8% accuracy, 93.12% precision, 95.2% recall, and 94.15% F1-Score. The feature importance analysis reveals that traffic-related features such as packet size variance and connection duration are crucial in identifying Advanced Persistent Threats. This paper demonstrates the effectiveness of Deep Reinforcement Learning in enhancing smart grid cybersecurity by proactively identifying and mitigating cyber threats, offering a promising approach to securing IoT-based critical infrastructures against sophisticated cyberattacks.

Keywords

Main Subjects


  1. Wang and Z. Lu. (2013). Cyber Security in the Smart Grid: Survey and Challenges. Computer Networks. [Online]. 57(5), pp. 1344–1371. Available: https://doi.org/10.1016/j.comnet.2012.12.017
  2. Dehghan and E. Khosravian. (2023). Private Federated Learning for APT Detection in Internet of Drones. Quarterly Scientific Journal of National University of Skills. [Online]. 20(3), pp. 465–484. Available: https://karafan.tvu.ac.ir/article_179732.html?lang=en
  3. Gunduz, M. Z., & Das, R. (2020). Cyber-security on smart grid: Threats and potential solutions.Computer networks. [Online]. 169, p. 107094. Available: https://doi.org/10.1016/j.comnet.2019.107094
  4. Ding, Y. Huang, H. Yuan, and H. Dong. (2020). Introduction to Reinforcement Learning. Deep Reinforcement Learning: Fundamentals, Research and Applications, Singapore: Springer Singapore. [Online]. pp. 47–123. Available: https://doi.org/10.1007/978-981-15-4095-0_2
  5. Abdi, A. Albaseer, and M. Abdallah. (2024). The Role of Deep Learning in Advancing Proactive Cybersecurity Measures for Smart Grid Networks: A Survey. IEEE Internet of Things Journal. [Online]. 11(9), pp. 16398–16421. Available: https://doi.org/10.1109/JIOT.2024.3354045
  6. Sewak, S. K. Sahay, and H. Rathore. (2023). Deep Reinforcement Learning in the Advanced Cybersecurity Threat Detection and Protection. Information Systems Frontiers. [Online]. 25(2), pp. 589–611. Available: https://doi.org/10.1007/s10796-022-10333-x
  7. Khan, M. A., Saleh, A. M., Waseem, M., & István, V. (2024, Sep.). Smart Grid Cyber Attacks: Overview, Threats, and Countermeasures. In 2024 22nd International Conference on Intelligent Systems Applications to Power Systems (ISAP). [Online]. pp. 1-5. Available: https://doi.org/10.1109/ISAP63260.2024.10744349
  8. Maiti, S. Adhikary, S. Dey, and A. R. Hota. (2024). Learning-Enabled Adaptive Voltage Protection Against Load Alteration Attacks On Smart Grids. arXiv preprint. [Online]. Available: https://doi.org/10.48550/arXiv.2411.15229
  9. Yang, T. Littler, S. Sezer, K. McLaughlin, and H. F. Wang. (2011, Dec.). Impact of Cyber-Security Issues on Smart Grid. In International Conference and Exhibition on Innovative Smart Grid Technologies, pp. 1–7. [Online]. Available: https://doi.org/10.1109/ISGTEurope.2011.6162722
  10. Khosravian, E. and Dehghan, M. (2025). Cyber Risk Prediction for UAVs in Space-Related Missions Using Deep Reinforcement Learning. Journal of Space Science and Technology. [Online]. 18, pp. 1-15. Available: https://doi.org/10.22034/jsst.2025.1527
  11. Dehghan , B. Sadeghiyan , E. Khosravian , A. Sedighi Moghadam and F. Nooshi. (2025). ProAPT: Projection of APTs with Deep Reinforcement Learning. The ISC International Journal of Information Security. 17 (1). pp. 25-41, doi: 10.22042/isecure.2024.428569.1052
  12. Ghiasvand, E., Ray, S., Iqbal, S., Dadkhah, S., & Ghorbani, A. A. (2024). CICAPT-IIOT: A provenance-based APT attack dataset for IIoT environment. arXiv preprint. [Online]. Available: https://doi.org/10.48550/arXiv.2407.11278
  13. Shees, A., Tariq, M., & Sarwat, A. I. (2024). Cybersecurity in Smart Grids: Detecting False Data Injection Attacks Utilizing Supervised Machine Learning Techniques. Energies. [Online]. 17(23), p. 5870. Available: https://doi.org/10.3390/en17235870
  14. Maiti and S. Dey. (2024). Smart Grid Security: A Verified Deep Reinforcement Learning Framework to Counter Cyber-Physical Attacks. arXiv preprint. [Online]. Available: https://doi.org/10.48550/arXiv.2409.15757
  15. Biswas. (2024, Sep.). Malware Trend in Smart Grid Cyber Security. IEEE Region 10 Symposium (TENSYMP). [Online]. pp. 1–5. Available: https://doi.org/10.1109/TENSYMP61132.2024.10752141
  16. Paul, B., Sarker, A., Abhi, S. H., Das, S. K., Ali, M. F., Islam, M. M., ... & Saqib, N. (2024). Potential smart grid vulnerabilities to cyber attacks: Current threats and existing mitigation strategies.Heliyon. [Online]. 10(19). Available: https://doi.org/10.1016/j.heliyon.2024.e37980
  17. Sahani, R. Zhu, J. H. Cho, and C. C. Liu. (2023). Machine Learning-Based Intrusion Detection for Smart Grid Computing: A Survey. ACM Transactions on Cyber-Physical Systems. [Online]. 7(2), pp. 1–31. Available: https://doi.org/10.1145/3578366
  18. Shadabfar, M. Dehghan, and B. Sadeghiyan. (2024). DSRL-APT-2023: A New Synthetic Dataset for Advanced Persistent Threats. In 21st International ISC Conference on Information Security and Cryptology (ISCISC 2024). [Online]. Available: https://doi.org/10.22042/isecure.2025.214212
  19. Kushner. (2013). The Real Story of Stuxnet. IEEE Spectrum. [Online]. 50(3), pp. 48–53.
  20. Khan, R., Maynard, P., McLaughlin, K., Laverty, D., & Sezer, S. (2016, August). Threat analysis of blackenergy malware for synchrophasor based real-time control and monitoring in smart grid. In 4th International Symposium for ICS & SCADA Cyber Security Research. [Online]. pp. 53-63.
  21. S. AL-Aamri, R. Abdulghafor, S. Turaev, I. Al-Shaikhli, A. Zeki, and S. Talib. (2023). Machine Learning for APT Detection. Sustainability. [Online]. 15(18), p. 13820. Available: https://doi.org/10.3390/su151813820
  22. Nguyen, T. T., & Reddi, V. J. (2021). Deep reinforcement learning for cyber security.IEEE Transactions on Neural Networks and Learning Systems. [Online]. 34(8), 3779-3795. Available: https://doi.org/10.1109/TNNLS.2021.3121870
  23. M. S. P. Veith, A. Wellßow, and M. Uslar. (2023). Learning new attack vectors from misuse cases with deep reinforcement learning. Frontiers in Energy Research. [Online]. 11, p. 1138446. Available: https://doi.org/10.3389/fenrg.2023.1138446
  24. Sinha, R. Vyas, F. Alasali, W. Holderbaum, and O. P. Vyas. (2025). A deep reinforcement learning-based approach for cyber resilient demand response optimization. Frontiers in Energy Research. [Online]. 12, 1494164. Available: https://doi.org/10.3389/fenrg.2024.1494164
  25. Li, W. Ma, Y. Li, S. Li, Z. Chen, and M. Shahidehpour. (2025). Enhancing Cyber-Resilience in Integrated Energy System Scheduling with Demand Response Using Deep Reinforcement Learning. Applied Energy. [Online]. 379, p. 124831. Available: https://doi.org/10.1016/j.apenergy.2024.124831
  26. Sun, G. Lian, Z. Cao, X. Zeng, Z. Lv, L. Liu, ... and T. X. Zheng. (2023, Sep.). Deep Reinforcement Learning Based Secure Communication and Computing Resource Allocation for Grid Cyber-Physical System. In Proceedings of the 2nd International Conference on Internet of Things, Communication and Intelligent Technology, pp. 274–283. Singapore: Springer Nature Singapore. [Online]. Available: https://doi.org/10.1007/978-981-97-2757-5_29
  27. Dehghan and B. Sadeghiyan. (2018, May). An Efficient Secure Generalized Comparison Protocol. In Electrical Engineering (ICEE), Iranian Conference on, pp. 1487–1492. [Online]. Available: https://doi.org/10.1109/ICEE.2018.8472437
  28. Carvalho, D. V., Pereira, E. M., & Cardoso, J. S. (2019). Machine learning interpretability: A survey on methods and metrics. Electronics. [Online]. 8(8), p. 832. Available: https://doi.org/10.3390/electronics8080832
  29. Dehghan and B. Sadeghiyan. (2020, Oct.). Secure Multi-Party Sorting Protocol Based on Distributed Oblivious Transfer. In 10th International Conference on Computer and Knowledge Engineering (ICCKE), pp. 011–017. [Online]. Available: https://doi.org/10.1109/ICCKE50421.2020.9303630
  30. Dehghan, M. , Mahdi Zadeh, A. and Sadeghian, B. (2024). A Model to Measure Effectiveness in Cyber Security Situational Awareness.Computer and Knowledge Engineering. [Online]. 7(1), pp. 17-26. Available: https://doi.org/10.22067/cke.2024.83723.1101
  31. Dehghan and E. Khosravian. (2024). A Review of Cognitive UAVs: AI-Driven Situation Awareness for Enhanced Operations. AI and Tech in Behavioral and Social Sciences. [Online]. 2(4), pp. 54–65. [Online]. Available: https://doi.org/10.61838/kman.aitech.2.4.6
  32. M. Saarela and S. Jauhiainen. (2021). Comparison of Feature Importance Measures as Explanations for Classification Models. SN Applied Sciences. [Online]. 3(2), p. 272. Available: https://doi.org/10.1007/s42452-021-04148-9
CAPTCHA Image