Smart Grid Security: Proactive Prediction of Advanced Persistent Threats

Document Type : Special Issue

Authors

1 Tarbiat Modares University

2 Department of Mechanical Engineering, Payame Noor University (PNU), Tehran, Iran

10.22067/cke.2025.91408.1141

Abstract

The increasing reliance on Internet of Things devices in smart grids has introduced significant cybersecurity challenges, particularly in the detection and prevention of Advanced Persistent Threats. These threats, characterized by their stealth and persistence, can compromise the integrity and functionality of critical grid infrastructure. This paper proposes the use of Deep Reinforcement Learning to enhance cybersecurity in smart grids by leveraging the ProAPT model, which is specifically designed to predict and mitigate Advanced Persistent Threats. The ProAPT model utilizes a Markov Decision Process to simulate and assess potential threats, dynamically adapting to the evolving security landscape. The model is trained using the CICAPT-IIoT dataset, which includes simulated attack scenarios in industrial IoT networks. The results of our experiments demonstrate the effectiveness of the ProAPT model in detecting and preventing APTs in smart grid environments. Experimental results show that the ProAPT model significantly outperforms traditional machine learning algorithms like Random Forest, Support Vector Machines, and Logistic Regression, achieving 93.8% accuracy, 93.12% precision, 95.2% recall, and 94.15% F1-Score. The feature importance analysis reveals that traffic-related features such as packet size variance and connection duration are crucial in identifying Advanced Persistent Threats. This paper demonstrates the effectiveness of Deep Reinforcement Learning in enhancing smart grid cybersecurity by proactively identifying and mitigating cyber threats, offering a promising approach to securing IoT-based critical infrastructures against sophisticated cyberattacks.

Keywords

Main Subjects


CAPTCHA Image