AI Guardians for the Grid: Detecting Attacks on Power System Relays

by

Author: Denis Avetisyan

Researchers are exploring the use of artificial intelligence to bolster the security of critical power infrastructure against increasingly sophisticated cyber threats.

A tactical communications device relay (TCDR) presents a multitude of potential entry points for malicious cyberattacks, each representing a vulnerability within the complex, interconnected system and forecasting inevitable compromise.
A tactical communications device relay (TCDR) presents a multitude of potential entry points for malicious cyberattacks, each representing a vulnerability within the complex, interconnected system and forecasting inevitable compromise.

This review demonstrates that lightweight Large Language Models can effectively detect false data injection attacks targeting transformer current differential relays, offering improved accuracy and interpretability over conventional methods.

Protecting critical infrastructure from increasingly sophisticated cyber threats presents a significant challenge, particularly for power system control. This paper, ‘Large Language Models for Detecting Cyberattacks on Smart Grid Protective Relays’, introduces a novel framework leveraging lightweight large language models to identify malicious activity targeting transformer current differential relays. Our results demonstrate that these models can accurately detect cyberattacks – achieving 97.6% detection rates – while maintaining system dependability and exhibiting low latency. Could this approach herald a new era of intelligent, adaptable cybersecurity for the smart grid and beyond?

The Expanding Attack Surface: A System’s Inevitable Exposure

The modernization of power grids, while enhancing efficiency and reliability, has simultaneously broadened the attack surface for malicious actors. Increasingly, these grids depend on interconnected digital systems – from Supervisory Control and Data Acquisition (SCADA) networks to advanced metering infrastructure – creating a complex web of potential vulnerabilities. This shift from isolated, analog systems to networked digital infrastructure means a compromise in one area can rapidly propagate throughout the entire grid. The very technologies designed to optimize power delivery – real-time monitoring, automated control, and two-way communication – also present opportunities for disruption. Consequently, critical infrastructure is now exposed to a range of sophisticated cyber threats, demanding a proactive and adaptive security posture to safeguard against potential cascading failures and widespread outages.

The increasing digitization of power grids, while enhancing efficiency, presents a significant challenge to established security protocols. Traditional intrusion detection systems, designed to identify known attack patterns, often prove inadequate against modern threats targeting specific infrastructure components like Transformer Current Differential Relays (TCDRs). These relays, vital for protecting transformers from damage, are now susceptible to sophisticated attacks that exploit vulnerabilities in their communication protocols and data processing. Unlike conventional cyberattacks, these emerging threats-including false data injection and time-stamp manipulation-are often stealthy and designed to bypass standard security checks, making detection exceptionally difficult. Consequently, reliance on outdated security measures leaves critical infrastructure exposed, increasing the risk of cascading failures and potentially widespread blackouts as attackers learn to circumvent existing defenses.

Cyberattacks targeting smart grid infrastructure pose a significant threat beyond localized disruptions, with false Data Injection Attacks (FDIAs) and Time-Stamp Attacks (TSA) capable of instigating cascading failures across vast power networks. These attacks don’t simply disrupt data; FDIAs manipulate sensor readings to create a false operational picture, misleading grid operators into making incorrect decisions – potentially overloading equipment or disconnecting stable lines. Simultaneously, TSAs compromise the timing of critical data, disrupting synchronization and protective relay operations designed to isolate faults. The combination can initiate a domino effect, where initial, localized failures rapidly propagate as protective systems fail to respond correctly, ultimately leading to widespread blackouts affecting millions and causing substantial economic damage. The interconnected nature of modern grids means a single successful attack vector can compromise system stability on a continental scale, underscoring the urgency of bolstering cybersecurity defenses within critical infrastructure.

During a cyberattack, attention weights highlight the critical role of Time-Correlated Data Recovery (TCDR) measurements in identifying anomalous network behavior.
During a cyberattack, attention weights highlight the critical role of Time-Correlated Data Recovery (TCDR) measurements in identifying anomalous network behavior.

Beyond Signatures: A New Paradigm for Threat Detection

Large Language Models (LLMs) represent a departure from traditional signature- and anomaly-based cybersecurity systems by utilizing their capacity to analyze sequential data, such as network traffic or system logs, for patterns and context. Unlike methods that rely on predefined rules or statistical deviations, LLMs are trained on vast datasets of text and code, enabling them to identify subtle indicators of compromise within complex data streams. This approach allows LLMs to process data exhibiting temporal dependencies – where the order of events is critical – and to discern malicious intent based on contextual understanding, rather than solely on the presence of known malicious signatures. The models achieve this through techniques like transformer networks, which excel at capturing relationships within sequential data, making them particularly well-suited for threat detection scenarios.

Textualization of TCDR (Traffic Capture Data Record) measurements involves converting raw numerical data – typically representing network traffic characteristics like packet sizes, inter-arrival times, and protocol flags – into a human-readable, structured text format. This transformation is critical because Large Language Models (LLMs) are fundamentally designed to process and analyze textual information; they cannot directly interpret numerical datasets. By representing TCDR data as text, security analysts can then utilize LLMs to identify anomalous patterns, correlate events, and detect potential malicious activity based on the semantic content of the network traffic, rather than relying solely on signature-based detection or statistical thresholds. The textual representation allows the LLM to leverage its understanding of language and context to discern subtle indicators of compromise that might be missed by traditional methods.

Traditional intrusion detection systems typically provide alerts indicating that malicious activity has occurred, but offer limited insight into the reasoning behind the detection. Large Language Models (LLMs), utilizing the Self-Attention Mechanism, address this limitation by assigning weights to different parts of the input data – in this case, TCDR measurements converted to text – during analysis. This weighting process allows security analysts to trace the model’s decision-making process, identifying specifically which features or patterns within the data contributed most strongly to the detection. Consequently, analysts can not only confirm the presence of an attack but also understand why it was flagged, facilitating faster incident response, improved rule refinement, and a more thorough understanding of attacker tactics.

The textualized FDIA sample from Figure 3 is represented as a sequence of tokens using the Hugging Face distilbert-base-uncased tokenizer.
The textualized FDIA sample from Figure 3 is represented as a sequence of tokens using the Hugging Face distilbert-base-uncased tokenizer.

A Real-Time Crucible: Validating Resilience Through Simulation

The validation environment was constructed using the OPAL-RT HYPERSIM platform to facilitate real-time emulation of a power system adhering to the IEC-61850 communication standard. This standard defines communication protocols for intelligent electronic devices in substations, enabling accurate modeling of relay behavior and network interactions. The HYPERSIM platform allows for the simulation of complex power system dynamics and the injection of simulated cyberattacks, providing a controlled and repeatable testbed. The environment was configured to represent a realistic substation infrastructure, including transformer current differential relays (TCDRs) and associated communication networks, ensuring the relevance of the validation results to operational scenarios.

Comparative analysis was conducted to evaluate the efficacy of Large Language Models (LLMs) – specifically DistilBERT, GPT-2, and DistilBERT+LoRA – against conventional Deep Learning (DL) techniques in the context of cyberattack detection. This evaluation focused on their ability to identify malicious activity targeting critical power system infrastructure. The LLMs were benchmarked against established DL methods using a standardized dataset and performance metrics, including detection rate, false positive rate, and inference time. The objective was to determine whether LLMs offer a performance advantage or comparable results to traditional DL approaches for enhancing cybersecurity in real-time power system applications.

Large Language Models (LLMs) demonstrated a 97.6% detection rate for cyberattacks targeting transformer current differential relays (TCDRs) within a real-time simulation environment, while preserving relay operational reliability. Performance varied between models; GPT-2 achieved 97.06% attack detection, DistilBERT attained 96.19% accuracy at a 35dB Signal-to-Noise Ratio, and DistilBERT+LoRA achieved a 92.31% detection rate. Inference times for all models remained under 6 milliseconds when deployed on standard commercial hardware, indicating potential for real-time implementation.

The Inevitable Counterplay: A System’s Vulnerability is Its Definition

Despite advancements in large language models (LLMs) and their potential to enhance threat detection, these systems remain vulnerable to sophisticated adversarial attacks. Techniques like adversarial machine learning involve crafting subtly altered inputs – often imperceptible to humans – designed to mislead the LLM and bypass security measures. Equally concerning is model poisoning, where malicious data is injected into the LLM’s training process, corrupting its core understanding and potentially causing it to misclassify threats or even actively aid attackers. These vulnerabilities highlight the critical need for continuous research and the development of robust defense strategies to ensure the reliability and security of LLM-powered cybersecurity applications, as even seemingly intelligent systems can be deceived with carefully constructed attacks.

Adversarial attacks targeting Large Language Models (LLMs) exploit vulnerabilities in how these systems learn and interpret information. Malicious actors can subtly alter the training data used to build the LLM, a technique known as model poisoning, effectively teaching the system to overlook or misclassify genuine threats. Alternatively, carefully crafted input prompts – seemingly innocuous requests – can manipulate the LLM’s reasoning, causing it to generate outputs that aid attackers, such as crafting phishing emails or bypassing security protocols. This manipulation doesn’t require breaking the model; instead, it leverages the LLM’s inherent ability to respond to instructions, turning its strengths into weaknesses. The consequences range from false negatives in threat detection to the LLM actively participating in malicious activities, highlighting the urgent need for defenses against these deceptive tactics.

The continued advancement of large language models in cybersecurity necessitates parallel investigation into defensive strategies against evolving adversarial threats. Current research prioritizes techniques like adversarial training – exposing LLMs to manipulated data to improve resilience – and the development of robust input validation methods capable of detecting malicious prompts. Further exploration focuses on ‘explainable AI’ approaches, allowing security professionals to understand why an LLM made a particular classification, thereby identifying vulnerabilities and strengthening defenses. This proactive research isn’t simply about patching existing weaknesses; it aims to establish a foundation for adaptive security, enabling LLM-based systems to autonomously learn and counter new attack vectors as they emerge, ultimately ensuring their sustained efficacy in the face of increasingly sophisticated cyber threats.

The pursuit of resilient systems, as demonstrated by this work on detecting cyberattacks against smart grid relays, echoes a fundamental truth: every dependency is a promise made to the past. This research doesn’t build a solution, but rather cultivates an ecosystem capable of adapting to unforeseen threats. The application of lightweight Large Language Models isn’t about control – control is an illusion demanding SLAs – but about fostering a system that, given enough data, will inevitably begin fixing itself. The increased interpretability offered by these models suggests a shift toward systems that reveal their internal logic, acknowledging that failure isn’t an endpoint, but a necessary stage in a continuous cycle of refinement. As Vinton Cerf wisely stated, “Any sufficiently advanced technology is indistinguishable from magic.” This holds true; these models, while complex, offer a form of ‘magic’ – the ability to discern malicious intent within the intricate network of power systems.

What Shadows Will Fall?

The embrace of large language models for critical infrastructure security feels less like innovation and more like a postponement of reckoning. This work demonstrates detection, certainly-a signal found amidst noise. But every successful detection is merely a temporary reprieve; the attacker, inevitably, will learn to speak the model’s language. The true vulnerability isn’t in the relay itself, but in the assumption that a fixed model, however ‘lightweight’, can outpace the evolution of malice. Each improved accuracy score is a debt accruing against future adaptability.

The pursuit of ‘interpretability’ is particularly poignant. It’s a desire to see the gears turning in a black box, believing that understanding how a decision is made will somehow grant control. It won’t. It will only reveal the biases, the brittle assumptions, and the inevitable points of failure that any complex system-even one that explains itself-must possess. The model doesn’t reason; it correlates. And correlation is a fragile foundation upon which to build resilience.

Future work will undoubtedly focus on adversarial training, on building models that anticipate attacks. This is a Sisyphean task. The defender builds a wall; the attacker finds a tunnel. The focus should not be on predicting specific attacks, but on building systems that degrade gracefully, that contain the damage when-not if-the inevitable breach occurs. The strength isn’t in prevention, but in acceptance of the chaotic nature of the system itself.

Original article: https://arxiv.org/pdf/2601.04443.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

See also:

2026-01-11 13:00