An international research team has developed a multi-phase intrusion detection system that uses supervised and unsupervised AI techniques to detect and mitigate cyber threats in smart renewable energy networks. The system can reportedly achieve high accuracy, low false positives and real-time detection, outperforming traditional intrusion detection system models.
Researchers from Ulster University in the UK and IQRA National University in Pakistan have assessed the cyber vulnerabilities of Industry 4.0 technologies in smart renewable energy networks and proposed a range of AI-driven security measures to help mitigate these risks.
Industry 4.0 applications rely on advanced digital technologies such as Internet of Things (IoT), artificial intelligence (AI), big data analytics and cloud computing to optimize industrial processes. These technologies enable smart manufacturing, predictive maintenance and real-time system monitoring, creating highly automated, efficient and interconnected production and energy networks.
However, the same connectivity that drives efficiency also introduces potential cyber threats such as ransomware, insider attacks and unauthorized system access, where the reliance on real-time data and complex software ecosystems create multiple vulnerabilities. When integrated with smart renewable grids, where sensors probe and monitor energy flow and automate distribution, connectivity is intensified, exposing the entire infrastructure to cyber risks that exceed those of traditional energy systems.
“A growing number of cyber incidents have emerged due to the interconnection of Industry 4.0 technologies in renewable energy networks. Legacy Intrusion Detection Systems (IDSs) are not effective in properly addressing these threats due to their dynamics and the complex integrated structures inherent in the energy sector,” the scientists noted.
The research team proposed an AI-integrated IDS that can detect and mitigate cyber threats while monitoring false alarm rates and operational effectiveness. Unlike traditional IDSs, which rely on signature- and rule-based methods and often struggle with zero-day attacks and high false positives, this new framework reportedly improves detection accuracy and reliability in smart grid environments.
The proposed Multi-Stage Intrusion Detection System (MSIDS) uses both supervised and unsupervised learning for real-time threat detection. It integrates data-driven and model-based anomaly detection methods to identify both known and unknown attacks while reducing false positives.
The system uses an extensive Smart Grid Intrusion Detection Dataset (SGIDD) with more than 200,000 records, capturing normal traffic and various cyber attacks, including denial-of-service (DoS), man-in-the-middle (MITM), malware and zero-day threats. Data preprocessing includes handling missing values, normalizing numerical features, encoding categorical data, performing feature selection, and balancing classes with the Synthetic Minority Over-sampling Technique (SMOTE), a commonly used method in machine learning to address class imbalances in datasets, to ensure reliable model training.
The MSIDS also features a multi-layer architecture with a data input layer, automated feature extraction using convolutional neural networks (CNNs), supervised learning with random forest (RF) for known attacks, and unsupervised learning with autoencoders for anomaly detection. Additionally, a decision fusion layer combines the outcomes of both learning phases using weighted voting to classify network traffic as normal, suspicious, or malicious. Alerts trigger automatic response mechanisms, such as blocking IP addresses, throttling network traffic, or notifying the system administrator.
The framework was evaluated using metrics including accuracy, precision, recall, F1 score, false positive rate (FPR), detection rate (DR), receiver operating characteristic – area under the curve (ROC-AUC), and execution time. Its performance was compared with that of conventional IDS models such as support vector machine (SVM) and K-nearest neighbors (KNN) and it was found to achieve a high accuracy of 97.8%, with precision and recall rates of 95.4% and 94.8%, respectively. The F1 score was found to be 95.1%, highlighting a balanced trade-off between detection sensitivity and reliability.
The MSIDS was also able to maintain a very low false positive rate of 2.5% and a high detection rate of 94.8%, outperforming SVM and KNN in identifying both known and zero-day attacks. The ROC-AUC score of 0.97 confirmed strong discrimination between normal and malicious traffic, according to the research team.
“By providing low-latency detection, the system enables operators to respond quickly, mitigate potential threats and ensure uninterrupted energy distribution,” the academics said. “Additionally, deploying MSIDS on edge computing nodes and smart meters can improve decentralized security within the network by enabling localized intrusion detection at several distributed points.”
The new framework presented in “AI-assisted intrusion detection in smart renewable energy grids: a new Industry 4.0 approach to cyber threat management”, published in the International Journal of Critical Infrastructure Protection.
This content is copyrighted and may not be reused. If you would like to collaborate with us and reuse some of our content, please contact: editors@pv-magazine.com.
Popular content
