Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning

Fahad Alsaeed; Emad Abukhousa; Syed Sohail Feroz Syed Afroz; Abdulaziz Qwbaiban; A. P. Sakis Meliopoulos

doi:10.1109/CSR64739.2025.11130018

Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning

Fahad Alsaeed^*
, Emad Abukhousa
, Syed Sohail Feroz Syed Afroz
, Abdulaziz Qwbaiban
, A. P. Sakis Meliopoulos

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

With the expansion of cyber assets in modern power systems, cyber vulnerabilities and the attack surface have significantly increased. This paper presents an anomaly identification scheme to ensure data validity against false data injection attacks (FDIA) by combining model-based and datadriven techniques, specifically dynamic state estimation (DSE) and deep learning. In the proposed method, DSE first detects the presence of anomalies. Next, a neural network (NN) model generates hypotheses about the possible root cause, which DSE then asserts or rejects the hypothesis. The asserted hypothesis provides the root cause of the anomaly. Once the root cause is identified, the scheme replaces compromised data with corrected values in real-time, enabling self-healing. Numerical experiments with various realistic cyber-attacks demonstrate the method's capability to identify and distinguish between types of anomalies. This study also evaluates different input feature sets for the NN model, including DSE residuals, sampled value measurements, and RMS measurements, highlighting the critical role of synchronized measurements in training NN models and enhancing their performance.

Original language	English
Title of host publication	Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	530-536
Number of pages	7
ISBN (Electronic)	9798331535919
DOIs	https://doi.org/10.1109/CSR64739.2025.11130018
State	Published - 2025
Externally published	Yes
Event	5th IEEE International Conference on Cyber Security and Resilience, CSR 2025 - Chania, Greece Duration: 4 Aug 2025 → 6 Aug 2025

Publication series

Name	Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025

Conference

Conference	5th IEEE International Conference on Cyber Security and Resilience, CSR 2025
Country/Territory	Greece
City	Chania
Period	4/08/25 → 6/08/25

Bibliographical note

Publisher Copyright:
© 2025 IEEE.

Keywords

Anomaly identification
Cyberattacks
Deep learning
Dynamic state estimation
False data injection attack
Neural network

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Safety, Risk, Reliability and Quality

Access to Document

10.1109/CSR64739.2025.11130018

Cite this

Alsaeed, F., Abukhousa, E., Afroz, S. S. F. S., Qwbaiban, A., & Sakis Meliopoulos, A. P. (2025). Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning. In Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025 (pp. 530-536). (Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CSR64739.2025.11130018

Alsaeed, Fahad ; Abukhousa, Emad ; Afroz, Syed Sohail Feroz Syed et al. / Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning. Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025. Institute of Electrical and Electronics Engineers Inc., 2025. pp. 530-536 (Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025).

@inproceedings{4286510a2cf54599852f73fd9429a720,

title = "Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning",

abstract = "With the expansion of cyber assets in modern power systems, cyber vulnerabilities and the attack surface have significantly increased. This paper presents an anomaly identification scheme to ensure data validity against false data injection attacks (FDIA) by combining model-based and datadriven techniques, specifically dynamic state estimation (DSE) and deep learning. In the proposed method, DSE first detects the presence of anomalies. Next, a neural network (NN) model generates hypotheses about the possible root cause, which DSE then asserts or rejects the hypothesis. The asserted hypothesis provides the root cause of the anomaly. Once the root cause is identified, the scheme replaces compromised data with corrected values in real-time, enabling self-healing. Numerical experiments with various realistic cyber-attacks demonstrate the method's capability to identify and distinguish between types of anomalies. This study also evaluates different input feature sets for the NN model, including DSE residuals, sampled value measurements, and RMS measurements, highlighting the critical role of synchronized measurements in training NN models and enhancing their performance.",

keywords = "Anomaly identification, Cyberattacks, Deep learning, Dynamic state estimation, False data injection attack, Neural network",

author = "Fahad Alsaeed and Emad Abukhousa and Afroz, \{Syed Sohail Feroz Syed\} and Abdulaziz Qwbaiban and \{Sakis Meliopoulos\}, \{A. P.\}",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 5th IEEE International Conference on Cyber Security and Resilience, CSR 2025 ; Conference date: 04-08-2025 Through 06-08-2025",

year = "2025",

doi = "10.1109/CSR64739.2025.11130018",

language = "English",

series = "Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "530--536",

booktitle = "Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025",

address = "United States",

}

Alsaeed, F, Abukhousa, E, Afroz, SSFS, Qwbaiban, A & Sakis Meliopoulos, AP 2025, Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning. in Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025. Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025, Institute of Electrical and Electronics Engineers Inc., pp. 530-536, 5th IEEE International Conference on Cyber Security and Resilience, CSR 2025, Chania, Greece, 4/08/25. https://doi.org/10.1109/CSR64739.2025.11130018

Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning. / Alsaeed, Fahad; Abukhousa, Emad; Afroz, Syed Sohail Feroz Syed et al.
Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025. Institute of Electrical and Electronics Engineers Inc., 2025. p. 530-536 (Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning

AU - Alsaeed, Fahad

AU - Abukhousa, Emad

AU - Afroz, Syed Sohail Feroz Syed

AU - Qwbaiban, Abdulaziz

AU - Sakis Meliopoulos, A. P.

PY - 2025

Y1 - 2025

N2 - With the expansion of cyber assets in modern power systems, cyber vulnerabilities and the attack surface have significantly increased. This paper presents an anomaly identification scheme to ensure data validity against false data injection attacks (FDIA) by combining model-based and datadriven techniques, specifically dynamic state estimation (DSE) and deep learning. In the proposed method, DSE first detects the presence of anomalies. Next, a neural network (NN) model generates hypotheses about the possible root cause, which DSE then asserts or rejects the hypothesis. The asserted hypothesis provides the root cause of the anomaly. Once the root cause is identified, the scheme replaces compromised data with corrected values in real-time, enabling self-healing. Numerical experiments with various realistic cyber-attacks demonstrate the method's capability to identify and distinguish between types of anomalies. This study also evaluates different input feature sets for the NN model, including DSE residuals, sampled value measurements, and RMS measurements, highlighting the critical role of synchronized measurements in training NN models and enhancing their performance.

AB - With the expansion of cyber assets in modern power systems, cyber vulnerabilities and the attack surface have significantly increased. This paper presents an anomaly identification scheme to ensure data validity against false data injection attacks (FDIA) by combining model-based and datadriven techniques, specifically dynamic state estimation (DSE) and deep learning. In the proposed method, DSE first detects the presence of anomalies. Next, a neural network (NN) model generates hypotheses about the possible root cause, which DSE then asserts or rejects the hypothesis. The asserted hypothesis provides the root cause of the anomaly. Once the root cause is identified, the scheme replaces compromised data with corrected values in real-time, enabling self-healing. Numerical experiments with various realistic cyber-attacks demonstrate the method's capability to identify and distinguish between types of anomalies. This study also evaluates different input feature sets for the NN model, including DSE residuals, sampled value measurements, and RMS measurements, highlighting the critical role of synchronized measurements in training NN models and enhancing their performance.

KW - Anomaly identification

KW - Cyberattacks

KW - Deep learning

KW - Dynamic state estimation

KW - False data injection attack

KW - Neural network

UR - https://www.scopus.com/pages/publications/105016154363

U2 - 10.1109/CSR64739.2025.11130018

DO - 10.1109/CSR64739.2025.11130018

M3 - Conference contribution

AN - SCOPUS:105016154363

T3 - Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025

SP - 530

EP - 536

BT - Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 5th IEEE International Conference on Cyber Security and Resilience, CSR 2025

Y2 - 4 August 2025 through 6 August 2025

ER -

Alsaeed F, Abukhousa E, Afroz SSFS, Qwbaiban A, Sakis Meliopoulos AP. Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning. In Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025. Institute of Electrical and Electronics Engineers Inc. 2025. p. 530-536. (Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025). doi: 10.1109/CSR64739.2025.11130018

Anomaly Identification in Power Systems Using Dynamic State Estimation and Deep Learning

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this