A Machine-Learning-Based Framework for Detection and Recommendation in Response to Cyberattacks in Critical Energy Infrastructures

This paper presents an attack detection, response, and recommendation framework designed to protect the integrity and operational continuity of IoT-based critical infrastructure, specifically focusing on an energy use case. With the growing deployment of IoT-enabled smart meters in energy systems, ensuring data integrity is essential. The proposed framework monitors smart meter data in real time, identifying deviations that may indicate data tampering or device malfunctions. The system comprises two main components: an attack detection and prediction module based on machine learning (ML) models and a response and adaptation module that recommends countermeasures. The detection module employs a forecasting model using a long short-term memory (LSTM) architecture, followed by a dense layer to predict future readings. It also integrates a statistical thresholding technique based on Tukey’s fences to detect abnormal deviations. The system was evaluated on real smart meter data in a testbed environment. It achieved accurate forecasting (MAPE < 2% in most cases) and successfully flagged injected anomalies with a low false positive rate, an effective result given the lightweight, unsupervised, and real-time nature of the approach. These findings confirm the framework’s applicability in resource-constrained energy systems requiring real-time cyberattack detection and mitigation.