Attack detection in power systems based on extremely randomized trees feature reselection

The power system is confronted with a variety of cybersecurity threats, such as False Data Injection Attacks(FDIA), Denial of Service (DoS) attacks, and botnet attacks, which pose serious risks to the stable operation of the grid. Traditional model-based attack detection methods face limitations related to parameter selection, computational efficiency, and overall model performance, resulting in challenges in enhancing the effectiveness and generalization ability of these models. In this paper, we propose an attack detection model based on the Extremely Randomized Trees (ET) algorithm with a feature re-selection mechanism. firstly, the ET-based feature re-selection algorithm is introduced, which identifies a subset of critical features from the original dataset that are most relevant for attack and anomaly detection. This algorithm also has the capability to autonomously learn and adjust selected features to improve detection accuracy. Further, an attack detection workflow is established, leading to the development of an anomaly detection model that leverages the re-selected features for more precise detection. Finally, the model is evaluated using both power system datasets and the CICIDS2017 network dataset, demonstrating its accuracy, robustness, and improved generalization ability across different types of cyber threats. The results confirm the model's potential for enhancing the security and reliability of power systems.