An Ensemble Learning Framework for Cyber Attack and Fault Discrimination in Smart Grids

In recent years, smart grid security has gained considerable attention. Numerous studies have proposed techniques to detect cyber-attacks using sensor data; however, limited attention has been given to distinguishing cyber intrusions from physical faults in the power grid. In this paper, we present a supervised intrusion–disturbance classification pipeline to accurately differentiate physical faults from cyber-attacks. First, we augment raw channels with relation-centered features to emphasize relative contrasts and suppress common-mode effects, then we apply embedded feature selection via LightGBM to retain a compact, informative subset. Class imbalance is addressed through class weighting, and an Extremely Randomized Trees classifier serves as the core learner. Experiments on 15 datasets cover both binary (Attack vs. Natural) and multiclass (Attack/Natural/NoEvents) regimes. The approach attains 98.44% mean accuracy for the binary task and 98.22% for the multiclass task, demonstrating consistent discrimination between cyber-attacks, physical faults, and normal operation. The results indicate that relational features combined with embedded selection and a tree ensemble offer a practical, accurate alternative to heavier deep models for smart-grid monitoring.