Defense Mechanism of PV-Powered Energy Islands Against Cyber-Attacks Utilizing Supervised Machine Learning

Abstract

During this period, as distributed energy resources (DERs) are crucial for meeting energy needs and renewable technology advances rapidly, photovoltaic (PV)-powered energy islands (EIs) requiring a constant energy supply have emerged. EIs represent a significant milestone in the global energy transformation towards clean and sustainable energy production. They play a vital role in the future energy infrastructure, offering both environmental and economic benefits. In this context, reliance on information and communication technologies for system management raises concerns regarding the cybersecurity vulnerabilities of PV-supported EIs. In other words, since EIs transmit power through power converters—integral cyber-physical components of these systems—they are uniquely susceptible to cyber-attacks. To tackle this vulnerability, a cyber-attack detection scheme using a supervised machine learning (SML) model is proposed. The initial goal is to ensure the transfer and maintenance of energy demands without power loss for critical loads by detecting cyber-attacks to establish a defense mechanism. Two distinct artificial neural network (ANN) structures are implemented to identify cyber threats and support subsequent power demand, resulting in a complementary approach. The findings reveal the model’s effectiveness, demonstrating high accuracy (e.g., a cross-entropy loss of 12.842 × 10⁻⁴ for ANN-I with a 99.98% F1 score and an MSE of 1.0934 × 10⁻⁷ for ANN-II). Therefore, this work aims to open the fundamental way for addressing this issue, particularly concerning hijacking attacks and false data injection (FDI) cyber-attacks on PV-powered EIs. The success of this model and its outcomes confirm the effectiveness of the proposed approach method.

1. Introduction

Today, renewable applications, such as energy islands (EIs), have critical roles in efficiently using renewable energy resources, increasing energy independence, and reducing carbon emissions [1]. Reducing energy consumption and improving the efficiency of renewable energy systems (RESs) are crucial sustainable energy goals for contemporary societies. Enhancing the applicability of distributed energy resource (DER) systems is necessary to achieve these goals [2]. These EIs increase renewable energy production, ensure energy supply security, contribute to zero carbon targets, and provide an effective solution in the fight against climate change [3]. Industrial cyber-physical systems can be considered the keystone factor for Industry 4.0 [4]. Thus, in Industry 4.0 systems, it is inevitable to encounter many cyber-physical issues.

The rapid development of technology, increasing digitalization, and using Internet of the Things (IoT) devices in RESs have made these systems vulnerable to cyber-attacks. These systems can be attacked via IoT devices, supervisory control, and data acquisition (SCADA) systems, as well as cloud-based platforms used in energy production, storage, and distribution processes.

Relevant Literature

Three main types of cyber-attacks are discussed in this article. A hijacking attack takes control of a system or communication process; a false data injection (FDI) attack manipulates data to mislead the system into making incorrect decisions; and a denial of service (DoS) attack overwhelms resources, resulting in disruptions to availability and functionality. In particular, FDI attacks [5] can disrupt the balance between production and consumption, while DoS attacks [6] can prevent the accessibility of the system. Such attacks can jeopardize energy supply security, lead to operational losses, and reduce critical infrastructure reliability. Strong cybersecurity measures, regular monitoring, intelligent transportation systems for traffic congestion [7], and secure communication protocols are vital solutions for mitigating these vulnerabilities. Similarly, a cyber-physical system, such as a healthcare system, has been reported to further enhance cyber threat detection schemes [8] using machine learning (ML) techniques. Therefore, the application of intelligent methodologies has been becoming prominent in microgrids [9], inverter-based systems with anomaly identification [10], detection of cyber-attacks on voltage regulation [11], a rooftop photovoltaic (PV) production system for cyber-attack detection [12], artificial neural network (ANN)-based cyber-attack detection for electric vehicles [13] and using artificial intelligence (AI)-coupled cybersecurity system for a diverse range of PV systems [14] of cyber-physical systems. In addition to the aforementioned methods, ANN-based tools have been widely used for detection, classification, and prediction with different learning schemes [15]. Some current approaches, such as transfer learning for motor drives [16], reinforcement learning in smart grids [17], cyber-attack defense with high penetration of DERs [18], and energy storage systems [19], have been proposed recently.

The standard utilization of information and communication technology in RESs to achieve carbon emission and green energy targets exposes electrical infrastructure to manipulative cyber-attacks [20]. These cyber-threats can pose a danger by attacking the control layer [21], sensor measurement units [22], communication links [23], or any other places that are connected to the net. Information technologies should be strictly secured to defend electrical power systems. The cyber-physical system includes information technologies, which are inevitable for the up-to-date state of the art. In this context, cyber-attacks, i.e., threats from adversaries, should be adequately detected to eliminate vulnerability and visualize how cyber-attacks on power grids may lead to cascading failures [24]. As mentioned, two distinct types of cyber-attacks (DoSs and FDIs) pose substantial threats; however, they require different detection and mitigation strategies. While DoS attacks focus on servers and networks, FDI attacks target control systems and sensors [14]. For a better illustration, DoS attacks can be considered quite visible, but FDIs are stealthy. FDIs can manipulate data to make the target system behave incorrectly. The main aim of DoS attacks is to disrupt service as it is unavailable [25]. In 2015, a global FDI-based cyber-attack on the electricity grid was reported to make system operators overpower [26]. Malicious manipulations of any adversary can render anomalous data for regular operation. In this aspect, anomalous data shows unusual elements in the data stream that deviate from expected behavior patterns. Although errors can cause such anomalies, error-induced anomalies are generally less sophisticated. In contrast, attack-based anomalies can be specifically designed and injected into the system with stealth attacks to create targeted damage. Such anomalous circumstances can be designed to propagate through the communication links into the target system [20] and threaten wireless access environments via security and privacy attacks [27].

In recent years, AI-aided intelligent cyber-physical systems have been extensively adopted. To alleviate or degrade the adverse effects of cyber-attacks, many studies adopted in the literature are evaluated with the help of utilizing supervised machine learning (SML) techniques [28] for FDI attacks in the scope of the smart grid. Due to the vulnerability of the communication protocols of cyber-physical systems, cyber-attacks are generally executed on IoT-enabled parts [29,30], and a combination of cutting-edge technology, such as AI and blockchain [31], has also been proposed.

As summarized in

Table 1. Summary of detailed comparison table of related studies in cyber-attack detection.

Author [Ref]-Year	System Description	Performance Metrics
Hassan et al. [32]-2025	A deep learning model for detecting data integrity attacks in PV farms.	Highest accuracy of 99.8% in detecting cyber-attacks
Wang et al. [33]-2022	A deep learning method for detecting malicious attacks in SCADA systems.	Accuracy of 98.7% in detecting cyber-attacks
Paul et al. [34]-2024	Detection of cyber-attacks (data falsification attacks) in energy systems using the XGBoost algorithm.	Accuracy of 95.5%
Sourav et al. [35]-2022	Detecting hidden attackers in PV systems with ML algorithm.	Accuracy of up to 95%
Li et al. [36]-2020	Cyber-attack detection for PV systems.	Accuracy of 99.23% and 0.9963 F1 score

, a summary of a detailed comparison of the current achieved studies is provided to make the paper more explicit.

As of today, this proposed defense mechanism for EIs can be one of the few essential solutions in this developing area. This scheme is introduced to differentiate between voltage collapse or contingency, whether they are cyber-attacks against the system. The utilization of detection systems enables the proposed method to reveal broader applicability across topologies. Detecting cyber-attacks without deteriorating stability criteria can enhance the system’s reliability. Results tests and long-term reliability assessments show that the proposed solutions effectively address the problems.

This study presents an effective defense mechanism to protect power converters in PV-supported EIs from cyber-attacks. The main achievements and contributions of the study can be summarized as the proposal of the following points:

(1)

An early warning detection system has been established using the ANN-based SML algorithm, which enhances system reliability and enables rapid intervention against cyber threats.

(2)

The proposed ANN structure has attained satisfactory accuracies with convenient training datasets. While ANN-I is tasked with detecting cyber threats, the other ANN-II supports the subsequent demand for delivered power, leading to a complementary scheme.

(3)

Within the scope of this study, it is demonstrated that ANN-based SML algorithms provide faster and more effective analysis mechanisms than traditional methods, asserting their strong resistance to emerging threats through continuous learning and adaptation.

(4)

Future studies should focus on strengthening the resilience of critical infrastructures, such as energy systems, by emphasizing early cyber-attack detection.

(5)

Consequently, the study assesses measures to counter cyber-attacks in PV-supported microgrids, revealing that integrating ANNs and anomaly detection algorithms can significantly aid in early detection and prevention processes.

(6)

It is concluded that ANN-based solutions should be integrated with additional security layers and that human oversight is crucial for improving the accuracy of these systems.

The rest of the paper is organized as follows: the description of the PV-powered EI structure is introduced in Section 2. Section 3 shows the scheme for the detection of cyber-attacks with an SML model. The following Section 4, handles the operation results, verifications, and analysis of the proposed strategy. Discussion and future outlook are presented in Section 5 to finalize the paper. The conclusion remarks are given in Section 6.

2. Description of PV-Powered Energy Island Structure

EIs provide local, sustainable, and independent solutions for energy production with today’s technology, thereby reducing reliance on the central grid. Typically constructed using RESs tailored for a specific region or community, these structures generate energy by harnessing DERs, such as wind, solar, and biomass. The primary benefits of EIs include energy independence, reliability, and the ability to function autonomously from the grid.

These systems enhance energy supply security by supplying a consistent energy source unaffected by disruptions in the central energy infrastructure. Additionally, they mitigate economic and political risks by minimizing external dependencies through local energy generation. Furthermore, they foster a sustainable economy by lowering energy costs and leveraging renewable resources.

Aligned with the European Union’s zero-emission goals, EIs are vital in reducing carbon emissions by decreasing fossil fuel usage. Local energy production lessens the carbon footprint, enhances air quality, and promotes environmental sustainability. Moreover, it strengthens system reliability by providing flexibility and resilience in energy supply during extreme weather events exacerbated by climate change [37].

Furthermore, EIs can incorporate innovative technologies, such as smart grid applications, electric vehicle infrastructure, energy storage systems, and green hydrogen production. Particularly with the advancement of hydrogen technologies, EIs represent a significant engineering solution for green hydrogen production and storage. These systems can also serve as testing and research and development (R&D) areas for chemical-electrochemical energy storage, demand management, and next-generation grid technologies.

Lastly, EIs diminish fossil fuel dependence and deliver a more predictable and stable pricing advantage against energy market fluctuations. This way, they are less impacted by price changes associated with energy arbitrage processes, providing long-term economic stability.

A thorough analysis of local meteorological and geographical data is necessary to determine whether an EI will be more efficient in terms of solar or wind energy. In summary, wind potential is generally higher in offshore EIs due to more consistent wind speeds over open seas. For mid-latitude, wind and solar energy potential can vary by season. In contrast, in tropical island regions, solar energy potential is predominantly higher because of abundant sunlight throughout the year onshore land-based EIs. However, in this study, from a general perspective, solar energy potential is typically higher in onshore land-based EIs, while wind energy tends to dominate in offshore EIs. A solar-based, i.e., PV-powered EI case study is conducted, which is convenient for the Middle East, North Africa, Southern Europe, Mexico, and the inland regions of Australia.

As illustrated in Figure 1, offshore DERs, such as wind turbines and solar panels, are typically connected to the land power system through submarine DC cables because of the capacitive charging effect of AC cables. In this setup, the voltage source converter (VSC) also converts DC power for local loads and the land AC system. This process involves DC transmission systems and power electronics interfaces.

3. Detection of Cyber-Attacks with Supervised Machine Learning-Artificial Neural Networks

3.1. Cyber-Physical PV-Powered Energy Island Structure

Cyber-physical EI infrastructures are intelligent and autonomous systems integrating cyber and physical components to control energy production, storage, and distribution. These systems deliver dynamic, efficient, and secure energy management using digital technologies, big data analytics, AI, IoT, and smart grid technology. In contrast to traditional energy infrastructures, these systems encompass physical and cyber elements. The physical layer comprises renewable energy sources (such as solar, wind, and biomass), energy storage systems (including batteries, super-capacitors, and green hydrogen storage), smart microgrids, and electric vehicles. The cyber layer involves IoT and sensor networks, AI-enhanced demand forecasting and system optimization, blockchain-based energy trading, and advanced cybersecurity measures. The framework of the PV-powered EI structure includes a PV converter, as depicted in Figure 2.

Cyber-physical EIs present numerous advantages. Energy supply and demand are optimized through AI-supported systems, ensuring sustainable operation. With IoT and big data analytics, real-time data collection and analysis are possible, enabling rapid adjustments to weather conditions, energy prices, and shifts in demand. Additionally, these systems are fortified with blockchain-based energy management and advanced cybersecurity protocols, enhancing the security of energy infrastructures against cyber-attacks. These islands promote local energy independence by lessening reliance on the central grid and ensuring self-sufficiency in the event of a failure. Relying on renewable energy significantly contributes to environmental sustainability by reducing the use of fossil fuels and lowering carbon emissions.

From an economic and commercial standpoint, cyber-physical EIs provide lower costs and stable energy prices due to local energy generation and storage. They also facilitate the creation of innovative solutions, such as peer-to-peer (P2P) energy sharing and micropayment systems, by digitizing energy trading. The future role of these systems will focus on optimizing green hydrogen production and storage, providing mobile energy solutions in conjunction with electric vehicle ecosystems, enhancing energy management speed and security with cutting-edge technologies, like 5G and quantum computing, and fostering the development of autonomous energy markets through smart contracts.

Consequently, cyber-physical EIs hold significant promise as innovative, secure, and sustainable energy infrastructures for the future. This integration of AI, blockchain, IoT, and advanced energy management technologies will create a more efficient, flexible, and secure energy ecosystem. This transformation is set to redefine the energy sector and enhance both economic and environmental sustainability.

The PV-powered EI has boost converter blocks to transfer the power to the DC bus and then through submarine DC cables to the onshore. As known, PV panels have solar irradiation and temperature variations that determine the input-output characteristics of the PV system. A power electronic converter with a maximum power point tracking (MPPT) algorithm facilitates the system’s efficient operation.

Equation (1) denotes that the MPPT algorithm aims to regulate PV–voltage–V_PV to hold on to the maximum power–P_MPP thanks to the point with the rate of change of PV–power P_PV concerning V_PV. If the slope of this change (i.e., tanα > 0) is positive to the left of the maximum power point based on the solar panel’s output P-V characteristic, the reference voltage is increased. Conversely, in the opposite case (i.e., tanα < 0), the reference voltage is decreased, and the voltage value corresponding to the maximum power is meant to be sent to the controller. The cascade control mechanism is a series of voltage controllers, current controllers, and pulse width modulation (PWM) controllers.

$${\left.{\displaystyle \frac{dP}{dV}}\right|}_{P=P_{MPP}}=0\hspace{0.17em}$$

(1)

As depicted in Figure 3, we aimed to deploy PV energy with a boost converter to dispatch the energy to the DC bus. To reduce ripple in boost converters, the inductor and capacitor values should be selected correctly. Proportional-integral-derivative (PID), proportional-integral (PI), or ANN-based control circuits should be incorporated to enhance stability and dynamic response. To track the maximum power point in PV systems, integration with the MPPT algorithm is necessary. Before proceeding, it is essential to note that we employed conventional cascaded PI reference voltage–current control in the proposed system. Additionally, while high switching frequency improves efficiency, it also introduces switching losses, making optimal frequency selection a critical factor.

For defining state equations, the I_L and V_C should be considered to control that simplified system with duty cycle (d) as follows:

$${\displaystyle \frac{d{I}_L}{dt}}={\displaystyle \frac{1}{L}}\left[(V_{PV}-(V_C)(1-d)\right]$$

(2)

$${\displaystyle \frac{d{V}_c}{dt}}={\displaystyle \frac{1}{C}}\left[(I_L(1-d)-{\displaystyle \frac{V_c}{R}}\right]$$

(3)

After simplifying and linearizing the system with Equations (2) and (3), the transfer function between the converter input voltage–V_PV and the d can be stated through the small-signal model for the unidirectional DC-DC boost converter as follows

$$G_P(s)={\displaystyle \frac{y(s)}{u(s)}}={\displaystyle \frac{V_{PV}(s)}{d(s)}}={\displaystyle \frac{\frac{-V_{DC}}{LC}}{s^2+\frac{1}{RC}s+\frac{1}{LC}}}$$

(4)

The PID controller transfer function and closed-loop transfer function can be formulated as

$$G_c(s)={\displaystyle \frac{k_p{s}^2+k_{p}s+k_i}{s}}$$

(5)

$${\displaystyle \frac{y(s)}{y_{ref}(s)}}={\displaystyle \frac{G_p(s)G_c(s)}{1+G_p(s)G_c(s)}}$$

(6)

After multiplying Equations (4) and (5) to obtain Equation (6) can be found as

$${\displaystyle \frac{y(s)}{y_{ref}(s)}}={\displaystyle \frac{\frac{-V_{DC}}{LC}{G}_c(s)}{s^2+\frac{1}{RC}s+\frac{1}{LC}-\frac{V_{DC}}{LC}{G}_c(s)}}$$

(7)

Then,

$${\displaystyle \frac{y(s)}{y_{ref}(s)}}={\displaystyle \frac{-\left(\frac{V_{DC}}{LC}{k}_d{s}^2+\frac{V_{DC}}{LC}{k}_{p}s+\frac{V_{DC}}{LC}{k}_i\right)}{s^3+(\frac{1}{RC}-\frac{V_{DC}}{LC}{k}_d)s^2+(\frac{1}{LC}-\frac{V_{DC}}{LC}{k}_p)s-\frac{V_{DC}}{LC}{k}_i}}$$

(8)

According to Equation (8), it is ready to assign the controller gains for loops. Proper control of the PV converter involves a cascaded voltage and current controller as outer and inner loops, respectively. While the outer voltage control loop has gains of k_p = 0.05 and k_i = 10, the inner current loop has k_p = 0.03 and k_i = 10.

The proper control of power electronic converters is the backbone of transferring smooth power. Therefore, the control process should be efficient and problem-free. On the other hand, it is essential to note that these modern systems include IoT and remote-control infrastructures. Specifically, cyber-attacks on the control layer are inevitable in this era of technological advancements. Cyber-attacks on the controller connection in cyber-physical EIs can seriously threaten the system’s security and operation. These attacks can directly damage the energy management system, manipulate data, or cause service interruptions. They can generally manifest in various forms, such as DoS attacks, man-in-the-middle (MitM) attacks, hijacking attacks, FDI attacks, and malware attacks.

• ✓ DoS or distributed denial of service (DDoS) attacks inundate the controller and management systems with large amounts of fake data or traffic, overloading and crashing the system. If a DoS/DDoS attack occurs in an EI, control mechanisms may be incapacitated, disrupting energy distribution.
• ✓ MitM attacks target communication between the controller and the central management unit. Cyber attackers can interrupt data flow, send deceptive control signals, or modify information. As a result of such an attack, energy production and consumption may be mismanaged, leading to overload or energy outages.
• ✓ In hijacking attacks, the adversary can intercept data, alter it, or inject fake commands by acting as a bridge between the EI’s control devices and the central energy management, as seen in Figure 2. For better illustration, false signals can be sent that reduce the production level of PV panels or overload the microgrid.
• ✓ In FDI attacks, attackers inject misleading sensor data into the system, leading the system to make incorrect decisions. For instance, sending fake voltage and frequency data can misdirect energy production or storage, resulting in system instability, overload, or equipment failures, as shown in Figure 3.

Finally, malware and ransomware attacks involve malware infecting EIs’ digital systems. Malware can hinder the controllers’ operation, cause data loss, or lock down systems with ransom demands. A ransomware attack on an EI could result in complete system downtime and significant economic losses.

A hijack attack manipulates the control signals (e.g., d, sensor data of control layer-V_PV, I_PV), resulting in incorrect power dispatch and instability issues. Once a hijack attack occurs, the compromised d can be expressed as follows:

$$d^{’}=\Delta d_{Attack}+d$$

(9)

where, Δd_Attack denotes the attack that involved an error in the d. Afterward, the output of the converter, i.e., V_DC, is stated as

$$V_{DC}^{’}=\Delta V_{Attack}+V_{DC}$$

(10)

where, ΔV_Attack expresses the deviation in the V_DC originating from the attack.

Suppose attacks occur in the measurement signals or control devices to modify power demand, trick the system into producing insufficient power, or lead to incorrect control decisions. In that case, an FDI attack manipulates the system by injecting false data into it. Similarly, the compromised sensor measurement value-m is presented as follows:

$$m\ast =\Delta m+m$$

(11)

Whilst the attack aims at the control layer sensors, such as voltage and current sensors,

$$\left.\begin{array}{l}{V}_{PV}\ast =\Delta V+V_{PV}\\ I_{PV}\ast =\Delta I+I_{PV}\end{array}\right\}$$

(12)

where, m is current sensor measurements, Δm is the injected attack signal, ΔV and ΔI are injected attacks for voltage and current sensors, respectively.

The injected signal emulates an FDI attack in our simulations, where a bias (constant shift) or time-varying perturbation is added to the sensor measurements. After the perturbation, the gate signal of the semiconductor device is completely altered and deviates from the expected range of switching characteristics. The signal is incorporated into the V_PV and I_PV measurements to induce misinterpretations in the ANN-based detection system. While the sensor data is disturbed by the cyber-physical component under the FDI attack, the hijacking attack injects fake commands by serving as a bridge between the EI’s control devices.

To mitigate the negative impacts of cyber-attacks, utilizing AI-supported intrusion detection systems, employing encrypted and secure communication protocols, such as VPN, developing real-time monitoring and anomaly detection systems, ensuring data integrity with blockchain-based security solutions, and implementing robust authentication mechanisms (multi-factor authentication) can be remedy for addressed issues. As mentioned before, an AI-supported intrusion detection and defense mechanism was established using an SML-based ANN structure in this study.

Consequently, cyber-physical EIs must be safeguarded against both digital and physical threats. Hijacking attacks on the control layer represent a significant risk to their security. Therefore, strong cybersecurity measures and intelligent detection mechanisms should be designed to prevent such attacks and enhance the reliability of energy systems. With robust security measures and rapid response protocols, these attacks could be minimized, ultimately strengthening the reliability of EIs.

3.2. Deployment of Supervised Machine Learning-Based Artificial Neural Networks

Data-driven methods, i.e., AI-based solutions, are implemented to detect cyber threats in various applications [38,39,40,41] in cyber-physical systems. The choice of neural network type should be made based on the nature of the system to be modeled. Feedforward neural networks are preferred if the relationship between inputs and outputs in the system is static. While the capacitor of the PV converter stores and discharges energy, the inductor creates a magnetic field and affects currents that change over time. Therefore, there is no instantaneous input-output relationship; instead, there is a time series-based relationship that also considers past situations. Since the capacitor voltage and inductor current depend on past values, a dynamic relationship exists between inputs and outputs. Hence, models, such as recurrent neural networks (RNNs), long-short-term memory (LSTM), or gated recurrent unit (GRU), which account for time dependence, are favored over feedforward neural networks.

For this purpose, the proposed ANN design typically operates on sensor datasets, as they do not need feedback mechanisms. If a pattern recognition problem is a time-dependent problem (e.g., time series analysis, speech recognition, anomaly detection), dynamic ANN types can be developed using different architectures. To simplify the defense mechanism and reduce complexity with effortless computational burden, a basic ANN structure has been preferred to classify inputs into a set of target categories.

Given that the capacitor voltage–V_C and inductor current–I_L depend on past values, a dynamic relationship exists between inputs and outputs in the proposed ANN that detects signal anomalies. The relationship between capacitor voltage and inductor current corresponds to a nonlinear dynamic structure in power electronic circuits, mainly due to their switched structures and semiconductor elements.

To this end, this type of ANN employs supervised learning and deep learning techniques. They are implemented using a multi-layer perceptron (MLP) and effectively address pattern recognition problems through the backpropagation algorithm to accurately classify vectors. The two-layer feed-forward neural network structure utilizes sigmoid activation in the hidden layer and a SoftMax activation function in the output layer. The network is trained with scaled conjugate gradient backpropagation to mitigate vanishing gradient issues. This scheme assesses its performance using cross-entropy and confusion matrices. The results appear satisfactory, indicating that this scheme is particularly effective for identifying anomalies in signals, such as V_C and I_L.

Equation (13) expresses the feature vector for the ANN-based detection scheme (state variables) as follows:

$$x_n=\left[V_c,I_L,d{V}_c/dt,d{I}_L/dt\right]$$

(13)

To train well-predefined ANN as a classifier to discriminate between regular changes and attack changes in capacitor voltage and inductor current, the logic state of the attack bit can be presented as a function of the input vector as

$$Attack\_Bit=f(x_n)$$

(14)

As for λ_V and λ_I, they are predefined threshold values for voltage and current, respectively. If a threat is detected, an alarm-like logic state change is triggered to indicate the attack. The detection case can be formulated as

$$\begin{array}{l}\left|V_c-V_c\ast \right|>{\lambda }_V\\ \left|I_L-I_L\ast \right|>{\lambda }_I\end{array}$$

(15)

The algorithm mentioned used in ANNs is displayed below as a pseudo-code flow as seen in Algorithm 1. In Figure 4, ANNs are executed for [a] cyber-attack detection scheme and [b] DC bus voltage–V_DC estimation to support the demand side.

Algorithm 1 Pseudo-code flow of the executed ANN structures

Input: [xn: VC, IL, dVC/dt, dIL/dt, G, T]

Output: Weighting factors of cyber-attack situation [Attack_Bit, VDC]

1: Initialize network_parameters (wt,ij, bk,j) with proper values

#Training Phase  2: For epoch in range(num_epochs):   For each training_sample (x, y) in training_data:   For each layer j in the network:        ht,j = wt,ij * xt,i + bk,j        rt,j = fhidden_activation_function(ht,j)

#Error Calculation-Loss Function  3: Loss = compute_loss(Attack_Bit, VDC [output_layer], y)

#Backpropagation  4: Compute gradients of loss with wt,ij and bk,j  5: Update new w and b through gradient descent

#Test Phase  6: For each test_sample x in test_data:   For each layer j in the network:        ht,j = wt,ij * xt,i + bk,j        rt,j = factivation_function(ht,j)  7: Attack_Bit = factivation_function(wt,ij, rt,j, by)   Estimated_output =Attack_Bit, VDC [output_layer]  8: Return trained_model

9: Calculate the Cross-Entropy after training for ANN-I   10: Calculate the mean squared error (MSE) after training for ANN-II

The distribution of attack sizes was selected randomly; however, for clarity, it adheres to a uniform distribution over a specific time interval to ensure a realistic representation of cyber-attacks. If the distribution is executed between a time interval [x_i, x_k], a uniform distribution can be modeled as

$$f(x)={\displaystyle \frac{1}{x_k-x_i}},\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}{x}_i\le x\le x_k$$

(16)

The perturbations were introduced within a fixed range, maintaining an unbiased and evenly distributed modification of sensor data. This approach enhances the robustness of the proposed system evaluation. A large dataset (2.8 million samples) was utilized to improve generalization performance, as neural networks require extensive data to mitigate overfitting due to their high number of parameters. As widely recognized, larger datasets support better generalization, particularly in scenarios with high variability.

In PV-supported energy systems, cyber-attacks are often complex and unpredictable, increasing the risk that models trained on limited data may fail in real-world deployments. Consequently, 2.8 million samples were employed to capture diverse attack patterns and enhance robustness. Furthermore, in power electronic systems—particularly those with converters operating at a switching frequency of 25 kHz—high-dimensional datasets are essential for accurately capturing system dynamics in simulation studies.

The training dataset was synthetically generated using a high-fidelity MATLAB/Simulink model of a PV-powered energy island scheme. The dataset size was determined based on the need for robust generalization across diverse attack scenarios and operating conditions. The low sampling time chosen to make the simulation realistic provides more precise and accurate results in the Simulink environment, which is especially important in systems with fast transients. However, it can increase the computational load and extend the simulation time. Choosing an optimal value depends on the dynamics of the system; a very small value creates an unnecessary processing load, while a very large value can reduce precision. Although it increases the computational load on the training data, it provides an adaptive solution against other situations by offering depth for good training data. Having a significant amount of training data increases the training time. While extended training is generally not a major concern, it presents a crucial challenge for practical development. To speed up the training process, it is advantageous to use more powerful hardware, such as a graphics processing unit (GPU), like a Raspberry Pi or NVIDIA Jetson Nano, instead of a central processing unit (CPU).

Table 2. Specifications of trained ANNs’ structure.

Parameters	ANN-I	ANN-II
Number of Input	2	3
Number of Output	1	1
Number of Hidden Neurons	10	10
Number of Delays	NaN	4
Number of Samples (Training)	2,800,001	2,800,001
Number of Samples (Validation)	600,000	600,000
Number of Samples (Testing)	600,000	600,000
Maximum Number of Episodes	1000	1000
Activation Functions	Sigmoid & SoftMax	Sigmoid
Loss Functions	Cross-Entropy	MSE
Hardware of Server PC	NVIDIA GTX GeForce 1080 TI 11 GB GPU

outlines the ANN features that have been implemented for each model. Regarding performance metrics for ANNs, ANN-I evaluates its performance using cross-entropy and confusion matrix, as can be seen in Figure 5; however, ANN-II uses mean square error (MSE). The structure of implemented ANNs has one hidden layer, whose sigmoid (Equation (17)) and SoftMax (Equation (18)) activation functions are presented as

$$f(x)={\displaystyle \frac{1}{1+e^{-x}}}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}\to \hspace{0.17em}\hspace{0.17em}\hspace{0.17em}{r}_{t,j}={\displaystyle \frac{1}{1+e^{-h_{t,j}}}}$$

(17)

$$f(x_i)={\displaystyle \frac{e^{x_i}}{{\displaystyle \sum {}_{k}e^k}}}$$

(18)

where, e^x_i expresses the element of output features, the whole denominator (i = 1, 2, 3, …, k, ${\displaystyle \sum {}_{k}e^k}=1$) is the total probability, and lastly k is the number of attacks.

Cross-entropy is a broadly utilized loss function for classification issues. It senses the difference between the actual distribution and the estimated probability distribution. In a binary classification problem with labels y ∈ {0, 1} and estimated probability-y’, the loss function is formulated as

$$L{F}_{CE}=-[y\log (y^{\prime })+(1-y)\log (1-y^{\prime })]$$

(19)

For multi-class classification with C categories and true labels y_i, the loss function is expressed as

$$L{F}_{CE}=-{\displaystyle \sum _{i=1}^C{y}_i}\log {y^{\prime }}_i$$

(20)

where, y’_I is the estimated probability for class i. In parallel, a confusion matrix is utilized to determine the learning performance criteria for the trained network. In multi-class classification with C classes, the confusion matrix is a C × C matrix in which each row represents the actual class, and each column represents the predicted class. As known, the confusion matrix contains correctly predicted true positive cases (TP), correctly predicted negative cases (TN), incorrectly predicted false positive cases (FP), and incorrectly predicted negative cases (FN) elements [42]. The obtained accuracy, precision (correct positive predictions), recall (correct true positives), and F-score (stability between recall and sensitivity) are presented as

$$Accuracy={\displaystyle \frac{TP+TN}{TP+TN+FP+FN}}$$

(21)

$$Precision={\displaystyle \frac{TP}{TP+FP}}$$

(22)

$$Recall={\displaystyle \frac{TP}{TP+FN}}$$

(23)

$$F1Score=2\times {\displaystyle \frac{Precision\times Recall}{Precision+Recall}}$$

(24)

To evaluate the performance criteria for the trained network in ANN-II, Equation (25) expresses MSE, which is used as a loss function as

$$MSE={\displaystyle \frac{1}{n}}{\displaystyle \sum _{i=1}^n{e}_i^2}={\displaystyle \frac{1}{n}}{{\displaystyle \sum _{i=1}^n\left|y_{iref}-y_i\right|}}^2$$

(25)

While the best cross-entropy validation performance was obtained as 12.842 × 10⁻⁴ at epoch 946 for ANN-I, as seen in Figure 6, the best mean squared error (MSE) validation performance was achieved at 1.0934 × 10⁻⁷ at epoch 1000 for ANN-II. When comparing our model’s performance, we find that the results—specifically related to the false positive rate and accuracy—demonstrate a lower false positive rate and higher overall accuracy. In evaluating criteria and performance, we aimed to incorporate additional metrics, such as precision and accuracy, for our model. The model’s adaptability to dynamic attack detection provides an advantage over the static nature of traditional methods.

For better illustration, the accuracy metric evaluates the model’s overall performance. Precision measures the correctness of the model’s positive predictions, while recall indicates the ratio of true positive data identified by the model. The F1 score reflects the model’s overall effectiveness by harmonizing precision and recall. High accuracy implies generally good model performance, but it can be deceptive with unbalanced datasets. In cases where minimizing FP is essential, such as security systems, precision becomes critical to avoid false alarms. Conversely, recall is crucial in contexts where it is important to limit FN; for example, in security scenarios that cannot overlook potential attacks, high recall is imperative. The F1 score serves to balance precision and recall, meaning that if one metric is significantly low, the F1 score will likely follow suit.

Table 3. Performance evaluation of trained ANN-I for each phase.

	Training Data	Validation Data	Test Data	All Data
Accuracy	99.98%	99.98%	99.98%	99.98%
Precision	99.997%	99.999%	99.998%	99.998%
Recall	99.96%	99.97%	99.96%	99.96%
F1 score	99.98%	99.98%	99.98%	99.98%

displays the performance evaluation of all phases of the training process for ANN-I.

4. Operation Results, Verification, and Analysis

This section presents operation results, verification, and some beneficial analyses based on implementing different case studies under various conditions. A defense mechanism has been established to protect the PV-powered EI structure, which is vulnerable to cyber-attacks from these threats. The generated energy is transferred to the DC bus by optimizing efficiency with appropriate control algorithms. VSCs, commonly used in HVDC and renewable energy applications, are connected to the DC bus, allowing for power flow in both directions. To ensure robust control of these VSCs, measurements of DC bus voltage and load current are required in the control layer. If these sensor data become compromised during a cyber-attack, a secondary ANN structure estimates the DC bus voltage, which is critical for VSC control, using data from normal operations. While this estimation structure does not entirely eliminate the cyber threat, it enhances system reliability by compensating for the loss of sensor data essential for demand-side management. Figure 7 discusses the PV-powered EI operation, focusing on the structure of the PV converter and its controller scheme throughout the training and deployment phases. During training, valuable data is gathered and processed to train ANNs. In the deployment phase, the trained ANNs are put into action. ANN-I serves as a critical primary ANN responsible for detecting cyber-attacks. Once the detection is accurate, the auxiliary ANN-II estimates the precise DC bus voltage, supplying sensor data to the control layer based on the demand side by facilitating accurate detection.

The system operates under various input and output conditions to verify the proposed defense mechanism. Solar irradiance and temperature are adjusted as variable inputs, and the load change is initiated as a variable output. In our research, we employ sensor types, e.g., voltage/current sensors, to monitor crucial electrical parameters. The ANN model is designed to detect subtle variations in sensor outputs, differentiating between normal variations and cyber-attacks. This supervised learning model leverages historical data patterns to enhance detection accuracy, reducing the need for multiple sensors. Although using dual-sensor setups provides added redundancy, it increases hardware complexity and costs. Our approach, however, focuses on a data-driven method that guarantees strong classification even with only one sensor.

Cyber-attacks can occasionally cause power switch failures in extreme situations, such as excessive duty cycle manipulation or overcurrent conditions. However, our primary focus is on detecting these attacks before any hardware damage can occur. Our attack scenarios predominantly aim at manipulating measurements, such as FDI or hijacking attacks, rather than causing direct physical failures.

As observed from the results, Figure 8 illustrates the PV’s mission profile, power, capacitor voltage, inductor current, and attack logic state. The attack is identified as a malicious zone. In Figure 9, the PV voltage varies under the first case. As seen in Figure 9, Figure 10 and Figure 11, it is evident that natural fluctuations occur when no cyber-attack impacts the system (voltage, current, and capacitor voltage, respectively).

In the second case, variable input and output conditions are defined to see how the system reacts. As seen in Figure 12, an FDI attack is launched between t = 0.65 s and t = 1.85 s. In the third case, different types of cyber-attacks are launched between t = 0.65 s–1.85 s and t = 2 s–2.6 s and detected successfully. As can be seen in Figure 13, it is vital to detect cyber-attacks to avoid power loss and disturb measurement devices, such as control signals, sensor readings, or operational commands.

In the third case, various types of cyber-attacks are launched between t = 0.65 s–1.85 s and t = 2 s–2.6 s, both of which are detected successfully. As illustrated in Figure 13, it is crucial to detect cyber-attacks to prevent power loss and disruptions to measurement devices, such as control signals, sensor readings, or operational commands. In all cases, the load situation as variable output conditions have been altered between t = 0.5 s–1.75 s and t = 2.5 s–3.5 s to obtain meaningful results. As noted, auxiliary ANN-II predicts DC bus voltage data, which is essential sensor data for controlling VSCs. Consequently, accurate sensor reading data supports the DC bus side, as demonstrated in Figure 14.

5. Discussion and Future Outlook

Our work has certain limitations. Nonetheless, we believe it can serve as a foundation for reaffirming our commitment to real-world validation in future projects. While this study primarily uses a simulation-based approach, we acknowledge the essential role of actual field testing. In conclusion, we emphasized that our upcoming efforts would incorporate testing with field data on a physical energy island or microgrid setup, or through hardware-in-the-loop (HIL) simulations.

The significance of ANN-based SML in cybersecurity, its short-term prospects, and the challenges it faces can be summarized as follows: It is crucial to recognize that ANN-based SML provides much faster analysis and response mechanisms than traditional methods due to its rapid detection and response capabilities. By nature, ANN-based SML adapts to new and unknown threats through continuous learning and self-updating. It offers adequate protection in large, complex infrastructures and is especially critical for RESs with extensive networks, providing both flexibility and scalability. If ANN-based SML algorithms are not trained with optimal data or inadvertently memorize the dataset, they may generate false alarms and fail to perform adequately under varying conditions, complicating operational processes. While big data may help mitigate this confusion, the requirement for substantial data for effective ANN-based SML operation can also introduce data security risks. Moreover, developing and implementing advanced AI systems involves high costs and complex procedures.

Among the precautions that can be implemented for future studies in general terms are elaborated as follows: The measures proposed for future studies emphasize network and communication security, intrusion detection, anomaly analysis, as well as physical and hardware security. Regarding network security, it is advisable that sensor data and control signals be encrypted using algorithms, such as AES or RSA, unauthorized access be thwarted through certificate-based authentication or blockchain-supported access control, secure communication protocols (like MQTT-TLS) be employed instead of Modbus and DNP3, and the network be segmented into control and monitoring sections. For intrusion detection, it is crucial to monitor voltage, current, and frequency variations in PV systems in real-time, identify anomalies using ML techniques, and analyze sudden voltage spikes and communication delays through time series analysis. Regarding physical and hardware security, it is essential to implement hardware protection with FPGA or secure microcontrollers, shield critical loads by switching the system to island mode during an attack, and ensure redundancy through alternative communication paths and control systems, thereby enhancing the system’s resilience.

Furthermore, cyber-attack types can be diversified, or additional variations can be introduced to existing types of attacks, thereby increasing the complexity and uncertainty in the system by rendering them a more realistic version. One of the important future studies is to implement this detection and defense mechanism on a hardware basis.

6. Conclusions

This study has explored and presented a straightforward yet highly effective method for establishing a defense and support mechanism for a PV converter within a PV-powered EI structure. The ANN-based SML algorithm offers distinct opportunities for detecting and addressing cyber-attacks.

AI provides significant advantages by delivering early warnings, enabling effective interventions, and enhancing system reliability. However, AI must be integrated with other security layers and supported by human oversight to realize these benefits fully. This is particularly crucial for protecting critical systems, like renewable energy infrastructures, where AI-based solutions are essential for ensuring energy security.

Furthermore, this study demonstrates how systems can be vulnerable to cyber-attacks by mathematically modeling hijacking and FDI attacks. The primary reason that detection is challenging is that the attack vector can be designed to align with the system’s measurement matrix. Thus, advanced analysis techniques, such as ML, deep learning, or statistical detection methods, should be employed to identify cyber-attacks.

It can be concluded that cyber-attacks on power converters in PV-supported microgrids can be mitigated through network security, anomaly detection, hardware protection, and tailored measures for each attack type. Specifically, integrating ANNs and anomaly detection algorithms can facilitate early detection and prevention of such attacks. In this context, future studies should prioritize early cyber-attack detection and enhance the resilience of critical infrastructures, such as energy systems.