Abstract
The escalating sophistication of cyber threats against power systems necessitates advanced detection mechanisms. This research presents a multi-modal large language model framework integrating Supervisory Control and Data Acquisition (SCADA) logs, Phasor Measurement Unit (PMU) measurements, network traffic, and grid topology through cross-modal attention. The architecture employs specialized encoders, including Bidirectional Encoder Representations from Transformers (BERT) for text, transformers for time-series, Convolutional Neural Network-Long Short-Term Memory (CNN-LSTM) for traffic, and graph networks for topology. Evaluation on 2 million samples shows the Multi-modal Large Language Model (MM-LLM) achieves 95.4% accuracy, outperforming traditional machine learning including Support Vector Machine with Radial Basis Function kernel (SVM-RBF) at 77.1% and deep learning methods including Long Short-Term Memory (LSTM) at 82.9% and Memory-Augmented Deep Generative Adversarial Network (MAD-GAN) at 86.1%. The framework maintains 94.2% precision, 96.3% recall, 2.7% false positive rate, and 13.2 ms latency. Early warning capability provides 3.2–4.5 minutes lead time before attacks, enabling proactive defense. Ablation studies confirm cross-modal attention contributes 6.7% improvement, while multi-modal fusion elevates performance from 88.7% to 95.7%, demonstrating effectiveness for critical infrastructure protection.
References
M. Liu et al., “Enhancing cyber-resiliency of der-based smart grid: A survey,” IEEE Transactions on Smart Grid, vol. 15, no. 5, pp. 4998–5030, 2024.
Y. Yao, J. Duan, K. Xu, Y. Cai, Z. Sun, and Y. Zhang, “A survey on large language model (LLM) security and privacy: The good, the bad, and the ugly,” High-Confidence Computing, vol. 4, no. 2, p. 100211, 2024.
Rafrastara, F.A., Shidik, G.F., Ghozi, W., Rijati, N. and Setiono, O. 2025. Tree-based Ensemble Algorithms and Feature Selection Method for Intelligent Distributed Denial of Service Attack Detection. Journal of Cyber Security and Mobility. vol. 14, no, 01, pp. 1–24, 2025.
I. Zografopoulos, N. D. Hatziargyriou, and C. Konstantinou, “Distributed energy resources cybersecurity outlook: Vulnerabilities, attacks, impacts, and mitigations,” IEEE Systems Journal, vol. 17, no. 4, pp. 6695–6709, 2023.
A. Akkad, G. Wills, and A. Rezazadeh, “An information security model for an IoT-enabled Smart Grid in the Saudi energy sector,” Computers and Electrical Engineering, vol. 105, p. 108491, 2023.
N. S. Shibu, A. R. Devidas, S. Balamurugan, S. Ponnekanti, and M. V. Ramesh, “Optimizing microgrid resilience: integrating IoT, blockchain, and smart contracts for power outage management,” IEEE Access, vol. 12, pp. 18782–18803, 2024.
J. Zhang et al., “When LLMS meet cybersecurity: A systematic literature review,” Cybersecurity, vol. 8, no. 1, p. 55, 2025.
M. A. Ferrag et al., “Revolutionizing cyber threat detection with large language models: A privacy-preserving Bert-based lightweight model for IoT/IIoT devices,” IEEE Access, vol. 12, pp. 23733–23750, 2024.
R. Kaur, T. Klobučar, and D. Gabrijelčič, “Harnessing the power of language models in cybersecurity: A comprehensive review,” International Journal of Information Management Data Insights, vol. 5, no. 1, p. 100315, 2025.
F. Wu, N. Zhang, S. Jha, P. McDaniel, and C. Xiao, “A new era in LLM security: Exploring security concerns in real-world LLM-based systems,” arXiv preprint arXiv:2402.18649, 2024.
E. Aghaei, X. Niu, W. Shadid, and E. Al-Shaer, “Securebert: A domain-specific language model for cybersecurity,” International Conference on Security and Privacy in Communication Systems, 2022: Springer, pp. 39–56.
Y. Li et al., “Personal llm agents: Insights and survey about the capability, efficiency, and security,” arXiv preprint arXiv:2401.05459, 2024.
Y. Li and J. Yan, “Cybersecurity of smart inverters in the smart grid: A survey,” IEEE Transactions on Power Electronics, vol. 38, no. 2, pp. 2364–2383, 2022.
S. Kumari, C. Prabha, A. Karim, M. M. Hassan, and S. Azam, “A comprehensive investigation of anomaly detection methods in deep learning and machine learning: 2019–2023,” IET Information Security, vol. 2024, no. 1, p. 8821891, 2024.
F. Ullah, S. Ullah, G. Srivastava, and J. C.-W. Lin, “IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic,” Digital Communications and Networks, vol. 10, no. 1, pp. 190–204, 2024.
R. Devendiran and A. V. Turukmane, “Dugat-LSTM: Deep learning based network intrusion detection system using chaotic optimization strategy,” Expert Systems with Applications, vol. 245, p. 123027, 2024.
H. Zhang and M. O. Shafiq, “Survey of transformers and towards ensemble learning using transformers for natural language processing,” Journal of Big Data, vol. 11, no. 1, p. 25, 2024.
S. Islam et al., “A comprehensive survey on applications of transformers for deep learning tasks,” Expert Systems with Applications, vol. 241, p. 122666, 2024.
J. Duan, “Deep learning anomaly detection in AI-powered intelligent power distribution systems,” Frontiers in Energy Research, vol. 12, p. 1364456, 2024.
S. Yi, S. Zheng, S. Yang, G. Zhou, and J. Cai, “Anomaly detection for asynchronous multivariate time series of nuclear power plants using a temporal-spatial transformer,” Sensors, vol. 24, no. 9, p. 2845, 2024.
X. Zhang, W. Sun, K. Chen, and R. Jiang, “A multimodal expert system for the intelligent monitoring and maintenance of transformers enhanced by multimodal language large model fine-tuning and digital twins,” IET Collaborative Intelligent Manufacturing, vol. 6, no. 4, p. e70007, 2024.
S. Tuli, G. Casale, and N. R. Jennings, “Tranad: Deep transformer networks for anomaly detection in multivariate time series data,” arXiv preprint arXiv:2201.07284, 2022.
Z. Li et al., “A transformer-based deep learning algorithm to auto-record undocumented clinical one-lung ventilation events,” International Workshop on Health Intelligence, 2023: Springer, pp. 255–272.
Z. Liu and L. Wang, “A robust strategy for leveraging soft open points to mitigate load altering attacks,” IEEE Transactions on Smart Grid, vol. 13, no. 2, pp. 1555–1569, 2021.
N. Javaid, M. Akbar, A. Aldegheishem, N. Alrajeh, and E. A. Mohammed, “Employing a machine learning boosting classifiers-based stacking ensemble model for detecting non-technical losses in smart grids,” IEEE Access, vol. 10, pp. 121886–121899, 2022.
J. Goh, S. Adepu, K. N. Junejo, and A. Mathur, “A dataset to support research in the design of secure water treatment systems,” International Conference on Critical Information Infrastructures Security, 2016: Springer, pp. 88–99.
R. C. B. Hink, J. M. Beaver, M. A. Buckner, T. Morris, U. Adhikari, and S. Pan, “Machine learning for power system disturbance and cyber-attack discrimination,” in 2014 7th International Symposium on Resilient Control Systems (ISRCS), 2014: IEEE, pp. 1–8.
J. J. Downs and E. F. Vogel, “A plant-wide industrial process control problem,” Computers & Chemical Engineering, vol. 17, no. 3, pp. 245–255, 1993.
C. M. Ahmed, J. Zhou, and A. P. Mathur, “Noise matters: Using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in CPS,” in Proceedings of the 34th Annual Computer Security Applications Conference, 2018, pp. 566–581.
K. Chen, C. Huang, and J. He, “Fault detection, classification and location for transmission lines and distribution systems: a review on the methods,” High Voltage, vol. 1, no. 1, pp. 25–33, 2016.
F. M. Shakiba, S. M. Azizi, M. Zhou, and A. Abusorrah, “Application of machine learning methods in fault detection and classification of power transmission lines: a survey,” Artificial Intelligence Review, vol. 56, no. 7, pp. 5799–5836, 2023.
D. Li, D. Chen, B. Jin, L. Shi, J. Goh, and S.-K. Ng, “MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks,” International Conference on Artificial Neural Networks, 2019: Springer, pp. 703–716.
A. Alamr and A. Artoli, “Unsupervised transformer-based anomaly detection in ECG signals,” Algorithms, vol. 16, no. 3, p. 152, 2023.
N. Nazari et al., “Forget and rewire: Enhancing the resilience of transformer-based models against {Bit-Flip} attacks,” 33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 1349–1366.
T. Sirojan, S. Lu, B. T. Phung, D. Zhang, and E. Ambikairajah, “Sustainable deep learning at grid edge for real-time high impedance fault detection,” IEEE Transactions on Sustainable Computing, vol. 7, no. 2, pp. 346–357, 2018.
M. Z. Yousaf, S. Khalid, M. F. Tahir, A. Tzes, and A. Raza, “A novel DC fault protection scheme based on intelligent network for meshed DC grids,” International Journal of Electrical Power & Energy Systems, vol. 154, p. 109423, 2023.
S. A. Bakhsh, M. A. Khan, F. Ahmed, M. S. Alshehri, H. Ali, and J. Ahmad, “Enhancing IoT network security through deep learning-powered Intrusion Detection System,” Internet of Things, vol. 24, p. 100936, 2023.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright (c) 2026 Journal of Cyber Security and Mobility