Skip to main content
Springer Nature Link
Log in

A Method for Explainable Anomaly Detection in Substation Networks Through Deep Learning

  • Conference paper
  • First Online:
Availability, Reliability and Security (ARES 2025)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15994))

Included in the following conference series:

  • 66 Accesses

Abstract

Electrical substations manage electrical energy, therefore a cyber-attack on these systems would cause significant damage to the population, but also to hospitals and all critical and non-critical infrastructures. In this paper we propose a method, based on deep learning, to identify anomalies in electrical substations. The proposed method directly analyzes network logs to highlight the possible presence of anomalies in the substation networks. In order to push the adoption of deep learning in real contexts, the proposed method also provides a kind of prediction explainability behind the classifier predictions, by highlighting the section of the network trace that has been detected as symptomatic of an anomaly from the deep learning classifier point of view.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+
from €37.37 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

Chapter
EUR 29.95
Price includes VAT (Austria)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 48.14
Price includes VAT (Austria)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 63.79
Price includes VAT (Austria)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://industrialcyber.co/critical-infrastructure/critical-infrastructure-faces-30-percent-surge-in-cyber-attacks-knowbe4-report-highlights/.

  2. 2.

    https://www.forescout.com/research-labs/.

  3. 3.

    https://www.unb.ca/cic/datasets/modbus-2023.html.

  4. 4.

    https://attack.mitre.org/techniques/ics/.

References

  1. Abasıkeleş-Turgut, I., Daş, R.: Anomaly and intrusion detection systems for smart grids. In: Cyber Security Solutions for Protecting and Building the Future Smart Grid, pp. 231–270. Elsevier (2025)

    Google Scholar 

  2. Alomari, M.A.: Security of smart grid: cybersecurity issues, potential cyberattacks, major incidents, and future directions. Energies 18(1), 141 (2025)

    MathSciNet  Google Scholar 

  3. Boakye-Boateng, K., Ghorbani, A.A., Lashkari, A.H.: Securing substations with trust, risk posture, and multi-agent systems: a comprehensive approach. In: 2023 20th Annual International Conference on Privacy, Security and Trust (PST), pp. 1–12. IEEE (2023)

    Google Scholar 

  4. Di Giammarco, M., et al.: A robust and explainable deep learning method for cervical cancer screening. In: International Conference on Applied Intelligence and Informatics, pp. 111–125. Springer (2023)

    Google Scholar 

  5. He, H., Yang, H., Mercaldo, F., Santone, A., Huang, P.: Isolation forest-voting fusion-multioutput: a stroke risk classification method based on the multidimensional output of abnormal sample detection. Comput. Methods Programs Biomed. 253, 108255 (2024)

    Google Scholar 

  6. Jamil, M.S., Banik, S.P., Rahaman, G.A., Saha, S.: Advanced GradCAM++: improved visual explanations of CNN decisions in diabetic retinopathy. In: Computer Vision and Image Analysis for Industry 4.0, pp. 64–75. Chapman and Hall/CRC (2023)

    Google Scholar 

  7. Kreimel, P., Eigner, O., Mercaldo, F., Santone, A., Tavolato, P.: Anomaly detection in substation networks. J. Inf. Secur. Appl. 54, 102527 (2020)

    Google Scholar 

  8. Li, J., Zhang, D., Meng, B., Li, Y., Luo, L.: FIMF score-CAM: fast score-cam based on local multi-feature integration for visual interpretation of CNNs. IET Image Proc. 17(3), 761–772 (2023)

    Google Scholar 

  9. Maghami, M.R., Mutambara, A., Gomes, C.: Assessing cyber attack vulnerabilities of distributed generation in grid-connected systems, pp. 1–27. Environment, Development and Sustainability (2025)

    Google Scholar 

  10. Marino, D.L., Wickramasinghe, C.S., Rieger, C., Manic, M.: Self-supervised and interpretable anomaly detection using network transformers. arXiv preprint arXiv:2202.12997 (2022)

  11. Martinelli, F., Mercaldo, F., Petrillo, L., Santone, A.: Security policy generation and verification through large language models: a proposal. In: Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy, pp. 143–145 (2024)

    Google Scholar 

  12. Mercaldo, F., et al.: Diabetic retinopathy detection and diagnosis by means of robust and explainable convolutional neural networks. Neural Comput. Appl. 35(23), 17429–17441 (2023)

    Google Scholar 

  13. Most, A.B., Eren, M.E., Alexandrov, B.S., Lawrence, N.: Electrical grid anomaly detection via tensor decomposition. In: MILCOM 2023-2023 IEEE Military Communications Conference (MILCOM), pp. 162–169. IEEE (2023)

    Google Scholar 

  14. Nhung-Nguyen, H., Girdhar, M., Kim, Y.H., Hong, J.: Machine-learning-based anomaly detection for goose in digital substations. Energies 17(15), 3745 (2024)

    Google Scholar 

  15. Qu, Y., et al.: CGAM: an end-to-end causality graph attention mamba network for esophageal pathology grading. Biomed. Signal Process. Control 103, 107452 (2025)

    Google Scholar 

  16. Selvaraju, R.R., et al.: Grad-CAM: visual explanations from deep networks via gradient-based localization. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 618–626 (2017)

    Google Scholar 

  17. Valdes, A., Macwan, R., Backes, M.: Anomaly detection in electrical substation circuits via unsupervised machine learning. In: 2016 IEEE 17th International Conference on Information Reuse and Integration (IRI), pp. 500–505. IEEE (2016)

    Google Scholar 

  18. Wang, H., et al.: Score-CAM: score-weighted visual explanations for convolutional neural networks. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, pp. 24–25 (2020)

    Google Scholar 

Download references

Acknowledgment

This work has been partially supported by EU DUCA, EU CyberSecPro, SYNAPSE, PTR 22-24 P2.01 (Cybersecurity) and SERICS (PE00000014) under the MUR National Recovery and Resilience Plan funded by the EU - NextGenerationEU projects, by MUR - REASONING: foRmal mEthods for computAtional analySis for diagnOsis and progNosis in imagING - PRIN, e-DAI (Digital ecosystem for integrated analysis of heterogeneous health data related to high-impact diseases: innovative model of care and research), Health Operational Plan, FSC 2014-2020, PRIN-MUR-Ministry of Health, Progetto MolisCTe, Ministero delle Imprese e del Made in Italy, Italy, CUP: D33B22000060001, FORESEEN: FORmal mEthodS for attack dEtEction in autonomous driviNg systems CUP N.P2022WYAEW and ALOHA: a framework for monitoring the physical and psychological health status of the Worker through Object detection and federated machine learning, Call for Collaborative Research BRiC -2024, INAIL.

Author information

Authors and Affiliations

  1. Faculty of Computer Science, University of Vienna, Vienna, Austria

    Paul Tavolato & Francesco Mercaldo

  2. Department of Computer Science and Security, St. Pölten University of Applied Sciences, Sankt Pölten, Austria

    Oliver Eigner

  3. OMV, Vienna, Austria

    Philipp Kreimel-Haindl

  4. Department of Medicine and Health Sciences “V. Tiberio”, University of Molise, Campobasso, Italy

    Antonella Santone & Francesco Mercaldo

  5. Institute of High Performance Computing and Networking, National Research Council of Italy (CNR), Rende, Italy

    Fabio Martinelli

Authors
  1. Paul Tavolato
    View author publications

    Search author on:PubMed Google Scholar

  2. Oliver Eigner
    View author publications

    Search author on:PubMed Google Scholar

  3. Philipp Kreimel-Haindl
    View author publications

    Search author on:PubMed Google Scholar

  4. Antonella Santone
    View author publications

    Search author on:PubMed Google Scholar

  5. Fabio Martinelli
    View author publications

    Search author on:PubMed Google Scholar

  6. Francesco Mercaldo
    View author publications

    Search author on:PubMed Google Scholar

Corresponding author

Correspondence to Francesco Mercaldo .

Editor information

Editors and Affiliations

  1. Ghent University, Ghent, Belgium

    Bart Coppens

  2. Ghent University, Ghent, Belgium

    Bruno Volckaert

  3. KU Leuven, Ghent, Belgium

    Vincent Naessens

  4. Ghent University, Ghent, Belgium

    Bjorn De Sutter

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tavolato, P., Eigner, O., Kreimel-Haindl, P., Santone, A., Martinelli, F., Mercaldo, F. (2025). A Method for Explainable Anomaly Detection in Substation Networks Through Deep Learning. In: Coppens, B., Volckaert, B., Naessens, V., De Sutter, B. (eds) Availability, Reliability and Security. ARES 2025. Lecture Notes in Computer Science, vol 15994. Springer, Cham. https://doi.org/10.1007/978-3-032-00630-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-032-00630-1_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-032-00629-5

  • Online ISBN: 978-3-032-00630-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics