Smart coordinated cyber-attacks on wind turbines: From detection to identification via machine learning

Abstract

As wind energy grows globally, wind turbines have emerged as critical targets for sophisticated cyber-attacks. These attacks, aimed at covertly compromising the cyber components of wind turbine systems, can disrupt operational integrity and potentially trigger widespread cascading effects aligned with malicious goals. Unlike typical system faults, the stealthy nature of cyber-attacks complicates the detection and identification of their anomalous behaviors, which subtly differ from normal operational variations. This complexity highlights the pressing need for advanced, targeted anomaly detection and identification methods specifically tailored to the unique characteristics of wind turbine cyber-attacks. In response, this paper proposes a two-part framework. A hybrid machine learning-based model captures normal operational behaviors and detects anomalies arising from coordinated cyber-attacks on wind turbines. Following anomaly detection, a dual cyber-attack identification method classifies specific attack patterns. The proposed framework leverages in-depth analysis of system measurement data and refined threshold evaluation, enabling accurate decision-making based on model outputs. The effectiveness of this framework is demonstrated on a realistic offshore wind turbine benchmark, incorporating authentic operational influences such as wind turbulence, measurement noise, and challenging cyber-attack scenarios. The results demonstrate that the proposed detection model achieves over 96 % accuracy, identifying anomalies within 10 s across varying attack magnitudes and patterns. Furthermore, the dual cyber-attack identification method achieves attack classification accuracies above 99 % on the test set and maintains stable accuracy above 90 % for previously unseen attack scenarios. These outcomes highlight the robustness and practicality of the proposed framework, significantly fortifying wind energy systems against evolving cyber threats.