A Holistic Framework for Cyber Attack Detection, Classification, and Security Enhancement of DNP3 Protocol in Smart Grids

The Distributed Network Protocol 3 (DNP3), a widely adopted communication protocol in Supervisory Control and Data Acquisition (SCADA) systems, facilitates real-time monitoring and control across critical infrastructure, such as power grids, water systems, and energy management systems. However, its inherent vulnerabilities to cyber threats necessitate advanced security mechanisms. This paper introduces a tri-phase approach that includes intrusion detection, attack-type classification, and privacy-preserving techniques to address the cybersecurity challenges in DNP3-based SCADA systems in smart grids. Extreme Gradient Boosting (XGBoost) and Gradient Boosting classifiers (GBM) are employed for attack detection and attack-type classification, achieving 99.51% and 99.50% accuracy, respectively. The proposed models are rigorously validated through k-fold cross-validation and further tested on two additional datasets to establish credibility and generalizability. Privacy-preserving mechanisms ensure data confidentiality without compromising operational efficiency, while feature engineering enhances interpretability and threat response. Moreover, the inclusion of adversarial indistinguishability analysis and the introduction of attack-type classification through an edge device for potential real-time deployment position this study as a state-of-the-art contribution. Experimental results confirm the framework’s effectiveness in mitigating cyber threats, preserving data integrity, and balancing privacy with utility, making it a strong foundation for securing DNP3-based SCADA systems in smart grids.