Smart grids face escalating cybersecurity threats due to the integration of renewable energy sources and communication technologies, with SCADA protocols—particularly DNP3 and IEC 60870-5-104—vulnerable to unauthorized access and denial-of-service (DoS) attacks. To address this, we propose a hybrid deep learning intrusion detection model combining Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks: CNNs extract local spatial features from protocol packets, while LSTMs capture temporal dependencies in network traffic, enabling fine-grained detection of diverse attack types. Evaluated on standard DNP3 and IEC 60870-5-104 datasets, the model achieves 99.70% detection accuracy, outperforming state-of-the-art methods across all key metrics. This work introduces the first architecture that deeply couples lightweight convolutional feature learning with industrial protocol-specific temporal modeling, significantly improving detection accuracy and real-time responsiveness against sophisticated attacks—including replay and command injection—thereby delivering a deployable AI-driven solution for defense-in-depth in smart grids.

The evolution of the traditional power grid into the "smart grid" has resulted in a fundamental shift in energy management, which allows the integration of renewable energy sources with modern communication technology. However, this interconnection has increased smart grids' vulnerability to attackers, which might result in privacy breaches, operational interruptions, and massive outages. The SCADA-based smart grid protocols are critical for real-time data collection and control, but they are vulnerable to attacks like unauthorized access and denial of service (DoS). This research proposes a hybrid deep learning-based Intrusion Detection System (IDS) intended to improve the cybersecurity of smart grids. The suggested model takes advantage of Convolutional Neural Networks' (CNN) feature extraction capabilities as well as Long Short-Term Memory (LSTM) networks' temporal pattern recognition skills. DNP3 and IEC104 intrusion detection datasets are employed to train and test our CNN-LSTM model to recognize and classify the potential cyber threats. Compared to other deep learning approaches, the results demonstrate considerable improvements in accuracy, precision, recall, and F1-score, with a detection accuracy of 99.70%.