The rapid digitalization of modern energy systems—including smart grids, advanced metering infrastructures (AMI), and supervisory control and data acquisition (SCADA) networks—has increased their vulnerability to cyberattacks. Although encryption secures energy data, it also conceals malicious traffic, complicating intrusion detection. This vulnerability exposes critical systems to threats, such as false data injection, command tampering, and advanced persistent attacks. Consequently, distinguishing benign from malicious activity becomes increasingly challenging, especially when attackers exfiltrate sensitive data through encrypted channels. This study proposes an adaptive feature selection (AFS) method to enhance cybersecurity in energy systems. In contrast to conventional models that focus solely on statistical relevance, AFS incorporates gradient-based relevance to capture context-sensitive traffic patterns, thereby revealing malicious activities within encrypted, noisy environments. Experimental results, conducted on the CIRA-CIC-DoHBrw-2020 dataset, show that AFS improves detection accuracy by 24.74% and reduces training time by 35% compared to conventional PCA-based methods. This approach strengthens cybersecurity in energy systems by improving the detection performance of intrusion detection frameworks, thereby enhancing operational reliability, data integrity, and overall network security.
Lee et al. (Fri,) studied this question.