SG-StackSecure: An intelligent and robust stacking ensemble model for smart grid intrusion detection

The integration of advanced Information and Communication Technologies (ICTs) and Internet of Things (IoT) devices into traditional power infrastructure has significantly improved efficiency, reliability, and remote controllability. However, this integration has also introduced cybersecurity challenges, particularly in Supervisory Control and Data Acquisition (SCADA) systems. To address these emerging threats with real-time, scalable, and interpretable detection, this study presents a SG-StackSecure, a novel stacked ensemble framework for Smart Grids (SGs) intrusion detection. The framework combines Random Forest, XGBoost, and LightGBM as base learners, and Logistic Regression serving as the metaclassifier. It also used a Random Forest-based feature selection mechanism to enhance detection while reducing model dimensionality. SG-StackSecure model was trained and validated on the power system industrial control system (ICS) cyberattack datasets using 10-fold stratified cross-validation, achieving an average accuracy of 99.15% ± 0.18% and F1-scores of 0.9912 (binary classification) and 99.07% ± 0.29% and 0.9907 (three-class classification). SG-StackSecure achieves up to 8.67% higher accuracy, 96.16% reduction in feature selection time, and 89.34% reduction in training time as compared to state-of-the-art models. SG-StackSecure was also evaluated for its real-time deployment feasibility through model compression and stress testing under high-load scenarios. These results, along with a survey of SHAP and LIME for expert usability, underscore SG-StackSecure's robustness, scalability, and practical applicability for securing critical power infrastructures against evolving cyber-physical threats.