Zero-Dynamics Attack Detection for Automatic Voltage Regulators Based on State-Driven Neural Network Prediction

The Automatic Voltage Regulator (AVR) plays a critical role in ensuring the stable operation of power systems by dynamically regulating generator output voltage. However, with the increasing integration of AVRs into cyber-physical environments, they have become increasingly vulnerable to sophisticated cyber threats. Among these, Zero-Dynamics attacks represent a particularly insidious challenge. By carefully manipulating inputs to excite the system's internal zero dynamics, an attacker can induce a divergence in the internal state while maintaining the output unchanged during the early stages, thereby evading conventional anomaly detection techniques that rely solely on output deviations. This creates a critical security vulnerability, as such stealthy intrusions can persist undetected until the system becomes unstable or fails catastrophically. To address this issue, this paper proposes a Zero-Dynamics attack detection method based on state-driven neural network prediction tailored to AVR systems. A Luenberger observer is designed to estimate both internal and external states of the AVR system in real-time, using only historical system inputs and outputs. The observer reconstructs latent system dynamics that are not directly measurable but are essential for capturing hidden instability under attack conditions. These estimated states, together with the current control inputs, are used to construct a comprehensive input–state–output feature set. This multi-source feature construction enables the model to capture the complex interactions between control inputs and internal dynamic evolution, which is particularly important for detecting unobservable attack trajectories. A feedforward neural network is trained on these features to learn the dynamic relationship between the estimated states and the system output under normal conditions, ensuring that the predictor replicates the natural behavior of the AVR system across various operating points. To enhance the model's sensitivity to internal state variations that do not immediately manifest in the output, a consistency loss function is incorporated during training. This loss penalizes discrepancies between the temporal variation of the predicted output and that of the estimated internal state, enforcing a correlation between internal disturbances and their delayed impact on observable outputs. As a result, the network is encouraged not only to minimize prediction error but also to internalize the response characteristics of hidden state divergence, thereby improving its responsiveness to early-stage anomalies. The model is initially trained offline using normal data to capture nominal dynamics and is subsequently updated incrementally online via a sliding window mechanism to adapt to potential environmental changes, further enhancing the robustness of the prediction framework. During the detection phase, the trained neural predictor continues to forecast the system output. When a Zero-Dynamics attack is launched, although the actual output remains initially unchanged, the predicted output begins to deviate due to the divergence in the internal state, which the neural network is designed to capture. This deviation serves as an early warning indicator of abnormal behavior, preceding any measureable change in output. To provide a baseline for comparison, a parallel AVR system model operating under normal conditions is used to generate a baseline output trajectory, allowing for precise assessment of deviations under attack. This dual-model structure improves detection clarity and supports real-time diagnostics. Simulation experiments validate the effectiveness of the proposed method. The AVR model under test is subjected to both Zero-Dynamics attack and Enhanced Zero-Dynamics attack scenarios to examine detection performance. Results demonstrate that the approach can accurately capture the internal dynamic evolution of the AVR system and detect Zero-Dynamics attacks at an early stage. The method consistently shows earlier deviation in the predicted output compared to the measured output, confirming the hypothesis that internal divergence precedes output abnormality. Compared to traditional output-only detection methods, the proposed method demonstrates superior sensitivity, robustness, and anticipatory capability in identifying stealthy attacks..