A Comprehensive Survey of Intrusion Detection in Advanced Metering Infrastructure: Toward Scalable Data-Driven Security in Smart Grids

With the integration of the Internet of Things (IoT), the Advanced Metering Infrastructure (AMI) plays a key role in improving grid efficiency and consumer awareness, and has transformed the traditional grid into a new intelligent, efficient paradigm, the Smart Grid (SG). However, the increasing dependencies of Information and Communication Technology (ICT) for machine-to-machine communications expose the AMI system to a wide range of cyber-physical intrusions or threats, such as data tampering, denial-of-service attacks, and unauthorized access. Vulnerabilities in various AMI’s cyber-physical systems (CPSs) components might compromise the integrity and confidentiality of the SG systems. In addition to other defensive mechanisms, the Intrusion Detection System (IDS) acts as a robust countermeasure to safeguard the AMI against cyber-attacks and threats. Though designing an effective IDS and deploying it in a highly distributed AMI network is greatly hindered by the growing number of heterogeneous, multi-sourced, and interconnected system components, as well as the evolving nature of various recent cyber-physical intrusions. This paper presents a comprehensive survey of IDSs in a structured way to address the key challenges of system scalability, heterogeneity, deployment constraints, and, most importantly, detection of various evolving attack patterns tailored for AMI in SG. Unlike current surveys, this study ushers a unified taxonomy of IDS applied in AMI across categories such as data sources, detection mechanisms, and deployment techniques and architectures. A comparative analysis of contemporary methods is provided to highlight their strengths, limitations, and applicability in real-world smart grid scenarios. This paper identifies critical gaps by analyzing contemporary methods used in the current IDSs to tackle various cyber-physical system security vulnerabilities. applicable to distributed system dynamics, AMI in SG. To address key challenges of existing IDSs, a multimodal intrusion detection system (MIDS) is proposed, featuring data-driven, adaptive security solutions for the next-generation AMI system. The technical insights for developing the experimental framework presented in this study aim to guide future research and development of data-driven, robust, scalable, and intelligent IDS solutions for securing AMI infrastructure in the SG system.