Zero-day Attack Detection in Digital Substations using In-Context Learning

We address the challenge of detecting zero-day attacks in digital substations that use the IEC-61850 protocol. While prior heuristic and ML-based methods struggle to generalize to unknown attacks, we leverage the in-context learning ability of transformer models to adapt from a few examples without retraining. On the IEC-61850 dataset, our method achieves >87% detection accuracy on zero-day attacks where existing baselines fail, showing promise for securing modern power systems.