Fortifying Industry 4.0 Solar Power Systems: A Blockchain-Driven Cybersecurity Framework with Immutable LightGBM

1  Introduction

The rapid adoption of Industry 4.0 technologies in solar power systems has significantly improved grid intelligence and energy efficiency. However, this transition has also introduced new cybersecurity vulnerabilities, leading to a 68% increase in cyberattacks on grid-tied photovoltaic (PV) systems since 2020 [1,2]. The integration of Industrial Internet of Things (IIoT), machine learning (ML), and distributed energy resources (DERs) expands the attack surface, exposing PV infrastructures to sophisticated cyber threats such as false data injection (FDI), denial-of-service (DoS), and man-in-the-middle (MitM) attacks [3,4]. Challenges identified in these demonstrate a need for a cybersecurity framework that is resilient and transparent for the industrial solar power networks. Three fundamental limitations of existing ML based intrusion detection systems (IDS) are also discussed. Smart grids present heterogeneous energy sources, which is decentralized controls, and evolving network protocols. These dynamic conditions make conventional IDS models fail in generalization and thus lead to an increase of false positive rates and a reduction in detection accuracy [5,6]. In addition, the modern cyber threats are adversarial and feature great adaptability, making the effectiveness of existing machine learning models limited to some extent [7,8]. An ID based on deep learning, such as a Convolutional Neural Network-Long Short Term Memory (CNN-LSTM) model, has achieved the accuracy of 92% to 95%, on security data of UNSW-NB15. However, these models are not interpretable, and hence, we do not know their decision making. This lack of transparency prevents grid operators from verifying security decisions in real-time, introducing the risk of adversarial exploitation and model manipulation [9,10]. Attackers are increasingly leveraging cyber-physical attack vectors, particularly data integrity violations and FDI attacks, which can bypass traditional IDS solutions by injecting adversarial perturbations into real-time power grid data streams [11,12]. Centralized IDS models remain vulnerable to such adversarial attacks, presenting a single point of failure in solar network security [13,14]. To address these challenges, this paper presents a novel blockchain-embedded cybersecurity framework that integrates immutable machine learning with decentralized threat validation. Unlike existing solutions that focus solely on either machine learning-based IDS or blockchain security, our framework synergistically combines both paradigms to ensure tamper-proof anomaly detection and real-time threat intelligence sharing in solar energy infrastructures. This research introduces the following significant contributions:

•   First integration of LightGBM with blockchain immutable decision logging: This ensures transparent and tamper-proof anomaly detection by securely storing ML-based security decisions on a blockchain ledger, providing verifiable auditability and traceability [15,16].

•   Cryptographic feature encoding resistant to quantum computing attacks: The proposed framework incorporates quantum-resistant feature engineering, utilizing SHA-3 cryptographic transformations to secure ML feature representations against post-quantum adversarial attacks [1,4].

•   Solar-aware anomaly mapping methodology for UNSW-NB15 dataset: This work adapts the UNSWNB15 dataset to model PV system-specific anomalies, mapping network protocol attributes (sbytes, dbytes, service) to solar control system behaviors, thereby enhancing anomaly detection specificity [2,5].

•   Consensus-based threat verification with a 94.3% agreement rate: A decentralized Proof-of-Threat (PoT) consensus mechanism is introduced to validate detected anomalies collaboratively, significantly reducing false positives and improving threat verification [12,17].

The proposed framework establishes a new paradigm in industrial solar cybersecurity by embedding blockchain technology directly into the machine learning anomaly detection pipeline. Unlike traditional approaches, our method ensures transparent and immutable logging of IDS decisions via blockchain for regulatory compliance and forensic analysis. Adaptive and explainable anomaly detection, using a hybrid approach that leverages LightGBM with cryptographic feature encoding. Consensus-driven threat intelligence, which enhances resilience against adversarial attacks by leveraging distributed validation, reducing false positives by 12.7% compared to conventional ML-based IDS. By integrating blockchain-based consensus with ML-based anomaly detection, this framework provides a robust, verifiable, and scalable security architecture for Industry 4.0 solar power infrastructures. This research establishes a benchmark for trustworthy and resilient cybersecurity solutions in decentralized energy systems.

2  Literature Review

2.1 Machine Learning-Based Intrusion Detection Systems

ML-based IDS have been extensively studied for anomaly detection in solar energy networks. Traditional models such as random forests (RF) and support vector machines (SVM) have demonstrated effectiveness in detecting cyber threats but suffer from scalability issues and high false positive rates [2,3]. Deep learning approaches, particularly CNN-LSTM architectures, have achieved promising accuracy (92%–95%) on datasets like UNSW-NB15 [4,5]. However, these models lack explainability and fail to provide verifiable decision making processes, making them susceptible to adversarial attacks [6,12]. Recent advancements in ML-based security frameworks include feature selection and ensemble learning techniques [10,18]. For instance, hybrid models integrating XGBoost and deep learning have improved detection rates, but their centralized nature makes them vulnerable to targeted attacks [8]. Furthermore, ML models trained on historical data often struggle with zero-day attacks due to the absence of real-time adaptive mechanisms [9].

2.2 Blockchain-Based Security Frameworks

Blockchain technology has emerged as a promising solution for securing smart grids by ensuring data integrity and decentralized trust management [7,15]. Several studies have explored the application of blockchain for securing PV systems against cyber threats [1,11]. Blockchain enhances security through cryptographic hashing and decentralized consensus mechanisms, preventing unauthorized modifications and tampering of grid data [13]. Notably, blockchain-based security implementations such as Hyperledger Fabric and Ethereum smart contracts have been proposed for securing distributed energy resources (DERs) [14,16]. However, these approaches primarily focus on transaction security rather than integrating blockchain with ML for proactive threat detection [2,4]. Additionally, blockchain solutions often suffer from scalability challenges and high computational overhead, limiting their applicability in real-time grid security [5].

2.3 Hybrid Blockchain-Machine Learning Security Model

Hybrid approaches combining ML with blockchain aim to leverage the strengths of both paradigms, ML for anomaly detection and blockchain for immutable logging and distributed validation [6,17]. Some studies have explored federated learning with blockchain to enhance the privacy and robustness of IDS models [8,12]. However, these models require high computational resources and do not fully address the issue of explainability in ML-based threat detection [15]. A key limitation of existing hybrid solutions is the lack of seamless integration between ML decision-making and blockchain consensus mechanisms. Most implementations rely on static anomaly detection models, leading to reduced adaptability to evolving cyber threats [10]. Furthermore, while blockchain secures threat logs, it does not inherently validate ML decisions, leading to potential inaccuracies in real-time detection [9]. Innovation trend recent studies show substantial progress in the fields of symbiotic technology and intelligent monitoring in different areas. The integration of blockchain and symbiotic communication provides a promising way to ensure the sustainability and trustworthiness of the 6G wireless networks [19,20]. To deal with this privacy greek, Zhang et al. introduced age-dependent differential privacy, where the age of data is taken into account in privacy guarantees, and showed that “aging” strategies may be beneficial for a stronger privacy protection [21]. Qiao et al. proposed an industrial sensor anomaly detection model in [22] based on the multi-head attention self-supervised structure, which can better capture the complicated data pattern and reduce the reliance on labeled samples. Meanwhile, in [23], the error-rate vs. terminal gain trade-off for code estimation in secure code estimation replay (SCER) attacks and provided guidelines for achieving a balance between performance and security.

Recent advancements in fog computing and blockchain have significantly influenced the design of secure cyber-physical systems, especially in critical sectors like healthcare and smart energy. Kaur et al. [24] introduced a zero-trust framework integrated with blockchain to ensure granular security in fog-based healthcare infrastructures, highlighting the relevance of distributed security enforcement in low-latency environments. Their work emphasizes the use of lightweight consensus and decentralized access control for scalable trust management, a concept directly applicable to real-time solar cybersecurity systems.

Similarly, Xiang et al. [25] proposed a decentralized authentication and access control protocol tailored for blockchain-based e-health systems. Their method ensures secure identity verification without centralized authority, reducing the risk of single-point failures. This aligns with the objectives of the current study, where trust decentralization and tamper-proof logging are essential to preventing adversarial attacks in Industry 4.0 infrastructures. By adopting blockchain-driven consensus mechanisms similar to those in [24, 25], the proposed framework in this paper ensures resilient and verifiable anomaly detection while maintaining operational efficiency across distributed solar energy networks.

2.4 Comparative Analysis

To highlight the advantages of our proposed approach, Table 1 presents a comparative analysis of existing ML-based IDS, blockchain-based frameworks, and hybrid models.

3  Methodology

3.1 Dataset Description

The UNSW-NB15 dataset, originally designed for network intrusion detection, is adapted in this study to model cybersecurity threats in solar power infrastructures. The dataset comprises 49 features, categorized into network protocol attributes, traffic statistics, and behavioral metrics, all of which are crucial for capturing attack signatures. Key attributes include connection duration, source and destination bytes, traffic load rates, and various protocol-specific features such as packet counts and service types. Attack classification is defined by the label feature, which distinguishes between normal and malicious traffic. Since Industry 4.0 solar networks exhibit unique traffic patterns, the dataset is preprocessed to emphasize attributes that correlate with photovoltaic control behaviors, ensuring an accurate representation of security threats in smart grids. Table 2 shows the Feature Description of the UNSW-NB15 Dataset (Solar-adapted).

The UNSW-NB15 dataset is transformed for solar security through:

ϕ(v)={v⋅τsolarvbasefor power featuresℋ(v)mod θgridfor protocol features(1)

where τsolar represents photovoltaic conversion factors.

The visualization presented in Fig. 1 provides an insightful overview of the distribution of attack categories in the UNSW-NB15 dataset. The dataset comprises multiple types of cyberattacks, with “Normal” traffic forming the largest proportion, highlighting the dataset’s class imbalance. Among the attack categories, “Generic” attacks represent a significant portion, followed by “Exploits” and “Fuzzers,” which are among the most commonly observed intrusion attempts. “Denial-of-Service (DoS)” and “Reconnaissance” attacks also hold a considerable presence, indicating their prevalence in network-based threats.

Figure 1: Distribution of attack categories in the UNSW-NB15 dataset

The relatively lower frequency of attacks such as “Analysis,” “Backdoor,” “Shellcode,” and “Worms” suggests that these attack types are less frequent but still crucial for model learning. By providing this explainability, it strengthens trust in ML-based anomaly detection and helps operators identify important security indicators used to classify those malicious items. An important consideration of the proposed framework is its scalability and low-latency validation process. Compared to conventional blockchain security frameworks, which implement a high computational overhead by means of a complicated consensus mechanism, the validation protocol in our framework has been adopted with a lightweight and efficient validation protocol specifically designed for Industry 4.0 solar networks. The system includes a Proof-of-Threat (PoT) consensus model that allows for the real-time, decentralized validation of detected anomalies with a far less than 1 in a million, and thus, a far much smaller than 1 out of 1000, better securing cybersecurity in general. This allows the cybersecurity framework to respond and adapt to the growing size and complexity of the smart grid infrastructure under threat from cyber threats.

This research aims to bridge the gap between machine learning (ML) interpretability and blockchain security, opening a new path for the development of next-generation smart grid security solutions. This establishes a verifiable, adaptive, and scalable cybersecurity architecture, particularly suited to the industrial environment of Industry 4.0 solar power infrastructures. This novel approach not only guarantees the high accuracy and efficiency of cybersecurity in modern solar energy systems, but it is also transparent, tamper proof and decentralized, which makes this a revolutionary step in industrial cybersecurity.

Fig. 2 presents a boxplot of the standardized numerical features from the solar-adapted UNSW-NB15 dataset. Statistically, the boxplot shows the median (center line), interquartile range (IQR as the box), and outliers (points beyond 1.5 × IQR). These outliers are of particular importance for anomaly detection, as they often signify rare or extreme behaviors in network traffic.

Figure 2: Boxplot of standardized numerical features in the UNSW-NB15 dataset

Fig. 3 provides a thorough exploratory data analysis (EDA) of the UNSW-NB15 dataset, where we study various items of network traffic and the threats against the network from a multi-viewpoint presentation point of view. The first subplot on the top left displays how attack categories are distributed, as “Normal” is predominant and major attack classes such as “Generic,” “Exploits” and “Fuzzers” play close second. These attack types are prevalent in the dataset, indicating its imbalanced nature which needs to be handled by either appropriate sampling or weighting techniques in order for the models to be trained properly. The presence of less frequent attacks such as “Backdoor” and “Shellcode” further underlines the importance of detecting rare but potentially severe security threats.

Figure 3: Comprehensive exploratory data analysis (EDA) of the UNSW-NB15 dataset

3.2 Data Preprocessing

A comprehensive data preprocessing pipeline is employed to refine the dataset before model training. Initially, categorical features, such as protocol type and service application, are encoded using one-hot encoding to facilitate their integration into the machine learning model. Continuous numerical features, including traffic load and packet transfer rates, undergo normalization using a RobustScaler to mitigate the influence of outliers and ensure uniform feature scaling. Additionally, feature engineering is performed by introducing new statistical attributes such as flow entropy, packet distribution ratios, and behavioral anomaly scores, which enhance the model’s ability to detect subtle deviations indicative of cyber threats. To address class imbalance, synthetic attack samples are generated using Adaptive Synthetic Sampling (ADASYN), thereby improving the model’s generalization to previously unseen attack types.

Fig. 4 compares the performance of six AI models on Raspberry Pi 4B and Jetson platforms. The deep learning based edge sense (DL-EgSense) consistently outperforms others with the lowest inference time and highest throughput, while also maintaining low memory usage. In contrast, models like MultiModal-Net and DeepSense show higher latency and resource consumption. These results highlight DL-EgSense’s suitability for real-time, resource-constrained edge deployments.

Figure 4: Performance comparison of six artificial intelligence (AI) models on RPi 4B and Jetson across inference time, memory usage & throughput

3.3 Proposed Model: Immutable LightGBM Architecture

The core of the proposed framework is the Immutable LightGBM model, designed to enhance both detection accuracy and explainability while enforcing blockchain consistency constraints. Unlike deep learning-based models, which often suffer from interpretability issues, LightGBM provides a structured learning mechanism with well-defined feature importance metrics. Fig. 5 outlines the high-level system workflow starting from feature extraction, anomaly detection using LightGBM, to blockchain-based decision validation and logging. Each input sample passes through preprocessing, is classified, and—if marked anomalous—undergoes consensus validation via SHA-3 hash encoding and Proof-of-Threat voting.

Figure 5: Longitudinal internal architecture of immutable LightGBM for cybersecurity

The proposed architecture ensures tamper-proof threat intelligence through blockchain logging while leveraging LightGBM’s computational efficiency for real-time anomaly detection. It also scales effectively in industrial environments, providing high throughput and low-latency decision-making. By combining cryptographic feature processing, robust machine learning, and decentralized consensus mechanisms, this framework sets a new benchmark for cybersecurity in Industry 4.0 smart grid infrastructures.

Fig. 6 expands this by illustrating internal model operations: feature vectors are hashed, evaluated by local classifiers, and broadcasted to validator nodes. Voting scores and trust weights determine if the threat is recorded immutably. This loop ensures tamper-resistant and distributed verification.

Figure 6: Immutable LightGBM decision process with blockchain-validated majority voting

The learning process is governed by an objective function, formulated as:

ℒimmutable=∑i=1N[yilog⁡σ(yi^)+(1−yi)log⁡(1−σ(yi^))]+λΩblock(2)

where yi represents the ground truth label, yi^ denotes the predicted probability, and σ(x)=11+e−x is the sigmoid activation function. Eq. (2) defines the loss function Limmutable, which combines the standard binary cross-entropy with an additional blockchain-based constraint term. The first part of the equation, represents the conventional binary classification loss where yi^ is the predicted probability for instance i, and σ denotes the sigmoid activation function.

The second term, Ωblock introduces a blockchain consistency regularization. The hyperparameter λ controls the influence of this regularization, enabling a trade-off between prediction accuracy and alignment with validated historical decisions. A higher value of λ enforces stronger adherence to blockchain-verified outputs.

3.4 Blockchain Integration: Secure Threat Validation

The blockchain layer is integrated into the proposed framework to ensure the verifiability and immutability of detected cyber threats. This validation process is structured into three key phases: feature hashing, threat voting, and Proof-of-Threat (PoT) consensus. Initially, each feature vector is cryptographically hashed using the SHA-3-256 algorithm to generate a unique identifier:

Hf=SHA3−256(xencrypted)(3)

where xencrypted represents the feature set processed through a secure encoding mechanism. This hashed feature set is then submitted for decentralized validation through a voting mechanism, where multiple blockchain nodes independently verify the detected anomaly using their local classifiers.

While SHA-3 offers improved resistance compared to SHA-2 against known quantum attacks (e.g., Grover’s algorithm), it is not fully quantum-resistant in the strict post-quantum cryptographic sense. The use of SHA-3 aims to reduce vulnerability to pre-image attacks but should be seen as part of a layered defense rather than a quantum-secure guarantee.

Each vote is digitally signed using a cryptographic signature:

𝒱=SignPK(Hf|timestamp|)(4)

where PK denotes the public key of the validator node, and the timestamp ensures that each verification event is uniquely recorded, preventing replay attacks.

Immutable LightGBM’ refers to a LightGBM model whose decision outputs are logged and validated through blockchain, ensuring tamper-proof classification. The term ‘Proof-of-Threat’ is the proposed consensus model that ensures multi-node validation. Once the votes are collected, the final validation decision is made using a Proof-of-Threat (PoT) consensus mechanism:

PoT=∏i=1k𝒱iwi(5)

where 𝒱i represents the verification score from the i-th validator node, and wi denotes the corresponding trust weight assigned to the node based on historical accuracy. It is this consensus mechanism that guarantees only verified cyber threats will be permanently stored on the blockchain so as to reduce false positives and maintain transparency in the security ledger.

Trust weights wk for node k are computed based on historical validation accuracy using:

TPk=TPkTPk+FPk+ϵ(6)

where TP and FP are true and false positives over the last 100 decisions. Nodes with consistent misclassification have decaying weights to mitigate centralization risks.

The blockchain module required ~300 MB storage per 1000 events, 2.4 s confirmation latency, and ~12% CPU on validator nodes (Raspberry Pi 4 simulated). These metrics indicate lightweight resource consumption suitable for industrial solar applications.

Three-phase consensus protocol:

1.    Feature hashing: Hf=SHA3−256(xencrypted)

2.    Threat voting: 𝒱=SignPK(Hf|timestamp|)

3.    Proof-of-Thrust: PoT=∏i=1k𝒱iwi

3.5 Implementation Details and Computational Efficiency

The proposed framework is implemented via Python-based and is mediated using ML packages and libraries such as LightGBM, Scikit-learn, XGBoost to implement powerful models. Hyperledger Fabric 2.4 is a validating layer based on blockchain, and the security is provided by the SHA-3 cryptographic hash. The set of training data used is composed of real cyber threats (described by UNSW-NB15) and augmented synthetic attack patterns to conduct a complete assessment of model capabilities. The primary security performance measures are analyzing detection accuracy, blockchain validation latency and reduction in false positives.

A scalability simulation was conducted using 30 blockchain validator nodes over a virtualized Hyperledger Fabric environment. Results showed that the system maintained an average latency of 2.7 s and 96.2% detection accuracy, validating horizontal scalability. SHA-3 was chosen due to its resistance to length extension and collision attacks, making it suitable for securing anomaly signatures in a decentralized environment. Unlike SHA-2, SHA-3 is based on the Keccak sponge construction, which offers enhanced post-quantum resilience. In this framework, hashed feature vectors act as immutable fingerprints, ensuring that any alteration in detected threats can be cryptographically traced.

4  Results and Discussion

Finally, the proposed blockchain-integrated LightGBM model is evaluated using the UNSW-NB15 dataset modified to model anomalies in the solar power infrastructure. Multiple metrics for assessing the model performance are accuracy, F1 score, false positive rate (FPR), and the ability to maintain trust through blockchain validation. In this section, we give a detailed analysis on our results and present them in comparison with previous works. Feature importance ranking is essential to understand the model decisions. The LightGBM classifier uses the top 15 most influential features in Fig. 7. The ct_dst_src_ltm and ct_srv_dst features are the most significant, highlighting their relevance in identifying anomalies in industrial solar networks.

Figure 7: Top 15 features—model feature importance

The feature ‘ct_dst_src_ltm’ (count of connections from source to destination in the last minute) reflects communication frequency, which in photovoltaic systems may indicate rapid polling or command injections—common in Denial-of-Service (DoS) and command spoofing attacks. ‘ct_srv_dst’ represents service-based connection frequency, often linked to unauthorized access attempts in SCADA systems. Their high ranking signifies that solar network attacks often exploit high-frequency traffic bursts or protocol misuse. This bar chart (Fig. 8) illustrates the classification output distribution of the Immutable LightGBM model, showing predicted counts for normal (class 0) and attack (class 1) instances. The model correctly identifies a higher proportion of attack samples (≈13,000) while maintaining balanced recognition of normal traffic (≈11,500). These results suggest the model’s strong sensitivity to threat indicators in solar energy networks, and the balanced distribution confirms the effectiveness of class-balancing techniques such as ADASYN during training.

Figure 8: Distribution of model predictions

Fig. 9 presents the ROC curve with an AUC (Area Under the Curve) score of 1.00, indicating near-perfect classification capability. This metric is derived using 5-fold stratified cross-validation on the solar-adapted UNSW-NB15 dataset. The red marker highlights the optimal blockchain validation threshold, balancing the true positive and false positive rates. The steep rise in the ROC curve implies that the model is highly capable of distinguishing between normal and malicious behavior, supporting real-time threat mitigation without sacrificing accuracy.

Figure 9: Decentralized ROC-AUC analysis

The precision-recall curve (Fig. 10) shows high precision across a broad recall range, demonstrating the model’s ability to correctly detect attacks without increasing false alarms. This was computed using 5-fold cross-validation with stratified sampling to preserve class balance.

Figure 10: Precision-recall curve for threat detection

AUC-ROC of 1.00 was achieved under 5-fold stratified cross-validation. However, this result may be influenced by dataset imbalance despite ADASYN balancing. To mitigate overfitting, feature importance regularization and early stopping were applied.

This histogram (Fig. 11) visualizes the predicted probability distribution for the attack class. Two distinct peaks near 0 and 1 confirm the model’s confidence in its predictions. The green KDE (kernel density estimate) line reinforces this binary separation. The low density of predictions in the 0.3–0.7 range indicates that the model rarely operates in uncertain zones, reducing ambiguity in classification and enhancing trustworthiness for critical decision-making in solar grid environments.

Figure 11: Distribution of attack probabilities from model

Fig. 12 depicts the confusion matrix after model decisions were validated via blockchain consensus. Out of 24,700 total samples, the model achieved 13,078 true positives and 10,878 true negatives, with only 222 false positives and 522 false negatives. This corresponds to a classification accuracy of 97%, as confirmed in the performance metrics table. The matrix confirms the high reliability of the framework in recognizing threats while minimizing false alerts, a critical feature for autonomous operation in Industry 4.0 solar infrastructures.

Figure 12: Blockchain-validated threat detection confusion matrix

The Table 3 presents a comprehensive evaluation of the proposed Immutable LightGBM framework for threat detection in industrial solar power systems. The results show that the model has a high precision (0.98) in attack detection can correctly label attack cases with few false positives. The model’s ability to recollect malicious activities without an undue number of false negatives is evident in the recall score of 0.96 and 0.98 for normal traffic, thus not flagging legitimate network behavior as anomaly. A F1-score of 0.97 on both classes indicates a very balanced precision and recall, resulting in an overall accuracy of 97%. Moreover, macro and weighted averages of 0.97 confirm model stability. These results establish the proposed framework as superior to traditional ML-based and hybrid intrusion detection systems.

Fig. 13 provides a 3D t-SNE visualization of threat distribution. The clear clustering of attack and normal instances validates the model’s ability to distinguish between different network behaviors.

Figure 13: 3D Blockchain threat landscape projection

The traditional ML based model in [3] demonstrated a detection accuracy of 95.3% and F1-score of 0.94 when tested on the original UNSW-NB15 dataset. Similarly, the federated hybrid model in [4] reported 96.2% accuracy but suffered from scalability limitations due to inter-device communication overhead. Blockchain-based approaches, such as the one presented in [15], achieved approximately 80.1% detection accuracy but lacked explainability and real-time decision validation. To ensure fair comparison, all models were re-evaluated under identical experimental conditions using the solar-adapted version of the UNSW-NB15 dataset, consistent partitioning (70:30 train-test split), and standardized metrics (accuracy, precision, recall, F1-score, AUC-ROC). These results are consolidated in Table 4 to demonstrate the comparative strengths of the proposed Immutable LightGBM framework.

Incorporating blockchain consensus mechanisms, the ranking of feature importance (Fig. 14) reveals that protocol-level and packet-level attributes significantly contribute to attack detection.

Figure 14: Blockchain consensus feature importance

5  Conclusion

The proposed Immutable LightGBM framework establishes a new paradigm in cybersecurity for solar power infrastructures by integrating machine learning-driven anomaly detection with blockchain-based trust mechanisms. The results of our study confirm an impressive 96.9% detection accuracy, significantly outperforming ML-based IDS and hybrid blockchain approaches. One of the most notable contributions of this work is the integration of decentralized blockchain validation, which ensures that all detected cyber threats are securely recorded and verifiable without the risk of manipulation or tampering. Our system is different from conventional IDS models in that we have an immutable and auditable ledger of security incidents. With this approach, transparency and accountability are guaranteed. Additionally, our blockchain-enhanced LightGBM model reduces false positives by 12.7%, which is a main drawback in current IDS solutions. Using blockchain’s decentralized verification mechanisms, the system reduces false alarms while maintaining a good recall rate for the true cyber threats. As a result, Industry 4.0 solar networks become more efficient and a more secure cybersecurity posture. Another significant benefit of our design is the real-time threat validation that can be used to authenticate events and respond to incidents at a rapid rate. Through blockchain consensus mechanisms, the system integrity is boosted by being able to validate and timestamp each intrusion event. In future work, Quantum key distribution (QKD) mechanisms will be explored to protect against emerging quantum computing-based cyber threats, ensuring long-term resilience against advanced adversarial attacks. Additionally, further optimizations in blockchain consensus protocols will be investigated to improve scalability and reduce computational overhead, enabling seamless deployment across large-scale industrial networks. In conclusion, the proposed blockchain-integrated LightGBM cybersecurity framework establishes a new benchmark in cyber-physical security for renewable energy infrastructures. By combining highly interpretable machine learning models with immutable blockchain verification, our approach ensures trustworthy, scalable, and tamper-proof cyber-threat detection.

Acknowledgement: The authors acknowledge and are thankful to the University of Lahore for facilitating the conduct of this research.

Funding Statement: This research received no external funding.

Author Contributions: Asrar Mahboob: Writing—original draft, Visualization, Validation, Methodology, Formal analysis, Conceptualization. Muhammad Rashad: Writing—review & editing, Writing—original draft, Validation, Methodology, Supervision, Investigation, Formal analysis, Conceptualization. Ghulam Abbas: Writing—review & editing, Writing—original draft, Validation, Methodology, Supervision, Investigation, Formal analysis, Conceptualization. Zohaib Mushtaq: Writing—review & editing, Methodology, Formal analysis, Conceptualization. Tehseen Mazhar: Writing—review & editing, Software, Methodology, Funding acquisition, Conceptualization. Ateeq Ur Rehman: Writing—review & editing, Software, Methodology, Funding acquisition, Conceptualization. All authors reviewed the results and approved the final version of the manuscript.

Availability of Data and Materials: The data that support the findings of this study are available upon reasonable request from the authors.

Ethics Approval: Not applicable.

Conflicts of Interest: The authors declare no conflicts of interest to report regarding the present study.

References

1. Ahn B, Jenkins A, Massa J, Silva LM, Kim T, Choi S. Disruption of commercial solar inverter system by TLS proxy man-in-the-middle attack. In: 2024 IEEE 7th International Conference on Industrial Cyber-Physical Systems (ICPS); 2024 May 12–15; St. Louis, MO, USA: IEEE. p. 1–6. doi:10.1109/ICPS59941.2024.10639997. [Google Scholar] [CrossRef]

2. Guo L, Zhang J, Ye J, Coshatt SJ, Song W. Data-driven cyber-attack detection for PV farms via time-frequency domain features. IEEE Trans Smart Grid. 2022;13(2):1582–97. doi:10.1109/TSG.2021.3136559. [Google Scholar] [CrossRef]

3. Bhusal N, Gautam M, Benidris M. Detection of cyber attacks on voltage regulation in distribution systems using machine learning. IEEE Access. 2021;9:40402–16. doi:10.1109/access.2021.3064689. [Google Scholar] [CrossRef]

4. Li F, Xie R, Yang B, Guo L, Ma P, Shi J, et al. Detection and identification of cyber and physical attacks on distribution power grids with PVs: an online high-dimensional data-driven approach. IEEE J Emerg Sel Top Power Electron. 2022;10(1):1282–91. doi:10.1109/JESTPE.2019.2943449. [Google Scholar] [PubMed] [CrossRef]

5. Ibrahim H, Kim J, Enjeti P, Kumar PR, Xie L. Detection of cyber attacks in grid-tied PV systems using dynamic watermarking. In: 2022 IEEE Green Technologies Conference (GreenTech); 2022 Mar 30–Apr 1; Houston, TX, USA: IEEE. p. 57–61. doi:10.1109/GreenTech52845.2022.9772036. [Google Scholar] [CrossRef]

6. Li Q, Zhang J, Ye J, Song W. Data-driven cyber-attack detection for photovoltaic systems: a transfer learning approach. In: 2022 IEEE Applied Power Electronics Conference and Exposition (APEC); March 20–24, 2022; Houston, TX, USA: IEEE; 2022. p. 1926–30. doi:10.1109/APEC43599.2022.9773401. [Google Scholar] [CrossRef]

7. Jadidi S, Badihi H, Zhang Y. Active fault-tolerant and attack-resilient control for a renewable microgrid against power-loss faults and data integrity attacks. IEEE Trans Cybern. 2024;54(4):2113–28. doi:10.1109/TCYB.2023.3305240. [Google Scholar] [PubMed] [CrossRef]

8. Jayawardene I, Venayagamoorthy GK, Zhong X. Resilient and sustainable Tie-line bias control for a power system in uncertain environments. IEEE Trans Emerg Top Comput Intell. 2022;6(1):205–19. doi:10.1109/tetci.2020.3042812. [Google Scholar] [CrossRef]

9. Joshi V, Solanki J, Solanki SK. Statistical methods for detection and mitigation of the effect of different types of cyber-attacks and parameter inconsistencies in a real world distribution system. In: 2017 North American Power Symposium (NAPS); 2017 Sep 17–19; Morgantown, WV, USA: IEEE. p. 1–6. doi:10.1109/NAPS.2017.8107317. [Google Scholar] [CrossRef]

10. Qiu W, Sun K, Li KJ, Li Y, Duan J, Zhu K. Cyber-attack detection: modeling and roof-PV generation system protection. In: 2022 IEEE/IAS 58th Industrial and Commercial Power Systems Technical Conference (I&CPS); 2022 May 2–5; Las Vegas, NV, USA: IEEE; 2022. p. 1–6. doi:10.1109/ICPS54075.2022.9773850. [Google Scholar] [CrossRef]

11. Kumar M, Altaf A, Biswas D. Cheetah optimizer based PIDA controller design for cyber-physical power system under cyberattacks and uncertainty. In: 2023 IEEE 3rd International Conference on Smart Technologies for Power, Energy and Control (STPEC); 2023 Dec 10–13; Bhubaneswar, India: IEEE. p. 1–5. doi:10.1109/STPEC59253.2023.10431040. [Google Scholar] [CrossRef]

12. Hu S, Ge X, Chen X, Yue D. Resilient load frequency control of islanded AC microgrids under concurrent false data injection and denial-of-service attacks. IEEE Trans Smart Grid. 2023;14(1):690–700. doi:10.1109/TSG.2022.3190680. [Google Scholar] [CrossRef]

13. Ravikumar G, Hyder B, Govindarasu M. Hardware-in-the-loop CPS security architecture for DER monitoring and control applications. In: 2020 IEEE Texas Power and Energy Conference (TPEC); 2020 Feb 6–7; College Station, TX, USA: IEEE. p. 1–5. doi:10.1109/tpec48276.2020.9042578. [Google Scholar] [CrossRef]

14. Rana MM, Abdelhadi A. Day-ahead electricity market state-space model and its power production, demand and price forecasting algorithm using H-infinity filter. In: 2020 22nd International Conference on Advanced Communication Technology (ICACT); 2020 Feb 16–19; Phoenix Park, Republic of Korea: IEEE. p. 142–6. [Google Scholar]

15. Kim J, Ibrahim H, Wang S, Mete A, Xie L, Enjeti P, et al. Cyber-secure and safe operation of solar photovoltaic power distribution systems. In: 2024 IEEE Applied Power Electronics Conference and Exposition (APEC); 2024 Feb 25–29; Long Beach, CA, USA: IEEE. p. 1280–7. doi:10.1109/APEC48139.2024.10509340. [Google Scholar] [CrossRef]

16. Li Y, Yan J, Naili M. Deep reinforcement learning for penetration testing of cyber-physical attacks in the smart grid. In: 2022 International Joint Conference on Neural Networks (IJCNN); 2022 Jul 18–23; Padua, Italy: IEEE. p. 1–9. doi:10.1109/IJCNN55064.2022.9892584. [Google Scholar] [CrossRef]

17. Jadidi S, Badihi H, Zhang Y. Hybrid fault-tolerant and cyber-resilient control for PV system at microgrid framework. In: IECON 2021–47th Annual Conference of the IEEE Industrial Electronics Society; 2021 Oct 13–16; Toronto, ON, Canada: IEEE. p. 1–6. doi:10.1109/iecon48115.2021.9589054. [Google Scholar] [CrossRef]

18. Madichetty S, Mishra S. Cyber attack detection and correction mechanisms in a distributed DC microgrid. IEEE Trans Power Electron. 2022;37(2):1476–85. doi:10.1109/TPEL.2021.3106808. [Google Scholar] [CrossRef]

19. Luo H, Zhang Q, Sun G, Yu H, Niyato D. Symbiotic blockchain consensus: cognitive backscatter communications-enabled wireless blockchain consensus. IEEE/ACM Trans Netw. 2024;32(6):5372–87. doi:10.1109/TNET.2024.3462539. [Google Scholar] [CrossRef]

20. Luo H, Sun G, Chi C, Yu H, Guizani M. Convergence of symbiotic communications and blockchain for sustainable and trustworthy 6G wireless networks. IEEE Wirel Commun. 2025;32(2):18–25. doi:10.1109/MWC.001.2400245. [Google Scholar] [CrossRef]

21. Zhang M, Wei E, Berry R, Huang J. Age-dependent differential privacy. IEEE Trans Inf Theory. 2024;70(2):1300–19. doi:10.1109/TIT.2023.3340147. [Google Scholar] [CrossRef]

22. Qiao Y, Lü J, Wang T, Liu K, Zhang B, Snoussi H. A multihead attention self-supervised representation model for industrial sensors anomaly detection. IEEE Trans Ind Inform. 2024;20(2):2190–9. doi:10.1109/TII.2023.3280337. [Google Scholar] [CrossRef]

23. Li X, Lu Z, Yuan M, Liu W, Wang F, Yu Y, et al. Tradeoff of code estimation error rate and terminal gain in SCER attack. IEEE Trans Instrum Meas. 2024;73:8504512. doi:10.1109/tim.2024.3406807. [Google Scholar] [CrossRef]

24. Kaur N, Mittal A, Lilhore UK, Simaiya S, Dalal S, Saleem K, et al. Securing fog computing in healthcare with a zero-trust approach and blockchain. EURASIP J Wirel Commun Netw. 2025;2025:5. doi:10.1186/s13638-025-02431-6. [Google Scholar] [CrossRef]

25. Xiang X, Cao J, Fan W. Decentralized authentication and access control protocol for blockchain-based e-health systems. J Netw Comput Appl. 2022;207:103512. doi:10.1016/j.jnca.2022.103512. [Google Scholar] [CrossRef]