Exploits and Malicious operations modules make up the malware application that targets the electrical power system. The exploits resemble those found in conventional malware for general-purpose computing. These malicious programs infiltrate an industrial computer, i.e. relay and then release functional components. In order to take over computational functions of the relay, malware run physics-aware modules that target physical equipment. An example is fabrication of fictitious status power data that indicates a power transformer is functioning normally, but in reality, the attacks are causing a malfunction in the transformer's HARMONIC PROTECTION algorithm. This research explores the relationship between harmonic activities in power transformers and their impact on system behavior in substation computers. We privilege mimic a set of harmonic malwares and a power transformer. In this study, we contribute in multiple ways: 1) we use these emulations to examine a power transformer's cyberattack surface; 2) using these insights, we develop a number of attacks that harmonic malware could employ against a power transformer. 3) we use Python to simulate these cyberattacks in order to monitor and measure their harmful effects on a power transformer empirically. Also, we used HYPERSIM Simulation provided by OPAR-R, to compare it with our python simulation 4) we use the ProcMon tool to dynamically observe system activities; and v) we use machine learning models to forecast and assess the impact of cyberattacks on computer systems.

The results demonstrated that the machine learning model achieved high accuracy in detecting malware-induced anomalies, with the Python simulation yielding a 91% accuracy and the HYPERSIM simulation achieving 86% accuracy in predicting cyber-physical disturbances for the type of activity “Results”. Confusion matrix analyses revealed a strong correlation between harmonic distortions and malware activity, validating the effectiveness of frequency-domain analysis in anomaly detection. Furthermore, the model successfully differentiated between normal harmonic fluctuations and malicious injections, reducing false positives while maintaining high detection precision.

This study highlights the critical role of machine learning in enhancing cybersecurity resilience in power grids. By integrating real-time anomaly detection and dynamic system activity monitoring, the proposed framework offers a robust defense mechanism against evolving cyber threats targeting power transformer operations. The findings provide a foundation for future research in developing AI-driven cybersecurity solutions tailored to industrial control systems.