With the in-depth construction of digital power grids, their cyber-physical systems face severe cybersecurity challenges. Malicious encrypted traffic, using HTTPS and SSL/TLS, threatens grid stability, making traditional detection ineffective. This paper focuses on such traffic from mainstream hacking tools, combines network traffic analysis with machine learning, extracts protocol layer features, and constructs decision tree, random forest, and LSTM models. Experiments show their accuracy rates reach 99.85%, 99.93%, and 99.64% respectively, enabling intelligent and accurate detection, providing technical support for grid security.
