Increasing cyber vulnerabilities pose various concerns regarding the stability and reliability of power systems. Conventionally, Automatic Generation Control (AGC) is employed to maintain the frequency of power systems within a predefined range. However, it is susceptible to cyber-attacks due to its reliance on data transmitted through communication links. Consequently, designing robust protection mechanism to detect, locate and mitigate such attacks is crucial. This paper proposes three data-driven architectures to detect, locate and mitigate False Data Injection (FDI) and Denial of Service (DoS) attacks against AGC systems. First, the proposed models are trained and evaluated using diverse Pulse and Ramp stealthy attacks scenarios in a two-area AGC system, considering the AGC nonlinearities. The detection model exhibits exemplar capability for detecting and locating individual and particularly, multiple coordinated stealthy cyber-attacks, that can significantly undermine the effectiveness of detection systems, with $F_{1}$-score of 93.46% and 96.32% AUC score. The second and third models, attacked class-based mitigation model (ACM) and comprehensive mitigation model (CMM), are employed to accurately recover the corrupted measurements, attaining RMSEs of 0.003463 and 0.003218, respectively. Furthermore, this paper is the first to innovatively examine the impact of PV power system injections on the effectiveness of the proposed detection model, which accurately classified 75,100 out of 75,131 no-attack instances, showcasing its proficiency in distinguishing PV injections from cyber-attacks. Finally, the proposed models are further evaluated using three-area AGC system under mixed FDI and DoS attack scenarios. The obtained results demonstrate their capability to handle larger systems while meeting practical operational requirements.