A hybrid learning technique for intrusion detection system for smart grid

IF 3.8 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Sustainable Computing-Informatics & Systems Pub Date : 2025-02-27 DOI:10.1016/j.suscom.2025.101102

Najet Hamdi

{"title":"A hybrid learning technique for intrusion detection system for smart grid","authors":"Najet Hamdi","doi":"10.1016/j.suscom.2025.101102","DOIUrl":null,"url":null,"abstract":"<div><div>Smart grid is becoming more interconnected with external networks as a result of integrating IoT technologies, making its supervisory control and data acquisition (SCADA) vulnerable to serious cyberattacks. Therefore, early detection of suspicious activities is of utmost importance to safeguard SCADA systems. Machine learning (ML) algorithms are effective methods for developing intrusion detection systems. However, developing an efficient and reliable detection system for smart grids remains challenging: Most suggested ML-based intrusion detection methods are based on centralized learning, in which data is collected from smart meters and transferred to a central server for training. Transferring sensitive data adds another burden to safeguarding smart grids, since it may result in significant privacy breaches and data leaks in the event of attacking the central server. In contrast to centralized learning, federated learning (FL) offers data privacy protection. FL is an emerging cooperative learning that enables training between smart devices (clients) using local datasets which are kept on the clients’ sides. The resilience of FL-based detection systems in real-world situations, however, has not yet been examined, as clients may encounter various assaults, resulting in their local datasets having more or fewer attacks than others participating in the learning process. Motivated by this concern, we propose a FL-based intrusion detection for SCADA systems where clients have different attacks. We examine the impact of having missing attacks in local datasets on the performance of FL-based classifier. The experimental findings demonstrate a significant performance degradation of the FL-based model. As a remedy, we suggest a novel learning method – hybrid learning – that combines centralized and federated learning. The experimental results show that the hybrid learning classifier succeeds in identifying unseen attacks.</div></div>","PeriodicalId":48686,"journal":{"name":"Sustainable Computing-Informatics & Systems","volume":"46 ","pages":"Article 101102"},"PeriodicalIF":3.8000,"publicationDate":"2025-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sustainable Computing-Informatics & Systems","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2210537925000228","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Smart grid is becoming more interconnected with external networks as a result of integrating IoT technologies, making its supervisory control and data acquisition (SCADA) vulnerable to serious cyberattacks. Therefore, early detection of suspicious activities is of utmost importance to safeguard SCADA systems. Machine learning (ML) algorithms are effective methods for developing intrusion detection systems. However, developing an efficient and reliable detection system for smart grids remains challenging: Most suggested ML-based intrusion detection methods are based on centralized learning, in which data is collected from smart meters and transferred to a central server for training. Transferring sensitive data adds another burden to safeguarding smart grids, since it may result in significant privacy breaches and data leaks in the event of attacking the central server. In contrast to centralized learning, federated learning (FL) offers data privacy protection. FL is an emerging cooperative learning that enables training between smart devices (clients) using local datasets which are kept on the clients’ sides. The resilience of FL-based detection systems in real-world situations, however, has not yet been examined, as clients may encounter various assaults, resulting in their local datasets having more or fewer attacks than others participating in the learning process. Motivated by this concern, we propose a FL-based intrusion detection for SCADA systems where clients have different attacks. We examine the impact of having missing attacks in local datasets on the performance of FL-based classifier. The experimental findings demonstrate a significant performance degradation of the FL-based model. As a remedy, we suggest a novel learning method – hybrid learning – that combines centralized and federated learning. The experimental results show that the hybrid learning classifier succeeds in identifying unseen attacks.

查看原文本刊更多论文

智能电网入侵检测系统的混合学习技术

由于集成了物联网技术，智能电网与外部网络的互联程度越来越高，使其监控和数据采集（SCADA）容易受到严重的网络攻击。因此，及早发现可疑活动对保护SCADA系统至关重要。机器学习算法是开发入侵检测系统的有效方法。然而，为智能电网开发高效可靠的检测系统仍然具有挑战性：大多数建议的基于ml的入侵检测方法都是基于集中学习，其中从智能电表收集数据并传输到中央服务器进行培训。传输敏感数据为保护智能电网增加了另一个负担，因为在攻击中央服务器的情况下，它可能导致严重的隐私泄露和数据泄露。与集中式学习相比，联邦学习（FL）提供数据隐私保护。FL是一种新兴的合作学习，可以使用保存在客户端的本地数据集在智能设备（客户端）之间进行训练。然而，基于fl的检测系统在现实情况下的弹性尚未得到检验，因为客户端可能会遇到各种攻击，导致他们的本地数据集受到的攻击比参与学习过程的其他数据集多或少。基于这种关注，我们提出了一种基于fl的SCADA系统入侵检测，其中客户端具有不同的攻击。我们研究了局部数据集中缺失攻击对基于fl的分类器性能的影响。实验结果表明，基于fl的模型有明显的性能下降。作为补救措施，我们提出了一种新的学习方法-混合学习-将集中学习和联合学习相结合。实验结果表明，混合学习分类器能够很好地识别不可见攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Sustainable Computing-Informatics & Systems COMPUTER SCIENCE, HARDWARE & ARCHITECTUREC-COMPUTER SCIENCE, INFORMATION SYSTEMS

CiteScore

10.70

自引率

4.40%

发文量

142

期刊介绍： Sustainable computing is a rapidly expanding research area spanning the fields of computer science and engineering, electrical engineering as well as other engineering disciplines. The aim of Sustainable Computing: Informatics and Systems (SUSCOM) is to publish the myriad research findings related to energy-aware and thermal-aware management of computing resource. Equally important is a spectrum of related research issues such as applications of computing that can have ecological and societal impacts. SUSCOM publishes original and timely research papers and survey articles in current areas of power, energy, temperature, and environment related research areas of current importance to readers. SUSCOM has an editorial board comprising prominent researchers from around the world and selects competitively evaluated peer-reviewed papers.