Enhanced cybersecurity for smart grids: Detecting protocol-specific DDoS attacks on Modbus networks

IF 4.9 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-08-19 DOI:10.1016/j.compeleceng.2025.110629

Sania Kanwal , Waqas Amin , Abdullah Aman Khan , Bilal Rafique , Qi Huang , Li Jian , Iqra Batool

{"title":"Enhanced cybersecurity for smart grids: Detecting protocol-specific DDoS attacks on Modbus networks","authors":"Sania Kanwal , Waqas Amin , Abdullah Aman Khan , Bilal Rafique , Qi Huang , Li Jian , Iqra Batool","doi":"10.1016/j.compeleceng.2025.110629","DOIUrl":null,"url":null,"abstract":"<div><div>Smart grid (SG) infrastructure is critical in developing distributed energy networks. However, the increase in communication among the several entities of the SG also leads to an increase in vulnerabilities. Among the several attacks, Distributed Denial of Service (DDoS) is the most common threat that can disrupt the normal functioning of SGs, causing instability and severe security issues across the entire grid. While many researchers have explored Machine Learning (ML) and Deep Learning (DL) solutions to enhance SG security, most of them detect DDoS attacks using datasets that do not include SG-specific protocols, such as the Modicon Communication Bus (Modbus) protocol. The proposed study presents a novel contribution by generating a Modbus-specific DDoS attack dataset for SG environments and applying a DL Sparse AutoEncoder (SAE)-based method to detect such attacks. The experimental results show that the proposed model detects DDoS attacks in the SG network with an Accuracy of 76%, compared to state-of-the-art methods such as Random Forest (RF), Convolutional Neural Network (CNN), and Gated Recurrent Unit (GRU), with Accuracies of 73% and 71%, respectively.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"127 ","pages":"Article 110629"},"PeriodicalIF":4.9000,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625005725","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Smart grid (SG) infrastructure is critical in developing distributed energy networks. However, the increase in communication among the several entities of the SG also leads to an increase in vulnerabilities. Among the several attacks, Distributed Denial of Service (DDoS) is the most common threat that can disrupt the normal functioning of SGs, causing instability and severe security issues across the entire grid. While many researchers have explored Machine Learning (ML) and Deep Learning (DL) solutions to enhance SG security, most of them detect DDoS attacks using datasets that do not include SG-specific protocols, such as the Modicon Communication Bus (Modbus) protocol. The proposed study presents a novel contribution by generating a Modbus-specific DDoS attack dataset for SG environments and applying a DL Sparse AutoEncoder (SAE)-based method to detect such attacks. The experimental results show that the proposed model detects DDoS attacks in the SG network with an Accuracy of 76%, compared to state-of-the-art methods such as Random Forest (RF), Convolutional Neural Network (CNN), and Gated Recurrent Unit (GRU), with Accuracies of 73% and 71%, respectively.

查看原文本刊更多论文

增强智能电网的网络安全：检测Modbus网络上特定协议的DDoS攻击

智能电网基础设施是发展分布式能源网络的关键。然而，SG的几个实体之间通信的增加也导致了漏洞的增加。在几种攻击中，分布式拒绝服务（DDoS）是最常见的威胁，它可以破坏SGs的正常功能，导致整个电网的不稳定和严重的安全问题。虽然许多研究人员已经探索了机器学习（ML）和深度学习（DL）解决方案来增强SG安全性，但大多数研究人员使用不包含SG特定协议（如Modbus协议）的数据集来检测DDoS攻击。提出的研究提出了一项新的贡献，即为SG环境生成特定于modbus的DDoS攻击数据集，并应用基于DL稀疏自动编码器（SAE）的方法来检测此类攻击。实验结果表明，与随机森林（RF）、卷积神经网络（CNN）和门控循环单元（GRU）等最先进的方法相比，该模型在SG网络中检测DDoS攻击的准确率为76%，准确率分别为73%和71%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.