Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Ansam Khraisat,Iqbal Gondal,Peter Vamplew,Joarder Kamruzzaman,Ammar Alazab

DOI: https://doi.org/10.3390/electronics9010173

IF: 2.9

2020-01-17

Electronics

Abstract:Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ziming Zhao,Zhaoxuan Li,Zhuoxue Song,Fan Zhang,Binbin Chen

DOI: https://doi.org/10.1109/infocom52122.2024.10621290

2024-01-01

Abstract:Existing Deep Learning (DL)-based network Intrusion Detection System (IDS) is able to characterize sequence semantics of traffic and discover malicious behaviors. Yet DL models are often nonlinear and highly non-convex functions that are difficult for in-network deployment. In this paper, we present RIDS, a hardware-friendly Recurrent Neural Network (RNN) model that is co-designed with programmable switches. As its core, RIDS is powered by two tightly-coupled components: (i) rLearner, the RNN learning module with in-network deployability as the first-class requirement; and (ii) rEnforcer, the concrete pipeline design to realize rLearner-generated models inside the network dataplane. We implement a prototype of RIDS and evaluate it on our physical testbed. The experiments show that RIDS could satisfy both detection performance and high-speed bandwidth adaptation simultaneously, when none of the other existing approaches could do so. Inspiringly, RIDS realizes remarkable intrusion/malware detection effect (e.g., similar to 99% F1 score) and model deployment (e.g., 100 Gbps per port), while only imposing nanoseconds of latency.

Ziming Zhao,Zhaoxuan Li,Zhuoxue Song,Fan Zhang

DOI: https://doi.org/10.1109/rtss59052.2023.00045

2023-01-01

Abstract:Existing Deep Learning (DL)-based network Intrusion Detection System (IDS) is able to characterize sequence semantics of traffic and discover malicious behaviors. Yet DL models are often nonlinear and highly non-convex functions that are difficult for in-network real-time deployment, i.e., existing DL solutions are essentially offline analysis. In this paper, we present RIDS, a hardware-friendly Recurrent Neural Network (RNN) model that is co-designed with programmable switches. As its core, RIDS is powered by two tightly-coupled components: (i) rLearner, the RNN learning module with in-network deployability as the first-class requirement; and (ii) rEnforcer, the concrete pipeline design to realize rLearner-generated models inside the network dataplane. We implement a prototype of RIDS and evaluate it on our physical testbed. The experiments show that RIDS could satisfy both detection performance and high-speed bandwidth adaptation simultaneously, when none of the other existing approaches could do so. Inspiringly, RIDS realizes remarkable intrusion/malware detection effect (e.g., ∽99% F1 score) and model deployment (e.g., 100 Gbps per port), while only imposing nanoseconds of latency.

Yawen Xue,Jie Pan,Yangyang Geng,Zeyu Yang,Mengxiang Liu,Ruilong Deng

DOI: https://doi.org/10.1109/ticps.2024.3406505

2024-01-01

Abstract:Industrial control systems (ICSs) are becoming increasingly interconnected as the rapid convergence of information technology (IT) and operation technology (OT) networks, and meanwhile massive attack surfaces have been exposed. However, traditional intrusion detection systems (IDSs) are difficult to be directly deployed in ICSs due to the hard real-time requirement and rare patching chance. Besides, the design of effective and practical IDSs is hampered by the lack of benchmarking ICS cybersecurity datasets. To bridge the gaps, this paper makes the first attempt by open-sourcing the developed ICS cybersecurity datasets and proposing a decision fusion based real-time IDS. Firstly, we design a customized cybersecurity dataset in a full-hardware and high-fidelity platform, including 7 types of cyber threats tailored for ICSs. The collected dataset includes network traffic, sensor readings, actuator status, and system parameters, providing the state-of-the-art benchmark dataset for ICSs consisting of cross-layer characteristics. Furthermore, we design an online decision fusion-based IDS by strategically integrating 4 widely-used machine learning models. The proposed IDS is deployed on a real-time running ethanol distillation, surpassing the performance of single detection models in terms of precision and F1-score, which substantially enhances intrusion detection accuracy and cybersecurity of ICS.

S. Gokul Pran,Sivakami Raja,S. Jeyasudha

DOI: https://doi.org/10.1002/acs.3771

IF: 3.369

2024-03-14

International Journal of Adaptive Control and Signal Processing

Abstract:Summary Intrusion detection is a cyber‐security method that is significant for network security. It is utilized to detect behaviors that compromise security and privacy within a network or in the context of a computer system. To enhance the identification, an Intrusion Detection System Based on the Beetle Swarm Optimization and K‐RMS Clustering Algorithm cluster‐based hybrid classifiers is proposed in this manuscript. Here, the data is amassed from CICIDS2017 dataset. Then the data is preprocessed to eradicate the unwanted noise. After completing the preprocessed data, it can be clustered by using K‐RMS clustering algorithm. This algorithm cluster the entire data to the associated cluster set depending on the data behavior. The classification algorithm is considered to predict the data as normal or attacking behaviors. The hybrid classification is used to predict the data. The solitary predictor aims to achieve high detection rates and accuracy. The hybrid classifiers, such as support vector machines, artificial neural networks are applied to recognize the normal or intruder. The performance of the SVM‐ANN‐IDS method attains 22.05%, 15.87%, 27.25% higher accuracy, 23.90% and 28.53% higher precision, 29.29%, 19.19% and 23.27% higher specificity and 18.28%, 24.36% and 27.49% greater recall when compared to the existing models, like developing novel deep‐learning model to improve network intrusion categorization (DNN‐IDS), Intrusion identification scheme on real‐time data traffic under machine learning techniques along feature selection method (RNN‐SVM‐IDS) and recurrent deep learning basis feature fusion ensemble meta‐classifier for intellectual network intrusion identification scheme (RNN‐IDS) respectively.

automation & control systems,engineering, electrical & electronic

Ezgi Zorarpaci

DOI: https://doi.org/10.1016/j.engappai.2024.108162

IF: 8

2024-03-10

Engineering Applications of Artificial Intelligence

Abstract:Due to the widespread use of the internet, computer network systems may be exposed to different types of attacks. For this reason, the intrusion detection systems (IDSs) are often used to protect the network systems. Network traffic data (i.e., network packets) includes many features. However, most of them are irrelevant and can lead to a decrease in the runtime and/or the detection performance of the IDS. Although various data mining methods have been applied to improve the effectiveness of IDS, research regarding IDSs having high detection rates and better runtime performance (i.e., lower computational cost) is ongoing. On the other hand, the dimensionality reduction techniques help to eliminate unnecessary features and reduce the computation time of a classification algorithm. In the literature, the feature selection methods (i.e., filter and wrapper) have been widely used for the dimensionality reduction in IDSs. Although the wrapper feature selection techniques outperform the filters, they are time-consuming. Again, the ensemble classifiers can achieve higher detection rates for IDSs compared to the stand-alone classifiers, but they require more computation time to build the model. In order to improve the runtime performance and the detection rate of IDS, a swift wrapper feature selection and a speedy ensemble classifier are proposed in this study. For the dimensionality reduction, the swift wrapper feature selection (i.e., DBDE-QDA) is used, which consists of dichotomous binary differential evolution (DBDE) and quadratic discriminant analysis (QDA). For attack detection, the speedy ensemble classifier is used, which combines Holte's 1R, random tree, and reduced error pruning tree. In the experiments, the NSL-KDD, UNSW-NB15, and CICDDoS2019 datasets are used. According to the experimental results, the proposed IDS reaches 95%–97.4%, 82.7%, and 99.5%–99.9% detection rates for the NSL-KDD, UNSW-NB15, and CICDDoS2019 datasets. In this way, the proposed IDS competes with the state-of-the-art methods in terms of detection rate and false alarm rate. In addition, the proposed IDS has a lower computational cost than the state-of-the-art methods. Moreover, DBDE-QDA reduces the dimension by 60.97%–82.92%, 73.46%, and 96.55%–98.85% for the NSL-KDD, UNSW-NB15, and CICDoS2019 datasets.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Mamunur Rashid,Joarder Kamruzzaman,Tasadduq Imam,Santoso Wibowo,Steven Gordon

DOI: https://doi.org/10.1007/s10489-021-02968-1

IF: 5.3

2022-01-08

Applied Intelligence

Abstract:Several studies have used machine learning algorithms to develop intrusion systems (IDS), which differentiate anomalous behaviours from the normal activities of network systems. Due to the ease of automated data collection and subsequently an increased size of collected data on network traffic and activities, the complexity of intrusion analysis is increasing exponentially. A particular issue, due to statistical and computation limitations, a single classifier may not perform well for large scale data as existent in modern IDS contexts. Ensemble methods have been explored in literature in such big data contexts. Although more complicated and requiring additional computation, literature has a note that ensemble methods can result in better accuracy than single classifiers in different large scale data classification contexts, and it is interesting to explore how ensemble approaches can perform in IDS. In this research, we introduce a tree-based stacking ensemble technique (SET) and test the effectiveness of the proposed model on two intrusion datasets (NSL-KDD and UNSW-NB15). We further enhance incorporate feature selection techniques to select the best relevant features with the proposed SET. A comprehensive performance analysis shows that our proposed model can better identify the normal and anomaly traffic in network than other existing IDS models. This implies the potentials of our proposed system for cybersecurity in Internet of Things (IoT) and large scale networks.

computer science, artificial intelligence

H. Lindner,W. Helliger,B. Puschendorf

DOI: https://doi.org/10.1016/0003-2697(86)90570-1

IF: 2.9

1986-11-01

Analytical Biochemistry

Abstract:

Chao Liu,Zhaojun Gu,Jialiang Wang

DOI: https://doi.org/10.1109/access.2021.3082147

IF: 3.9

2021-01-01

IEEE Access

Abstract:Digital assets have come under various network security threats in the digital age. As a kind of security equipment to protect digital assets, intrusion detection system (IDS) is less efficient if the alert is not timely and IDS is useless if the accuracy cannot meet the requirements. Therefore, an intrusion detection model that combines machine learning with deep learning is proposed in this paper. The model uses the k-means and the random forest (RF) algorithms for the binary classification, and distributed computing of these algorithms is implemented on the Spark platform to quickly classify normal events and attack events. Then, by using the convolutional neural network (CNN), long short-term memory (LSTM), and other deep learning algorithms, the events judged as abnormal are further classified into different attack types finally. At this stage, adaptive synthetic sampling (ADASYN) is adopted to solve the unbalanced dataset. The NSL-KDD and CIS-IDS2017 datasets are used to evaluate the performance of the proposed model. The experimental results show that the proposed model has better TPR for most of attack events, faster data preprocessing speed, and potentially less training time. In particular, the accuracy of multi-target classification can reach as high as 85.24% in the NSL-KDD dataset and 99.91% in the CIC-IDS2017 dataset.

computer science, information systems,telecommunications,engineering, electrical & electronic

Li Yuan,Xiongjun Tian,Jiacheng Yuan,Jingyu zhang,Xiaojing Dai,Ali Asghar Heidari,Huiling Chen,Sudan Yu

DOI: https://doi.org/10.1007/s10586-024-04544-x

2024-06-16

Cluster Computing

Abstract:Intrusion detection system (IDS) classify network traffic as either threatening or normal based on data features, aiming to identify malicious activities attempting to compromise computer systems. However, the volume of intrusion-related data is increasing daily, and the redundant features within this data hinder the improvement of IDS classification performance and efficiency. This study introduces a wrapper feature selection model, denoted as bICSRUN-KNN, with Runge–kutta optimization for information-guided communication (ICSRUN) to detect system intrusions. Comparative experiments on the IEEE CEC 2014 benchmark functions demonstrate ICSRUN's superiority over other algorithms. Subsequently, comparative experiments are conducted using 12 UCI datasets, NSL-KDD, ISCX-URL-2016, ISCX-Tor-NonTor-2017, and LUFlow Network, against competing algorithms. Experimental results demonstrate that the bICSRUN-KNN model achieved remarkable accuracy rates of 98.705% and 98.341% in the binary and multiclass contexts of NSL-KDD. For ISCX-URL-2016, ISCX-Tor-NonTor-2017, and LUFlow Network, accuracy rates of 96.107%, 99.772%, and 88.748% are respectively attained.

computer science, information systems, theory & methods

Jiadong Ren,Jiawei Guo,Wang Qian,Huang Yuan,Xiaobing Hao,Hu Jingjing

DOI: https://doi.org/10.1155/2019/7130868

IF: 1.968

2019-06-16

Security and Communication Networks

Abstract:Intrusion detection system (IDS) can effectively identify anomaly behaviors in the network; however, it still has low detection rate and high false alarm rate especially for anomalies with fewer records. In this paper, we propose an effective IDS by using hybrid data optimization which consists of two parts: data sampling and feature selection, called DO_IDS. In data sampling, the Isolation Forest (iForest) is used to eliminate outliers, genetic algorithm (GA) to optimize the sampling ratio, and the Random Forest (RF) classifier as the evaluation criteria to obtain the optimal training dataset. In feature selection, GA and RF are used again to obtain the optimal feature subset. Finally, an intrusion detection system based on RF is built using the optimal training dataset obtained by data sampling and the features selected by feature selection. The experiment will be carried out on the UNSW-NB15 dataset. Compared with other algorithms, the model has obvious advantages in detecting rare anomaly behaviors.

computer science, information systems,telecommunications

Cynthia Anthony,Walid Elgenaidi,Muzaffar Rao

DOI: https://doi.org/10.3390/electronics13050809

IF: 2.9

2024-02-20

Electronics

Abstract:This research work highlights significant achievements in the domain of intrusion detection systems (IDSs) for autonomous vehicles, which are crucial in enhancing their safety, reliability, and cybersecurity. This study introduces an approach that leverages non-tree-based machine learning algorithms, such as K-nearest neighbors and ensemble learning, to develop an IDS tailored for autonomous vehicles. These algorithms were employed because of their ability to process complex and large datasets with less likeliness for overfitting, their scalability, and their ability to adapt to changing conditions in real time. These algorithms effectively handle imbalanced data, enhancing the detection accuracy of both normal and intrusive instances. The IDS's performance was validated through the utilization of three real-world datasets, CAN intrusion, CICIDS2017, and NSL-KDD, where the proposed non-tree-based IDS (NTB-MTH-IDS) was measured with the standard measurement metrics: accuracy, precision, F1-score, and recall, including specificity and sensitivity. Notably, the results indicate that K-nearest neighbors and stacking, as part of NTB-MTH-IDS, has an accuracy of 99.00%, 98.57%, and 97.57%, and F1-scores of 99.00%, 98.79%, and 97.54% in the CICIDS2017, NSL-KDD, and CAN datasets, respectively. The results of this research can lead to establishing a robust intrusion detection framework, thereby ensuring the safety and reliability of autonomous vehicles. Through this achievement, road users, passengers, and pedestrians are safeguarded against the consequences of potential cyber threats.

engineering, electrical & electronic,computer science, information systems,physics, applied

Amit Kumar Balyan,Sachin Ahuja,Umesh Kumar Lilhore,Sanjeev Kumar Sharma,Poongodi Manoharan,Abeer D Algarni,Hela Elmannai,Kaamran Raahemifar

DOI: https://doi.org/10.3390/s22165986

2022-08-10

Abstract:Due to the rapid growth in IT technology, digital data have increased availability, creating novel security threats that need immediate attention. An intrusion detection system (IDS) is the most promising solution for preventing malicious intrusions and tracing suspicious network behavioral patterns. Machine learning (ML) methods are widely used in IDS. Due to a limited training dataset, an ML-based IDS generates a higher false detection ratio and encounters data imbalance issues. To deal with the data-imbalance issue, this research develops an efficient hybrid network-based IDS model (HNIDS), which is utilized using the enhanced genetic algorithm and particle swarm optimization(EGA-PSO) and improved random forest (IRF) methods. In the initial phase, the proposed HNIDS utilizes hybrid EGA-PSO methods to enhance the minor data samples and thus produce a balanced data set to learn the sample attributes of small samples more accurately. In the proposed HNIDS, a PSO method improves the vector. GA is enhanced by adding a multi-objective function, which selects the best features and achieves improved fitness outcomes to explore the essential features and helps minimize dimensions, enhance the true positive rate (TPR), and lower the false positive rate (FPR). In the next phase, an IRF eliminates the less significant attributes, incorporates a list of decision trees across each iterative process, supervises the classifier's performance, and prevents overfitting issues. The performance of the proposed method and existing ML methods are tested using the benchmark datasets NSL-KDD. The experimental findings demonstrated that the proposed HNIDS method achieves an accuracy of 98.979% on BCC and 88.149% on MCC for the NSL-KDD dataset, which is far better than the other ML methods i.e., SVM, RF, LR, NB, LDA, and CART.

Feng Cui,Mingdi Xu,Bo Xie,Chaoyang Jin,Zhengxiao Li,Haipeng Fan

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603260

2024-04-19

Abstract:Intrusion Detection Systems (IDS) play a crucial role in safeguarding network security perimeters by monitoring network traffic and system behavior in real time. The advent of deep learning, particularly through the application of Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks, has significantly enhanced IDS's ability to detect network threats by leveraging autonomous learning and generalization capabilities. However, deep learning-based IDSs encounter challenges, including the necessity for extensive data labeling and the computational resources required, which pose obstacles to their widespread adoption and effectiveness. Nonetheless, deep learning-based IDS encounter challenges, including the requirement for extensive labeled datasets and significant computational resources. This paper proposes a novel hybrid IDS framework — HDCBAN that integrates deep convolutional neural networks, bidirectional LSTM networks, and the AlexNet model to efficiently predict and classify malicious network activities. The HDCBAN model employs deep CNNs to capture local features through convolution, bidirectional LSTMs to seize temporal features for enhanced performance and prediction capabilities, and AlexNet to augment classification efficacy through feature extraction. The effectiveness of this hybrid approach was assessed using real-world datasets, including the publicly available CSE-CIC-IDS 2017, CSE-CIC-IDS 2018, and NSL-KDD datasets, with preprocessing to optimize model performance. Experimental results, validated through 10-fold cross-validation, reveal that our model achieves a malicious attack detection rate and accuracy of up to 99.88% for CSE-CIC-IDS and 99.93% for NSL-KDD, thereby outperforming existing models in detection rate, accuracy, and reducing false positives.

Computer Science,Engineering

Tong Li,Tian Xia,Haoming Zhang,Dongyang Liu,Hai Zhao,Zhuolin Liu

DOI: https://doi.org/10.3390/su16229692

IF: 3.9

2024-11-08

Sustainability

Abstract:With the integration of sustainable energy, the power grid has become increasingly information-intensive and complex. To address the issue of power grid cyber-physical systems being unable to operate securely and stably when systems suffer false data injection attacks, a two-stage detection method based on Stacking and Maximum Information Coefficient and Dual-layer Confidence Extreme Gradient Boosting (MIC-DCXGB) is proposed by the paper. Firstly, a Stacking classification model consisting of multiple heterogeneous learners detects anomalies in real-time measurement data samples to determine if false data are present. Secondly, the method incorporates the Maximum Information Coefficient (MIC) for feature selection, which non-linearly measures the correlation between data features and fairly removes redundant features by evaluating the amount of information one feature variable contains about another. This approach effectively tackles the high-dimensional redundancy problem commonly faced in false data injection attack detection. Then, the paper introduces a dual-layer confidence Extreme Gradient Boosting (XGBoost) tree with positive feedback information transmission to classify node states. By combining grid topology learning with label correlation, it selectively uses preceding label information to reduce errors in the predictions learned by subsequent classifiers, achieving precise localization of the attack positions. Finally, extensive simulations validate the effectiveness of the proposed method.

environmental sciences,environmental studies,green & sustainable science & technology