TY - GEN
T1 - Fine-tuned LSTM-Based Model for Efficient Honeypot-Based Network Intrusion Detection System in Smart Grid Networks
AU - Albaseer, Abdullatif
AU - Abdallah, Mohamed
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Honeypot is considered a powerful complement to the Network Intrusion Detection System (NIDS) in smart grid (SG) systems, which minimizes the workload of NIDSs while providing access to information about the attacker's actions. This assists in further tracing the attack surface and, in return, enables the NIDSs to prevent such behaviors. Machine learning (ML) has recently attracted considerable attention in the SG security domain as a stringent technique for designing and implementing algorithms to predict security threats. However, large data sets collected by honeypots require more effort for faster response, real-time processing, and decision-making, especially for limited resources SG's devices. Thus, this paper proposes an approach to address this challenge, including feature extraction, oversampling and weak label combinations. We demonstrate that all classic ML algorithms cannot maintain the desired performance level when reducing the number of selected features (i.e., using only 25% of the features). As a result, we resort to the Deep Learning approach and propose an LSTM-based model that outperforms the state-of-the-art in terms of accuracy, precision, recall, and f1-score. We conduct extensive simulations using a realistic dataset that includes large log files. The proposed approach can employ just 25% of the features from each collected network packet while attaining 99.8% testing accuracy with a 13% improvement compared to the benchmarks.
AB - Honeypot is considered a powerful complement to the Network Intrusion Detection System (NIDS) in smart grid (SG) systems, which minimizes the workload of NIDSs while providing access to information about the attacker's actions. This assists in further tracing the attack surface and, in return, enables the NIDSs to prevent such behaviors. Machine learning (ML) has recently attracted considerable attention in the SG security domain as a stringent technique for designing and implementing algorithms to predict security threats. However, large data sets collected by honeypots require more effort for faster response, real-time processing, and decision-making, especially for limited resources SG's devices. Thus, this paper proposes an approach to address this challenge, including feature extraction, oversampling and weak label combinations. We demonstrate that all classic ML algorithms cannot maintain the desired performance level when reducing the number of selected features (i.e., using only 25% of the features). As a result, we resort to the Deep Learning approach and propose an LSTM-based model that outperforms the state-of-the-art in terms of accuracy, precision, recall, and f1-score. We conduct extensive simulations using a realistic dataset that includes large log files. The proposed approach can employ just 25% of the features from each collected network packet while attaining 99.8% testing accuracy with a 13% improvement compared to the benchmarks.
KW - Deep Learning Based Detector
KW - Honeypot
KW - Network Intrusion Detection System (NIDS)
KW - Smart Grid Security
UR - http://www.scopus.com/inward/record.url?scp=85147540074&partnerID=8YFLogxK
U2 - 10.1109/ICCSPA55860.2022.10019245
DO - 10.1109/ICCSPA55860.2022.10019245
M3 - Conference contribution
AN - SCOPUS:85147540074
T3 - International Conference On Communications Signal Processing And Their Applications Iccspa
BT - 2022 5th International Conference On Communications, Signal Processing, And Their Applications (iccspa)
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th International Conference on Communications, Signal Processing, and their Applications, ICCSPA 2022
Y2 - 27 December 2022 through 29 December 2022
ER -