Anomaly Detection to Counter DDoS Attacks on Smart Electric Meter Systems (original) (raw)
Related papers
A Hybrid Deep Learning Approach for Replay and DDoS Attack Detection in a Smart City
IEEE Access
Today's smart city infrastructure is predominantly dependant on Internet of Things (IoT) technologies. IoT technology essentially facilitates a platform for service automation through connections of heterogeneous objects via the Internet backbone. However, the security issues associated with IoT networks make smart city infrastructure vulnerable to cyber-attacks. For example, Distributed Denial of Service (DDoS) attack violates the authorization conditions in smart city infrastructure; whereas replay attack violates the authentication conditions in smart city infrastructure. Both attacks lead to physical disruption to smart city infrastructure, which may even lead to financial loss and/or loss of human lives. In this paper, a hybrid deep learning model is developed for detecting replay and DDoS attacks in a real life smart city platform. The performance of the proposed hybrid model is evaluated using real life smart city datasets (environmental, smart river and smart soil), where DDoS and replay attacks were simulated. The proposed model reported high accuracy rates: 98.37% for the environmental dataset, 98.13% for the smart river dataset, and 99.51% for the smart soil dataset. The results demonstrated an improved performance of the proposed model over other machine learning and deep learning models from the literature. INDEX TERMS Intrusion detection, distributed denial of service (DDoS) attacks, replay attack, smart city, deep learning, Internet of Things(IoT).
Replay Attack Detection in Smart Cities Using Deep Learning
IEEE Access, 2020
Intrusion detection is an important and challenging problem that has a major impact on quality and reliability of smart city services. To this extent, replay attacks have been one of the most common threats on smart city infrastructure, which compromises authentication in a smart city network. For example, a replay attack may physically damage smart city infrastructure resulting in loss of sensitive data, incurring considerable financial damages. Therefore, towards securing smart cities from reply attacks, intrusion detection systems and frameworks based on deep learning have been proposed in the recent literature. However, the absence of the time dimension of these proposals is a major limitation. Therefore, we have developed a deep learning-based model for replay attack detection in smart cities. The novelty of the proposed methodology resides in the adoption of deep learning based models as an application for detecting replay attacks to improve detection accuracy. The performance...
DDoSNet: A Deep-Learning Model for Detecting Network Attacks
2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM), 2020
Software-Defined Networking (SDN) is an emerging paradigm, which evolved in recent years to address the weaknesses in traditional networks. The significant feature of the SDN, which is achieved by disassociating the control plane from the data plane, facilitates network management and allows the network to be efficiently programmable. However, the new architecture can be susceptible to several attacks that lead to resource exhaustion and prevent the SDN controller from supporting legitimate users. One of these attacks, which nowadays is growing significantly, is the Distributed Denial of Service (DDoS) attack. DDoS attack has a high impact on crashing the network resources, making the target servers unable to support the valid users. The current methods deploy Machine Learning (ML) for intrusion detection against DDoS attacks in the SDN network using the standard datasets. However, these methods suffer several drawbacks, and the used datasets do not contain the most recent attack patterns-hence, lacking in attack diversity. In this paper, we propose DDoSNet, an intrusion detection system against DDoS attacks in SDN environments. Our method is based on Deep Learning (DL) technique, combining the Recurrent Neural Network (RNN) with autoencoder. We evaluate our model using the newly released dataset CICDDoS2019, which contains a comprehensive variety of DDoS attacks and addresses the gaps of the existing current datasets. We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our model provides great confidence in securing these networks.
Ensemble Model Based on Hybrid Deep Learning for Intrusion Detection in Smart Grid Networks
Sensors
The Smart Grid aims to enhance the electric grid’s reliability, safety, and efficiency by utilizing digital information and control technologies. Real-time analysis and state estimation methods are crucial for ensuring proper control implementation. However, the reliance of Smart Grid systems on communication networks makes them vulnerable to cyberattacks, posing a significant risk to grid reliability. To mitigate such threats, efficient intrusion detection and prevention systems are essential. This paper proposes a hybrid deep-learning approach to detect distributed denial-of-service attacks on the Smart Grid’s communication infrastructure. Our method combines the convolutional neural network and recurrent gated unit algorithms. Two datasets were employed: The Intrusion Detection System dataset from the Canadian Institute for Cybersecurity and a custom dataset generated using the Omnet++ simulator. We also developed a real-time monitoring Kafka-based dashboard to facilitate attack ...
DDoS attacks detection using machine learning and deep learning techniques: analysis and comparison
Bulletin of Electrical Engineering and Informatics, 2023
The security of the internet is seriously threatened by a distributed denial of service (DDoS) attacks. The purpose of a DDoS assault is to disrupt service and prevent legitimate users from using it by flooding the central server with a large number of messages or requests that will cause it to reach its capacity and shut down. Because it is carried out by numerous bots that are managed (infected) by a single botmaster using a fake IP address, this assault is dangerous because it does not involve a lot of work or special tools. For the purpose of identifying and analyzing DDoS attacks, this paper will discuss various machine learning (ML) and deep learning (DL) techniques. Additionally, this study analyses and comparatives the significant distinctions between ML and DL techniques to aid in determining when one of these techniques should be used.
Detecting DDoS Attacks Using Polyscale Analysis and Deep Learning
International Journal of Cognitive Informatics and Natural Intelligence, 2020
Distributed denial-of-service (DDoS) attacks are serious threats to the availability of a smart grid infrastructure services because they can cause massive blackouts. This study describes an anomaly detection method for improving the detection rate of a DDoS attack in a smart grid. This improvement was achieved by increasing the classification of the training and testing phases in a convolutional neural network (CNN). A full version of the variance fractal dimension trajectory (VFDTv2) was used to extract inherent features from the stochastic fractal input data. A discrete wavelet transform (DWT) was applied to the input data and the VFDTv2 to extract significant distinguishing features during data pre-processing. A support vector machine (SVM) was used for data post-processing. The implementation detected the DDoS attack with 87.35% accuracy.
Effective and Efficient DDoS Attack Detection Using Deep Learning Algorithm, Multi-Layer Perceptron
Future Internet
Distributed denial of service (DDoS) attacks pose an increasing threat to businesses and government agencies. They harm internet businesses, limit access to information and services, and damage corporate brands. Attackers use application layer DDoS attacks that are not easily detectable because of impersonating authentic users. In this study, we address novel application layer DDoS attacks by analyzing the characteristics of incoming packets, including the size of HTTP frame packets, the number of Internet Protocol (IP) addresses sent, constant mappings of ports, and the number of IP addresses using proxy IP. We analyzed client behavior in public attacks using standard datasets, the CTU-13 dataset, real weblogs (dataset) from our organization, and experimentally created datasets from DDoS attack tools: Slow Lairs, Hulk, Golden Eyes, and Xerex. A multilayer perceptron (MLP), a deep learning algorithm, is used to evaluate the effectiveness of metrics-based attack detection. Simulation...
Sensors
From smart homes to industrial environments, the IoT is an ally to easing daily activities, where some of them are critical. More and more devices are connected to and through the Internet, which, given the large amount of different manufacturers, may lead to a lack of security standards. Denial of service attacks (DDoS, DoS) represent the most common and critical attack against and from these networks, and in the third quarter of 2021, there was an increase of 31% (compared to the same period of 2020) in the total number of advanced DDoS targeted attacks. This work uses the Bot-IoT dataset, addressing its class imbalance problem, to build a novel Intrusion Detection System based on Machine Learning and Deep Learning models. In order to evaluate how the records timestamps affect the predictions, we used three different feature sets for binary and multiclass classifications; this helped us avoid feature dependencies, as produced by the Argus flow data generator, whilst achieving an a...
Journal of Smart Internet of Things, 2023
Cyber-physical systems (CPS) combine the typical power grid with recent communication and control technologies, generating new features for attacks. False data injection attacks (FDIA) contain maliciously injecting fabricated data as to the system measurements, capable of due to improper decisions and disruptions in power distribution. Identifying these attacks is vital for preserving the reliability and integrity of the power grid. Researchers in this domain utilize modern approaches namely machine learning (ML) and deep learning (DL) for detecting anomalous forms in the data that signify the existence of such attacks. By emerging accurate and effective detection approaches, this research purposes to improve the resilience of CPS and make sure of a secure and continuous power supply to consumers. This article presents an Improved Equilibrium Optimizer with Deep Learning Enabled False Data Injection Attack Recognition (IEODL-FDIAR) technique in a CPS platform. The main purpose of the IEODL-FDIAR technique is to enable FDIA attack detection and accomplishes security in the CPSS environment. In the presented IEODL-FDIAR technique, the IEO algorithm is used for the feature subset selection process. Moreover, the IEODL-FDIAR technique applies a stacked autoencoder (SAE) model for FDIA attack detection. Furthermore, the pelican optimization algorithm (POA) can be utilized for the optimum hyperparameter chosen for the SAE algorithm which in turn boosts the detection outcomes of the SAE model. To portray the better outcome of the IEODL-FDIAR system, a wide range of simulation analyses
Deep Learning-Based Intrusion Detection System for Advanced Metering Infrastructure
Proceedings of the 2nd International Conference on Networking, Information Systems & Security - NISS19, 2019
Smart grid is an alternative solution of the conventional power grid which harnesses the power of the information technology to save the energy and meet today's' environment requirements. Due to the inherent vulnerabilities in the information technology, the smart grid is exposed to a wide variety of threats that could be translated into cyber-attacks. In this paper, we develop a deep learning-based intrusion detection system to defend against cyber-attacks in the advanced metering infrastructure network. The proposed machine learning approach is trained and tested extensively on an empirical industrial dataset which is composed of several attack' categories including the scanning, buffer overflow, and denial of service attacks. Then, an experimental comparison in terms of detection accuracy is conducted to evaluate the performance of the proposed approach with Naïve Bayes, Support Vector Machine, and Random Forest. The obtained results suggest that the proposed approaches produce optimal results comparing to the other algorithms. Finally, we propose a network architecture to deploy the proposed anomalybased intrusion detection system across the Advanced Metering Infrastructure network. In addition, we propose a network security architecture composed of two types of Intrusion detection system types, Host and Network-based, deployed across the Advanced Metering Infrastructure network to inspect the traffic and detect the malicious one at all the levels.