1
|
Polat O, Türkoğlu M, Polat H, Oyucu S, Üzen H, Yardımcı F, Aksöz A. Multi-Stage Learning Framework Using Convolutional Neural Network and Decision Tree-Based Classification for Detection of DDoS Pandemic Attacks in SDN-Based SCADA Systems. SENSORS (BASEL, SWITZERLAND) 2024; 24:1040. [PMID: 38339756 PMCID: PMC10857162 DOI: 10.3390/s24031040] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 12/12/2023] [Revised: 01/29/2024] [Accepted: 02/02/2024] [Indexed: 02/12/2024]
Abstract
Supervisory Control and Data Acquisition (SCADA) systems, which play a critical role in monitoring, managing, and controlling industrial processes, face flexibility, scalability, and management difficulties arising from traditional network structures. Software-defined networking (SDN) offers a new opportunity to overcome the challenges traditional SCADA networks face, based on the concept of separating the control and data plane. Although integrating the SDN architecture into SCADA systems offers many advantages, it cannot address security concerns against cyber-attacks such as a distributed denial of service (DDoS). The fact that SDN has centralized management and programmability features causes attackers to carry out attacks that specifically target the SDN controller and data plane. If DDoS attacks against the SDN-based SCADA network are not detected and precautions are not taken, they can cause chaos and have terrible consequences. By detecting a possible DDoS attack at an early stage, security measures that can reduce the impact of the attack can be taken immediately, and the likelihood of being a direct victim of the attack decreases. This study proposes a multi-stage learning model using a 1-dimensional convolutional neural network (1D-CNN) and decision tree-based classification to detect DDoS attacks in SDN-based SCADA systems effectively. A new dataset containing various attack scenarios on a specific experimental network topology was created to be used in the training and testing phases of this model. According to the experimental results of this study, the proposed model achieved a 97.8% accuracy rate in DDoS-attack detection. The proposed multi-stage learning model shows that high-performance results can be achieved in detecting DDoS attacks against SDN-based SCADA systems.
Collapse
Affiliation(s)
- Onur Polat
- Department of Computer Engineering, Bingöl University, Bingöl 12000, Turkey;
| | - Muammer Türkoğlu
- Department of Software Engineering, Samsun University, Samsun 55000, Turkey;
| | - Hüseyin Polat
- Department of Computer Engineering, Faculty of Technology, Gazi University, Ankara 06500, Turkey;
| | - Saadin Oyucu
- Department of Computer Engineering, Adiyaman University, Adiyaman 02040, Turkey;
| | - Hüseyin Üzen
- Department of Computer Engineering, Bingöl University, Bingöl 12000, Turkey;
| | | | - Ahmet Aksöz
- MOBILERS, Sivas Cumhuriyet University, Sivas 58580, Turkey;
| |
Collapse
|
2
|
Oyucu S, Polat O, Türkoğlu M, Polat H, Aksöz A, Ağdaş MT. Ensemble Learning Framework for DDoS Detection in SDN-Based SCADA Systems. SENSORS (BASEL, SWITZERLAND) 2023; 24:155. [PMID: 38203015 PMCID: PMC10781350 DOI: 10.3390/s24010155] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 11/06/2023] [Revised: 12/19/2023] [Accepted: 12/25/2023] [Indexed: 01/12/2024]
Abstract
Supervisory Control and Data Acquisition (SCADA) systems play a crucial role in overseeing and controlling renewable energy sources like solar, wind, hydro, and geothermal resources. Nevertheless, with the expansion of conventional SCADA network infrastructures, there arise significant challenges in managing and scaling due to increased size, complexity, and device diversity. Using Software Defined Networking (SDN) technology in traditional SCADA network infrastructure offers management, scaling and flexibility benefits. However, as the integration of SDN-based SCADA systems with modern technologies such as the Internet of Things, cloud computing, and big data analytics increases, cybersecurity becomes a major concern for these systems. Therefore, cyber-physical energy systems (CPES) should be considered together with all energy systems. One of the most dangerous types of cyber-attacks against SDN-based SCADA systems is Distributed Denial of Service (DDoS) attacks. DDoS attacks disrupt the management of energy resources, causing service interruptions and increasing operational costs. Therefore, the first step to protect against DDoS attacks in SDN-based SCADA systems is to develop an effective intrusion detection system. This paper proposes a Decision Tree-based Ensemble Learning technique to detect DDoS attacks in SDN-based SCADA systems by accurately distinguishing between normal and DDoS attack traffic. For training and testing the ensemble learning models, normal and DDoS attack traffic data are obtained over a specific simulated experimental network topology. Techniques based on feature selection and hyperparameter tuning are used to optimize the performance of the decision tree ensemble models. Experimental results show that feature selection, combination of different decision tree ensemble models, and hyperparameter tuning can lead to a more accurate machine learning model with better performance detecting DDoS attacks against SDN-based SCADA systems.
Collapse
Affiliation(s)
- Saadin Oyucu
- Department of Computer Engineering, Adıyaman University, Adıyaman 02040, Turkey
| | - Onur Polat
- Department of Computer Engineering, Bingöl University, Bingöl 12000, Turkey;
| | - Muammer Türkoğlu
- Department of Software Engineering, Samsun University, Samsun 55000, Turkey;
| | - Hüseyin Polat
- Department of Computer Engineering, Faculty of Technology, Gazi University, Ankara 06500, Turkey;
| | - Ahmet Aksöz
- MOBILERS, Sivas Cumhuriyet University, Sivas 58000, Turkey;
| | - Mehmet Tevfik Ağdaş
- Department of Computer Technologies, Munzur University, Tunceli 62000, Turkey;
| |
Collapse
|
3
|
Zhou X, Xiang W, Huang T. A novel neural network for improved in-hospital mortality prediction with irregular and incomplete multivariate data. Neural Netw 2023; 167:741-750. [PMID: 37734273 DOI: 10.1016/j.neunet.2023.07.033] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/05/2023] [Revised: 07/10/2023] [Accepted: 07/25/2023] [Indexed: 09/23/2023]
Abstract
Accurate estimation of in-hospital mortality based on patients' physiological time series data improves the performance of the clinical decision support systems and assists hospital providers in allocating resources. In practice, the data quality issues of missing values are ubiquitous in electronic health records (EHRs). Since the vital signs are usually observed with irregular temporal intervals and different sampling rates, it is challenging to predict clinical outcomes with sparse and incomplete multivariate time series. We propose an auto-regressive recurrent neural network (RNN) based model, dubbed the bi-directional recursive encoder-decoder network (BiRED), to jointly perform data imputation and mortality prediction. To capture complex patterns of medical time sequences, a 2D cross-regression with an RNN unit (2DCR-RNN) and an imputation block with an RNN unit (IB-RNN) are designed as the recurrent component of the encoder and decoder, respectively. Furthermore, a state initialization method is proposed to alleviate errors accumulated in the generated sequence. The experimental results on two real EHR datasets show that our proposed method can predict hospital mortality with high AUC scores.
Collapse
Affiliation(s)
- Xi Zhou
- School of Computing, Engineering and Mathematical Sciences, La Trobe University, Melbourne 3086, Victoria, Australia
| | - Wei Xiang
- School of Computing, Engineering and Mathematical Sciences, La Trobe University, Melbourne 3086, Victoria, Australia.
| | - Tao Huang
- College of Science and Engineering, James Cook University, Cairns 4878, Queensland, Australia.
| |
Collapse
|
4
|
AlHaddad U, Basuhail A, Khemakhem M, Eassa FE, Jambi K. Ensemble Model Based on Hybrid Deep Learning for Intrusion Detection in Smart Grid Networks. SENSORS (BASEL, SWITZERLAND) 2023; 23:7464. [PMID: 37687919 PMCID: PMC10490611 DOI: 10.3390/s23177464] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/26/2023] [Revised: 08/19/2023] [Accepted: 08/22/2023] [Indexed: 09/10/2023]
Abstract
The Smart Grid aims to enhance the electric grid's reliability, safety, and efficiency by utilizing digital information and control technologies. Real-time analysis and state estimation methods are crucial for ensuring proper control implementation. However, the reliance of Smart Grid systems on communication networks makes them vulnerable to cyberattacks, posing a significant risk to grid reliability. To mitigate such threats, efficient intrusion detection and prevention systems are essential. This paper proposes a hybrid deep-learning approach to detect distributed denial-of-service attacks on the Smart Grid's communication infrastructure. Our method combines the convolutional neural network and recurrent gated unit algorithms. Two datasets were employed: The Intrusion Detection System dataset from the Canadian Institute for Cybersecurity and a custom dataset generated using the Omnet++ simulator. We also developed a real-time monitoring Kafka-based dashboard to facilitate attack surveillance and resilience. Experimental and simulation results demonstrate that our proposed approach achieves a high accuracy rate of 99.86%.
Collapse
Affiliation(s)
- Ulaa AlHaddad
- Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University (KAU), Jeddah 21589, Saudi Arabia; (M.K.); (F.E.E.); (K.J.)
| | - Abdullah Basuhail
- Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University (KAU), Jeddah 21589, Saudi Arabia; (M.K.); (F.E.E.); (K.J.)
| | | | | | | |
Collapse
|
5
|
Almuqren L, Aljameel SS, Alqahtani H, Alotaibi SS, Hamza MA, Salama AS. A White Shark Equilibrium Optimizer with a Hybrid Deep-Learning-Based Cybersecurity Solution for a Smart City Environment. SENSORS (BASEL, SWITZERLAND) 2023; 23:7370. [PMID: 37687826 PMCID: PMC10490155 DOI: 10.3390/s23177370] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 07/23/2023] [Revised: 08/14/2023] [Accepted: 08/15/2023] [Indexed: 09/10/2023]
Abstract
Smart grids (SGs) play a vital role in the smart city environment, which exploits digital technology, communication systems, and automation for effectively managing electricity generation, distribution, and consumption. SGs are a fundamental module of smart cities that purpose to leverage technology and data for enhancing the life quality for citizens and optimize resource consumption. The biggest challenge in dealing with SGs and smart cities is the potential for cyberattacks comprising Distributed Denial of Service (DDoS) attacks. DDoS attacks involve overwhelming a system with a huge volume of traffic, causing disruptions and potentially leading to service outages. Mitigating and detecting DDoS attacks in SGs is of great significance to ensuring their stability and reliability. Therefore, this study develops a new White Shark Equilibrium Optimizer with a Hybrid Deep-Learning-based Cybersecurity Solution (WSEO-HDLCS) technique for a Smart City Environment. The goal of the WSEO-HDLCS technique is to recognize the presence of DDoS attacks, in order to ensure cybersecurity. In the presented WSEO-HDLCS technique, the high-dimensionality data problem can be resolved by the use of WSEO-based feature selection (WSEO-FS) approach. In addition, the WSEO-HDLCS technique employs a stacked deep autoencoder (SDAE) model for DDoS attack detection. Moreover, the gravitational search algorithm (GSA) is utilized for the optimal selection of the hyperparameters related to the SDAE model. The simulation outcome of the WSEO-HDLCS system is validated on the CICIDS-2017 dataset. The widespread simulation values highlighted the promising outcome of the WSEO-HDLCS methodology over existing methods.
Collapse
Affiliation(s)
- Latifah Almuqren
- Department of Information Systems, College of Computer and Information Sciences, Princess Nourah Bint Abdulrahman University, P.O. Box 84428, Riyadh 11671, Saudi Arabia
| | - Sumayh S. Aljameel
- SAUDI ARAMCO Cybersecurity Chair, Computer Science Department, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
| | - Hamed Alqahtani
- Department of Information Systems, College of Computer Science, Unit of Cybersecurity, King Khalid University, Abha 61421, Saudi Arabia
| | - Saud S. Alotaibi
- Department of Information Systems, College of Computing and Information System, Umm Al-Qura University, Mecca 24382, Saudi Arabia
| | - Manar Ahmed Hamza
- Department of Computer and Self Development, Preparatory Year Deanship, Prince Sattam Bin Abdulaziz University, Al-Kharj 16278, Saudi Arabia
| | - Ahmed S. Salama
- Department of Electrical Engineering, Faculty of Engineering & Technology, Future University in Egypt, New Cairo 11845, Egypt;
| |
Collapse
|