Internet Threat Detection in Smart Grids Based on Network Traffic Analysis Using LSTM, IF, and SVM
The protection of users of ICT networks, including smart grids, is a challenge whose importance is constantly growing. Internet of Things (IoT) or Internet of Energy (IoE) devices, as well as network resources, store more and more information about users. Large institutions use extensive security sy...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2022-12-01
|
Series: | Energies |
Subjects: | |
Online Access: | https://www.mdpi.com/1996-1073/16/1/329 |
_version_ | 1797625869301186560 |
---|---|
author | Szymon Stryczek Marek Natkaniec |
author_facet | Szymon Stryczek Marek Natkaniec |
author_sort | Szymon Stryczek |
collection | DOAJ |
description | The protection of users of ICT networks, including smart grids, is a challenge whose importance is constantly growing. Internet of Things (IoT) or Internet of Energy (IoE) devices, as well as network resources, store more and more information about users. Large institutions use extensive security systems requiring large and expensive resources. For smart grid users, this becomes difficult. Efficient methods are needed to take advantage of limited sets of traffic features. In this paper, machine learning techniques to verify network events for recognition of Internet threats were analyzed, intentionally using a limited number of parameters. The authors considered three machine learning techniques: Long Short-Term Memory, Isolation Forest, and Support Vector Machine. The analysis is based on two datasets. In the paper, the data preparation process is also described. Eight series of results were collected and compared with other studies. The results showed significant differences between the techniques, the size of the datasets, and the balance of the datasets. We also showed that a more accurate classification could be achieved by increasing the number of analyzed features. Unfortunately, each increase in the number of elements requires more extensive analysis. The work ends with a description of the steps that can be taken in the future to improve the operation of the models and enable the implementation of the described methods of analysis in practice. |
first_indexed | 2024-03-11T10:02:34Z |
format | Article |
id | doaj.art-09ce6970c6de424b83a01b504e2e89d3 |
institution | Directory Open Access Journal |
issn | 1996-1073 |
language | English |
last_indexed | 2024-03-11T10:02:34Z |
publishDate | 2022-12-01 |
publisher | MDPI AG |
record_format | Article |
series | Energies |
spelling | doaj.art-09ce6970c6de424b83a01b504e2e89d32023-11-16T15:17:40ZengMDPI AGEnergies1996-10732022-12-0116132910.3390/en16010329Internet Threat Detection in Smart Grids Based on Network Traffic Analysis Using LSTM, IF, and SVMSzymon Stryczek0Marek Natkaniec1Institute of Telecommunications, AGH University of Science and Technology, Mickiewicza 30, 30-059 Krakow, PolandInstitute of Telecommunications, AGH University of Science and Technology, Mickiewicza 30, 30-059 Krakow, PolandThe protection of users of ICT networks, including smart grids, is a challenge whose importance is constantly growing. Internet of Things (IoT) or Internet of Energy (IoE) devices, as well as network resources, store more and more information about users. Large institutions use extensive security systems requiring large and expensive resources. For smart grid users, this becomes difficult. Efficient methods are needed to take advantage of limited sets of traffic features. In this paper, machine learning techniques to verify network events for recognition of Internet threats were analyzed, intentionally using a limited number of parameters. The authors considered three machine learning techniques: Long Short-Term Memory, Isolation Forest, and Support Vector Machine. The analysis is based on two datasets. In the paper, the data preparation process is also described. Eight series of results were collected and compared with other studies. The results showed significant differences between the techniques, the size of the datasets, and the balance of the datasets. We also showed that a more accurate classification could be achieved by increasing the number of analyzed features. Unfortunately, each increase in the number of elements requires more extensive analysis. The work ends with a description of the steps that can be taken in the future to improve the operation of the models and enable the implementation of the described methods of analysis in practice.https://www.mdpi.com/1996-1073/16/1/329smart gridstraffic analysisthreat detectionlimited set of featuresmachine learning |
spellingShingle | Szymon Stryczek Marek Natkaniec Internet Threat Detection in Smart Grids Based on Network Traffic Analysis Using LSTM, IF, and SVM Energies smart grids traffic analysis threat detection limited set of features machine learning |
title | Internet Threat Detection in Smart Grids Based on Network Traffic Analysis Using LSTM, IF, and SVM |
title_full | Internet Threat Detection in Smart Grids Based on Network Traffic Analysis Using LSTM, IF, and SVM |
title_fullStr | Internet Threat Detection in Smart Grids Based on Network Traffic Analysis Using LSTM, IF, and SVM |
title_full_unstemmed | Internet Threat Detection in Smart Grids Based on Network Traffic Analysis Using LSTM, IF, and SVM |
title_short | Internet Threat Detection in Smart Grids Based on Network Traffic Analysis Using LSTM, IF, and SVM |
title_sort | internet threat detection in smart grids based on network traffic analysis using lstm if and svm |
topic | smart grids traffic analysis threat detection limited set of features machine learning |
url | https://www.mdpi.com/1996-1073/16/1/329 |
work_keys_str_mv | AT szymonstryczek internetthreatdetectioninsmartgridsbasedonnetworktrafficanalysisusinglstmifandsvm AT mareknatkaniec internetthreatdetectioninsmartgridsbasedonnetworktrafficanalysisusinglstmifandsvm |