An Improved DDoS Attack Detection Model Based on Unsupervised Learning in Smart Grid

Abstract

The bidirectional communication system in smart grid is vulnerable to distributed denial of service (DDoS) attacks, due to its characteristics of complex system structure and difficult to control. The multiple nodes in the smart grid system will be compromised when the DDoS attack happen, thus resulting in the denial of legitimate services to users and disruption of the normal operation in power grid system. In order to defense such attack, some detection methods have been proposed in recent years. However, most of the existing detection methods have the characteristics of low detection accuracy and high false positive rate. In this paper, we proposed a novel DDoS attack detection method which only uses unlabeled abnormal network traffic data to build the detection model. Our method firstly uses Balanced Iterative Reducing and Clustering Using Hierarchies algorithm (BIRCH) to pre-cluster the abnormal network traffic data, and then explores autoencoder (AE) to build the detection model in an unsupervised manner based on the clustering subsets. In order to verify the performance of our method, we perform experiments on KDDCUP99 dataset and compare our method with existing classical anomaly detection methods. Results show that the proposed method has higher detection accuracy for abnormal traffic detection.