Machine Learning Architecture for Signature-based IoT Intrusion Detection in Smart Energy Grids

Abstract

Security vulnerabilities of IoT (Internet of Things) enabled smart grid energy systems is a major concern. Contemporary mitigating frameworks incorporate Network Intrusion Detection Systems (NIDS) and Network Intrusion Prevention Systems (NIPS) whose architecture branches on either signature-based or anomaly-based detection. Signature-based systems offer higher detection rates; however they require tedious manual work to set up signature rules, and are incapable of learning through network traffic - missing out on attacks whose signature is unknown. Alternatively, anomaly-based systems are capable of mitigating the shortcomings of signature-based systems but suffer from high false-positive rates. In this paper, we propose an automated machine learning architecture for IoT-enabled smart energy grids capable of deciding whether to generate rules for signature-based systems. Results are presented using an IoT dataset comprising MITM (man in the middle) attacks, indicating the potential of this framework for intelligent threat mitigation in smart energy infrastructures.