A hybrid learning technique for intrusion detection system for smart grid

• Published in: Sustainable computing informatics and systems Vol. 46; p. 101102
• Main Author: Hamdi, Najet
• Format: Journal Article
• Language: English
• Published: Elsevier Inc 01.06.2025
• Subjects: Cyberattacks; Federated learning; Hybrid learning; SCADA; Smart grid; Cyberattacks; Federated learning; Hybrid learning; Smart grid; SCADA
• ISSN: 2210-5379
• DOI: 10.1016/j.suscom.2025.101102

Smart grid is becoming more interconnected with external networks as a result of integrating IoT technologies, making its supervisory control and data acquisition (SCADA) vulnerable to serious cyberattacks. Therefore, early detection of suspicious activities is of utmost importance to safeguard SCADA systems. Machine learning (ML) algorithms are effective methods for developing intrusion detection systems. However, developing an efficient and reliable detection system for smart grids remains challenging: Most suggested ML-based intrusion detection methods are based on centralized learning, in which data is collected from smart meters and transferred to a central server for training. Transferring sensitive data adds another burden to safeguarding smart grids, since it may result in significant privacy breaches and data leaks in the event of attacking the central server. In contrast to centralized learning, federated learning (FL) offers data privacy protection. FL is an emerging cooperative learning that enables training between smart devices (clients) using local datasets which are kept on the clients’ sides. The resilience of FL-based detection systems in real-world situations, however, has not yet been examined, as clients may encounter various assaults, resulting in their local datasets having more or fewer attacks than others participating in the learning process. Motivated by this concern, we propose a FL-based intrusion detection for SCADA systems where clients have different attacks. We examine the impact of having missing attacks in local datasets on the performance of FL-based classifier. The experimental findings demonstrate a significant performance degradation of the FL-based model. As a remedy, we suggest a novel learning method – hybrid learning – that combines centralized and federated learning. The experimental results show that the hybrid learning classifier succeeds in identifying unseen attacks. •An effective IDS for smart grids must meet the needs of the SCADA system.•We study unseen attacks where attacks are missing in training but appear in validation.•Missing attacks affect the client’s performance and spread their influence to others.•We propose hybrid technique, combining centralized and federated learning techniques.•Hybrid learning-based classifier can properly identify unseen attacks.