Ensemble Learning for Intrusion Detection in SDN-Based Zero Touch Smart Grid Systems

Software-defined network (SDN) is widely deployed on Smart Grid (SG) systems. It consists in decoupling control and data planes, to automate the monitoring and management of the communication network, and thus enabling zero touch management of SG systems. However, SDN-based SG is prone to several security threats and varios type of new attacks. To alleviate these issues, various Machine/Deep learning (ML/DL)-based intrusion detection systems (IDS) were designed to improve the detection accuracy of conventional IDS. However, they suffer from high variance and/or bias, which may lead to an inaccurate security threat detection. In this context, ensemble learning is an emerging ML technique that aims at combining several ML models; the objective is to generate less data-sensitive (i.e., less variance) and more flexible ( i.e., less bias) machine learning models. In this paper, we design a novel framework, called BoostIDS, that leverages ensemble learning to efficiently detect and mitigate security threats in SDN-based SG system. BoostIDS comprises two main modules: (1) A data monitoring and feature selection module that makes use of an efficient Boosting Feature Selection Algorithm to select the best/relevant SG-based features; and (2) An ensemble learning-based threats detection moel that implements a Lightweight Boosting Algorithm (LBA) to timely and effectively detects SG-based attacks in a SDN environment. We conduct extensive experiments to validate BoostIDS on top of multiple real attacks; the obtained results using NSL-KDD and UNSW-NB15 datasets, confirm that BoostIDS can effectively detect/mitigate security threats in SDN-based SG systems, while optimizing training/test time complexity.