Â鶹ÊÓƵ

Integrating information and communication technologies into the power generation, transmission and distribution system provides a new concept called Smart Grid (SG). The wide variety of devices connected to the SG communication infrastructure generates heterogeneous data with different Quality of Service (QoS) requirements and communication technologies. An intrusion Detection System (IDS) is a surveillance system monitoring the traffic flow over the network, seeking any abnormal behaviour to detect possible intrusions or attacks against the SG system. Distributed fashion of power and data in SG leads to an increase in the complexity of analysing the QoS and user requirements. Thus, we require a Big Data-aware distributed IDS dealing with the malicious behaviour of the network. Motivated by this, we design a distributed IDS dealing with anomaly big data and impose the proper defence algorithm to alert the SG.This paper proposes a new smart meter (SM) architecture,including a distributed IDS model (SM-IDS). Secondly, we implement SM-IDS using supervised ML algorithms. Finally, a distributed IDS model is introduced using federated learning.Numerical results approve that Neighbourhood Area Network IDS (NAN-IDS) can help decrease smart meters’ energy and resource consumption. Thus, SM-IDS achieves an accuracy of 84.31% with a detection rate of 74.69%. Also, NAN-IDS provides an accuracy of 87.40% and a detection rate of 86.73%.

Current technological advancements in Software Defined Networks (SDN) can provide efficient solutions for smart grids (SGs). An SDN-based SG promises to enhance the efficiency, reliability and sustainability of the communication network. However, new security breaches can be introduced with this adaptation. A layer of defence against insider attacks can be established using machine learning based intrusion detection system (IDS) located on the SDN application layer. Conventional centralised practises, violate the user data privacy aspect, thus distributed or collaborative approaches can be adapted so that attacks can be detected and actions can be taken. This paper proposes a new SDN-based SG architecture, highlighting the existence of IDSs in the SDN application layer. We implemented a new smart meter (SM) collaborative intrusion detection system (SM-IDS), by adapting the split learning methodology. Finally, a comparison of a federated learning and split learning neighbourhood area network (NAN) IDS was made. Numerical results showed, a five class classification accuracy of over 80.3% and F1-score 78.9 for a SM-IDS adapting the split learning technique. Also, the split learning NAN-IDS exhibit an accuracy of over 81.1% and F1-score 79.9.

Software Defined Networks (SDNs) have revolutionized the way modern networks are managed and orchestrated. This sophisticated infrastructure can provide numerous benefits but at the same time introduce several security challenges. A centralized controller holds the responsibility of managing the network traffic, thus making it an attractive target to attackers. Intrusion Detection Systems (IDSs) play a crucial role in identifying and addressing security threats within the SDN. In this paper, we developed an SDN-IDS system by utilizing machine learning techniques for anomaly detection to identify deviations in network behavior. This is specifically challenging due to the fact that we only have a few samples from several of the attack classes, i.e. minority classes. Five machine learning algorithms were employed to train the SDN-IDS, and ultimately the most appropriate one was chosen. Moreover, we applied the SMOTE and Tomek link re-samplings on the dataset as well as a cost-sensitive learning technique to enhance the classification performance of the minority attacks. The Decision Tree (DT) model, trained on a feature-reduced and resampled dataset using cost-sensitive learning, achieved an impressive overall performance with 99.87% accuracy and an F1-score of 99.87. Additionally, it demonstrated a classification accuracy above 99% in identifying 11 out of the 15 possible traffic classes.

The Open Radio Access Network (Open RAN) architecture introduces flexibility, interoperability, and high performance through its open interfaces, disaggregated and virtualized components, and intelligent controllers. However, the open interfaces and disaggregation of base stations leave only the Open Radio Unit (O-RU) physically deployed in the field, making it more vulnerable to malicious attacks. This paper addresses signaling storm attacks and introduces a new sub-use case within the signaling storm use case of the 0 RAN Alliance standards by exploring novel attack triggers. Specifically, we examine the compromise of O-RUs and their power sockets, which can lead to a surge in handovers and reregistration procedures. Additionally, we leverage Open RAN’s intelligence capabilities to detect these signaling storm attacks. Seven machine learning algorithms have been evaluated based on their detection rate, accuracy, and inference time. Results indicate that the BiDirectional Long Short-Term Memory (BiDLSTM) model outperforms others, achieving a detection rate of 88.24% and accuracy of 96.15%.

The rapid adoption of Open Radio Access Network (Open-RAN) architectures has brought unprecedented innovation opportunities in modern telecommunications networks. However, this evolution also introduces novel security challenges, particularly in demanding scenarios where swift decision-making is critical. In this paper, we conduct an in-depth investigation into model poisoning attacks in ensemble learning, highlighting their implications for network security, and provide a detailed demonstration of our proposed Open-RAN Intrusion Detection System (IDS), which is seamlessly incorporated into the security module of the near Real-Time RAN Intelligent Controller (nearRT-RIC). The strategic placement of the IDS within the nearRT-RIC ensures its operation within the demanding 10 ms to 1 second control loop range, enabling nearRT intrusion detection capabilities. Through rigorous evaluation and experimentation, our solution showcases promising results in enhancing network security without compromising performance.

—Open Radio Access Network (Open RAN) is a new paradigm to provide fundamental features for supporting next-generation mobile networks. Disaggregation, virtualisation, closed-loop data-driven control, and open interfaces bring flexibility and interoperability to the network deployment. However, these features also create a new surface for security threats. In this paper, we introduce Key Performance Indicators (KPIs) poisoning attack in Near Real-Time control loops as a new form of threat that can have significant effects on the Open RAN functionality. This threat can arise from traffic spoofing on the E2 interface or compromised E2 nodes. The role of KPIs is explored in the use cases of Near Real-Time control loops. Then, the potential impacts of the attack are analysed. An ML-based approach is proposed to detect poisoned KPI values before using them in control loops. Emulations are conducted to generate KPI reports and inject anomalies into the values. A Long ShortTerm Memory (LSTM) neural network model is used to detect anomalies. The results show that more amplified injected values are more accessible to detect, and using more report sequences leads to better performance in anomaly detection, with detection rates improving from 62% to 99%.