Fine-tuned LSTM-Based Model for Efficient Honeypot-Based Network Intrusion Detection System in Smart Grid Networks

Honeypot is considered a powerful complement to the Network Intrusion Detection System (NIDS) in smart grid (SG) systems, which minimizes the workload of NIDSs while providing access to information about the attacker's actions. This assists in further tracing the attack surface and, in return, enables the NIDSs to prevent such behaviors. Machine learning (ML) has recently attracted considerable attention in the SG security domain as a stringent technique for designing and implementing algorithms to predict security threats. However, large data sets collected by honeypots require more effort for faster response, real-time processing, and decision-making, especially for limited resources SG's devices. Thus, this paper proposes an approach to address this challenge, including feature extraction, oversampling and weak label combinations. We demonstrate that all classic ML algorithms cannot maintain the desired performance level when reducing the number of selected features (i.e., using only 25% of the features). As a result, we resort to the Deep Learning approach and propose an LSTM-based model that outperforms the state-of-the-art in terms of accuracy, precision, recall, and f1-score. We conduct extensive simulations using a realistic dataset that includes large log files. The proposed approach can employ just 25% of the features from each collected network packet while attaining 99.8% testing accuracy with a 13% improvement compared to the benchmarks.