Adaptive Feature Boosting of Multi-Sourced Deep Autoencoders for Smart Grid Intrusion Detection

Intrusion detection systems (IDS) are crucial in smart grid security monitoring and situational awareness following the increasing machine-to-machine communication and potential hostile threats in the critical power and energy infrastructure. However, the multi-sourced, correlated and heterogeneous cyber-physical system data are posing significant challenges to IDS, such as concurring cyber and physical events and data collected from different sensors, among others. To tackle the challenge, this paper proposes a novel framework based on adaptive feature boosting and ensemble learning to extract highly-representative features from multi-sourced cyber-physical system data for improved attack classification in the smart grids. Multiple Autoencoders (AE) are leveraged to extract features from different feature subsets, which are adaptively selected through a feature booster. The feature booster randomly samples features with replacement, and the features with larger probability are selected to form feature subsets and train the next AE. After training, the feature probability is updated based on the reconstruction error to increase the presence of poorly-reconstructed features in the next iteration. Each AE-extracted feature set is further applied to build one Random Forest (RF) as the base classifier, and multiple RF base classifiers are incorporated as the ensemble classifier to classify the normal, fault and attack samples. Normalization and oversampling are also applied to improve the uniformity and balance of the data. The proposed framework is evaluated on a realistic dataset of 37 sub-types of normal, fault, and attack collected from a hardware-in-the-loop (HIL) security testbed. The overall classification accuracy can achieve around 91.78%, an effective 1.38% increase over the existing works.