Uploaded by amadbouly72

Smart Grid Security: Deep Ensemble Intrusion Detection

advertisement
www.nature.com/scientificreports
OPEN
Advanced mathematical modeling
of mitigating security threats in
smart grids through deep ensemble
model
Sanaa A. Sharaf1, Mahmoud Ragab2, Nasser Albogami2, Abdullah AL-Malaise AL-Ghamdi3,
Maha Farouk Sabir3, Louai A. Maghrabi4, Ehab Bahaudien Ashary5 & Hashem Alaidaros6
A smart grid (SG) is a cutting-edge electrical grid that utilizes digital communication technology and
automation to effectively handle electricity consumption, distribution, and generation. It incorporates
energy storage systems, smart meters, and renewable energy sources for bidirectional communication
and enhanced energy flow between grid modules. Due to their cyberattack vulnerability, SGs need
robust safety measures to protect sensitive data, ensure public safety, and maintain a reliable power
supply. Robust safety measures, comprising intrusion detection systems (IDSs), are significant to
protect against malicious manipulation, unauthorized access, and data breaches in grid operations,
confirming the electricity supply chain’s integrity, resilience, and reliability. Deep learning (DL)
improves intrusion recognition in SGs by effectually analyzing network data, recognizing complex
attack patterns, and adjusting to dynamic threats in real-time, thereby strengthening the reliability
and resilience of the grid against cyber-attacks. This study develops a novel Mountain Gazelle
Optimization with Deep Ensemble Learning based intrusion detection (MGODEL-ID) technique on
SG environment. The MGODEL-ID methodology exploits ensemble learning with metaheuristic
approaches to identify intrusions in the SG environment. Primarily, the MGODEL-ID approach utilizes
Z-score normalization to convert the input data into a uniform format. Besides, the MGODEL-ID
approach employs the MGO model for feature subset selection. Meanwhile, the detection of intrusions
is performed by an ensemble of three classifiers such as long short-term memory (LSTM), deep
autoencoder (DAE), and extreme learning machine (ELM). Eventually, the dung beetle optimizer (DBO)
is utilized to tune the hyperparameter tuning of the classifiers. A widespread simulation outcome is
made to demonstrate the improved security outcomes of the MGODEL-ID model. The experimental
values implied that the MGODEL-ID model performs better than other models.
Keywords Smart Grid, Mathematical models, Deep learning, Intrusion detection system, Artificial
Intelligence
An SG is commonly made of many smart devices, with intellectual metering and gathering and observing
methods that spread vast data over the Internet1. SG structures signify a development over predictable electricity
grids with enlarged constancy and efficiency to deliver companies and houses with constant power. It contains an
energy system and communication among users and power businesses2. The SG structure depends on Advanced
Metering Infrastructure (AMI) that includes smart meters, edge devices, data aggregation cloud servers, and
bi-directional communication links for gathering data, handling, and using control measures such as remote
appliance control in innovative residences3. Gratefully, 5G wireless communication technology always increases
and provides quick broadcast speed, a comprehensive bandwidth communication system, and little broadcast
1Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University,
Jeddah 21589, Saudi Arabia. 2Present address: Information Technology Department, Faculty of Computing and
Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia. 3Information Systems Department,
Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia.
4Department of Software Engineering, College of Engineering, University of Business and Technology, Jeddah
21448, Saudi Arabia. 5Electrical and Computer Engineering Department, Faculty of Engineering, King Abdulaziz
University, Jeddah 21589, Saudi Arabia. 6Department of Cybersecurity, School of Engineering, Computing and
Design, Dar Al-Hekma University, Jeddah 22246, Saudi Arabia. email: mragab@kau.edu.sa
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
1
www.nature.com/scientificreports/
postponement4. It creates SG and 5G incorporation as a development pathway in the future. On the other hand,
the standard communication rules want simple safety measures, like authentication and encryption, which
makes SGs mainly weak to assaults5. With the constant upsurge in tools, commercial kinds, and measures linked
to the SG, the safety control of the power communication system is becoming very challenging6. It is vital to
precisely and rapidly discover the safety of network threats to the SG. An IDS is an efficient method of certifying
the network’s security7.
Presently, using methods for IDS has become the SGs area; the IDS based on DL has attained few research
outcomes like the custom of enhanced great RT classifiers to attain a multilayer network security valuation of SG,
which also establishes the present IDS of network safety utilizing machine learning (ML), etc8. The IDS based
on Artificial Intelligence (AI) was widely executed to upsurge the capability to recognize the IDS owing to the
growth of AI9. To accomplish the desires of an actual IDS, the researchers discovered the probability of utilizing
ML and DL methods. Both the models come below the vast authority of AI and the intention to learn beneficial
data from the big data10. In recent years, these approaches have enlarged a considerable reputation in network
security due to the creation of a great graphics processor unit (GPU)11. ML and DL are considered effectual
tools for acquiring beneficial features from the network traffic and forecasting abnormal and normal actions
dependent upon the learned forms12. The ML-based IDS relies greatly on feature engineering to absorb beneficial
data from network traffic. SGs are rapidly growing to improve the efficiency and reliability of power delivery
by combining advanced technologies and communication systems13. However, their enhanced complexity
and connectivity also present substantial safety difficulties. The effectual reduction of these safety threats is
significant for confirming the continuous and reliable operation of the power grid14. This study aims to address
these threats by utilizing advanced mathematical modelling and deep ensemble models to strengthen the safety
of SGs, ultimately protecting critical infrastructure and enhancing overall resilience against cyberattacks15.
This study develops a novel Mountain Gazelle Optimization with Deep Ensemble Learning based intrusion
detection (MGODEL-ID) technique on SG environment. The MGODEL-ID methodology exploits ensemble
learning with metaheuristic approaches to identify intrusions in the SG environment. Primarily, the MGODELID approach utilizes Z-score normalization to convert the input data into a uniform format. Besides, the
MGODEL-ID approach employs the MGO model for feature subset selection. Meanwhile, the detection of
intrusions is performed by an ensemble of three classifiers such as long short-term memory (LSTM), deep
autoencoder (DAE), and extreme learning machine (ELM). Eventually, the dung beetle optimizer (DBO) is
utilized to tune the hyperparameter tuning of the classifiers. A widespread simulation outcome is made to
demonstrate the improved security outcomes of the MGODEL-ID model. The significant contribution of the
MGODEL-ID model is listed below:
• The MGODEL-ID technique uses Z-score normalization to standardize the data, which improves the consistency and accuracy of the method’s input features. This normalization approach contributes to more reliable
model training by mitigating bias and discrepancies in the dataset. As a result, it enhances the approach’s
comprehensive performance and prediction ability.
• MGO-based feature subset selection is utilized to locate and retain the most relevant features, improving the
method’s performance and mitigating computational complexity. This methodology streamlines data processing by concentrating on the most influential features, enhancing the technique’s effectiveness and accuracy. Moreover, it reduces redundant data, contributing to rapid training and more efficient threat recognition.
• The MGODEL-ID approach incorporates ensemble learning models to integrate various classifiers, improving the overall accuracy and robustness of threat recognition. This model employs the strengths of several
techniques to enhance performance and reliability. Integrating anticipations improves the model’s capability
to precisely detect and respond to safety threats.
• The MGODEL-ID model uniquely incorporates DBO-based parameter tuning with advanced methods,
namely Z-score normalization and MGO-based feature selection (FS), averting a novel model for optimizing SG safety methods. This combination enhances the model’s accuracy and streamlines the optimization
process, setting a new standard in safeguarding SGs. The innovative use of these models together addresses
complex safety threats more efficiently than conventional approaches.
Existing threat mitigation approaches in SG
In16, an ID and mitigation system (IDMS) was projected utilizing the DL neural networks (DLNNs) method. The
IDMS has been planned to analyze the intrusion and categorize the attack into a solitary point or synchronized
intrusion. Then, the technique discovers and separates the impure IED model and forecasts its present waveform
using the LSTM technique. Menon and Radhika17proposed a method to represent and legalize the secure HAN
network. At this point, an innovative Trust-Based Iterative Energy-Efficient Routing Protocol (TBIEERP) was
projected with a data encryption method for protected data broadcast in HAN. Lastly, to identify the intrusion,
a DAE was employed for attack recognition and to defend HAN besides cyberattacks. Li et al.18 developed an
adaptive DL model with a data preprocessing part, an NN pre-training component, and a classifier unit. The
projected adaptive DL (ADL) model determines the number of layers and neurons per layer by defining the
typical aspect of the system traffic. The projected ADL model executes extraction utilizing transfer learning (TL).
The technique also united DL techniques with traditional ML-based classification methods. Mhmood et al.19
projected an innovative SG IDS, incorporating SI, Game Theory, and DL to defend against difficult cyber-attack.
This technique trains models by using DL and employing CGAN and Game Theory. The Aquila optimizer (AO)
model picks features, represents them on the database, and adapts them into RGB colour imageries for training
VGG-19 networks. Dairi et al.20 intended dual semi-supervised hybrid DL-based anomaly recognition models.
The 1st technique is a GRU-based stacked AE (AE-GRU), and the 2nd was built utilizing a GAN method with a
recurrent neural network (RNN) for both discriminator and generator, namely GAN-RNN.
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
2
www.nature.com/scientificreports/
In21, an FDIA recognition model based on protected federated DL is presented by uniting federated learning
(FL), Transformer, and Paillier cryptosystem. By utilizing the FL structure, the method uses the information
from every node to collectively train a recognition method. A safe FL structure is intended by examining the
Paillier crypto-system with FL. In22, a new and efficient DL-based structure is proposed. The projected method
contains a fused convolutional neural network (CNN) method with the Bi-GRU technique to identify and
categorize intruders. An attention mechanism was included in the Bi-GRU method to discover the main features
that are liable for recognizing the attack of DDoS. Moreover, the accuracy of the classifier method was enhanced
by utilizing a Wild Horse Optimizer (WHO) technique. Zhai et al.23 projected a distributed IDS based on CNN–
GRU–FL. This method intended an IDS and a local training procedure dependent upon the CNN-GRU model.
The approach also intends a novel parameter aggregation mechanism. Ghadi et al.24 explore several ML methods
to address safety issues in wireless sensor networks and their applications across diverse fields. It also investigates
how these models can improve sensor functionality within network settings. Haq et al.25 evaluate how network
coverage, customer service, video calls, and downloading speed affect customer satisfaction with 3G and 4G
services. Aurangzeb et al.26 introduce a novel technique for benchmarking SG safety against deep black box
attacks, incorporating quantum voting ensemble methods for advanced threat recognition and addressing
privacy issues in blockchain (BC)-based infrastructures. Mazhar et al.27 concentrate on improving SG safety and
building comfort through IoT and AI, accentuating the requirement for energy-efficient, remotely monitorable
devices and exploring incorporating these technologies in SG and IoT research.
Vakili et al.28 present a service composition approach employing the Grey Wolf Optimization (GWO) method
within the MapReduce framework for optimizing Quality of Service (QoS) in service compositions. Heidari et
al.29 aims to improve understanding of (1) deepfake generation and recognition, (2) recent advancements, (3)
limitations in current safety models, and (4) areas requiring additional exploration. In30, BC-based FL enhances
deepfake detection while safeguarding data source anonymity. It integrates SegCaps and CNN for efficient
image feature extraction, employs capsule network training for improved generalization, and presents a novel
data normalization model. TL and preprocessing models additionally improve performance in recognizing
deepfake content. Amiri et al.31 comprehensively compute DL models at the intersection of IoT with bio- and
medical informatics, classifying them by methods such as CNNs, RNNs, Generative Adversarial Networks
(GANs), Multilayer Perceptron (MLPs), and hybrids. Heidari, Navimipour, and Otsuki32review and address the
difficulties and merits of Cloud Non-destructive Characterization Testing (CNDCT) related to conventional
testing techniques in cloud-based environments. In33, a BC-based radial basis function neural networks
(RBFNNs) method is introduced to improve data integrity and storage for smart decision-making across diverse
Internet of Devices (IoD) applications. Heidari et al34. present a method integrating artificial bee colony, genetic
operators, and density correlation degree to build an optimum spanning tree based on hop count distances,
residual energy, and mobility probabilities of devices from a base station. Amiri et al.35 examine the synergy
between nature-inspired computational models and IoT in healthcare, concentrating on incorporation threats,
real-world implementation, and technique efficacy through a systematic literature review.
Zhang and Sikdar36present the Ensemble and Transfer Adversarial Attack (ETAA) method, utilizing
Adversarial ML (AML) procedures. The general ETAA framework incorporates diverse gradient-based adversarial
attack techniques to enhance attack transferability across diverse detection models. The detection approaches are
improved through Gaussian noise injection, latent feature combination, and probability margin enlargement.
Bhavsar et al.37 introduce an ensemble learning framework for power system intrusion detection, integrating
Random Forest (RF), Decision Tree (DT), and Logistic Regression (LR) models. Moreover, it combines data
compression approaches such as FS to reduce memory usage. In38, a novel methodology, namely BlockDeepNet,
is presented, which incorporates DL and BC technology. Abdelkader et al.39 explore and enhance cybersecurity
strategies for modern power systems amid enhancing vulnerabilities due to digitalization and cyber-attacks.
By examining several cyber threats and defence mechanisms, the study aims to give recommendations for
strengthening the resilience and reliability of power infrastructure, confirming continuous power supply, and
safeguarding critical grid assets. Shrestha et al.40 propose a framework for detecting anomalies in industrial data.
The technique utilizes LSTM and autoencoders, with Mean Standard Deviation (MSD) and Median Absolute
Deviation (MAD) techniques for anomaly detection. FL method is used to confirm data privacy by allowing
cooperative model training without data disclosure, while homomorphic encryption based on the Paillier
approach also improves safety and confidentiality.
Shafin et al.41 introduce a Blended Ensemble learning method that employs tree-based models to detect
and classify complex MITM attacks effectually. Using its base classifiers’ unique strengths, the model enhances
performance, reduces overfitting, and minimizes latency. Dayarathne et al.42 introduce a novel methodology
for cyber-attack detection in power grids utilizing wide-area network monitoring. The study trains neural
network approaches comprising CNNs, Transformers, and LSTM networks. Raja et al.43 aim to develop a robust
ML-based IDS for real-time infrastructure. It encompasses setting up an Advanced Metering Infrastructure
(AMI) with lamp and resistive loads, sensors, an AtMega controller, Raspberry Pi, and a server employing
Modbus TCP/IP and MQTT protocols. Qazzafi and Stiphen44explore improving power grid resilience by
incorporating advanced cybersecurity measures with dynamic fault diagnosis models. The approach comprises
an overall technique integrating theoretical frameworks with practical enhancements in a simulated power grid
environment. Varshini and Latha45developed an adaptive defence strategy for Cyber-Physical Power Systems
(CPPS) to address coordinated attacks. It presents a framework incorporating STATCOM-based Adaptive Model
Predictive Controller with RPME and time delay compensators and evaluates attack impact, detection, and
mitigation utilizing data-driven methodologies such as CNN, SVM, RF, and KNN through time and frequency
domain simulations. Bitirgen and Filik46 present a novel stealth attack-defence game to evaluate the impact of
attacks. The proposed solution employs a partially observed Markov game with an improved Shapley Q-value
and a multi-agent reinforcement learning framework.
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
3
www.nature.com/scientificreports/
Recent enhancements in cybersecurity and network optimization feature a range of innovative models, each
with its limitations. For instance, DL approaches and LSTM for intrusion detection might need help with real-time
adaptability, while trust-based routing protocols for home area networks may not scale effectually. Adaptive DL
techniques integrating conventional ML and TL could encounter threats in generalizing to new threats. Intrinsic
techniques combining game theory and DL might be computationally intensive, and hybrid anomaly detection
methodologies could have problems balancing learning models. FL model with cryptographic systems presents
privacy but may impact effectiveness and scalability. Moreover, fusion techniques employing convolutional and
bidirectional GRU networks might be constrained by computational demands, and diverse ML techniques for
sensor networks might only address some safety concerns effectually. The limitations also comprise threats in
real-time adaptability and scalability for DL models in intrusion detection, which can find difficulty with model
complexity and processing effectiveness. Frameworks integrating FL and cryptographic systems might need
help with computational demands and efficiency. Moreover, adaptive defence strategies for CPPS and hybrid
techniques incorporating game theory and DL may need assistance in practical implementation and balancing
computational complexity. Finally, stealth attack-defense games, while innovative, may be constrained by
computational intensity and multi-agent management complexities.
Existing studies have presented novel techniques for improving cybersecurity and network safety: DL-based
IDSs, safe network representations, energy-effectual routing protocols, and adaptive DL techniques. Despite
these enhancements, a standard limitation is the need for comprehensive insights on scalability, real-world
deployment efficiency, and comparative analysis with established methodologies. These gaps delay the validation
against intrinsic cyber-attacks, clarity in practical implementation guidelines, and the availability of overall
performance metrics. Closing these research gaps is significant in improving the applicability and flexibility of
these techniques in practical cybersecurity scenarios. In particular, there is a substantial requirement for rigorous
validation and comparative evaluation to address scalability issues, navigate real-world deployment threats,
and strengthen defences against advanced cyber threats. This effort is crucial in advancing the implementation
and efficacy of cybersecurity outcomes in safeguarding against growing cyber risks across various operational
landscapes. Figure 1 depicts the structure of SGs.
Materials and methods
This article proposes a new MGODEL-ID methodology for the SG environment. The methodology exploits
ensemble learning with metaheuristic approaches to identify intrusions in the SG environment. It involves
distinct stages, such as Z-score normalization, MGO-based feature subset selection, ensemble learning, and
DBO-based parameter tuning. Figure 2 determines the workflow of the MGODEL-ID method.
Z-score normalization
At the initial stage, the MGODEL-ID approach utilizes Z-score normalization to convert the input data into a
uniform design47. Z-score normalization is selected for its capability to standardize data by transforming it to a
common scale with a mean of zero and a standard deviation (SD) of one, making it efficient for handling outliers
and varying data dispersions. This methodology confirms that features contribute equally to the technique,
enhancing its performance and stability. Z-score normalization is specifically relevant as it assists in preprocessing
diverse and potentially skewed data from smart grid environments. Standardizing data improves the accuracy
and effectualness of the deep ensemble technique in detecting and reducing safety threats, confirming that the
predictions of the approach are not biased by differences in feature scales or dispersions.
Z-score normalization is highly efficient for standardizing data and improving features’ consistency and
comparability across diverse scales. Unlike other normalization models, Z-score normalization is less sensitive
to outliers, making it robust for datasets with changing dispersions. It also simplifies the application of statistical
and ML models that assume data is usually dispersed. These models are beneficial in enhancing the model’s
performance and ensuring reliable outcomes by mitigating bias presented by disparate feature scales. Z-score
normalization, called standardization, is a statistical approach employed for rescaling and centring data near the
mean, with an SD of 1. This normalization process has been executed on all the features individually, subtracting
the mean of the feature and dividing by its SD. It allows data to take a consistent scale, making it easier to relate
and interpret distinct variables within data and assisting the convergence of specific ML methods.
Dimensionality reduction using the MGO approach
Next, the MGODEL-ID technique designs an MGO method to elect an optimal feature subset48. Selecting the
MGO model over other optimization approaches presents various notable advantages. MGO is motivated by the
natural behaviour of gazelles, giving a robust mechanism for exploring and exploiting search spaces with high
effectualness. Its strengths are balancing exploration and exploitation, which assists in avoiding local optima
and improves global search capabilities. Furthermore, the adaptability of the MGO technique to dynamic
environments makes it appropriate for intrinsic optimization issues where conditions frequently change.
Related to conventional methods, MGO mostly attains faster convergence and improved solution quality
due to its innovative methodology for replicating natural movement patterns. This can result in an enhanced
accomplishment in diverse applications, encompassing those with large, multidimensional search spaces. The
approach’s ability to adaptively navigate large and multidimensional feature spaces improves its ability to find
optimal feature subsets effectively. In the context of smart grids, where the data is primarily vast and variable,
the robustness of the MGO in handling growing conditions and averting local optima makes it specifically
appropriate for choosing features that accurately represent system behaviours and enhance the performance
of the prediction. This results in more efficient data processing and better decision-making for smart grid
management. Figure 3 shows the steps involved in the MGO model.
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
4
www.nature.com/scientificreports/
Fig. 1. Structure of SGs.
The MGO approach presents various merits over other optimization techniques due to its unique approach
inspired by the natural movement patterns of gazelles. Its advantages comprise robust global search abilities,
which assist in averting local optima and enhancing convergence to the global optimum. The adaptive
mechanism of the MGO model alters its search strategy dynamically, improving effectualness in complex and
high-dimensional spaces. Moreover, its capacity to balance exploration and exploitation makes it efficient for
a wide range of optimization issues, leading to more precise and reliable outcomes related to conventional
optimization models.
The MGO was one of the newly progressed nature-stimulated population‐based optimizer models, which
initiated its stimulation after the social hierarchical form of the mountain gazelle group. The structure of the
MGO method contains four actions of mountain gazelles: Maternity Herds (MH), Territorial Solitary Males
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
5
www.nature.com/scientificreports/
Fig. 2. Workflow of MGODEL-ID technique.
(TSM), Migration in Search for Food (MSF), and Bachelor Male Herds (BMH). Every gazelle signifies a solution
to the optimizer issue (X) with the D solution parameter. Numerous randomly generated integers are definite
in the MGO model, and their representations are given below. The r describes randomly generated numbers
that endure even distribution within the range of [0 and 1], vectors of arbitrary numbers drawn from a usual
distribution with an SD of 1 and mean of 0 are fixed as N (D), with D being several elements. Arbitrary
numbers in the [1 and 2] range are set as ri. To describe four behaviours, initially, four coefficients are needed
to define that given below:
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
6
www.nature.com/scientificreports/
Fig. 3. Steps involved in the MGO model.
Where α = −1 + iter ·


a + 1 + r1


 a · N (D)
1
Cof =
r
(D)

2


 N (D) · N (D)2 · cos (2r · N (D))
2
3
3
4
−1
max− iter
, (1)
. Then, vector F is expressed in Eq. (2):
F = N5 (D) · exp 2 − iter ·
2
. (2)
max−iter
Next, the multiplication of F begins with values greater than one (dependent on the maximum interaction
count) and rapidly meets to 1, exiting a simple, usual arbitrary vector in the latter iteration. Now, every relevant
value is definite to compute a vector of young male heard coefficient, which is expressed in Eq. ( 3):
BH = Xra · r1 + Mpr · r2, (3)
Whereas Xra refers to an arbitrarily nominated solution from the previous 3rd of the populace, the solutions
are kept in the assenting order, which signifies the poorest 33% of solutions in the populace. Mpr denotes the
mean value for the nominated 33% of the populace. The TSM feature of the method forms the performance of
adult male gazelles that create and protect lands. It is employed to improve the exploitation skill, permitting the
optimizer to hunt thoroughly around the finest solution until now:
T SM = X1 − |(ri1 · BH − ri2 · Xt) · F | · Cofr , (4)
X1 denotes the finest solution gained so far, Xt represents the presently upgraded agent, and Cofr refers to a
randomly nominated coefficient.
The MH behaviour consists of females and their offspring, imitating a balance between exploitation and
exploration in the technique. This device makes sure of assortment in the solution space and averts early converge:
M H = BH + Cofr + (ri3 · X1 − ri4 · Xrand) · Cofr , (5)
Meanwhile, Xrand signifies a nominated solution at random from the populace.
The parameter Dist wants to be computed for perfecting the behaviour of Bachelor Male Herds:
Dist = |Xt − X1| (2r6 − 1) . (6)
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
7
www.nature.com/scientificreports/
The BMH behaviour signifies that the young male gazelles are employed to discover novel regions in the
searching space, contributing to their search abilities.
BM H = Xt − Dist + (ri5 · X1 − ri6 · BH) · Cofr , (7)
Lastly, MSF behaviour is demonstrated with an arbitrary search device, which permits the method to evade local
optimal and certify a complete survey of searching space:
M SF = (lb − ub) · r7 + lb, (8)
Meanwhile, ub and lb denote the upper and lower boundaries of the parameter space. M SF is an even random
sample of values, which permits MGO to hunt the complete parameter space even if the early solutions need to
be better made.
The fitness function (FF) deployed in the MGO model can be assumed to proceed a balance among the
chosen feature counts in all the results (smaller), and the classifier accuracy (greater) developed by deploying
these desired features, Eq. (9) demonstrates the FF to measure results.
F itness = α γ R (D) + β
|R|
(9)
|C|
Whereas γ R (D) implies the classifier error value of the provided classifiers. |R| denotes the count of the
chosen subset, and |C| signifies the total feature counts from the data; α and β represent the two constraints
equivalent to the impact of classifier quality and subset length. ∈ [1,0] and β = 1 − α .
Ensemble model selection
At this stage, an ensemble of three classifiers, LSTM, DAE, and ELM, can detect intrusions. The LSTM networks
are highly efficient for sequence prediction tasks because they can capture long-term dependencies and handle
temporal data with vanishing gradient issues addressed by their gating mechanisms. DAE outperforms at
learning robust feature representations by reconstructing data from noisy inputs, enhancing generalization and
reducing overfitting. The ELM method presents fast training times and high performance by utilizing a singlehidden layer feedforward neural network with random weights, simplifying the learning process while attaining
competitive accuracy. These classifiers provide a comprehensive technique for handling sequential data, learning
robust features, and optimizing training effectiveness.
LSTM model
The LSTM network is chosen explicitly for intrusion detection due to its robust capability to capture and learn
from temporal dependencies in sequential data49. This is significant for detecting advanced intrusions that
emphasize intrinsic, time-based patterns. Unlike conventional methodologies that may find difficulty with timeseries data, LSTMs efficiently manage long-term reliabilities and fluctuations in network traffic, enhancing their
ability to recognize subtle anomalies and growing challenges. Their advancement in handling sequences makes
them appropriate for detecting attacks that unfold over time, giving a crucial edge over static or less adaptive
models. LSTM’s robust temporal evaluation improves detection accuracy and reliability in dynamic and complex
intrusion scenarios. The LSTM layer has feedback links permitting data usage from preceding inputs. In each
time-step t, current input (x) and information from previous input(s) are grabbed to calculate the existing
output (ht). Figure 4 portrays the structure of the LSTM technique.
There are numerous extensions of LSTM cells dependent on the learning procedure and cell structure. The
standard LSTM cell is employed to calculate a mapping from an input x = (x1, . . . , xT ) to a hidden sequence
h = (h1, . . . , hT ) by utilizing the below-mentioned set of calculations iteratively from t = l to T :
it = σ (wixxt + wihht−1 + bi) , input gate (10)
ft = σ (wx + wfhht−1 + bf ) , f orget gate (11)
ot = σ (woxxt + wohht−1 + bo), output gate (12)
∼
c t = tanb (wcxxt + wchht−1 + bc) , candidate memory (13)
∼
ct = ft ⊙ ct−1 + it ⊙ c t, memory cell (14)
∼
ht = ot c ttanh (ct) . hidden state(15)
Here, wjx and wjh (j = i, f, o, c) denote the input and hidden weight matrices, and bj (j = i, f, o, c) signifies
the biases. ct refers to the memory data at time step t. ⊙ represents element-wise multiplication. σ and tanh
indicate the sigmoid and hyperbolic tangent activation functions.
As shown in Eqs. (10) to (15), an LSTM unit contains input, forget, and output gates measured as regulation
structures and a candidate memory. The gates normalize data movement into and out of the memory cell,
permitting the system to control what data to forget, recall, and output.
Training is rotating the weight matrices to minimize the complete prediction error. The most general
model utilized to train LSTMs is BP. Over Time (BPTT) is an addition of BP employed in traditional neural
networks. BPTT involves unfolding the system in time and spreading error signals backwards over these time
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
8
www.nature.com/scientificreports/
Fig. 4. Structure of the LSTM technique.
steps. To upgrade the weights, BPTT calculates the inclines of total prediction error with esteem to every weight
(∂ Etot/∂ W ). Etot denotes a total error function determined as the difference between the predictive and actual
outputs in every time step. It can be computed utilizing a cost function like mean squared error or cross-entropy
loss.
DAE model
Choosing the DAE model for intrusion detection is highly efficient due to its ability to learn and reconstruct
intrinsic data patterns, which improves its capability to detect anomalies and outliers in network traffic. DAEs
outperform feature learning by denoising and compressing input data, making them adept at discriminating
between normal and malevolent activities, even in noise. Unlike conventional methodologies, DAEs can
adaptively uncover complex structures within the data, which enhances the detection of subtle or novel attack
patterns. Their capability to reconstruct corrupted data allows for robust anomaly detection, giving substantial
merit in detecting previously unseen or advanced intrusions. Overall, DAEs’ merit in feature extraction and
anomaly detection makes them a powerful tool for enhancing the accuracy and resilience of IDSs. Figure 5
illustrates the infrastructure of DAE.
As an unsupervised DL framework, AE primarily consists of two components: the encoding and the decoding
parts50. It is most commonly adopted for feature extraction and data dimensionality reduction tasks. The DAE
integrates many stacked encoding-decoding layers to project the similarity matrix into the low-dimension space.
For the microbe-side AE, these two encoder layers are set to 128 and 64, and the two decoder layers are set to 64
and 128, correspondingly. For the AE, the two encoder layers are set to dimensions of 512 and 128, and the two
decoder layers are set to the dimensions of 128 and 512, correspondingly. This technique filters out extraneous
noise and successfully captures the correct representation of microbes. The linear conversion maps the similarity
feature matrix of input into the compressed space within the encoder.
H = gθ 1 (X) = ψ (w1X + b1) , (16)
ψ (X) =
1
, (17)
1 + exp (−X)
Where H represents the compressed features based on the encoder module, w1 and b1 are the trainable weight
and the bias matrices. Using linear transformations, the low-dimensional feature was reconstructed at the
decoder stage.
= gθ 2 (H) = ϕ (w2H + b2) , (18)
X
shows the reconstruction node feature, w2 and b2 are the adaptable weight and the bias matrices.
In Eq. (18), X
i, and the overall nodes are N ; the
For node I, the original feature is meant as Xi, the reconstructed feature is X
MSE loss function is utilized for measuring the difference between the reconstructed and features input.
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
9
www.nature.com/scientificreports/
Fig. 5. Structure of DAE.
N
i)2. (19)
= 1
L X, X
(Xi − X
i=1
N
ELM model
The ELM model proved an effective alternative to training neural networks with the backpropagation (BP)
model51. The ELM approach is chosen for intrusion detection due to various key merits. ELMs are prevalent for
their rapid training speed and high effectiveness due to their simple architecture, contrasting with the longer
training times needed by more complex techniques. Their capability to achieve high generalization performance
with lesser tuning makes them specifically efficient for handling various and large-scale datasets. Furthermore,
ELMs can effectively handle noisy and high-dimensional data, which is common in network traffic. Their
straightforward implementation and adaptability enable quick adjustments to new attack patterns, making the
ELM technique a robust and practical choice for improving the accuracy and responsiveness of IDSs. Figure 6
portrays the architecture of the ELM model.
ELM can address the limitations related to the Single Layer Feedforward Network (SLFN) through BP, such
as time limitations and local minima. ELM learning has two essential stages: (1) assign weight randomly for the
relationship between the input and hidden layers (HL), together with bias, then by the generation of the H output
matrix. (2) Determine the outcome weights using the least square model. Notably, ELM decreases computation
effort by changing the learning process into the linear system’s solution. Search is performed for the least square
solution β of the linear system Hβ = T to train SLFN effectively. Assume that N samples (xi, ti), K neurons
in the HL, and activation function g (x) will be utilized during the SLFN training. xi = [xi1, xi2, xin]T refers to
the n-dimensional input vector of ith samples. The resulting vector is ri = [ti1, t2, ti1]T . This includes the HL
bias (the input and output weights).
k
fK (x) =
β j hj (x) = h (x) β (20)
j=1
In Eq. (20), the weighted vector connecting the output neurons (≥ 1) with the hidden neuron j is represented
as β j . The consolidated weight vector is represented by β = [β 1, β 2, . . . , β K ], which connects the HL to the
output layer with at least one neuron, and the output of HL is h (x) = [h1 (x) , h2 (x) , . . . , hK (x)].
hj (x) = G (wj , bj , x) , wi, x ∈ Rd, bi ∈ R (21)
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
10
www.nature.com/scientificreports/
Fig. 6. Structure of ELM approach.
In Eq. (21), G represents the piecewise continuous, non-linear function. The activation function is utilized in
the HL neuron. The sigmoid function, sine function, and hard limit function are the commonly used ones. x
represents the training sample’s single instance, and the configuration variables of the jk hidden neuron are
represented by (wj and bj ). Equation (20) is formulated by Hβ = T , with HN × K representing the output
matrix of HL.
 


h (x1)
h (x1) . . . hK (x1)
...
=

H =  ...
h (xN )
h (xN ) . . . hK (xN )



G(w1, b1, x1) . . . G(wκ , bκ , x1)
x1 + bM
.
.
.
..
..

 (22)
=  ..
G(w1, b1, xN ) . . . G(wκ , bκ , xN )
x N + bM
In Eq. (22), the weighted vector linking the input neuron to the ith hidden neurons is characterized
as Wi = [Wi1, W 12, . . . Wi]T . A sample at the ith location during the training set is indicated as
xi = [xi1, . . . xin] , T indicates the desired results, β refers to the output weight matrix and bi for the bias
values of the ith hidden neurons. ELM obtains the low output weight norm and the low training error to enhance
the generalization efficiency of FFNN.
Minimize:
||Hβ − T ||2, ||β ||(23)
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
11
www.nature.com/scientificreports/
The ELM-prepared SLFN has randomly initialized weight and bias linking the input and hidden neurons. The
weights between the output layer and the hidden neurons are evaluated by the least square solution, β = H †T ,
with H † representing the MP generalized inverse of the matrix.
Model optimization
Eventually, the hyperparameter tuning of the classifiers was executed by the DBO model52. This technique was
chosen for its effectual global search capabilities inspired by the natural foraging behaviour of dung beetles. DBO
outperforms at balancing exploration and exploitation, which is significant for navigating intrinsic and multimodal search spaces effectively. This balance allows DBO to escape local optima and converge on high-quality
solutions more efficiently than conventional optimization techniques. Moreover, the unique approach of the
DBO model in implementing both local and global data improves its capability to find optimal solutions across
diverse problem domains. Its adaptability and mitigated computational complexity related to conventional
techniques make DBO a robust choice for addressing diverse optimization challenges, specifically in scenarios
where complex and dynamic search landscapes are present. The DBO model is also chosen for its capability
to self-organize and adapt to complex optimization landscapes, employing an innovative methodology that
replicates ecological behaviors for effectual problem-solving. This unique mechanism allows DBO to dynamically
reconfigure its search parameters, giving exceptional flexibility and precision in handling diverse and growing
optimization challenges. Figure 7 demonstrates the overall structure of the DBO model.
This section primarily presents the DBO approach, inspired by the social behaviours observed in populations
of dung beetles (DB) in their natural habitat. It classifies these populations into breeding, rolling, small, and thief
DB. Depending on the place upgrade formulas for all the population subsets, it implements local exploitation
and global exploration.
Rolling dung beetles
DB is inclined to roll adopts into a ball and carry them to a safely stored place. DB deploys celestial cues to
control their way around in the ball rolling. The upgrade equation for the position is defined as:
xi (t + 1) = xi (t) + α × k × xi (t − 1) + b × ∆x (24)
∆x = xi (t) − X worst(25)
Fig. 7. Overall structure of the DBO model.
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
12
www.nature.com/scientificreports/
Meanwhile, xi (t) stands for the position data of the ith beetle under the tth cycle. α defines the natural coefficient, k demonstrates the deviation co-efficient, b signifies the constant from the range of 0 and 1 , X worst
defines the worse position and ∆x exhibits modifications in illumination. If facing obstacles in the dung ballrolling model, DB rises to carry out a dancing performance, defining their movement way. The place upgrade
formula is expressed as:
xi (t + 1) = xi (t) + tan (θ ) |xi (t) − xi (t − 1)| (26)
In which, θ ∈ [0, π ]. The position could not upgrade if θ = 0, π /2, and π .
Breeding dung beetles
In a natural environment, the female DB rolls the dung ball to a safe and suitable place for spawning, arranging
balls of eggs to replicate their offspring. DB production is strictly limited to the spawning area, and spawning
happens only if breeding DB is the safe region for spawning.
Xi (t + 1) = X * + b1 × Xi (t) − Lb* + b2 × Xi (t) − U b* (27)
Lb* = max X * × (1 − R) , Lb (28)
U b* = min X * × (1 + R) , U b (29)
In which Xi (t) stands for the location of breeding DB, X ∗ defines the current local optimum place, b1 and b2
demonstrate the random vectors whose magnitude is 1xD, and D depicts the problem dimensionality. Lb∗ and
U b∗ denote the spawning region’s lower and upper bounds correspondingly. R = 1 − t/Tmax and Tmax indicate
the upper bound for the iteration counts. Lb and U b demonstrate the optimizer problem’s lower and upper
boundaries correspondingly.
Small dung beetles
Specific mature DB emerge from underground to search for food, earning them the designation of “small DB.”
Their foraging actions are strongly limited from the ideal foraging area. The small DB starts with forage in its
surroundings.
xi (t + 1) = xi (t) + C1 × xi (t) − Lbb + C2 × xi (t) − U bb (30)
Lbb = max X b × (1 − R) , Lb (31)
U bb = min X b × (1 + R) , U b (32)
whereas X b signifies the global optimum place, Lbb and U bb represent the lower and upper bounds of the
foraging regions; correspondingly, xi (t) stands for the location data of the ith small DB under the tth iteration,
C1 signifies the random number that follows a normal distribution, and C2 implies the random vector fitting
to (0,1).
Thief dung beetles
Some DB employ the natural process of pilfering dung balls in the fellow beetles. Thief DB will employ stealing
action if they are approximately an optimum food source, and their positional upgrade equation is defined as:
xi (t + 1) = X b + S × g × xi (t) − X * + xi (t) − X b (33)
Whereas xi (t) signifies the place of ith thief DB in the tth iteration, g stands for the random vector of
dimensional 1xD following a normal distribution, and S defines the constant.
Fitness choice is a significant aspect of controlling the performance of the DBO method. The parameter
choice procedure contains the encoded result to calculate the performance of candidate outcomes. During this
case, the DBO approach assumes that accuracy is a primary condition for designing the FF, which is defined as:
F itness = max (P ) (34)
P =
TP
(35)
TP + FP
Where F P and T P demonstrate the false and true positive rates.
Result analysis and discussion
The experimental validation outcomes of the MGODEL-ID technique are examined using the CIC-DDoS2019
database53. The CIC-DDoS2019 dataset is an extensive resource for assessing IDSs, comprising 50,063,112
records with a detailed breakdown into 50,006,249 rows for DDoS attacks and 56,863 rows for benign traffic.
Every record is characterized by 86 features, which capture diverse network attributes and behaviours, giving
a robust foundation for computing detection techniques. The dataset encompasses training and test data, with
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
13
www.nature.com/scientificreports/
Type
No. of Instances
Benign
67,343
DDoS
45,927
Total Instances
113,270
Table 1. Details of the database.
Fig. 8. Confusion matrices of MGODEL-ID approach (a-f) Epochs 500–3000.
the training set comprising 12 distinct DDoS attack types: PortMap, NetBIOS, LDAP, MSSQL, UDP, UDP-Lag,
SYN, NTP, DNS, and SNMP. The data is accumulated from a realistic environment, capturing network traffic
analysis outcomes with labelled flows. Furthermore, the dataset integrates modern reflective and exploitationbased DDoS attacks, confirming a diverse and realistic representation of network threats. The elaborated
dataset mirrors true real-world conditions through PCAPs and traffic analysis and gives a robust foundation for
analyzing and enhancing intrusion detection models.
In the context of the presented study, the dataset’s utility is additionally exemplified by the specific instance
dispersion: 67,343 records of benign traffic and 45,927 records of DDoS attacks, totalling 113,270 instances. This
balance between benign and malevolent instances eases the development and analysis of detection models in
both binary and multi-class classification scenarios. By implementing this dataset, researchers can thoroughly
evaluate the effectualness of ML and DL methodologies in discriminating between normal and attack traffic,
specifically for Smart Grid networks where precise and reliable intrusion detection is substantial. The detailed
dataset comprehensively evaluates how well several techniques can handle real-world attack patterns and
confirm robust protection against state-of-the-art DDoS threats. The dataset description is given in Table 1.
The suggested method is simulated using the Python 3.6.5 tool on a PC with an i5-8600k, 250GB SSD, GeForce
1050Ti 4GB, 16GB RAM, and 1 TB HDD. The parameter settings are learning rate: 0.01, activation: ReLU, epoch
count 50, dropout: 0.5, and batch size: 5.
Figure 8 reports a set of confusion matrices produced by the MGODEL-ID methodology at distinct epochs.
On 500 epochs, the MGODEL-ID methodology has recognized 65,917 instances as benign and 44,945 instances
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
14
www.nature.com/scientificreports/
as DDoS. Afterwards, on 1000 epochs, the MGODEL-ID approach recognized 66,029 instances as benign and
45,024 instances as DDoS. Furthermore, on 1500 epochs, the MGODEL-ID approach has recognized 66,105
instances as benign and 45,041 instances as DDoS. Besides, in 2000 epochs, the MGODEL-ID approach has
recognized 66,220 instances as benign and 45,114 instances as DDoS. In the meantime, on 2500 epochs, the
MGODEL-ID technique has recognized 66,251 instances as benign and 45,119 instances as DDoS. Eventually,
on 3000 epochs, the MGODEL-ID method recognized 66,304 instances as benign and 45,083 instances as DDoS.
Table 2; Fig. 9 report a classification result of the MGODEL-ID approach. The outcomes implied that the
MGODEL-ID approach attains effectual performance under all epochs. With 500 epochs, the MGODEL-ID
methodology obtains an average accuy of 97.87%, precn of 97.73%, recal of 97.87%, Fscore of 97.80%, and
Gmeasure of 97.80%. In addition, with 1000 epochs, the MGODEL-ID methodology attains an average accuy of
98.04%, precn of 97.91%, recal of 98.04%, Fscore of 97.97%, and Gmeasure of 97.97%. Followed by, with 1500
epochs, the MGODEL-ID method accomplishes an average accuy of 98.12%, precn of 98.00%, recal of 98.12%,
Fscore of 98.06%, and Gmeasure of 98.06%. Then, with 2000 epochs, the MGODEL-ID method reaches an average
accuy of 98.28%, precn of 98.18%, recal of 98.28%, Fscore of 98.23%, and Gmeasure of 98.23%. Besides, with
3000 epochs, the MGODEL-ID method achieves an average accuy of 98.31%, precn of 98.25%, recal of 98.31%,
Fscore of 98.28%, and Gmeasure of 98.28%.
The efficiency of the MGODEL-ID approach is projected in Fig. 10 in the method of training accuracy
(TRAAC) and validation accuracy (VALAC) outcomes at 3000 epochs. The outcome exposes a beneficial
interpretation of the MGODEL-ID method under various epochs, representing its learning method and
generalized abilities. Noticeably, the result is a stable improvement from TRAAC and VALAC with a maximum
in epochs. It guarantees the MGODEL-ID approach from the pattern recognition method on both data. The
increasing trend in VALAC outlines the proficiency of the MGODEL-ID approach in adjusting to the TRA data
and excelling in the contribution of particular classifiers on unnoticed data, exposing the robust generalized
proficiencies.
Figure 11 illustrates a complete analysis of the MGODEL-ID method’s training loss (TRALS) and validation
loss (VALLS) curves at 3000 epochs. The slow reduction in TRALS highlights how the MGODEL-ID method
optimizes the weights and diminishes the classifier error on both data. The outcome signifies a clear knowledge
of the MGODEL-ID models related to the TRA data, highlighting its capability to capture designs from both
data. Noticeably, the MGODEL-ID approach constantly enhances its parameters to decrease the variances
among the real and predictive TRA classes.
Scrutinizing the PR curve, as exhibited in Fig. 12, the outcomes guaranteed that the MGODEL-ID approach
gradually achieves higher PR values under two classes at 3000 epochs. It validates the improved proficiencies of
the MGODEL-ID methodology from detecting distinct classes and the representative ability to detect classes.
Classes
Accuy
Precn
Recal
F 1Score
GM easure
Epoch − 500
Benign
97.88
98.53
97.88
98.21
98.21
DDoS
97.86
96.92
97.86
97.39
97.39
Average
97.87
97.73
97.87
97.80
97.80
Epoch − 1000
Benign
98.05
98.65
98.05
98.35
98.35
DDoS
98.03
97.16
98.03
97.60
97.60
Average
98.04
97.91
98.04
97.97
97.97
Epoch − 1500
Benign
98.16
98.68
98.16
98.42
98.42
DDoS
98.07
97.32
98.07
97.70
97.70
Average
98.12
98.00
98.12
98.06
98.06
Epoch − 2000
Benign
98.33
98.79
98.33
98.56
98.56
DDoS
98.23
97.57
98.23
97.90
97.90
Average
98.28
98.18
98.28
98.23
98.23
Epoch − 2500
Benign
98.38
98.80
98.38
98.59
98.59
DDoS
98.24
97.64
98.24
97.94
97.94
Average
98.31
98.22
98.31
98.26
98.26
Epoch − 3000
Benign
98.46
98.74
98.46
98.60
98.60
DDoS
98.16
97.75
98.16
97.95
97.95
Average
98.31
98.25
98.31
98.28
98.28
Table 2. Classifier outcome of MGODEL-ID method under various epochs.
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
15
www.nature.com/scientificreports/
Fig. 9. Average outcome of MGODEL-ID technique under distinct epochs.
Likewise, in Fig. 13, ROC outcomes created by the MGODEL-ID approach are displayed in the cataloguing of
distinct labels at 3000 epochs. This suggests a detailed understanding of the exchange among TPR and FRP over
distinct recognition threshold values and several epochs. The outcomes underline the higher classifier results of
the MGODEL-ID method in 2 class labels, outlining the solution to addressing distinct classifier issues.
Table 3; Fig. 14the comparison investigation of the MGODEL-ID approach with other existing methods3,54.
The outcomes depicted that the MGODEL-ID approach has exhibited optimum performance. Based on accuy ,
the MGODEL-ID technique obtains a maximum accuy of 98.31%, where the ANN, SVM, Hybrid Deep belief,
NB, RF, KNN, and LR models have minimum accuy of 96.94%, 97.80%, 94.14%, 97.74%, 94.00%, 94.60%, and
90.70%, respectively. In addition, based on precn, the MGODEL-ID technique attains a higher precn of 98.25%,
whereas the ANN, SVM, Hybrid Deep belief, NB, RF, KNN, and LR approaches have lesser precn of 94.05%,
93.96%, 91.59%, 93.30%, 97.17%, 93.34%, and 93.94%, correspondingly. Furthermore, based on recal , the
MGODEL-ID methodology accomplishes maximal recal of 98.31%, where the ANN, SVM, Hybrid Deep belief,
NB, RF, KNN, and LR techniques have minimal recal of 96.20%, 96.72%, 91.91%, 93.21%, 97.68%, 96.92%,
and 94.33%, correspondingly. Finally, with F 1score , the MGODEL-ID approach gains a superior F 1score of
98.28%, whereas the ANN, SVM, Hybrid Deep belief, NB, RF, KNN, and LR methodologies have lower F 1score
of 96.90%, 97.80%, 93.68%, 92.80%, 93.69%, 93.43%, and 97.85%, correspondingly. Therefore, the proposed
model correctly determines the attacks in the SG environment.
Conclusion
This article proposes a new MGODEL-ID methodology for the SG environment. The MGODEL-ID methodology
exploits ensemble learning with metaheuristic approaches to identify intrusions in the SG environment.
Primarily, the MGODEL-ID approach utilizes Z-score normalization to convert the input data into a uniform
design. Besides, the MGODEL-ID approach designs an MGO model to elect a better subset of features.
Meanwhile, an ensemble of three classifiers, LSTM, DAE, and ELM, can detect intrusions. Eventually, DBO will
execute the hyperparameter tuning of the classifiers. A widespread simulation outcome is made to demonstrate
the enhanced security outcomes of the MGODEL-ID approach. The experimental outcomes implied that the
MGODEL-ID approach performs better than other methodologies. The limitations of the MGODEL-ID model
comprise potential sensitivity to outliers despite Z-score normalization and the computational complexity of
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
16
www.nature.com/scientificreports/
Fig. 10. Accuy curve of MGODEL-ID approach at 3000 epochs.
Fig. 11. Loss curve of MGODEL-ID method at 3000 epochs.
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
17
www.nature.com/scientificreports/
Fig. 12. PR curve of MGODEL-ID method at 3000 epochs.
MGO-based feature subset selection. Another limitation of the MGODEL-ID model is its potential difficulty
in handling highly imbalanced datasets, paving the way to biased outputs and mitigating model efficiency.
Future work should focus on incorporating techniques to manage class imbalance better and ensure more
accurate predictions across different classes. Future work should focus on improving robustness to outliers and
mitigating computational demands for massive datasets. Furthermore, exploring alternative parameter tuning
methods beyond DBO and integrating more diverse ensemble learning strategies could enhance the model’s
performance. Addressing these limitations will contribute to the efficiency and scalability of the technique in
practical applications.
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
18
www.nature.com/scientificreports/
Fig. 13. ROC curve of MGODEL-ID technique at 3000 epochs.
Approaches
Accuy
Precn
Recal
F 1Score
ANN
96.94
94.05
96.20
96.90
SVM
97.80
93.96
96.72
97.80
Hybrid Deep belief
94.14
91.59
91.91
93.68
Naïve Bayes
97.74
93.30
93.21
92.80
RF
94.00
97.17
97.68
93.69
KNN
94.60
93.34
96.92
93.43
LR
90.70
93.94
94.33
97.85
MGODEL-ID
98.31
98.25
98.31
98.28
Table 3. Comparative outcome of MGODEL-ID approach with existing models3,54.
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
19
www.nature.com/scientificreports/
Fig. 14. Comparative outcome of MGODEL-ID approach with existing models.
Data availability
The datasets used and analyzed during the current study available from the corresponding author on reasonable
request.
Received: 27 June 2024; Accepted: 30 September 2024
References
1. Labrador Rivas, A. E. & Abrão, T. Faults in Smart Grid systems: monitoring, detection and classification. Electr. Power Syst. Res.
189, 106602 (2020).
2. Salas, M., Shao, S., Salustri, A., Schroeck, Z. & Zheng, J. Securing Smart Grid enabled Home Area Networks with Retro-reflective
visible light communication. Sensors. 23, 1245 (2023).
3. Diaba, S. Y. & Elmusrati, M. Proposed Algorithm for Smart Grid DDoS Detection based on deep learning. Neural Netw. 159,
175–184 (2023).
4. Sarker, M. A. A., Shanmugam, B., Azam, S. & Thennadil, S. Enhancing smart grid load forecasting: An attention-based deep
learning model integrated with federated learning and XAI for security and interpretability. Intelligent Systems with Applications,
23, 200422 (2024).
5. Nafees, M. N., Saxena, N., Cardenas, A., Grijalva, S. & Burnap, P. Smart Grid Cyber-physical situational awareness of complex
operational technology attacks: a review. ACM Comput. Surv. 55, 215 (2023).
6. Gunduz, M. Z. & Das, R. Cyber-security on Smart Grid: threats and potential solutions. Comput. Netw. 169, 107094 (2020).
7. Siniosoglou, I., Radoglou-Grammatikis, P., Efstathopoulos, G., Fouliras, P. & Sarigiannidis, P. A unified deep learning anomaly
detection and classification approach for smart grid environments. IEEE Trans. Netw. Serv. Manage. 18 (2), 1137–1151 (2021).
8. Baz, A., Logeshwaran, J., Natarajan, Y. & Patel, S. K. Deep fuzzy nets approach for energy efficiency optimization in smart grids.
Applied Soft Computing, 161, 111724 (2024).
9. Mohan, S. N., Ravikumar, G. & Govindarasu, M. Distributed intrusion detection system using semantic-based rules for SCADA in
smart grid. In 2020 IEEE/PES transmission and distribution conference and exposition (T & D) 1–5 (2020).
10. Hashim, M., Khan, L., Javaid, N., Ullah, Z. & Shaheen, I. Enhancing Smart City Functions through the Mitigation of Electricity
Theft in Smart Grids: A Stacked Ensemble Method. International Transactions on Electrical Energy Systems (1), 5566402 (2024).
11. Mazhar, T. et al. M.T. and The role of ML, AI and 5G technology in smart energy and smart building management. Electronics,
11(23), 3960 (2022).
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
20
www.nature.com/scientificreports/
12. Mazhar, T. et al. Analysis of cyber security attacks and its solutions for the smart grid using machine learning and blockchain
methods. Future Internet, 15(2), 83 (2023).
13. Ghadi, Y. Y. et al. Security risk models against attacks in smart grid using big data and artificial intelligence. PeerJ Comput. Sci. 10,
e1840 (2024).
14. Elsisi, M., Su, C. L. & Ali, M. N. Design of reliable IoT systems with deep learning to support resilient demand side management
in smart grids against adversarial attacks. IEEE Trans. Ind. Appl. (2023).
15. Lahon, P. et al. Deep Neural Network-Based Smart Grid Stability Analysis: Enhancing Grid Resilience and Performance. Energies,
17(11), 2642 (2024).
16. Aljohani, A., AlMuhaini, M., Poor, H. V. & Binqadhi, H. A deep learning-based Cyber Intrusion Detection and Mitigation System
for Smart Grids. IEEE Trans. Artif. Intell. (2024).
17. Menon, D. M. & Radhika, N. A Trust-based Framework and Deep Learning-based attack detection for Smart Grid Home Area
Network. Int. J. Intell. Eng. Syst., 15(1) (2022).
18. Li, X. J., Ma, M. & Sun, Y. An Adaptive Deep Learning Neural Network Model to Enhance Machine-Learning-Based Classifiers for
Intrusion Detection in Smart Grids. Algorithms, 16(6), 288 (2023).
19. Mhmood, A. A., Ergül, Ö. & Rahebi, J. Detection of cyber-attacks on smart grids using improved VGG19 deep neural network
architecture and Aquila optimizer algorithm. Signal. Image Video Process. 18 (2), 1477–1491 (2024).
20. Dairi, A., Harrou, F., Bouyeddou, B., Senouci, S. M. & Sun, Y. Semi-supervised deep learning-driven anomaly detection schemes
for cyber-attack detection in smart grids. In Power Systems Cybersecurity: Methods, Concepts, and Best Practices (265–295).
Cham: Springer International Publishing. (2023).
21. Li, Y., Wei, X., Li, Y., Dong, Z. & Shahidehpour, M. Detection of false data injection attacks in smart grid: a secure federated deep
learning approach. IEEE Trans. Smart Grid. 13 (6), 4862–4872 (2022).
22. Kethineni, K. & Pradeepini, G. Intrusion detection in internet of things-based smart farming using hybrid deep learning
framework. Cluster Comput. 27 (2), 1719–1732 (2024).
23. Zhai, F., Yang, T., Chen, H., He, B. & Li, S. Intrusion detection method based on CNN–GRU–FL in a smart grid environment.
Electronics, 12 (5), p.1164. (2023).
24. Ghadi, Y. Y. et al. A. and Machine learning solution for the security of wireless sensor network. IEEE Access. (2024).
25. Haq, I. et al. Impact of 3G and 4G technology performance on customer satisfaction in the telecommunication industry. Electronics,
12(7), 1697 (2023).
26. Aurangzeb, M. et al. Enhancing cybersecurity in smart grids: deep black box adversarial attacks and quantum voting ensemble
models for blockchain privacy-preserving storage. Energy Rep. 11, 2493–2515 (2024).
27. Mazhar, T. et al. Analysis of challenges and solutions of IoT in smart grids using AI and machine learning techniques: A review.
Electronics, 12 (1), 242 (2023).
28. Vakili, A. et al. A new service composition method in the cloud‐based internet of things environment using a grey wolf optimization
algorithm and MapReduce framework. Concurrency Computation: Pract. Experience. 36 (16), e8091 (2024).
29. Heidari, A., Jafari Navimipour, N., Dag, H. & Unal, M. Deepfake detection using deep learning methods: a systematic and
comprehensive review. Wiley Interdisciplinary Reviews: Data Min. Knowl. Discovery. 14 (2), e1520 (2024).
30. Heidari, A., Navimipour, N. J., Dag, H., Talebi, S. & Unal, M. A novel blockchain-based deepfake detection method using federated
and deep learning models. Cogn. Comput., 1–19 (2024).
31. Amiri, Z., Heidari, A., Navimipour, N. J., Esmaeilpour, M. & Yazdani, Y. The deep learning applications in IoT-based bio-and
medical informatics: a systematic literature review. Neural Comput. Appl. 36 (11), 5757–5797 (2024).
32. Heidari, A., Navimipour, N. J. & Otsuki, A. Cloud-based non-destructive characterization. Non-destructive material characterization
methods, 727–765 (2024).
33. Heidari, A., Navimipour, N. J. & Unal, M. A secure intrusion detection platform using blockchain and radial basis function neural
networks for internet of drones. IEEE Internet Things J. 10 (10), 8445–8454 (2023).
34. Heidari, A., Shishehlou, H., Darbandi, M., Navimipour, N. J. & Yalcin, S. A reliable method for data aggregation on the industrial
internet of things using a hybrid optimization algorithm and density correlation degree. Cluster Comput., 1–19. (2024).
35. Amiri, Z., Heidari, A., Zavvar, M., Navimipour, N. J. & Esmaeilpour, M. The applications of nature-inspired algorithms in internet
of things‐based healthcare service: a systematic literature review. Trans. Emerg. Telecommunications Technol. 35 (6), e4969 (2024).
36. Zhang, G. & Sikdar, B. A novel adversarial FDI attack and defense mechanism for Smart Grid demand-response mechanisms. IEEE
Trans. Industrial Cyber-Physical Syst. (2024).
37. Bhavsar, A. et al. July. EL-FAM: Power System Intrusion Detection with Ensemble Learning for False Alarm Mitigation. In 2024
International Conference on Computer, Information and Telecommunication Systems (CITS) 1–5. IEEE. (2024).
38. Jeyaraj, P. R., Samuel Nadar, R. & Mihet-Popa, L. E. and Deep-block network for cyberattack mitigation and assessment in smart
grid power system with resilience indices. Electr. Power Compon. Syst., 1–17 (2023).
39. Abdelkader, S. et al. Securing modern power systems: implementing comprehensive strategies to enhance resilience and reliability
against cyber-attacks. Results Eng., 102647 (2024).
40. Shrestha, R. et al. Anomaly detection based on lstm and autoencoders using federated learning in smart electric grid. Journal of
Parallel and Distributed Computing, 193, 104951 (2024).
41. Shafin, S. S., Rahman, Q. A., Gondal, I., Karmakar, G. & Mondal, M. R. H. September. Blended Ensemble Learning for Robust
MITM Attack Detection and Classification in Smart Grid. In 2023 33rd Australasian Universities Power Engineering Conference
(AUPEC) (pp. 1–6). IEEE. (2023).
42. Dayarathne, M. A. S. P. et al. May. Deep learning-based Cyber Attack Detection in Power Grids with increasing renewable energy
penetration. In 2024 IEEE World AI IoT Congress (AIIoT) (521–526). IEEE. (2024).
43. Raja, D. J. S., Sriranjani, R., Arulmozhi, P. & Hemavathi, N. Unified Random Forest and Hybrid Bat Optimization based Manin-the-Middle Attack Detection in Advanced Metering Infrastructure. IEEE Transactions on Instrumentation and Measurement.
(2024).
44. Qazzafi, A. & Stiphen, G. Navigating cyber threats: enhancing power grid resilience through advanced cybersecurity and dynamic
fault diagnosis techniques. Int. J. Adv. Eng. Technol. Innovations. 1 (3), 1–31 (2023).
45. Varshini, G. S. & Latha, S. Detection and mitigation of coordinated cyber-physical attack in CPPS. Heliyon, 10(4). (2024).
46. Bitirgen, K. & Filik, Ü. B. Markov game based on reinforcement learning solution against cyber–physical attacks in smart grid.
Expert Systems with Applications, 255, 124607. (2024).
47. Imron, M. A. & Prasetyo, B. Improving algorithm accuracy k-nearest neighbor using z-score normalization and particle swarm
optimization to predict customer churn. J. Soft Comput. Explor. 1 (1), 56–62 (2020).
48. Jokić, A., Petrović, M. & Miljković, Z. Integrated Process Planning and Scheduling of Production Systems Based on Mountain
Gazelle Optimizer. In Proceedings of the 20th International May Conference on Strategic Management (IMCSM24), Smart miner
Section, May 2024 (Vol. 20, No. 1), pp. 142–151). University of Belgrade-Technical Faculty in Bor. (2024).
49. Nosrati, N. & Navabi, Z. Analysis and enhancement of Resilience for LSTM Accelerators using Residue-based CEDs. IEEE Access.
(2024).
50. Zhou, Z., Zhuo, L., Fu, X. & Zou, Q. Joint deep autoencoder and subgraph augmentation for inferring microbial responses to drugs.
Brief. Bioinform. 25(1), 483 (2024).
51. Feda, A. K., Adegboye, O. R., Agyekum, E. B., Hassan, A. S. & Kamel, S. Carbon Emission Prediction through the harmonization
of Extreme Learning Machine and INFO Algorithm. IEEE Access. (2024).
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
21
www.nature.com/scientificreports/
52. Wu, Q., Xu, H. & Liu, M. Applying an Improved Dung Beetle Optimizer Algorithm to Network Traffic Identification. Computers
Mater. Continua, 78(3). (2024).
53. https://www.unb.ca/cic/datasets/ddos-2019.html
54. AlHaddad, U., Basuhail, A., Khemakhem, M., Eassa, F. E. & Jambi, K. Ensemble model based on hybrid deep learning for intrusion
detection in smart grid networks. Sensors, 23 (17), 7464 (2023).
Acknowledgements
This Project was funded by the Deanship of Scientific Research (DSR) at King Abdulaziz University (KAU),
Jeddah, Saudi Arabia, under grant no. (GPIP: 1319-612-2024). Therefore, the authors acknowledge with thanks
the DSR at KAU for technical and financial support.
Author contributions
Conceptualization: Mahmoud Ragab, Sanaa A. Sharaf; Data curation and Formal Analysis: Abdullah AL-Malaise
AL-Ghamdi, Louai A. Maghrabi; Investigation and Methodology: Nasser Albogami, Maha Farouk Sabir, Ehab
Bahaudien Ashary, Project Administration and Resources: Mahmoud Ragab; Supervision: Sanaa A. Sharaf; Validation and Visualization: Ehab Bahaudien Ashary, Hashem Alaidaros, Louai A. Maghrabi, Abdullah AL-Malaise
AL-Ghamdi; Writing—original draft: Sanaa A. Sharaf, Mahmoud Ragab, Writing—review and editing, Maha
Farouk Saber, Hashem Alaidaros, Ehab Bahaudien Ashary, Nasser Albogami. All authors have read and agreed
to the published version of the manuscript.
Declarations
Competing interests
The authors declare no competing interests.
Additional information
Correspondence and requests for materials should be addressed to M.R.
Reprints and permissions information is available at www.nature.com/reprints.
Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and
institutional affiliations.
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives
4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in
any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide
a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have
permission under this licence to share adapted material derived from this article or parts of it. The images or
other third party material in this article are included in the article’s Creative Commons licence, unless indicated
otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and
your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain
permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/
licenses/by-nc-nd/4.0/.
© The Author(s) 2024
Scientific Reports |
(2024) 14:23069
| https://doi.org/10.1038/s41598-024-74733-6
22
Download