ADVIS-G: An Adversarially Defended Intrusion Detection System for Smart Grids Using Deep Learning

Proposed IDS flow diagram.

Setting Up

1. Download the dataset DNP3 Intrusion Detection Dataset from Zenodo
2. Unzip and copy all the CSV files related to CICFlowmeter and paste them into a single folder. These files will be the main data files.
3. Read all files and combine them into a single CSV file. Relevant script: data_preparation/combine_csv.py.
4. Install this project as pip install -e . and all its requirements too.

PCAP to Image

A packet for the array creation steps.

• Read the CSV file for 120s Timeout and the corresponding PCAP files.
• For each CSV:
  • Read each row.
  • Find the matching packets in the PCAP file.
  • Call matched packets "session" and assign the label to it.
  • Convert session to image.
• Relevant script: data_preparation/dnp3_pcap_to_img.py. It needs a mapping file between CSV and PCAP file, and are inside assets.

Model Training

• PyTorch 2.5.0 with GPU.
• As MLFlow is being used for logging the parameters, the command mlflow server should be run before training a model. But for the HPC, it is disabled.
• Dataset for session image data: advisg/data/session_image_dataset.py.
• Trainer: advisg/models/trainer.py. A single trainer to train all models, but this is used by other modules in /trainers/.

Attack Classifier Training

• trainers/session_image_trainer_backbone.py trains the MobileNet or ResNet-based attack classifiers based on session images. Slurm file: jobs/mobilenet_trainer.slurm

Adversarial Training

• trainers/session_adv_trainer.py trains the MobileNet or ResNet-based Adversarially Trained Classifier (ATC) based on session images.
• Slurm file: jobs/adversarial_training.slurm and jobs/adversarial_training_normalized.slurm.
• Requires Adversarial Data to be generated.

Adversarial Blocking Model

• trainers/session_ae_trainer.py trains the adversarial blocking models: U-Net and RDU-Net.
• Slurm file: jobs/unet_trainer.slurm and [jobs/unet_trainer_normalized.slurm] | jobs/rdunet_trainer.slurm and jobs/rdunet_trainer_normalized.slurm.
• Requires Adversarial Data to be generated.

Adversarial Generation

• adversarial/generate_adversarial_image.py generates the adversarial data using the session images and trained models.
• Arguments can be passed. Slurm file: jobs/adversarial_generator_mobilenet.slurm.

Evaluation

A proposed evaluation plan.

All files are inside adversarial.

• A notebook notebooks/image_feature_importance.ipynb generates saliency map.
• adversarial/evaluate_from_generated_mobnet.py evaluates the adversarial image sample generated in previous step.
• For benchmarking, adversarial/benchmark.py for image based IDS models.

These evaluation files create result CSV files (and sample images).

Generating Plots

• Using notebooks/report_generation_mobnetonly.ipynb for image based IDS.

Acknowledgment

The authors gratefully acknowledge the scientific support and HPC resources provided by the Erlangen National High Performance Computing Center (NHR@FAU) of the Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU). The hardware is funded by the German Research Foundation (DFG).

Cite

TBD