Elevating Cybersecurity for Smart Grid Systems—A Container-Based Approach Enhanced by Machine Learning

READMETitleElevating Cybersecurity for Smart Grid Systems—A Container-Based Approach Enhanced by Machine Learning AuthorsMays Abukeshek, School of Computer Science, Faculty of Technology, University of Sunderland, University of Huddersfield, UKEmail: mays.abukeshek@sunderland.ac.uk, Mays.abukeshek@hud.ac.ukBasel Barakat, School of Computer Science, Faculty of Technology, University of Sunderland, UKEmail: basel.barakat@sunderland.ac.ukBamidele Ajayi, School of Computer Science, Faculty of Technology, University of Sunderland, UKEmail: bamidele.ajayi@research.sunderland.ac.ukAbstractThis dataset supports the paper "Elevating Cybersecurity for Smart Grid Systems—A Container-Based Approach Enhanced by Machine Learning," which presents a comprehensive implementation of a cybersecurity solution for smart grid network containers. The methodology utilizes: Qualys API-based vulnerability scanning and reporting system for vulnerability identificationDocker deployment for security and isolationAdvanced load balancing techniques for resource optimizationMachine learning-powered anomaly detection for threat identification and vulnerability prioritization.The dataset contains details of several simulated attacks enabling effective training and evaluation of a robust machine-learning model. Data DescriptionThe dataset includes logs from conducted attacks on containerized nodes, generated to reflect real-world scenarios. The simulated attacks include: Denial of Service (DoS)Remote-to-Local (R2L)User-to-Root (U2R)ProbesContentsCsv_file.csv: This file contains the dataset used for training and evaluating the machine learning models. The columns in the dataset represent various features and results of the simulated attacks.Data Columns and RowsTimestamp: Description: The exact date and time when the data was recorded.time: 2023-06-01 12:00:00 Attack_Type: Description: The type of cyber-attack conducted.Possible Values: DoS, R2L, U2R, ProbeExample: DoSNotes: Categorizes the type of attack, crucial for training classification models.CPU_Utilization (%): Description: The percentage of CPU resources used during the attack.Example: 52.3Notes: Indicates the load on the CPU during the attack, useful for assessing the impact of attacks on system performance.Memory_Utilization (%): Description: The percentage of memory resources used during the attack.Example: 63.4Notes: Shows memory usage which can be a critical factor in understanding system performance under attack conditions.Network_Bandwidth (Mbps): Description: The bandwidth of the network in Megabits per second.Example: 100Notes: Reflects the network load and is essential for analyzing the impact on network performance.Vulnerabilities_Detected: Description: The number of vulnerabilities detected during the attack.Example: 289Notes: Indicates the effectiveness of the vulnerability scanning process and the system's exposure to threats.Mean_Response_Time (ms): Description: The average response time in milliseconds during the attack.Example: 87Notes: Important for evaluating the responsiveness of the system under attack conditions.Throughput (requests/second): Description: The number of requests the system can handle per second during the attack.Example: 1068Notes: Measures the capacity and efficiency of the system under load.Example RowTimestamp    Attack_Type    CPU_Utilization (%)    Memory_Utilization (%)    Network_Bandwidth (Mbps)    Vulnerabilities_Detected    Mean_Response_Time (ms)    Throughput (requests/second)2023-06-01 12:00:00    DoS    52.3    63.4    100    289    87    1068UsageThis dataset can be used to: Train and evaluate machine learning models for cybersecurity applications in smart grid systems.Analyze the performance of different machine learning models in detecting and prioritizing vulnerabilities.Understand the impact of various types of cyber-attacks on containerized environments.MethodologyThe dataset was created using a combination of Qualys API-based vulnerability scanning and Docker containerization. Multiple container clusters were subjected to various simulated attacks, and the performance of machine learning models was evaluated based on accuracy, precision, recall, and F1-scores. AcknowledgmentsThis research was supported by the University of Sunderland and the University of Huddersfield. ReferencesPlease refer to the full paper for detailed methodology, implementation, and analysis:IEEE