Smart Grid Intrusion Detection for IEC 60870-5-104 with Feature Optimization, Privacy Protection, and Honeypot-Firewall Integration

The increase in Supervisory Control and Data Acquisition (SCADA) solutions in industrial systems has made these systems more vulnerable to cyberattacks due to insecure communication protocols. This paper proposes a privacy-aware intrusion detection framework that reduces these risks. The proposed framework implements, through machine learning, anomaly detection methods, classification techniques and feature selection methodologies, integrating these approaches to optimize the identification of potential cyber threats, improve model accuracy, and enhance computational efficiency in SCADA systems. Anomaly detection is strengthened through Isolation Forests, time-series analysis, and Fourier-based burst detection while dynamically adapting to concept drift adaptation with Kullback-Leibler divergence. It also utilizes important feature optimization methods, implemented in multiple ways, such as SHAP, Recursive Feature Elimination (RFE), and Principal Component Analysis (PCA). Furthermore, the proposed framework includes a federated learning-based scheme that utilizes differential privacy and homomorphic encryption to ensure the privacy and integrity of the data to enhance model interpretability and efficiency with feature ranking to provide insights into attack patterns and anomaly characteristics. Defences against adversarial attacks use FGSM-based training, feature smoothing, and ensemble-based defences, to reduce susceptibility to evasion tactics. Honeypots and automated IP firewalls enhance attack profiling and proactive mitigation of incidents. The experimental results demonstrate the framework’s operational capability and effectiveness for SCADA network security, achieving 99.29% accuracy, 94.8% recall and 4.1% false positive rates.