{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T14:53:32Z","timestamp":1776956012404,"version":"3.51.4"},"reference-count":47,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2023,12,27]],"date-time":"2023-12-27T00:00:00Z","timestamp":1703635200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Union\u2019s Horizon Europe research and innovation program","award":["101084323"],"award-info":[{"award-number":["101084323"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Supervisory Control and Data Acquisition (SCADA) systems play a crucial role in overseeing and controlling renewable energy sources like solar, wind, hydro, and geothermal resources. Nevertheless, with the expansion of conventional SCADA network infrastructures, there arise significant challenges in managing and scaling due to increased size, complexity, and device diversity. Using Software Defined Networking (SDN) technology in traditional SCADA network infrastructure offers management, scaling and flexibility benefits. However, as the integration of SDN-based SCADA systems with modern technologies such as the Internet of Things, cloud computing, and big data analytics increases, cybersecurity becomes a major concern for these systems. Therefore, cyber-physical energy systems (CPES) should be considered together with all energy systems. One of the most dangerous types of cyber-attacks against SDN-based SCADA systems is Distributed Denial of Service (DDoS) attacks. DDoS attacks disrupt the management of energy resources, causing service interruptions and increasing operational costs. Therefore, the first step to protect against DDoS attacks in SDN-based SCADA systems is to develop an effective intrusion detection system. This paper proposes a Decision Tree-based Ensemble Learning technique to detect DDoS attacks in SDN-based SCADA systems by accurately distinguishing between normal and DDoS attack traffic. For training and testing the ensemble learning models, normal and DDoS attack traffic data are obtained over a specific simulated experimental network topology. Techniques based on feature selection and hyperparameter tuning are used to optimize the performance of the decision tree ensemble models. Experimental results show that feature selection, combination of different decision tree ensemble models, and hyperparameter tuning can lead to a more accurate machine learning model with better performance detecting DDoS attacks against SDN-based SCADA systems.<\/jats:p>","DOI":"10.3390\/s24010155","type":"journal-article","created":{"date-parts":[[2023,12,27]],"date-time":"2023-12-27T07:45:32Z","timestamp":1703663132000},"page":"155","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Ensemble Learning Framework for DDoS Detection in SDN-Based SCADA Systems"],"prefix":"10.3390","volume":"24","author":[{"given":"Saadin","family":"Oyucu","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, Ad\u0131yaman University, Ad\u0131yaman 02040, Turkey"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9313-4910","authenticated-orcid":false,"given":"Onur","family":"Polat","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Bing\u00f6l University, Bing\u00f6l 12000, Turkey"}]},{"given":"Muammer","family":"T\u00fcrko\u011flu","sequence":"additional","affiliation":[{"name":"Department of Software Engineering, Samsun University, Samsun 55000, Turkey"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4128-2625","authenticated-orcid":false,"given":"H\u00fcseyin","family":"Polat","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Faculty of Technology, Gazi University, Ankara 06500, Turkey"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2563-1218","authenticated-orcid":false,"given":"Ahmet","family":"Aks\u00f6z","sequence":"additional","affiliation":[{"name":"MOBILERS, Sivas Cumhuriyet University, Sivas 58000, Turkey"}]},{"given":"Mehmet Tevfik","family":"A\u011fda\u015f","sequence":"additional","affiliation":[{"name":"Department of Computer Technologies, Munzur University, Tunceli 62000, Turkey"}]}],"member":"1968","published-online":{"date-parts":[[2023,12,27]]},"reference":[{"key":"ref_1","first-page":"126639","article-title":"Cyber-Attacks against Cyber-Physical Power Systems Security: State Estimation, Attacks Reconstruction and Defense Strategy","volume":"413","author":"Su","year":"2022","journal-title":"Appl. Math. Comput."},{"key":"ref_2","first-page":"160","article-title":"SCADA Systems: Vulnerabilities and Remediation","volume":"20","author":"John","year":"2005","journal-title":"J. Comput. Sci. Coll."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"101666","DOI":"10.1016\/j.cose.2019.101666","article-title":"SCADA (Supervisory Control and Data Acquisition) Systems: Vulnerability Assessment and Security Recommendations","volume":"89","author":"Upadhyay","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1109\/COMST.2014.2330903","article-title":"A Survey on Software-Defined Networking","volume":"17","author":"Xia","year":"2015","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"2637","DOI":"10.1109\/COMST.2019.2908266","article-title":"Software Defined Networks-Based Smart Grid Communication: A Comprehensive Survey","volume":"21","author":"Rehmani","year":"2019","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_6","first-page":"1","article-title":"Investigating Overall Structure of Cyber-Attacks on Smart-Grid Control Systems to Improve Cyber Resilience in Power System","volume":"1","author":"Ghiasi","year":"2020","journal-title":"IEEE Smart Grid Newsl."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1016\/j.dib.2017.07.038","article-title":"Dataset of Anomalies and Malicious Acts in a Cyber-Physical Subsystem","volume":"14","author":"Laso","year":"2017","journal-title":"Data Br."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Germano Da Silva, E., Dias Knob, L.A., Wickboldt, J.A., Gaspary, L.P., Granville, L.Z., and Schaeffer-Filho, A. (2015, January 11\u201315). Capitalizing on SDN-Based SCADA Systems: An Anti-Eavesdropping Case-Study. Proceedings of the 2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, Canada.","DOI":"10.1109\/INM.2015.7140289"},{"key":"ref_9","first-page":"693","article-title":"DDoS Flooding Attack Mitigation in Software Defined Networks","volume":"11","author":"Mahrach","year":"2020","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1016\/j.jnca.2016.04.005","article-title":"SD-Anti-DDoS: Fast and Efficient DDoS Defense in Software-Defined Networks","volume":"68","author":"Cui","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"5304","DOI":"10.1109\/TCYB.2020.2986008","article-title":"Stability Analysis for Cyber-Physical Systems under Denial-of-Service Attacks","volume":"51","author":"Lu","year":"2021","journal-title":"IEEE Trans. Cybern."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"338","DOI":"10.1016\/j.neucom.2019.07.031","article-title":"Detecting Cyberattacks in Industrial Control Systems Using Online Learning Algorithms","volume":"364","author":"Li","year":"2019","journal-title":"Neurocomputing"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Teixeira, M.A., Salman, T., Zolanvari, M., Jain, R., Meskin, N., and Samaka, M. (2018). SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach. Future Internet, 10.","DOI":"10.3390\/fi10080076"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Lopez Perez, R., Adamsky, F., Soua, R., and Engel, T. (2018, January 1\u20133). Machine Learning for Reliable Network Attack Detection in SCADA Systems. Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/12th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE), New York, NY, USA.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00094"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"012096","DOI":"10.1088\/1757-899X\/1022\/1\/012096","article-title":"Identification of Disturbances in Power System and DDoS Attacks Using Machine Learning","volume":"1022","author":"Panthi","year":"2021","journal-title":"IOP Conf. Ser. Mater. Sci. Eng."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"\u00d6zt\u00fcrk, T., Turgut, Z., Akg\u00fcn, G., and K\u00f6se, C. (2022). Machine Learning-Based Intrusion Detection for SCADA Systems in Healthcare. Netw. Model. Anal. Health Inform. Bioinforma., 11.","DOI":"10.1007\/s13721-022-00390-2"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"913","DOI":"10.1007\/s42835-021-00931-1","article-title":"Evaluation of Machine Learning Algorithms for Detection of Malicious Traffic in SCADA Network","volume":"17","author":"Rajesh","year":"2022","journal-title":"J. Electr. Eng. Technol."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Islam, U., Muhammad, A., Mansoor, R., Hossain, M.S., Ahmad, I., Eldin, E.T., Khan, J.A., Rehman, A.U., and Shafiq, M. (2022). Detection of Distributed Denial of Service (DDoS) Attacks in IOT Based Monitoring System of Banking Sector Using Machine Learning Models. Sustainability, 14.","DOI":"10.3390\/su14148374"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"e4150","DOI":"10.1002\/ett.4150","article-title":"Network Intrusion Detection System: A Systematic Study of Machine Learning and Deep Learning Approaches","volume":"32","author":"Ahmad","year":"2021","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Saghezchi, F.B., Mantas, G., Violas, M.A., de Oliveira Duarte, A.M., and Rodriguez, J. (2022). Machine Learning for DDoS Attack Detection in Industry 4.0 CPPSs. Electronics, 11.","DOI":"10.3390\/electronics11040602"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"561","DOI":"10.1007\/s10586-021-03426-w","article-title":"A Stacked Deep Learning Approach to Cyber-Attacks Detection in Industrial Systems: Application to Power System and Gas Pipeline Systems","volume":"25","author":"Wang","year":"2022","journal-title":"Clust. Comput."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"4007","DOI":"10.1109\/TSG.2023.3237011","article-title":"Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning","volume":"14","author":"Presekal","year":"2023","journal-title":"IEEE Trans. Smart Grid"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1016\/j.neunet.2022.12.011","article-title":"Proposed Algorithm for Smart Grid DDoS Detection Based on Deep Learning","volume":"159","author":"Diaba","year":"2023","journal-title":"Neural Netw."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"S\u00f6\u011f\u00fct, E., and Erdem, O.A. (2023). A Multi-Model Proposal for Classification and Detection of DDoS Attacks on SCADA Systems. Appl. Sci., 13.","DOI":"10.3390\/app13105993"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Altaha, M., and Hong, S. (2022). Anomaly Detection for SCADA System Security Based on Unsupervised Learning and Function Codes Analysis in the DNP3 Protocol. Electronics, 11.","DOI":"10.3390\/electronics11142184"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Yang, K., Zhang, J., Xu, Y., and Chao, J. (2020, January 20\u201324). DDoS Attacks Detection with AutoEncoder. Proceedings of the IEEE\/IFIP Network Operations and Management Symposium, Budapest, Hungary.","DOI":"10.1109\/NOMS47738.2020.9110372"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"1589","DOI":"10.3390\/make5040080","article-title":"Reconstruction-Based Adversarial Attack Detection in Vision-Based Autonomous Driving Systems","volume":"5","author":"Hussain","year":"2023","journal-title":"Mach. Learn. Knowl. Extr."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Stocco, A., and Tonella, P. (2020, January 12\u201315). Towards Anomaly Detectors that Learn Continuously. Proceedings of the IEEE International Symposium on Software Reliability Engineering Workshop, Coimbra, Portugal.","DOI":"10.1109\/ISSREW51248.2020.00073"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/JPROC.2014.2371999","article-title":"Software-Defined Networking: A Comprehensive Survey","volume":"103","author":"Kreutz","year":"2015","journal-title":"Proc. IEEE"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"116748","DOI":"10.1016\/j.eswa.2022.116748","article-title":"A Novel Approach for Accurate Detection of the DDoS Attacks in SDN-Based SCADA Systems Based on Deep Recurrent Neural Networks","volume":"197","author":"Polat","year":"2022","journal-title":"Expert Syst. Appl."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Sulaiman, M.A., and Labadin, J. (2015, January 4\u20135). Feature Selection Based on Mutual Information. Proceedings of the 2015 9th International Conference on IT in Asia (CITA), Sarawak, Malaysia.","DOI":"10.1109\/CITA.2015.7349827"},{"key":"ref_32","first-page":"1","article-title":"Feature Selection: A Data Perspective","volume":"50","author":"Li","year":"2017","journal-title":"ACM Comput. Surv."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1016\/j.neucom.2017.11.077","article-title":"Feature Selection in Machine Learning: A New Perspective","volume":"300","author":"Cai","year":"2018","journal-title":"Neurocomputing"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Jo, I., Lee, S., and Oh, S. (2019). Improved Measures of Redundancy and Relevance for MRMR Feature Selection. Computers, 8.","DOI":"10.3390\/computers8020042"},{"key":"ref_35","first-page":"251","article-title":"Brain Tumor Detection Using a Combination of Bayesian Optimization Based SVM Classifier and Fine-Tuned Based Deep Features","volume":"27","year":"2021","journal-title":"Eur. J. Sci. Technol."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"671","DOI":"10.1016\/j.renene.2015.11.073","article-title":"Machine Learning Ensembles for Wind Power Prediction","volume":"89","author":"Heinermann","year":"2016","journal-title":"Renew. Energy"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3054925","article-title":"A Survey on Ensemble Learning for Data Stream Classification","volume":"50","author":"Gomes","year":"2017","journal-title":"ACM Comput. Surv."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1002\/widm.1249","article-title":"Ensemble Learning: A Survey","volume":"8","author":"Sagi","year":"2018","journal-title":"Wiley Interdiscip. Rev. Data Min. Knowl. Discov."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"122385","DOI":"10.1109\/ACCESS.2021.3109465","article-title":"A Hardware-in-the-Loop Water Distribution Testbed Dataset for Cyber-Physical Security Testing","volume":"9","author":"Faramondi","year":"2021","journal-title":"IEEE Access"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Alwabisi, S., Ouni, R., and Saleem, K. (2022). Using Machine Learning and Software-Defined Networking to Detect and Mitigate DDoS Attacks in Fiber-Optic Networks. Electronics, 11.","DOI":"10.3390\/electronics11234065"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Nurjahan, F., Nizam, S., Chaki, S., Al, M., and Kaiser, M.S. (2016, January 7\u20139). Attack detection and prevention in the Cyber Physical System. Proceedings of the International Conference on Computer Communication and Informatics, Coimbatore, India.","DOI":"10.1109\/ICCCI.2016.7480022"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"108635","DOI":"10.1016\/j.compeleceng.2023.108635","article-title":"Stacking Ensemble Approach for Ddos Attack Detection in Software-Defined Cyber-Physical Systems","volume":"107","author":"Mall","year":"2023","journal-title":"Comput. Electr. Eng."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"666130","DOI":"10.3389\/fenrg.2021.666130","article-title":"Coordinated Cyber-Attack Detection Model of Cyber-Physical Power System Based on the Operating State Data Link","volume":"9","author":"Wang","year":"2021","journal-title":"Front. Energy Res."},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1007\/s10723-023-09662-1","article-title":"Cyber Physical System for Distributed Network Using DoS Based Hierarchical Bayesian Network","volume":"21","author":"Ma","year":"2023","journal-title":"J. Grid. Comput."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"860","DOI":"10.1109\/TII.2020.2974520","article-title":"Deep Learning-Based DDoS-Attack Detection for Cyber-Physical System Over 5G Network","volume":"17","author":"Hussain","year":"2021","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_46","first-page":"e2","article-title":"A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)","volume":"4","author":"Quamar","year":"2017","journal-title":"EAI Endorsed Trans. Secur. Saf."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"106432","DOI":"10.1016\/j.engappai.2023.106432","article-title":"Towards a Machine Learning-Based Framework for DDOS Attack Detection in Software-Defined IoT (SD-IoT) Networks","volume":"123","author":"Bhayo","year":"2023","journal-title":"Eng. Appl. Artif. Intell."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/1\/155\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T21:42:45Z","timestamp":1760132565000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/1\/155"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,27]]},"references-count":47,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,1]]}},"alternative-id":["s24010155"],"URL":"https:\/\/doi.org\/10.3390\/s24010155","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,12,27]]}}}