A Bayesian Game-Theoretic Intrusion Detection System for Hypervisor-Based Software Defined Networks in Smart Grids

y The future smart grids (SGs) require advanced capabilities in terms of automation, processing, monitoring, and communication. The most crucial component in the successful sustainability of SGs is communication management. In the vSDNs, a hypervisor is implemented between a physical infrastructure and a control plane that abstracts the underlying SDN infrastructure into multiple isolated virtual slices, i.e., we can have multiple vSDNs each with its controller. For that purpose, the virtualized SDNs offer a promising solution as they offer better network management, programmability, and virtualization. However, vSDN-based SGs are prone to many security issues. To disturb operations of the SGs, the security of the vSDN can be compromised by manipulating the jeopardized switches in the DDoS attacks to repress the resources of vSDN controllers. To prevent the exploitation of a vSDN-based SG architecture and preserve its limited resources, this paper formulates the strategic interaction between a hypervisor monitoring its vSDN controllers and the source of new flow requests potentially launching a DDoS attack, via compromised switches, as a non-cooperative dynamic Bayesian game of intrusion detection. Our game model enables a hypervisor to distribute its limited resources to monitor guest vSDN controllers optimally. The performance evaluation via simulations shows that our game model enables a hypervisor not only to increase the probability of detecting distributed attacks and minimize false positives but at the same time, its monitoring costs get reduced as the allocation of resources to monitor vSDN controllers depends upon its belief about the source of the attacks that it forms based on its observation.