Citation: AlHaddad, U.; Basuhail, A.; Khemakhem, M.; Eassa, F.E.; Jambi, K. Ensemble Model Based on Hybrid Deep Learning for Intrusion Detection in Smart Grid Networks. Sensors 2023, 23, 7464. https:// doi.org/10.3390/s23177464 Academic Editors: Tiago Cruz and Paulo Alexandre Ferreira Simões Received: 26 July 2023 Revised: 19 August 2023 Accepted: 22 August 2023 Published: 28 August 2023 Copyright: © 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/). sensors Article Ensemble Model Based on Hybrid Deep Learning for Intrusion Detection in Smart Grid Networks Ulaa AlHaddad * , Abdullah Basuhail *, Maher Khemakhem , Fathy Elbouraey Eassa and Kamal Jambi Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University (KAU), Jeddah 21589, Saudi Arabia; makhemakhem@kau.edu.sa (M.K.); feassa@kau.edu.sa (F.E.E.); kjambi@kau.edu.sa (K.J.) * Correspondence: ualhaddad0001@stu.kau.edu.sa (U.A.); abasuhail@kau.edu.sa (A.B.) Abstract: The Smart Grid aims to enhance the electric grid’s reliability, safety, and efficiency by utilizing digital information and control technologies. Real-time analysis and state estimation methods are crucial for ensuring proper control implementation. However, the reliance of Smart Grid systems on communication networks makes them vulnerable to cyberattacks, posing a significant risk to grid reliability. To mitigate such threats, efficient intrusion detection and prevention systems are essential. This paper proposes a hybrid deep-learning approach to detect distributed denial- of-service attacks on the Smart Grid’s communication infrastructure. Our method combines the convolutional neural network and recurrent gated unit algorithms. Two datasets were employed: The Intrusion Detection System dataset from the Canadian Institute for Cybersecurity and a custom dataset generated using the Omnet++ simulator. We also developed a real-time monitoring Kafka- based dashboard to facilitate attack surveillance and resilience. Experimental and simulation results demonstrate that our proposed approach achieves a high accuracy rate of 99.86%. Keywords: Smart Grid; deep learning; intrusion detection; distributed denial of service attacks; communication infrastructure; real-time monitoring 1. Introduction The Smart Grid, powered by digital information and control technologies, offers immense potential to transform the traditional electric grid into a more reliable, secure, and efficient system. The Smart Grid enables real-time analysis and precise control by integrating advanced communication networks and state estimation techniques, leading to optimized energy distribution and improved grid resilience. However, the increasing dependence on interconnected communication networks also exposes the Smart Grid to cyber threats, jeopardizing its reliability and functionality [1–5]. Electric utilities all over the world use SCADA (supervisory control and data acquisition) protocols. Those protocols are often used in Smart Grid operations to measure parameters, monitor processes, and control operations with measurement and control systems [3]. The electric network’s SCADA system is essential [6]. It comprises computer systems that talk to each other and share important information across networks. The widespread adoption of IT has made these systems susceptible to hacking attempts [5]. Therefore, the development of effective intrusion detection and prevention systems has become paramount to safeguarding the networks against such attacks [7–9]. Incorporating intrusion detection enables the detection of potential threats both before and after they infiltrate a system. The most effective method for integrating the gateway with an IEC 61850-based network is to implement it internally within the gateway [10]. IEC 61850 does not mandate any particular method for detecting attacks or repairing damage if it occurs; nevertheless, an intrusion detection system (IDS) might be used inside the grid to bolster IEC 61850’s security [11]. The prevalence of possible threats in the electric infrastructure grows with the rise of machine-to-machine (M2M) and human−machine Sensors 2023, 23, 7464. https://doi.org/10.3390/s23177464 https://www.mdpi.com/journal/sensors