# Malicious Traffic Detection Method for Power Monitoring Systems Based on Multi-Model Fusion Stacking Ensemble Learning

**Authors:** Hao Zhang, Ye Liang, Yuanzhuo Li, Sihan Wang, Huimin Gong, Junkai Zhai, Hua Zhang

PMC · DOI: 10.3390/s25082614 · Sensors (Basel, Switzerland) · 2025-04-20

## TL;DR

This paper introduces a new method for detecting malicious traffic in power monitoring systems using a multi-model fusion approach, which improves accuracy and reduces false positives.

## Contribution

The novelty lies in using a stacking ensemble learning strategy to combine multiple models for better malicious traffic detection in power systems.

## Key findings

- The stacking model achieved 96.5% accuracy on the NSL-KDD test set.
- It showed an F1 score of 96.6% and a false-positive rate of 1.8%.
- The method outperformed single models in generalization and stability.

## Abstract

With the rapid development of the internet, the increasing amount of malicious traffic poses a significant challenge to the network security of critical infrastructures, including power monitoring systems. As the core part of the power grid operation, the network security of power monitoring systems directly affects the stability of the power system and the safety of electricity supply. Nowadays, network attacks are complex and diverse, and traditional rule-based detection methods are no longer adequate. With the advancement of machine learning technologies, researchers have introduced them into the field of traffic detection to address this issue. Current malicious traffic detection methods mostly rely on single machine learning models, which face problems such as poor generalization, low detection accuracy, and instability. To solve these issues, this paper proposes a malicious traffic detection method based on multi-model fusion, using the stacking strategy to integrate models. Compared to single models, stacking enhances the model’s generalization and stability, improving detection accuracy. Experimental results show that the accuracy of the stacking model on the NSL-KDD test set is 96.5%, with an F1 score of 96.6% and a false-positive rate of 1.8%, demonstrating a significant improvement over single models and validating the advantages of multi-model fusion in malicious traffic detection.

## Full-text entities

- **Diseases:** DoS (MESH:D019575), anomaly (MESH:D000013), injury to (MESH:D014947)
- **Species:** Homo sapiens (human, species) [taxon 9606]
- **Mutations:** M2, D2, R2L, T2

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12031292/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12031292/full.md

## References

26 references — full list in the complete paper: https://tomesphere.com/paper/PMC12031292/full.md

---
Source: https://tomesphere.com/paper/PMC12031292