CN114124456B - Safety detection method and device for comprehensive energy system, electronic equipment and storage medium - Google Patents

Safety detection method and device for comprehensive energy system, electronic equipment and storage medium Download PDF

Info

Publication number
CN114124456B
CN114124456B CN202111235745.2A CN202111235745A CN114124456B CN 114124456 B CN114124456 B CN 114124456B CN 202111235745 A CN202111235745 A CN 202111235745A CN 114124456 B CN114124456 B CN 114124456B
Authority
CN
China
Prior art keywords
particle swarm
particle
optimal
elite
safety detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111235745.2A
Other languages
Chinese (zh)
Other versions
CN114124456A (en
Inventor
周杰
刘梦涵
吕新
朱锐
曲欣
黎劲松
苏革
黄超
常泳
李景云
张泽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xinjiang Tianfu Energy Co ltd
Shihezi University
Original Assignee
Xinjiang Tianfu Energy Co ltd
Shihezi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xinjiang Tianfu Energy Co ltd, Shihezi University filed Critical Xinjiang Tianfu Energy Co ltd
Priority to CN202111235745.2A priority Critical patent/CN114124456B/en
Publication of CN114124456A publication Critical patent/CN114124456A/en
Application granted granted Critical
Publication of CN114124456B publication Critical patent/CN114124456B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/213Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
    • G06F18/2135Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods based on approximation criteria, e.g. principal component analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/004Artificial life, i.e. computing arrangements simulating life
    • G06N3/006Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/0418Architecture, e.g. interconnection topology using chaos or fractal principles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/086Learning methods using evolutionary algorithms, e.g. genetic algorithms or genetic programming
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N7/00Computing arrangements based on specific mathematical models
    • G06N7/08Computing arrangements based on specific mathematical models using chaos models or non-linear system models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Computer Security & Cryptography (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Nonlinear Science (AREA)
  • Algebra (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physiology (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The invention provides a safety detection method, a safety detection device, electronic equipment and a storage medium of an integrated energy system, wherein the method comprises the steps of acquiring network intrusion data in the integrated energy system; inputting the network intrusion data into a security detection model to obtain a detection result of network intrusion; the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample; the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; and the parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm. According to the method, the device, the electronic equipment and the storage medium, the weight of the safety detection model is optimized through the chaotic elite particle swarm algorithm, so that the parameters of the safety detection model are more accurate, and the accuracy of network intrusion data detection is improved.

Description

Safety detection method and device for comprehensive energy system, electronic equipment and storage medium
Technical Field
The invention relates to the technical field of comprehensive energy system detection, in particular to a safety detection method and device for a comprehensive energy system, electronic equipment and a storage medium.
Background
Nowadays, the comprehensive energy system realizes the full collection and the full coverage of water, electricity and hot gas information through data networking sharing and deep application service. The comprehensive energy system fully integrates the operation of energy sources such as water, electricity, hot gas and the like with electronic information and Internet technology, realizes the quick interaction of information in the operation of an energy system, and the data transmission is developed towards the bidirectionality, so that the service efficiency of energy services is improved to the maximum extent, and the quality of life and the level of people are changed to a great extent.
In the application process of the comprehensive energy system, the most safety problem is the malicious attack of lawless persons in the network on the comprehensive energy system. In the integrated energy system, the received and transmitted data are very important, and the attack of an attacker on the energy system may cause data loss in the system, so that the integrated energy system cannot normally operate, and huge economic loss is caused. Therefore, how to realize efficient and safe operation of the integrated energy system is a main subject at present.
The intrusion detection technology is used as an efficient protection means, and can monitor abnormal flow and illegal attacks in the system in real time. The intrusion detection technology is applied to the comprehensive energy system, abnormal conditions of logs and network flow in equipment can be monitored, potential safety hazards existing in system operation can be found in time, an active defense mechanism is formed, and detection efficiency is improved. However, in the construction of the integrated energy system, the integrated energy network is larger and more complex, the number of corresponding open network ports is increased with the increase of the number of users, the intrusion detection system is reduced in operation speed due to the influx of a large amount of data, the false alarm rate is high, and the operation efficiency of the integrated energy system is reduced to a great extent. Therefore, how to improve the accuracy of intrusion detection is a key research content of the safety protection system of the integrated energy system.
Disclosure of Invention
The invention provides a safety detection method and device for an integrated energy system, electronic equipment and a storage medium, which are used for solving the defect of insufficient detection precision of intrusion data in the prior art and realizing the improvement of the detection accuracy of the intrusion data.
The invention provides a safety detection method of a comprehensive energy system, which comprises the following steps:
acquiring network intrusion data in the comprehensive energy system;
inputting the network intrusion data into a security detection model to obtain a detection result of network intrusion;
the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample;
the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; and parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm.
According to the safety detection method of the comprehensive energy system provided by the invention, the parameters of the safety detection model are obtained by adjusting and optimizing according to the chaotic elite particle swarm algorithm, and the method comprises the following steps:
encoding a particle swarm and calculating the fitness, and collecting the position of the particle swarm; wherein the fitness is consistent with a training error of the safety detection model;
performing iterative update on the particle swarm to obtain the position of the particle swarm after the iterative update;
obtaining the optimal position of the particle swarm through multiple iterative updating, and selecting the optimal particle in each iterative updating process from the particle swarm corresponding to the optimal position;
and assigning the parameters of the optimal particles to the safety detection model under the condition that the iteration updating times are confirmed to meet a preset threshold value.
According to the safety detection method of the comprehensive energy system provided by the invention,
before the optimal position of the particle swarm is obtained through multiple iterative updates and the optimal particle in each iterative update process is selected from the particle swarm corresponding to the optimal position, the method further comprises the following steps:
perturbing the particle swarm by adopting a chaotic search mechanism, and changing the position parameters of the particle swarm;
the obtaining of the optimal position of the particle swarm through multiple iterative updates, and selecting the optimal particle in each iterative update process from the particle swarm corresponding to the optimal position, includes:
and iteratively updating the disturbed particle swarm for multiple times, acquiring the optimal position of the particle swarm from the position parameter updated in each iteration, and selecting the optimal particles in the iterative updating process in each iteration from the particle swarm corresponding to the optimal position.
According to the safety detection method of the comprehensive energy system provided by the invention, the selection of the optimal particles in each iterative updating process from the particle swarm corresponding to the optimal position comprises the following steps:
calculating the fitness of each particle in the particle swarm after iterative update, selecting an elite individual updated in each iteration based on the fitness and storing the elite individual in an array;
collecting the particles with the lowest fitness after each iteration update, and comparing the particles with the elite particles before the iteration update;
and under the condition that the particle with the lowest fitness after iterative update is lower than the fitness of the elite particle, taking the elite particle after iterative update as the optimal particle.
According to the safety detection method of the comprehensive energy system provided by the invention, after the iterative updated elite particles are taken as the optimal particles under the condition that the particles with the lowest fitness after the iterative update are confirmed to be lower than the fitness of the elite particles, the method further comprises the following steps: :
and calculating errors again based on the weights adjusted by the chaotic elite particle swarm algorithm, and reversely propagating the errors to modify the weights of the safety detection model until the errors are minimum.
According to the safety detection method of the comprehensive energy system provided by the invention, the safety detection model is obtained by training based on data samples and detection results corresponding to the data samples, and the safety detection method comprises the following steps:
performing feature extraction, feature selection and standardization on the data sample to obtain a preprocessed sample;
and the safety detection model is obtained by training based on the detection results corresponding to the preprocessing sample and the data sample.
The invention also provides a safety detection device of the comprehensive energy system, which comprises:
the data acquisition module is used for acquiring network intrusion data in the comprehensive energy system;
the detection module is used for inputting the network intrusion data into a security detection model to obtain a detection result of network intrusion;
the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample;
the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; and the parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the steps of the safety detection method of the comprehensive energy system.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method for integrated energy system safety detection as described in any of the above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of the method for detecting the safety of an integrated energy system as described in any one of the above.
According to the comprehensive energy system safety detection method, the device, the electronic equipment and the storage medium, the weight of the safety detection model is optimized through the chaos elite particle swarm algorithm, so that the parameters of the safety detection model are more accurate, and the accuracy of network intrusion data detection is improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a method for detecting the safety of an integrated energy system according to the present invention;
FIG. 2 is a second schematic flow chart of the safety inspection method for integrated energy system according to the present invention;
FIG. 3 is a diagram illustrating the effect of the method for detecting the safety of the integrated energy system according to the present invention;
FIG. 4 is a schematic structural diagram of an integrated energy system safety detection device provided by the invention;
fig. 5 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The method for detecting the safety of the integrated energy system provided by the invention is described below with reference to fig. 1 to 3.
Referring to fig. 1, the invention provides a safety detection method for an integrated energy system, comprising the following steps:
step 110: acquiring network intrusion data in the comprehensive energy system;
specifically, the network intrusion data refers to a connection record generated when a user side is connected with a network, and illegal attacks are performed on the network by using vulnerabilities and security defects of the network.
Step 120: inputting the network intrusion data into a security detection model to obtain a detection result of network intrusion;
the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample;
the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; and parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm.
Specifically, the safety detection model is built based on a BP neural network, and the purpose of the safety detection model is to detect network intrusion data of the comprehensive energy, so that the safety protection capability of the comprehensive energy is improved.
Before step 120 is executed, a security detection model needs to be trained in advance, and specifically, the security detection model may be trained in the following manner: firstly, a large number of network intrusion data samples are collected, and detection results of the data samples are obtained through manual marking. And inputting the data sample into an initial model of the safety detection model for training until the safety detection model meeting parameter conditions is obtained.
In the training process, parameters of the safety detection model need to be adjusted and optimized through a chaotic elite particle swarm algorithm, so that model parameters with smaller errors are obtained, and the accuracy of a detection result is improved.
The chaos elite particle swarm algorithm is an algorithm for continuously evolving a particle swarm by continuously iterating and updating particles in the swarm, changing the positions and the speeds of the particles and obtaining elite particles in the swarm. All particles in space are first assigned an initial random position and an initial random velocity. And then sequentially advancing the position of each particle according to the speed of each particle, the known optimal global position in the problem space and the known optimal position of the particle, and finally selecting the final elite particle from the particle swarm at the optimal position.
According to the method, the device, the electronic equipment and the storage medium for detecting the safety of the comprehensive energy system, the weight of the safety detection model is optimized through the chaos elite particle swarm algorithm, so that the parameters of the safety detection model are more accurate, and the accuracy of network intrusion data detection is improved.
Based on the above embodiment, the parameters of the safety detection model are obtained by adjusting and optimizing according to the chaotic elite particle swarm algorithm, and the method includes the following steps:
encoding a particle swarm and calculating the fitness, and collecting the position of the particle swarm; wherein the fitness is consistent with a training error of the safety detection model;
performing iterative update on the particle swarm to obtain the position of the particle swarm after the iterative update;
obtaining the optimal position of the particle swarm through multiple iterative updating, and selecting the optimal particle in each iterative updating process from the particle swarm corresponding to the optimal position;
and assigning the parameters of the optimal particles to the safety detection model under the condition that the iterative updating times are confirmed to meet a preset threshold value.
Specifically, before iteratively updating the particle swarm, an initial particle swarm needs to be encoded, an initial error value of the BP neural network is taken as an initial fitness of the particle swarm, and position information of the initial particle swarm is acquired.
After each iterative update, a new particle swarm is acquired. After repeated iteration updating, selecting a particle swarm with the best position, and then selecting an optimal particle from the particle swarm. And after the iteration times meeting the preset threshold value, selecting the final optimal particles, and assigning the parameters of the optimal particles to the safety detection model.
In the embodiment, the particle swarm with the best position is found out from multiple iterative updates by adopting the elite retention strategy, the optimal particles are selected from the particle swarm, and the obtained parameters of the optimal particles are assigned to the safety detection model, so that the parameter accuracy of the safety detection model is related to the global search capability and the optimization searching capability of the chaotic elite algorithm, the model parameters are more accurate and credible, and the safety detection capability of the comprehensive energy system is further improved.
Based on the above embodiment, the selecting an optimal particle in each iterative update process from the particle swarm corresponding to the optimal position includes:
perturbing the particle swarm by adopting a chaotic search mechanism, and changing the position parameters of the particle swarm;
and iteratively updating the disturbed particle swarm for multiple times, acquiring the optimal position of the particle swarm from the position parameter updated in each iteration, and selecting the optimal particles in the iterative updating process in each iteration from the particle swarm corresponding to the optimal position.
In the embodiment, a chaos search mechanism is adopted to disturb the particle swarm, and when the disturbed particle swarm is subjected to iterative updating, the disturbed particle swarm is not easily influenced by the previous iterative updating parameters, so that the randomness and the convenience in each iterative process are improved.
Optionally, the selecting an optimal particle in each iterative update process from the particle swarm corresponding to the optimal position includes:
calculating the fitness of each particle in the particle swarm after iterative updating, selecting an elite individual updated in each iteration based on the fitness and storing the elite individual in an array;
collecting the particles with the lowest fitness after each iteration update, and comparing the particles with the elite particles before the iteration update;
and under the condition that the particle with the lowest fitness after iterative updating is lower than the fitness of the elite particle, taking the elite particle after iterative updating as the optimal particle.
Specifically, in the iterative update process, the fitness of the particle swarm after each iterative update needs to be obtained, and the fitness is stored in the array. Each iteration updating needs to keep two particles with the lowest fitness and the best fitness, namely an inferior particle and an elite particle. And comparing the fitness of the inferior particle subjected to next iteration updating with the fitness of the elite particle subjected to last iteration updating, wherein if the fitness of the new inferior particle is higher than that of the elite particle of the previous generation, the particle swarm is continuously evolved along with the iteration updating, and the fitness is gradually improved, namely the parameters of the particles are more and more accurate. The elite particles updated by the last iteration are used as optimal particles, the particles are updated by multiple iterations, the fitness of the particles is better, and the parameters of the particles are assigned to the security inspection model, so that the error of the model is smaller, and the accuracy of network intrusion data detection can be improved.
Further, the safety detection method of the comprehensive energy system further comprises the following steps:
and calculating errors again based on the weights adjusted by the chaotic elite particle swarm algorithm, and reversely propagating the errors to modify the weights of the safety detection model until the errors are minimum.
In the embodiment, the error is calculated again by the weight parameter adjusted based on the chaotic elite particle swarm algorithm, and the error adjustment is continued, so that the error parameter of the safety detection model is continuously reduced until the model convergence is achieved.
Based on any of the above embodiments, the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample, and includes:
performing feature extraction, feature selection and standardization on the data sample to obtain a preprocessed sample;
and the safety detection model is obtained by training based on the detection results corresponding to the preprocessing sample and the data sample.
In this embodiment, before the safety detection model is trained, the acquired data samples of the integrated energy system are preprocessed.
Firstly, performing matrixing on a data sample; then analyzing the data by utilizing a PCA technology to select characteristics; the data was then normalized. The PCA technology, namely a principal component analysis technology, also called principal component analysis technology, aims to convert multiple indexes into a few comprehensive indexes by using the idea of dimension reduction. And processing the data sample by utilizing a PCA (principal component analysis) technology, reducing the influence of the characteristic attribute on the detection result, and then standardizing the data so as to avoid influencing the accuracy of the data.
Referring to fig. 2 and 3, the flow of the comprehensive energy detection method provided by the present invention is described in detail as follows:
s1: and (4) counting all data in the comprehensive energy system, and performing matrixing processing on all the data.
S2: and performing feature selection by using a PCA technology, performing standardization processing on the network intrusion data, performing feature selection by using PCA analysis data, and determining principal components and the number of the principal components according to the contribution degree.
S3: determining the topology of the BP neural network. And determining the number of the input and output layers of the BP neural network according to the number of the main components.
S4: initializing parameters of the chaotic elite particle swarm and the BP neural network. Such as the size of the population size in the algorithm, learning factors, iteration times and weight values.
S5: and (4) training data of the BP neural network, and classifying the data set.
S6: and optimizing the weight of the BP neural network by the chaotic elite particle group. In the comprehensive energy system, the BP neural network calls a chaotic elite particle swarm algorithm to adjust the weight and the threshold value, so that the detection rate of the intrusion protection system is improved.
S7: and the BP neural network obtains the optimal weight and updates the optimal weight. And assigning the optimal solution found by the chaotic elite particle swarm algorithm to a neural network, and calculating an error and updating the weight after the BP neural network obtains the optimal weight.
S8: and outputting a network intrusion detection result, and calculating the correct rate and the false alarm rate.
Wherein, step S5 includes the following steps:
s51: forward computation and propagation of the received signal. The forward computation and propagation process is handled by a three-layer neural network. The error calculation is performed from the input to the output direction. The signal is transmitted from the input layer, the hidden layer processes the signal, calculates the state and activation value of each layer, and then is transmitted from the hidden layer to the output layer. It can be seen that in the BP neural network, the signal is transmitted in the forward direction. When the output value of the output layer exceeds a given error, the error signal is propagated back to the second stage of learning.
S52: feedback and correction of error signals. The error back-propagation process is mainly a process of back-learning from the output for error signals exceeding a given error value. The error signal is transmitted from the output back to the hidden layer and then to the input layer. And meanwhile, calculating the error of each layer, and reversely propagating the calculated errors layer by layer to correct the weight of the BP neural network. After many times of calculation and adjustment, the weight and the offset value reach the best value until the output layer meets the given error precision, and the learning process of the BP neural network is finished.
The chaotic elite particle swarm algorithm comprises the following steps of:
s61: the particles in the population are encoded and fitness values are calculated.
S62: and updating the flight speed and the position of the particles in the population, and setting the searching range of the maximum and minimum flight speed control particles.
S63: a chaotic search mechanism is adopted to initialize the particles, so that the randomness and the convenience in each iteration process are increased.
S64: adopting an elite reservation strategy to reserve elite individuals in each generation of population
S65: and judging whether the set iteration times are reached, if not, returning to S62, and if so, outputting a result and feeding back the result to the BP neural network.
The specific process of step S61:
s611: the particle individual code in the invention adopts a real number coding mode to code. Because the weight of the BP neural network and the dimension of the search space of the particles are mapped mutually, the number of the weight and the threshold of the BP neural network is the same as the number of elements contained in each particle individual, and the parameters in the algorithm are ensured to be in one-to-one correspondence.
S612: each individual particle is a real number string. The real number string comprises four parts, namely connection weight of an input layer and a hidden layer in the BPNN, a hidden layer threshold value, correlation weight of the hidden layer and an output layer, and an output layer threshold value. Thus, each individual contains all the weights of the neural network.
S613: the fitness value of an individual corresponds to the error after the neural network training, the training error of the BP neural network is regarded as the fitness of particles in the chaotic elite particle swarm algorithm, the smaller the fitness value is, the smaller the representation error is, the smaller the number of classified errors is, and the better the intrusion detection effect of the comprehensive energy system is.
Step S62 includes the steps of:
s621: in the chaotic elite particle swarm optimization, the particles can find the current optimal position according to the positions of individuals and the population, and the search can be stopped until the global optimal position is found through continuous iterative update. And updating the current individual optimal value of the particles and the global optimal value of the population according to the steps S723 and S724.
S622: assuming that the number of particles in the CEPSO is N, the search space is D-dimensional, and the position of the ith particle at time t can be represented as X i =(x i1 ,x i2 ,…,x id ) t The current velocity of each particle individual can be expressed as V i =(v i1 ,v i2 ,…,v id ) t ,P i =(p i1 ,p i2 ,…,p id ) t Representing historical individual optimal positions, P, of particles g =(p g1 ,p g2 ,…,p gd ) t Representing the optimal location of the population.
S623:
Figure SMS_1
S624:
Figure SMS_2
S625: t denotes the current number of iterations, c 1 ,c 2 Individual and social learning factors, r, representing particles, respectively 1 ,r 2 Are two random numbers and W is the inertial weight.
Step S63 includes the steps of:
s631: and (3) adopting an improved Logistic mapping to generate a chaotic sequence to disturb each particle in the population.
S632:
Figure SMS_3
S633: t is the current iteration number, T is the maximum iteration number, D represents the dimension,
Figure SMS_4
is j dimension chaotic variable after t iterations.
Step S64 includes the steps of:
s641: and reserving one optimal particle individual after each iteration is finished and storing the optimal particle individual in the array.
S642: and (3) finding out the particles with the best and worst fitness in the new particle swarm, comparing with the elite individuals reserved in the previous generation, and if the current best particle is worse than the elite individuals in the previous generation, replacing the current best individual with the elite individual in the previous generation, otherwise, indicating that the population is in the process of continuing evolution.
Referring to fig. 3, fig. 3 shows the detection results of the BP neural network optimized by the chaotic elite particle swarm and the traditional particle swarm respectively. The fitness value in the graph represents the number of detection errors, and as can be seen from the graph, the traditional particle swarm classification has more errors, is easy to premature convergence, and has low detection accuracy; the chaotic elite particle swarm optimization in the comprehensive energy system safety detection method provided by the invention obviously reduces the number of classification errors when the BP neural network is used for detection, and obviously improves the accuracy.
The invention utilizes a KDD99 data set to test the chaos elite particle swarm algorithm, and the KDD99 is a data set for simulating network attack published in 1999 of IDS experiments of Columbia university. The KDD99 data set can be divided into 4 large classes (DOS, R2L, U2L, PROBING) according to the attack types, and 39 kinds of network attacks are in total. 5000 data testing chaotic elite particle swarm optimization are randomly selected from a KDD99 data set of 10% to optimize the weight and the threshold of the BP neural network.
Non-numeric data needs to be processed since not all data in the KDD99 dataset are numeric and cannot be processed when trained with the BP neural network.
The specific operation is as follows: firstly, counting the non-numerical type data in each attribute, secondly, arranging the data according to the letter sequence, and finally, selecting proper numbers to replace the non-numerical type data.
In this example, the attribute values of the second column of the selected data are three types, ICMP, UDP, and TCP, ICMP being denoted by 10, UDP being denoted by 11, and TCP being denoted by 12. According to the method, all non-numerical data are quantified, including the attack types of the last column.
Because the difference of the attribute values in the selected data set is large, the data is normalized. The data normalization has the advantages that the distributivity of the data is counted by summarizing the data, so that the influence of some special values on the experiment is reduced, and the influence of different measurement units on the training result is avoided. Secondly, the data set selected in the example has 41-dimensional characteristic attributes, and the PCA technology is utilized to select the characteristics, so that the influence of redundant data on the detection result is reduced.
The safety detection device for the integrated energy system provided by the invention is described below, and the safety detection device for the integrated energy system described below and the safety detection method for the integrated energy system described above can be referred to correspondingly.
Referring to fig. 4, the present invention further provides a safety detection apparatus for an integrated energy system, including:
the data acquisition module 210 is configured to acquire network intrusion data in the integrated energy system;
the detection module 220 is configured to input the network intrusion data into a security detection model to obtain a detection result of network intrusion;
the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample;
the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; and the parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm.
Optionally, the detection module further comprises the following modules:
a fitness calculation module: the system comprises a particle swarm, a computer, a data processing unit and a data processing unit, wherein the particle swarm is used for encoding and calculating the fitness of the particle swarm, and the position of the particle swarm is acquired; wherein the fitness is consistent with a training error of the safety detection model;
a position acquisition module: the particle swarm is used for performing iterative update on the particle swarm, and the position of the particle swarm after the iterative update is obtained;
an optimal particle acquisition module: the particle swarm optimization method comprises the steps of obtaining the optimal position of the particle swarm through multiple iterative updating, and selecting the optimal particle in each iterative updating process from the particle swarm corresponding to the optimal position;
an assignment module: and the parameter assignment module is used for assigning the parameter of the optimal particle to the safety detection model under the condition that the iterative updating times are confirmed to meet a preset threshold value.
Optionally, the detection module further includes the following modules:
a disturbance module: the device is used for perturbing the particle swarm by adopting a chaotic search mechanism and changing the position parameters of the particle swarm;
an optimal particle acquisition module: and the particle swarm which is subjected to disturbance is subjected to iterative update for multiple times, the optimal position of the particle swarm is obtained from the position parameter updated in each iteration, and the optimal particles in the iterative update process in each iteration are selected from the particle swarm corresponding to the optimal position.
Optionally, the optimal particle obtaining module further includes the following modules:
an elite individual selection module: the system is used for calculating the fitness of each particle in the particle swarm after iterative update, selecting an elite individual updated in each iterative update based on the fitness and storing the elite individual in an array;
a comparison module: the particle with the lowest fitness after each iteration update is collected and compared with the elite particles before the iteration update;
an optimal particle confirmation module: and the method is used for taking the iteratively updated elite particles as the optimal particles under the condition that the particles with the lowest fitness after iterative updating are lower than the fitness of the elite particles.
Optionally, the safety inspection of the integrated energy system further comprises the following modules:
an error adjustment module: and the method is used for calculating errors again based on the weights adjusted by the chaotic elite particle swarm algorithm, and reversely propagating the errors to modify the weights of the safety detection model until the errors are minimum.
Optionally, the detection module further comprises the following modules:
a preprocessing module: the system is used for carrying out feature extraction, feature selection and standardization on the data sample to obtain a preprocessed sample;
and the safety detection model is obtained by training based on the detection results corresponding to the preprocessing sample and the data sample.
Fig. 5 illustrates a physical structure diagram of an electronic device, which may include: a processor (processor) 510, a communication Interface (Communications Interface) 520, a memory (memory) 530 and a communication bus 540, wherein the processor 510, the communication Interface 520 and the memory 530 communicate with each other via the communication bus 540. Processor 510 may invoke logic instructions in memory 530 to perform an integrated energy system security detection method comprising: acquiring network intrusion data in the comprehensive energy system;
inputting the network intrusion data into a security detection model to obtain a detection result of network intrusion;
the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample;
the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; and parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm.
Furthermore, the logic instructions in the memory 530 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention further provides a computer program product, the computer program product comprising a computer program, the computer program being stored on a non-transitory computer readable storage medium, wherein when the computer program is executed by a processor, the computer is capable of executing the integrated energy system security detection method provided by the above methods, the method comprising: acquiring network intrusion data in the comprehensive energy system;
inputting the network intrusion data into a security detection model to obtain a detection result of network intrusion;
the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample;
the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; and parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm.
In another aspect, the present invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, the computer program being implemented by a processor to perform the method for detecting safety of an integrated energy system provided by the above methods, the method including: acquiring network intrusion data in the comprehensive energy system;
inputting the network intrusion data into a security detection model to obtain a detection result of network intrusion;
the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample;
the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; and the parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment may be implemented by software plus a necessary general hardware platform, and may also be implemented by hardware. Based on the understanding, the above technical solutions substantially or otherwise contributing to the prior art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the various embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (7)

1. A safety detection method for an integrated energy system is characterized by comprising the following steps:
acquiring network intrusion data in the comprehensive energy system;
inputting the network intrusion data into a security detection model to obtain a detection result of network intrusion;
the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample;
the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; the parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm;
the parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm, and the method comprises the following steps:
encoding a particle swarm and calculating the fitness, and collecting the position of the particle swarm; the fitness is consistent with the training error of the safety detection model;
performing iterative update on the particle swarm to obtain the position of the particle swarm after the iterative update;
obtaining the optimal position of the particle swarm through multiple iterative updating, and selecting the optimal particle in each iterative updating process from the particle swarm corresponding to the optimal position;
assigning the parameters of the optimal particles to the safety detection model under the condition that the iterative updating times are confirmed to meet a preset threshold value;
selecting the optimal particle in each iteration updating process from the particle swarm corresponding to the optimal position comprises the following steps:
calculating the fitness of each particle in the particle swarm after iterative updating, selecting an elite individual updated in each iteration based on the fitness and storing the elite individual in an array;
collecting the particles with the lowest fitness after each iteration update, and comparing the particles with the elite particles before the iteration update;
and under the condition that the particle with the lowest fitness after iterative updating is lower than the fitness of the elite particle, taking the elite particle after iterative updating as the optimal particle.
2. The safety detection method for the integrated energy system according to claim 1, wherein before obtaining the optimal positions of the particle swarm through multiple iterative updates and selecting the optimal particles in each iterative update process from the particle swarm corresponding to the optimal positions, the method further comprises:
perturbing the particle swarm by adopting a chaotic search mechanism, and changing the position parameters of the particle swarm;
the obtaining of the optimal position of the particle swarm through multiple iterative updates, and selecting the optimal particle in each iterative update process from the particle swarm corresponding to the optimal position, includes:
and iteratively updating the disturbed particle swarm for multiple times, acquiring the optimal position of the particle swarm from the position parameter updated in each iteration, and selecting the optimal particles in the iterative updating process in each iteration from the particle swarm corresponding to the optimal position.
3. The safety detection method for the integrated energy system according to claim 1, wherein after determining that the iteratively updated elite particles are the most suitable particles for the situation that the particles with the lowest suitability after the iterative update are lower than the suitability of the elite particles, the method further comprises:
and calculating errors again based on the weights adjusted by the chaotic elite particle swarm algorithm, and reversely propagating the errors to modify the weights of the safety detection model until the errors are minimum.
4. The safety detection method for the integrated energy system according to claim 1, wherein the safety detection model is trained based on data samples and detection results corresponding to the data samples, and comprises:
performing feature extraction, feature selection and standardization on the data sample to obtain a preprocessed sample;
and the safety detection model is obtained by training based on the detection results corresponding to the preprocessing sample and the data sample.
5. An integrated energy system safety detection device, comprising:
the data acquisition module is used for acquiring network intrusion data in the comprehensive energy system;
the detection module is used for inputting the network intrusion data into a security detection model to obtain a detection result of network intrusion;
the safety detection model is obtained by training based on a data sample and a detection result corresponding to the data sample;
the security detection model is used for detecting the network intrusion data based on the representation characteristics obtained by extracting the characteristics of the network intrusion data; the parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm;
the parameters of the safety detection model are obtained by adjusting and optimizing according to a chaotic elite particle swarm algorithm, and the method comprises the following steps:
encoding the particle swarm and calculating the fitness, and collecting the position of the particle swarm; wherein the fitness is consistent with a training error of the safety detection model;
performing iterative update on the particle swarm to obtain the position of the particle swarm after the iterative update;
obtaining the optimal position of the particle swarm through multiple iterative updating, and selecting the optimal particle in each iterative updating process from the particle swarm corresponding to the optimal position;
assigning the parameters of the optimal particles to the safety detection model under the condition that the iterative updating times are confirmed to meet a preset threshold value;
the selecting the optimal particle in each iterative updating process from the particle swarm corresponding to the optimal position comprises:
calculating the fitness of each particle in the particle swarm after iterative updating, selecting an elite individual updated in each iteration based on the fitness and storing the elite individual in an array;
collecting the particles with the lowest fitness after each iteration update, and comparing the particles with the elite particles before the iteration update;
and under the condition that the particle with the lowest fitness after iterative updating is lower than the fitness of the elite particle, taking the elite particle after iterative updating as the optimal particle.
6. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the program to perform the steps of the method according to any one of claims 1 to 4.
7. A non-transitory computer readable storage medium having a computer program stored thereon, wherein the computer program when executed by a processor implements the steps of the integrated energy system safety check method according to any one of claims 1 to 4.
CN202111235745.2A 2021-10-22 2021-10-22 Safety detection method and device for comprehensive energy system, electronic equipment and storage medium Active CN114124456B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111235745.2A CN114124456B (en) 2021-10-22 2021-10-22 Safety detection method and device for comprehensive energy system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111235745.2A CN114124456B (en) 2021-10-22 2021-10-22 Safety detection method and device for comprehensive energy system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114124456A CN114124456A (en) 2022-03-01
CN114124456B true CN114124456B (en) 2023-04-07

Family

ID=80376643

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111235745.2A Active CN114124456B (en) 2021-10-22 2021-10-22 Safety detection method and device for comprehensive energy system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114124456B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117350891A (en) * 2023-09-27 2024-01-05 广东电网有限责任公司 Power grid safety detection method and system based on particle swarm optimization model

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111625816A (en) * 2020-04-21 2020-09-04 江西理工大学 Intrusion detection method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109657404B (en) * 2019-01-08 2022-09-23 浙江大学 Automatic fault diagnosis system for coal mining machine based on chaos correction group intelligent optimization
CN109933577B (en) * 2019-03-08 2020-12-18 山东大学 Tunnel tunneling prediction method and system based on TBM rock-machine parameter dynamic interaction mechanism

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111625816A (en) * 2020-04-21 2020-09-04 江西理工大学 Intrusion detection method and device

Also Published As

Publication number Publication date
CN114124456A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
CN109922032B (en) Method, device, equipment and storage medium for determining risk of logging in account
CN108737406B (en) Method and system for detecting abnormal flow data
US11062199B2 (en) Fraudulent transaction detection method based on sequence wide and deep learning
CN106899440B (en) Network intrusion detection method and system for cloud computing
CN112165485A (en) Intelligent prediction method for large-scale network security situation
CN115412301B (en) Predictive analysis method and system for network security
CN110378430B (en) Network intrusion detection method and system based on multi-model fusion
CN112070357A (en) Radar radiation source threat assessment method based on improved BP neural network
Canbay et al. A hybrid method for intrusion detection
CN115987615A (en) Network behavior safety early warning method and system
CN112866292B (en) Attack behavior prediction method and device for multi-sample combination attack
CN117220978B (en) Quantitative evaluation system and evaluation method for network security operation model
Wang et al. A novel intrusion detector based on deep learning hybrid methods
CN114124456B (en) Safety detection method and device for comprehensive energy system, electronic equipment and storage medium
CN113660196A (en) Network traffic intrusion detection method and device based on deep learning
Megantara et al. Feature importance ranking for increasing performance of intrusion detection system
CN114448657B (en) Distribution communication network security situation awareness and abnormal intrusion detection method
CN117220920A (en) Firewall policy management method based on artificial intelligence
CN109871711B (en) Ocean big data sharing and distributing risk control model and method
KR102548321B1 (en) Valuable alert screening methods for detecting malicious threat
de Araujo et al. Impact of Feature Selection Methods on the Classification of DDoS Attacks using XGBoost
CN115577259A (en) Fault pole selection method and device for high-voltage direct-current transmission system and computer equipment
CN110197066B (en) Virtual machine monitoring method and system in cloud computing environment
CN114615026B (en) Abnormal flow detection method and device and electronic equipment
CN117692187B (en) Vulnerability restoration priority ordering method and device based on dynamics

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant