CN115801412A - Method for extracting attack behavior characteristics of power internet of things information network - Google Patents
Method for extracting attack behavior characteristics of power internet of things information network Download PDFInfo
- Publication number
- CN115801412A CN115801412A CN202211445229.7A CN202211445229A CN115801412A CN 115801412 A CN115801412 A CN 115801412A CN 202211445229 A CN202211445229 A CN 202211445229A CN 115801412 A CN115801412 A CN 115801412A
- Authority
- CN
- China
- Prior art keywords
- data
- order
- side channel
- power internet
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention discloses an extraction method of network attack behavior characteristics of power internet of things information, which is used for performing collateral data introduction and secondary data construction on side channel information of power internet of things terminal equipment, realizing primary quantitative extraction of attack behavior characteristics and constructing a power internet of things network security monitoring data system by being used as a preposed data screening tool or being combined with other power network security monitoring data tools. The characteristic data obtained through the data processing process can preliminarily screen the space-time abnormal nodes of the global network, so that an optimized data set can be provided for subsequent data security, the computing power demand level of a security screening data tool system is reduced, and the working efficiency of the system is correspondingly improved; the invention realizes the integration of abnormal behaviors of the power internet of things and the construction of a global data processing model based on side channel information, orthogonal side data information and interaction of the side channel information and the orthogonal side data information.
Description
Technical Field
The invention relates to the technical field of power grid safety correlation, in particular to side-channel-based data characteristic analysis and extraction of abnormal attack behaviors of an electric power internet of things information network.
Background
At present, power networks have more and more development trends of discretization and internet of things. Particularly, with the continuous research and development of energy storage technology and distributed power supply, the architecture of a power grid working system is gradually changed, and the system is further replaced by an integrated type into a discrete type. For example, a single resident's roof solar power generation facility should be considered as a sub-node of the grid security protection system as long as it is connected to the grid system according to a certain standard.
Therefore, in a future power system, intelligent electronic products with communication transmission and information acquisition processing will be installed and applied more and more, including network internet of things and discretization brought by the distributed power supply and the energy storage system, and connotation terminals of traditional power internet of things such as a power distribution terminal, an intelligent electric meter, a power mobile operation terminal and the like, so that more and more open communication protocols are used and more safety problems are brought to intelligent electronic equipment.
At present, the electric power network in China is deployed according to the principle of 'safe partition, network special, transverse isolation and longitudinal authentication', and the safe partition is completed by utilizing passive defense devices such as physical isolation, logical isolation, firewalls and the like. However, as described above, with the development of the internet of things, the discretization, and the multi-centralization of the power grid, the original safety protection system is increasingly unable to meet the current protection requirements.
On the basis, national network companies hold network security discussion meetings for many times, and aim to improve the core capability of network security and macroscopically research a new method to solve the problem of security of a power grid information system. Each upgrading electric power company and related scientific research units carry out deep analysis and research and development from different angles and depths.
A plurality of expert technical teams are jointly established by Zhejiang university and Jibei power grid, jilin power grid and other units, a power internet of things safety monitoring platform based on side channel information is developed through collaborative research and development, the platform not only has complete theories and technical chains, but also has a complete data countermeasure platform, algorithm refinement is carried out based on artificial intelligence introduction, and the platform has high theoretical and practical values. Then, the system still shows a plurality of practical defects in later-period trial, for example, when the exogenous property of the artificial intelligence algorithm causes the electric network system to adjust and improve the safety system, multi-party cooperative operation is needed, particularly, scientific research units except the electric network system are involved, and thus, a plurality of inconveniences are brought; if the system needs to traverse global data and screen abnormal data from the global data, and needs to perform self-learning and updating of an artificial intelligence algorithm, the system can still operate in a small simulation network, and a system computing bottleneck inevitably exists in wider network popularization and application.
Disclosure of Invention
The invention aims to overcome various defects in the prior art and provides a method for extracting abnormal attack behavior characteristics of an electric power internet of things information network.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows.
A primary extraction method of electric power Internet of things information network attack behavior characteristics is characterized in that collateral data introduction and secondary data construction are carried out on side channel information of electric power Internet of things terminal equipment, primary quantitative extraction of the attack behavior characteristics is achieved, and a safety monitoring data system of an electric power Internet of things is constructed by using the method as a front-end data screening tool or combining with other electric power network safety monitoring data tools.
As a preferred embodiment of the present invention, the necessary setting of the side channel information includes: (1) the hardware of the electric power internet of things terminal equipment is delivered from a factory and provided with side channel information or the side channel information of the electric power internet of things terminal equipment can be directly acquired through hardware series connection; (2) the side channel information carries digital or digitalized information related to the operation of the power internet of things terminal equipment.
As a preferred technical scheme of the invention, the secondary data construction of the side channel information comprises the introduction construction of a collateral database, data optimization processing and data feature extraction based on the collateral database.
As a preferred technical solution of the present invention, the collateral system database includes collateral data which has an orthogonal attribute with the side channel information and is related to real-time operation of the power internet of things terminal device, and the data optimization processing and the data feature extraction use data interaction of the side channel information and the collateral system database as a dominant data channel.
As a preferred technical scheme of the invention, the method comprises the following steps:
A. acquiring side channel information of the power Internet of things terminal equipment;
B. constructing a zero-order database; constructing a zero-order database by using the program number operated by the power Internet of things terminal equipment according to a zero-order + dynamic + discrete data configuration;
C. primary distribution feature extraction; the method comprises the following steps: (1) preprocessing of the data factor; (2) data dynamic consistency preprocessing; (3) and (4) distributive quantitative extraction of the zero-order primary features.
As a preferred technical scheme of the invention, the step C- (3) sets at least four data processing processes with mutual repulsion attributes based on the data attributes of the side channel information and subsequent compatible expansibility requirements of a high-order database and higher-order data feature extraction.
As a preferred technical scheme of the invention, the method specifically comprises the following steps:
A. acquiring side channel information of the power Internet of things terminal equipment, wherein the side channel information of the power Internet of things terminal equipment is acquired in an acquisition mode and is selected from power consumption information, current information, voltage information or other information which can be directly acquired through hardware serial connection;
B. constructing a zero-order database: the method comprises the steps that the number of programs operated by the terminal equipment of the power internet of things is constructed into a zero-order database, and the number of the programs is automatically obtained as standard data based on system logs or other approaches; the data configuration is set to be zero order + dynamic + discrete, namely the data dimension is set to be 1, the data dimension is constructed into a zero order dynamic database through the introduction of a dynamic parameter t, the real-time information of the number of programs operated by the power internet of things terminal equipment is correspondingly contained, and meanwhile, the real-time information is set to be in a discretization real-time data configuration on the basis of the interval of the dynamic parameter t on the basis of the discontinuity of data acquisition;
C. primary distribution feature extraction:
(1) preprocessing of data factors: because the data dimension configuration of the zero-order database constructed in the step B is 1, the pre-construction of the materialized distribution factors is not needed when the side channel information of the terminal equipment acquired in the step A is distributed to the zero-order database; thus, the preprocessing of the data factors is set as a formalized allocation factor construction, and the allocation factor of the data bits in the single data dimension of the zeroth order database is set to a certain fixed value, such as the numerical value 1; formalized factor assignments are not essential for primary feature extraction but are essential for the extension and compatibility of primary and subsequent feature extractions;
(2) data dynamic consistency preprocessing; in the step A, the acquisition of the side channel information is presented as specific interval discrete and recording and output, or the acquisition is presented as discrete data based on curve drawing execution; before executing data execution distribution, firstly, unifying the side channel information dynamic acquisition point in the step A and the interval setting of the dynamic parameter t in the step B; for discretized side channel information, setting the sampling points of the side channel information and the sampling points of the program running number as consistent synchronization or integral multiple synchronization to realize dynamic data consistency; for the side channel information represented by the curve, setting the time point of curve secondary sampling to be consistent with the interval endpoint of the dynamic parameter t in the step B to realize dynamic consistency of data;
(3) and (3) distributive quantitative extraction of zero-order primary features:
(3) 1, when scalar data with the dimensionality of 1 is obtained after side channel information is digitized, and subsequent expansion or compatibility requirements of a higher-order database and higher-order data feature extraction do not exist, taking a single scalar of a zeroth-order database as a factor, and directly obtaining dynamic and singular-valued zeroth-order primary features related to the real-time operation state of the power internet of things terminal equipment by linearly distributing two groups of data arrays which are uniformly expanded according to the same dynamic parameter t through any dynamic parameter point;
(3) 2, when the vector data with the dimensionality larger than 1 is obtained after the side channel information is digitized, and a higher-order database and subsequent expansion or compatibility requirements of higher-order data feature extraction do not exist, firstly, vector data are scaled and quantized by adopting a tensor analysis method, specifically, each component of the side channel data vector is extracted, the component of the vector is noticed rather than the dimensionality of the vector, a plurality of scalar data corresponding to the vector dimensionality number are obtained, then, data processing is carried out by adopting a data process equal to (3) -1, and the dynamic and majority-valued zeroth-order primary features related to the real-time running state of the power internet of things terminal equipment are obtained; and according to the expansion and compatibility requirements of subsequent data processing, the majority of values are used as single data or combined into vector data for subsequent processing;
(3) -3, when side channel information is digitized to obtain scalar data with dimension 1 and subsequent expansion or compatibility requirements of a higher-order database and higher-order data feature extraction exist, setting the data dimension of the zeroth-order database to be correspondingly equivalent to the subsequent higher-order database and the higher-order data feature extraction, for example, setting the data dimension to be o for vector data processing, setting the data dimension to be o × p for second-order tensor data processing, and setting the data dimension to be o × p × q for third-order tensor data processing, wherein values of o, p and q are set according to actual data attributes of the subsequent higher-order data processing; at this time, because the zeroth-order database has only one actual data dimension, and the data factor is set to 1, and the data filling after the high-order expansion of the data bits should meet global compatibility, the data filling of the newly added data bits is performed by adopting a component bit zero filling principle and a component bit integer factor principle, for example, after the configuration of the zeroth-order database is expanded to third-order tensor data o × p × q, single data of the zeroth-order database is filled to any component bit of the third-order tensor, such as the data bit with a tensor subscript of 111, then data 0 is filled to all the remaining (o × p × q-1) component data bits, the distribution factor of all the component data bits including the subscript of 111 is set to 1, finally, the component data attribute on the data bit with the subscript of 111 is set to read-only, and the data attributes on the remaining (o × p × q-1) data bits are set to be non-read-only; then, data processing is carried out by adopting a data process equivalent to (3) -1, and the zero-order primary characteristics of the dynamic phenotype Zhang Lianghua related to the real-time running state of the power Internet of things terminal equipment are obtained; the tensor phenotype can be compatible with subsequent data docking of high-order data processing, and the numerical values of other components except for the component with the tensor subscript of 111 are all zero before interaction with the high-order data processing process;
(3) 4, when scalar data with the dimension larger than 1 is obtained after the side channel information is digitized, and a higher-order database and subsequent expansion or compatibility requirements of higher-order data feature extraction exist, compounding the data processing processes based on the respective data processing processes of (3) -1, (3) -2 and (3) -3;
8. the primary extraction method of the power internet of things information network attack behavior feature of claim 7, characterized in that: the compounding of the multiple data processing processes in the steps (3) -4 specifically comprises the following steps:
(3) 4-a, firstly adopting the data processing process of (3) -2 to carry out scaling quantization on the side channel vector data so as to try the data processing process of (3) -1;
(3) 4-b, further adopting data processing of (3) -3 to perform high-order tensor configuration expansion on the zeroth-order database, such as an o × p × q tensor expanded to a third order;
(3) 4-c, then sequentially carrying out data processing on all scalar data obtained in the step (3) -4-a by adopting the data process in the step (3) -3, for example, obtaining a group of third-order o × p × q tensors, wherein the group number corresponds to the dimension number of the side channel vector data;
(3) 4-d, storing/transmitting a group of o × p × q tensors obtained from (3) -4-c as a data processing result; or the side channel vectors are combined into single tensor data according to the dimension k of the side channel vectors, such as a fourth-order tensor configuration combined into a k × o × p × q configuration, wherein only the "numerical section" in the k dimension has real data, and the numerical values of the rest (k-1) × o × p × q data are all zero before the subsequent high-order data interaction.
The primary extraction method of the attack behavior characteristics of the power internet of things information network is applied to construction of a power internet of things safety monitoring data system, the characteristic data obtained in the steps C- (3) -1 and C- (3) -2 are subjected to data classification or data self-comparison to obtain abnormal characteristic value clustering, the data clustering is subjected to inverse mapping to obtain a corresponding power internet of things network space-time node set, the data volume of the set is greatly reduced compared with the full space-time node set of the power internet of things to be checked, and the reduced subset replaces the full space-time node set of the power internet of things to be checked to receive monitoring of a safety monitoring tool, so that the data processing efficiency is greatly improved, and the computing power requirement of the system is reduced.
The primary extraction method of the attack behavior characteristics of the power internet of things information network is applied to construction of a power internet of things safety monitoring data system, two kinds of characteristic data are obtained in the steps C- (3) -3 and C- (3) -4, after compatible matching of data formats is carried out according to corresponding high-order data processing, abnormal characteristic value clustering is further obtained through data classification or data self-comparison, the data clustering is subjected to inverse mapping to obtain a corresponding power internet of things network space-time node set, the data size of the set is greatly reduced compared with that of a to-be-checked power internet of things network full space-time node set, the reduced subset replaces the power internet of things network full space-time node set to receive monitoring of a safety monitoring tool, and therefore data processing efficiency is greatly improved, and computing power requirements of the system are reduced. .
As a preferable technical solution of the application method of the present invention, the data classification distinguishes normal data from abnormal data based on a set data threshold.
As a preferred technical solution of the application method of the present invention, the data self-comparison implements data clustering based on dynamic data level difference self-comparison, and performs differential processing on the side data of any time node, the side data of one or several (for example, 1 to 10) adjacent time nodes, and the side channel data corresponding to each node, where the differential data processing has an advantage that although the side channel data has a high dynamic characteristic, the side data has relative high stability, and the data variation thereof is data transition of an integer level, so that the data difference of the side data in the differential data processing process is very easy to distinguish, the side channel data at non-zero points are sequentially checked with the non-zero difference value of the side data as an anchor point, and the side channel data variation having a higher than average data fluctuation is calibrated as abnormal feature data, thereby completing abnormal data clustering. The data can be pre-filtered before differential processing, so as to further improve the precision and accuracy of data differential self-comparison.
Adopt the produced beneficial effect of above-mentioned technical scheme to lie in: the characteristic data obtained through the data processing process of the invention, such as the characteristic data obtained by (C- (3) -1 and C- (3) -2), can carry out preliminary screening on the space-time abnormal nodes of the global network, so that an optimized data set can be provided for subsequent data safety, the computing power demand level of a safety screening data tool system is reduced, and the working efficiency of the system is correspondingly improved.
The invention carries out primary data feature analysis and extraction aiming at the most simplified side channel information type (such as scalar data like power) and the most common side channel information type and the most simplified scalar side data type, and the data construction process of the invention shows basic value and expansibility value. The basic characteristic means that the primary data processing model provides a basic model for the high-order data characteristic processing in a high-dimensional data space, and the data processing process of the high-order characteristic extraction can be directly applied; the expansibility is that the data base configuration expansion construction based on high-order data processing requirements is completed, a whole set of data configuration with high compatibility and expansibility is built through zero filling of data and whole distribution of data factors, and the abnormal behavior integration and global data processing model construction based on side channel information, orthogonal side data information and interaction of the side channel information and the orthogonal side data information is basically completed through the expansibility work and the reusability of the basic data processing process.
In addition, a 'dynamic level difference self-comparison' data processing model developed further can directly extract network abnormal behavior characteristics with high confidence from primary scalar data, and the connotation extraction of the merged scalar data secondary data is realized to a certain extent. The primary network abnormal behavior characteristic data constructed by the method can be used as an independent data source to conduct safety supervision on the abnormal behavior of the power internet of things. The accuracy of the method is relatively lower than that of safety supervision based on a high-order database, but the method still has great improvement significance and technical value compared with the function realization of primary data features only serving as auxiliary tools. The dynamic level difference self-comparison data processing model has special affinity for scalar data, which is also the basis for realizing the data efficacy, specifically, the data level difference comprises side channel difference and side data difference, dynamic means that the difference is constructed according to time parameters, the side data of any time node, the side data of one or a plurality of adjacent time nodes (such as 1-10) and the side channel data corresponding to each node are subjected to differential processing, in fact, one or a plurality of time nodes can be selected from 1-10, so as to compare the differential data of different time sections; most importantly, the difference between the side channel data and the side data is established by the colleagues, the difference data of the side channel data and the side data does not seem to have too large data value and is only reflected by the data change trend of the side channel data and the side data, the side data and the side data are interactively compared to obtain new level difference valuable data immediately, specifically, although the side channel data has high dynamic characteristics, the side data has relative high stability, and the data change is data transition of an integer level, so that the data difference of the side data in the differential data processing process is very easy to distinguish, the side channel data at non-zero points are sequentially checked by taking the non-zero difference value of the side data as an anchor point, and the side channel data change higher than the average data fluctuation can be directly marked as primary abnormal characteristic data.
Detailed Description
In the following description of embodiments, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]". Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.
Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
Example 1
Common sources of side-channel information include: the hardware of the electric power internet of things terminal equipment is delivered from a factory and provided with side channel information or the side channel information of the electric power internet of things terminal equipment can be directly acquired through hardware series connection; the side channel information carries digital or digitalized information related to the operation of the power internet of things terminal equipment. The side channel information is selected from power consumption information, current information, voltage information, other information; especially power consumption information. Under common conditions, as proposed by the company Ji North and the company of communications, a sampling resistor R is connected in series with a terminal, and a high-speed data acquisition module acquires a real-time current value of the resistor, so as to obtain a real-time voltage value, power data and the like measured by the high-speed data acquisition module.
Example 2
One core starting point of the research is the introduction of side data, the two-dimensional expansion of the side channel information with single dimension is carried out, and the data characteristic analysis and extraction of the abnormal behavior of the discrete power internet of things are carried out based on the expanded data interaction. The collateral database contains collateral data which has orthogonal property with the side channel information and is related to the real-time operation of the terminal equipment of the power internet of things, and generally speaking, the data sources thereof comprise: system operation logs, external monitoring and/or recording equipment, data acquisition and other sources; the data form comprises scalar quantization program data, vectorization program data, tensor program-task data and other data forms; the simplest and feasible data means can adopt a self-contained operation log of the system or design and improvement of an operation log data extraction program. The data optimization processing and the data feature extraction take the data interaction of side channel information and a collateral database as a leading data channel.
Example 3
The primary extraction of the abnormal behavior features of the power internet of things information network mainly aims to realize primary quantitative extraction of the abnormal attack behavior features so as to be used as a preposed data screening tool or be combined with other power network safety monitoring data tools to construct a power internet of things network safety monitoring data system. The method specifically comprises the following steps:
A. acquiring side channel information of the power internet of things terminal equipment in an acquisition mode, wherein the side channel information is selected from power consumption information, current information, voltage information or other information which can be directly acquired through hardware concatenation;
B. constructing a zero-order database: the method comprises the steps that the number of programs operated by the terminal equipment of the power internet of things is constructed into a zero-order database, and the number of the programs is automatically obtained as standard data based on system logs or other approaches; the data configuration is set to be zero order + dynamic + discrete, namely the data dimension is set to be 1, the data dimension is constructed into a zero order dynamic database through the introduction of a dynamic parameter t, the real-time information of the number of programs operated by the power internet of things terminal equipment is correspondingly contained, and meanwhile, the discontinuous real-time information based on data acquisition is set to be represented as a discrete real-time data configuration based on the interval of the dynamic parameter t;
C. primary distribution feature extraction:
(1) preprocessing of data factors: because the data dimension configuration of the zero-order database constructed in the step B is 1, the pre-construction of the materialized distribution factors is not needed when the side channel information of the terminal equipment acquired in the step A is distributed to the zero-order database; thus, the preprocessing of the data factors is set as a formalized allocation factor construction, and the allocation factor of the data bits in the single data dimension of the zeroth order database is set to a certain fixed value, such as the numerical value 1; formalized factor assignments are not essential for primary feature extraction but are essential for the extension and compatibility of primary and subsequent feature extractions;
(2) data dynamic consistency preprocessing; in the step A, the acquisition of the side channel information is presented as specific interval dispersion and recording and output, or the acquisition is presented as discrete data based on curve drawing execution; before executing data execution distribution, firstly, unifying the side channel information dynamic acquisition point in the step A and the interval setting of the dynamic parameter t in the step B; for discretization side channel information, setting the sampling point of the side channel information and the sampling point of the program running number as consistent synchronization or integral multiple synchronization to realize dynamic data consistency; for the side channel information represented by the curve, setting the time point of curve secondary sampling to be consistent with the interval endpoint of the dynamic parameter t in the step B to realize dynamic consistency of data;
(3) and (3) distributive quantitative extraction of the zero-order primary features:
(3) 1, when scalar data with the dimensionality of 1 is obtained after side channel information is digitized, and subsequent expansion or compatibility requirements of a higher-order database and higher-order data feature extraction do not exist, taking a single scalar of a zeroth-order database as a factor, and directly obtaining dynamic and singular-valued zeroth-order primary features related to the real-time operation state of the power internet of things terminal equipment by linearly distributing two groups of data arrays which are uniformly expanded according to the same dynamic parameter t through any dynamic parameter point;
(3) -2, when the side channel information is digitized to obtain vector data with the dimensionality greater than 1 and subsequent expansion or compatibility requirements of a higher-order database and higher-order data feature extraction do not exist, firstly, vector data are scaled and quantized by a tensor analysis method, specifically, components of the side channel data vector are extracted, attention is paid to the vector components rather than the vector dimensionality, a plurality of scalar data corresponding to the vector dimensionality are obtained, and then data processing is carried out by adopting a data process equal to (3) -1, so that dynamic and majority-valued zero-order primary features related to the real-time running state of the power internet of things terminal equipment are obtained; and according to the expansion and compatibility requirements of subsequent data processing, the majority of values are used as single data or combined into vector data for subsequent processing;
example 4
The primary abnormal network behavior data characteristics are applied as auxiliary tools. In the previous embodiment 3, the characteristic data obtained in the steps C- (3) -1 and C- (3) -2 are subjected to data classification or data self-comparison to obtain abnormal characteristic value clusters, the data clusters are subjected to inverse mapping to obtain corresponding power internet of things network space-time node sets, the data amount of the sets is greatly reduced compared with the power internet of things network full space-time node sets to be checked, and the reduced subsets are used for replacing the power internet of things network full space-time node sets to be monitored by a safety monitoring tool, so that the data processing efficiency is greatly improved, and the computing power requirement of the system is reduced.
Example 5
The electric power internet of things abnormal behavior data analysis system is expanded in compatibility for high-order data feature processing. On the basis of step C of example 3, further settings were: (3) -3, when side channel information is digitized to obtain scalar data with dimension 1 and subsequent expansion or compatibility requirements of a higher-order database and higher-order data feature extraction exist, setting the data dimension of the zero-order database to be correspondingly equivalent to the subsequent higher-order database and the higher-order data feature extraction, for example, setting the data dimension to be o for vector data processing, setting the data dimension to be o × p for second-order tensor data processing, and setting the data dimension to be o × p × q for third-order tensor data processing, wherein the values of o, p, and q are set according to actual data attributes of the subsequent higher-order data processing; at this time, because the zeroth-order database has only one actual data dimension, and the data factor is set to 1, and the data filling after the high-order expansion of the data bits should meet global compatibility, the data filling of the newly added data bits is performed by adopting a component bit zero filling principle and a component bit integer factor principle, for example, after the configuration of the zeroth-order database is expanded to third-order tensor data o × p × q, single data of the zeroth-order database is filled to any component bit of the third-order tensor, such as the data bit with a tensor subscript of 111, then data 0 is filled to all the remaining (o × p × q-1) component data bits, the distribution factor of all the component data bits including the subscript of 111 is set to 1, finally, the component data attribute on the data bit with the subscript of 111 is set to read-only, and the data attributes on the remaining (o × p × q-1) data bits are set to be non-read-only; then, data processing is carried out by adopting a data process equivalent to (3) -1, and the zero-order primary characteristics of the dynamic phenotype Zhang Lianghua related to the real-time running state of the power Internet of things terminal equipment are obtained; the tensor phenotype can be compatible with subsequent data docking of high-order data processing, and the numerical values of other components except for the component with the tensor subscript of 111 are all zero before interaction with the high-order data processing process; further setting: (3) 4, when scalar data with the dimension larger than 1 is obtained after the side channel information is digitized, and a higher-order database and subsequent expansion or compatibility requirements of higher-order data feature extraction exist, compounding the data processing processes based on the respective data processing processes of (3) -1, (3) -2 and (3) -3; the method specifically comprises the following steps: (3) 4-a, firstly adopting the data processing process of (3) -2 to carry out scalar quantization on the side channel vector data so as to try the data processing process of (3) -1; (3) 4-b, further adopting data processing of (3) -3 to perform high-order tensor configuration expansion on the zeroth-order database, such as an o × p × q tensor expanded to a third order; (3) 4-c, then sequentially carrying out data processing on all scalar data obtained in the step (3) -4-a by adopting the data process in the step (3) -3, for example, obtaining a group of third-order o × p × q tensors, wherein the group number corresponds to the dimension number of the side channel vector data; (3) 4-d, storing/transmitting a group of o × p × q tensors obtained from (3) -4-c as a data processing result; or the side channel vectors are combined into single tensor data according to the dimension k of the side channel vector, such as a fourth-order tensor configuration combined into a k × o × p × q configuration, wherein only the "numerical section" in the k dimension has real data, and the numerical values of the rest (k-1) × o × p × q data are all zero before the subsequent high-order data interaction.
Example 6
Similar to embodiment 4, the primary abnormal network behavior data features after the high-order configuration expansion are applied as auxiliary tools. The two kinds of characteristic data are obtained in the steps C- (3) -3 and C- (3) -4 of the previous embodiment 5, after compatible matching of data formats is carried out according to corresponding high-order data processing, abnormal characteristic value clustering is further obtained through data classification or data self-comparison, the data clustering is subjected to inverse mapping to obtain a corresponding electric power internet of things space-time node set, the data volume of the set is greatly reduced compared with that of the electric power internet of things network full space-time node set to be checked, and the reduced subset replaces the electric power internet of things network full space-time node set to receive monitoring of a safety monitoring tool, so that the data processing efficiency is greatly improved, and the calculation power requirement of a system is reduced. .
Example 7
The application of primary anomalous network behavior data features as a stand-alone tool is possible. The core lies in the construction of a dynamic level difference self-comparison data processing model.
The data self-comparison realizes data clustering based on dynamic data level difference self-comparison, and performs differential processing on side data of any time node, side data of one or a plurality of (such as 1-10) adjacent time nodes and side channel data corresponding to each node, wherein the differential data processing has the advantages that although the side channel data has high dynamic characteristics, the side data has relative high stability, and the data change is data transition of an integer level, so that the data difference of the side data in the differential data processing process is very easy to distinguish, the side channel data at non-zero points are sequentially checked by taking the non-zero difference value of the side data as an anchor point, and the side channel data change with the side data fluctuation higher than the average data fluctuation is calibrated to be abnormal characteristic data, thereby completing abnormal data clustering. The data can be pre-filtered before differential processing, so as to further improve the precision and accuracy of data differential self-comparison.
The dynamic grade difference self-comparison data processing model can directly extract network abnormal behavior characteristics with high confidence from primary scalar data, and realizes the content extraction of secondary data of the merged scalar data to a certain extent. The primary network abnormal behavior characteristic data constructed by the method can be used as an independent data source to conduct safety supervision on the abnormal behavior of the power internet of things. The accuracy of the method is relatively lower than that of safety supervision based on a high-order database, but the method still has great improvement significance and technical value compared with the function realization of primary data features only serving as auxiliary tools. The dynamic level difference self-comparison data processing model has special affinity for scalar data, which is also the basis for realizing the data efficacy, specifically, the data level difference comprises side channel difference and side data difference, the dynamic means that the difference is constructed according to time parameters, the side data of any time node, the side data of adjacent time nodes and the side channel data corresponding to each node are subjected to differential processing, in fact, one or more than one time nodes can be selected from adjacent time nodes such as 1-10 time nodes, and therefore the differential data of different time sections can be compared; the most important point is that, the difference between the side channel data and the side data is established by the colleagues, the difference data of the side channel data and the side data does not seem to have too large data value, but only reflects the data change trend, the side channel data and the side data are interactively compared, new level difference valuable data can be immediately obtained, specifically, although the side channel data has high dynamic characteristics, the side data has relative high stability, and the data change is data transition of an integer level, so that the data difference of the side data in the differential data processing process is very easy to distinguish, the side channel data at non-zero points are sequentially checked by taking the non-zero difference value of the side data as an anchor point, and the side channel data change with the side channel data fluctuation higher than the average data fluctuation can be directly marked as primary abnormal characteristic data.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
In various embodiments, the hardware implementation of the technology may directly employ existing intelligent devices, including but not limited to industrial personal computers, PCs, smart phones, handheld stand-alone machines, floor stand-alone machines, and the like. The input device preferably adopts a screen keyboard, the data storage and calculation module adopts the existing memory, calculator and controller, the internal communication module adopts the existing communication port and protocol, and the remote communication adopts the existing gprs network, the web and the like. It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, a module or a unit may be divided into only one logical function, and may be implemented in other ways, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in an electrical, mechanical or other form. Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A primary extraction method for network attack behavior characteristics of power Internet of things information is characterized by comprising the following steps: according to the method, collateral data introduction and secondary data construction are carried out on side channel information of the electric power Internet of things terminal equipment, primary quantitative extraction of attack behavior characteristics is achieved, and the side channel information is used as a preposed data screening tool or combined with other electric power network safety monitoring data tools to construct an electric power Internet of things safety monitoring data system.
2. The primary extraction method of the power internet of things information network attack behavior feature according to claim 1, characterized in that: the necessary settings of the side channel information include: (1) the hardware of the electric power internet of things terminal equipment is delivered from a factory and provided with side channel information or the side channel information of the electric power internet of things terminal equipment can be directly acquired through hardware series connection; (2) the side channel information carries digital or digitalized information related to the operation of the power internet of things terminal equipment.
3. The primary extraction method of the attack behavior feature of the power internet of things information network according to claim 1, characterized in that: and performing secondary data construction on the side channel information, including introduction and construction of a collateral database, data optimization processing and data feature extraction based on the collateral database.
4. The primary extraction method of the power internet of things information network attack behavior feature of claim 3, characterized in that: the collateral system database comprises collateral data which have orthogonal attributes with the side channel information and are related to real-time operation of the power internet of things terminal equipment, and the data optimization processing and the data feature extraction use data interaction of the side channel information and the collateral system database as a leading data channel.
5. The primary extraction method of the power internet of things information network attack behavior feature according to claim 1, characterized in that: the method comprises the following steps:
A. acquiring side channel information of the power Internet of things terminal equipment;
B. constructing a zero-order database; the method comprises the steps that the program number of the power internet of things terminal equipment is constructed into a zero-order database according to a zero-order + dynamic + discrete data configuration;
C. extracting primary distribution characteristics; the method comprises the following steps: (1) preprocessing of the data factor; (2) data dynamic consistency preprocessing; (3) and (4) distributive quantitative extraction of the zero-order primary features.
6. The primary extraction method of the power internet of things information network attack behavior feature of claim 5, wherein: and C- (3) setting at least four data processing processes with mutual repulsion attributes based on the data attributes of the side channel information and subsequent compatible expansibility requirements of a high-order database and higher-order data feature extraction.
7. The primary extraction method of the network attack behavior feature of the power internet of things according to claim 6, characterized in that: the method specifically comprises the following steps:
A. acquiring side channel information of the power internet of things terminal equipment in an acquisition mode, wherein the side channel information is selected from power consumption information, current information, voltage information or other information which can be directly acquired through hardware serial connection;
B. constructing a zero-order database: the method comprises the steps that the number of programs operated by the terminal equipment of the power internet of things is constructed into a zero-order database, and the number of the programs is automatically obtained as standard data based on system logs or other approaches; the data configuration is set to be zero order + dynamic + discrete, namely the data dimension is set to be 1, the data dimension is constructed into a zero order dynamic database through the introduction of a dynamic parameter t, the real-time information of the number of programs operated by the power internet of things terminal equipment is correspondingly contained, and meanwhile, the real-time information is set to be in a discretization real-time data configuration on the basis of the interval of the dynamic parameter t on the basis of the discontinuity of data acquisition;
C. primary distribution feature extraction:
(1) preprocessing of data factors: because the data dimension configuration of the zero-order database constructed in the step B is 1, the pre-construction of the materialized distribution factors is not needed when the side channel information of the terminal equipment acquired in the step A is distributed to the zero-order database; thus, the preprocessing of the data factors is set as a formalized allocation factor construction, and the allocation factor of the data bits in the single data dimension of the zeroth order database is set to a certain fixed value, such as the numerical value 1; formalized factor assignments are not essential for primary feature extraction but are essential for the extension and compatibility of primary and subsequent feature extractions;
(2) data dynamic consistency preprocessing; in the step A, the acquisition of the side channel information is presented as specific interval discrete and recording and output, or the acquisition is presented as discrete data based on curve drawing execution; before executing data execution distribution, firstly, unifying the side channel information dynamic acquisition point in the step A and the interval setting of the dynamic parameter t in the step B; for discretized side channel information, setting the sampling points of the side channel information and the sampling points of the program running number as consistent synchronization or integral multiple synchronization to realize dynamic data consistency; for the side channel information represented by the curve, setting the time point of curve secondary sampling to be consistent with the interval endpoint of the dynamic parameter t in the step B to realize dynamic consistency of data;
(3) and (3) distributive quantitative extraction of zero-order primary features:
(3) 1, when scalar data with the dimensionality of 1 is obtained after side channel information is digitized, and subsequent expansion or compatibility requirements of a higher-order database and higher-order data feature extraction do not exist, taking a single scalar of a zeroth-order database as a factor, and directly obtaining dynamic and singular-valued zeroth-order primary features related to the real-time operation state of the power internet of things terminal equipment by linearly distributing two groups of data arrays which are uniformly expanded according to the same dynamic parameter t through any dynamic parameter point;
(3) 2, when the vector data with the dimensionality larger than 1 is obtained after the side channel information is digitized, and a higher-order database and subsequent expansion or compatibility requirements of higher-order data feature extraction do not exist, firstly, vector data are scaled and quantized by adopting a tensor analysis method, specifically, each component of the side channel data vector is extracted, the component of the vector is noticed rather than the dimensionality of the vector, a plurality of scalar data corresponding to the vector dimensionality number are obtained, then, data processing is carried out by adopting a data process equal to (3) -1, and the dynamic and majority-valued zeroth-order primary features related to the real-time running state of the power internet of things terminal equipment are obtained; and according to the expansion and compatibility requirements of subsequent data processing, the majority of values are used as single data or combined into vector data for subsequent processing;
(3) -3, when side channel information is digitized to obtain scalar data with dimension 1 and subsequent expansion or compatibility requirements of a higher-order database and higher-order data feature extraction exist, setting the data dimension of the zeroth-order database to be correspondingly equivalent to the subsequent higher-order database and the higher-order data feature extraction, for example, setting the data dimension to be o for vector data processing, setting the data dimension to be o × p for second-order tensor data processing, and setting the data dimension to be o × p × q for third-order tensor data processing, wherein values of o, p and q are set according to actual data attributes of the subsequent higher-order data processing; at this time, because the zeroth-order database has only one actual data dimension, and the data factor is set to 1, and the data filling after the high-order expansion of the data bits should meet global compatibility, the data filling of the newly added data bits is performed by adopting a component bit zero filling principle and a component bit integer factor principle, for example, after the configuration of the zeroth-order database is expanded to third-order tensor data o × p × q, single data of the zeroth-order database is filled to any component bit of the third-order tensor, such as the data bit with a tensor subscript of 111, then data 0 is filled to all the remaining (o × p × q-1) component data bits, the distribution factor of all the component data bits including the subscript of 111 is set to 1, finally, the component data attribute on the data bit with the subscript of 111 is set to read-only, and the data attributes on the remaining (o × p × q-1) data bits are set to be non-read-only; then, data processing is carried out by adopting a data process which is equivalent to the data process (3) -1, and the zero-order primary characteristic of the dynamic phenotype Zhang Lianghua related to the real-time running state of the power internet of things terminal equipment is obtained; the tensor phenotype can be compatible with subsequent data docking of high-order data processing, and the numerical values of other components except for the component with the tensor subscript of 111 are all zero before interaction with the high-order data processing process;
(3) and 4, when scalar data with the dimension larger than 1 is obtained after the side channel information is digitized, and a higher-order database and subsequent expansion or compatibility requirements of higher-order data feature extraction exist, compounding the data processing processes based on the respective data processing processes of (3) -1, (3) -2 and (3) -3.
8. The primary extraction method of the power internet of things information network attack behavior feature of claim 7, characterized in that: the compounding of the multiple data processing processes in the steps (3) -4 specifically comprises the following steps:
(3) 4-a, firstly adopting the data processing process of (3) -2 to carry out scaling quantization on the side channel vector data so as to try the data processing process of (3) -1;
(3) 4-b, further adopting data processing of (3) -3 to perform high-order tensor configuration expansion on the zeroth-order database, such as an o × p × q tensor expanded to a third order;
(3) 4-c, then sequentially carrying out data processing on all scalar data obtained in the step (3) -4-a by adopting the data process in the step (3) -3, for example, obtaining a group of third-order o × p × q tensors, wherein the group number corresponds to the dimension number of the side channel vector data;
(3) 4-d, storing/transmitting a group of o × p × q tensors obtained from (3) -4-c as a data processing result; or the side channel vectors are combined into single tensor data according to the dimension k of the side channel vectors, such as a fourth-order tensor configuration combined into a k × o × p × q configuration, wherein only the "numerical section" in the k dimension has real data, and the numerical values of the rest (k-1) × o × p × q data are all zero before the subsequent high-order data interaction.
9. The application of the method of claim 7 or 8 in the construction of a safety monitoring data system of the power internet of things, which is characterized in that: and D, carrying out data classification on the characteristic data obtained in the steps C- (3) -1 and C- (3) -2 or carrying out data self-comparison to obtain abnormal characteristic value clusters, carrying out inverse mapping on the data clusters to obtain a corresponding electric power Internet of things network space-time node set, greatly reducing the data quantity of the set compared with the electric power Internet of things network full space-time node set to be detected, and replacing the electric power Internet of things network full space-time node set with the reduced subset to receive monitoring of a safety monitoring tool.
10. The application of the method in the construction of the safety monitoring data system of the power internet of things according to claim 7 or 8, wherein the method comprises the following steps: and C- (3) -3 and C- (3) -4 to obtain two kinds of characteristic data, performing compatible matching of data formats according to corresponding high-order data processing, further performing data classification or data self-comparison to obtain abnormal characteristic value clustering, performing inverse mapping on the data clustering to obtain a corresponding electric power Internet of things network space-time node set, and greatly reducing the data quantity of the set compared with the electric power Internet of things network full space-time node set to be checked, wherein the reduced subset replaces the electric power Internet of things network full space-time node set to receive monitoring of a safety monitoring tool.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211445229.7A CN115801412B (en) | 2022-11-18 | 2022-11-18 | Extraction method of electric power Internet of things information network attack behavior characteristics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211445229.7A CN115801412B (en) | 2022-11-18 | 2022-11-18 | Extraction method of electric power Internet of things information network attack behavior characteristics |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115801412A true CN115801412A (en) | 2023-03-14 |
| CN115801412B CN115801412B (en) | 2023-05-02 |
Family
ID=85438828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211445229.7A Active CN115801412B (en) | 2022-11-18 | 2022-11-18 | Extraction method of electric power Internet of things information network attack behavior characteristics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115801412B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116488909A (en) * | 2023-04-26 | 2023-07-25 | 国网河南省电力公司信息通信分公司 | Electric power Internet of things safety protection method based on data dimension hierarchy expansion |
| CN116595578A (en) * | 2023-04-26 | 2023-08-15 | 国网河南省电力公司信息通信分公司 | Power network self-checking attack and defense safety data system |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103873229A (en) * | 2014-03-13 | 2014-06-18 | 华南师范大学 | Rapid protection method for resisting timing and cache side channel attack under KLEIN encryption AVR environment |
| CA2902587A1 (en) * | 2015-09-01 | 2017-03-01 | Andre J. Brisson | Whitenoise secure circuit design implementation techniques to prevent power analysis attacks and other side channel attacks, secure other physical cryptosystem implementations, and implementation of whitenoise into low cost micro processing and smart components retaining one-time-pad characteristics |
| US20180262525A1 (en) * | 2017-03-09 | 2018-09-13 | General Electric Company | Multi-modal, multi-disciplinary feature discovery to detect cyber threats in electric power grid |
| CN108650075A (en) * | 2018-05-11 | 2018-10-12 | 中国科学院信息工程研究所 | A kind of quick encryption implementation methods of soft or hard combination AES and system of preventing side-channel attack |
| CN110073301A (en) * | 2017-08-02 | 2019-07-30 | 强力物联网投资组合2016有限公司 | The detection method and system under data collection environment in industrial Internet of Things with large data sets |
| CN110390357A (en) * | 2019-07-17 | 2019-10-29 | 国网浙江省电力有限公司电力科学研究院 | A kind of DTU safety monitoring method based on side channel |
| WO2019233047A1 (en) * | 2018-06-07 | 2019-12-12 | 国电南瑞科技股份有限公司 | Power grid dispatching-based operation and maintenance method |
| WO2020040859A1 (en) * | 2018-08-24 | 2020-02-27 | Hrl Laboratories, Llc | System and method for cyber attack detection based on rapid unsupervised recognition of recurring signal patterns |
| CN110971677A (en) * | 2019-11-19 | 2020-04-07 | 国网吉林省电力有限公司电力科学研究院 | Electric power internet of things terminal equipment side channel safety monitoring method based on countermeasure reinforcement learning |
| CN112787971A (en) * | 2019-11-01 | 2021-05-11 | 国民技术股份有限公司 | Construction method of side channel attack model, password attack equipment and computer storage medium |
| CN114638728A (en) * | 2022-03-25 | 2022-06-17 | 国网河北省电力有限公司 | Big data-based real-time operation monitoring method for power service center |
-
2022
- 2022-11-18 CN CN202211445229.7A patent/CN115801412B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103873229A (en) * | 2014-03-13 | 2014-06-18 | 华南师范大学 | Rapid protection method for resisting timing and cache side channel attack under KLEIN encryption AVR environment |
| CA2902587A1 (en) * | 2015-09-01 | 2017-03-01 | Andre J. Brisson | Whitenoise secure circuit design implementation techniques to prevent power analysis attacks and other side channel attacks, secure other physical cryptosystem implementations, and implementation of whitenoise into low cost micro processing and smart components retaining one-time-pad characteristics |
| US20180262525A1 (en) * | 2017-03-09 | 2018-09-13 | General Electric Company | Multi-modal, multi-disciplinary feature discovery to detect cyber threats in electric power grid |
| CN110073301A (en) * | 2017-08-02 | 2019-07-30 | 强力物联网投资组合2016有限公司 | The detection method and system under data collection environment in industrial Internet of Things with large data sets |
| CN108650075A (en) * | 2018-05-11 | 2018-10-12 | 中国科学院信息工程研究所 | A kind of quick encryption implementation methods of soft or hard combination AES and system of preventing side-channel attack |
| WO2019233047A1 (en) * | 2018-06-07 | 2019-12-12 | 国电南瑞科技股份有限公司 | Power grid dispatching-based operation and maintenance method |
| WO2020040859A1 (en) * | 2018-08-24 | 2020-02-27 | Hrl Laboratories, Llc | System and method for cyber attack detection based on rapid unsupervised recognition of recurring signal patterns |
| CN110390357A (en) * | 2019-07-17 | 2019-10-29 | 国网浙江省电力有限公司电力科学研究院 | A kind of DTU safety monitoring method based on side channel |
| CN112787971A (en) * | 2019-11-01 | 2021-05-11 | 国民技术股份有限公司 | Construction method of side channel attack model, password attack equipment and computer storage medium |
| CN110971677A (en) * | 2019-11-19 | 2020-04-07 | 国网吉林省电力有限公司电力科学研究院 | Electric power internet of things terminal equipment side channel safety monitoring method based on countermeasure reinforcement learning |
| CN114638728A (en) * | 2022-03-25 | 2022-06-17 | 国网河北省电力有限公司 | Big data-based real-time operation monitoring method for power service center |
Non-Patent Citations (1)
| Title |
|---|
| 倪明涛;赵波;吴福生;樊佩茹;: "CREBAD:基于芯片辐射的物联网设备异常检测方案", 计算机研究与发展 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116488909A (en) * | 2023-04-26 | 2023-07-25 | 国网河南省电力公司信息通信分公司 | Electric power Internet of things safety protection method based on data dimension hierarchy expansion |
| CN116595578A (en) * | 2023-04-26 | 2023-08-15 | 国网河南省电力公司信息通信分公司 | Power network self-checking attack and defense safety data system |
| CN116488909B (en) * | 2023-04-26 | 2023-11-17 | 国网河南省电力公司信息通信分公司 | Electric power Internet of things safety protection method based on data dimension hierarchy expansion |
| CN116595578B (en) * | 2023-04-26 | 2024-01-19 | 国网河南省电力公司信息通信分公司 | Power network self-checking attack and defense safety data system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115801412B (en) | 2023-05-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115801412A (en) | Method for extracting attack behavior characteristics of power internet of things information network | |
| He et al. | A big data architecture design for smart grids based on random matrix theory | |
| CN115801411A (en) | High-order data feature extraction and identification method for power internet of things attack behavior | |
| CN103218398B (en) | Intelligent substation SCL (substation configuration description language) file difference comparison method | |
| Chen et al. | Multi-objective optimal power flow based on hybrid firefly-bat algorithm and constraints-prior object-fuzzy sorting strategy | |
| CN107944705B (en) | Full-end reliability calculation method for dividing communication communities based on modularity | |
| CN104077393B (en) | A kind of optimal splitting fracture surface searching method based on semi-supervised spectral clustering | |
| CN109039766B (en) | Power CPS network risk propagation threshold determination method based on seepage probability | |
| CN107273540A (en) | Distributed search and index updating method, system, server and computer equipment | |
| Chen et al. | Rough set-based clustering with refinement using Shannon's entropy theory | |
| CN105023042A (en) | User electricity stealing suspicion analyzing device and method based on big data neural network algorithm | |
| CN110110907B (en) | Method for extracting characteristic parameters of low-voltage transformer area | |
| CN112217805B (en) | Multi-mode protocol adaptation method for power distribution Internet of things | |
| CN102880650A (en) | Data matching method and device | |
| Chen et al. | Some notes on the parameterization reduction of soft sets | |
| CN115618249A (en) | Low-voltage power distribution station area phase identification method based on LargeVis dimension reduction and DBSCAN clustering | |
| Rizzo et al. | Package ‘energy’ | |
| CN111046189A (en) | Modeling method of power distribution network knowledge graph model | |
| CN110908758A (en) | Graphical configuration method and system for anti-misoperation lockout logic expression | |
| CN102855278B (en) | A kind of emulation mode and system | |
| CN110232168B (en) | Electrical distance-based electrical coordinate system construction method, medium and equipment | |
| Chen et al. | Generalised‐fast decoupled state estimator | |
| CN109638830A (en) | A kind of electric load model building method, device and equipment | |
| Liu et al. | Planar visibility graph network algorithm for two dimensional timeseries | |
| Yisong et al. | Study on the relationship between transmission line failure rate and lightning information based on Neo4j |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |