CN105930724A - Intrusion detection method on basis of big data for intelligent electric meters - Google Patents
Intrusion detection method on basis of big data for intelligent electric meters Download PDFInfo
- Publication number
- CN105930724A CN105930724A CN201610429718.1A CN201610429718A CN105930724A CN 105930724 A CN105930724 A CN 105930724A CN 201610429718 A CN201610429718 A CN 201610429718A CN 105930724 A CN105930724 A CN 105930724A
- Authority
- CN
- China
- Prior art keywords
- data
- intelligent electric
- power
- electric
- cpu load
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Abstract
The invention discloses an intrusion detection method on the basis of big data for intelligent electric meters. The intrusion detection method includes steps of 1, regularly collecting data of CPU (central processing unit) load rates, communication flow, currents, voltages, power factors, power and electric quantity rates and uploading the data to electric power utilization databases; 2, extracting data of CUP load rates and communication flow of the same types of electric meters from the electric power utilization databases and unloading the extracted data to electric power utilization management centers; 3, enabling the electric power utilization management centers to compute standard deviation and root-mean-square errors by the aid of the CPU load rates and the communication flow in selected later collected data and the selected original stored data, selecting anomaly thresholds according to statistic characteristics and identifying the intelligent electric meters which exceed the thresholds. The data of the CPU load rates, the communication flow, the currents, the voltages, the power factors, the power and the electric quantity rates are recorded by the intelligent electric meters of users. Historical data stored in the electric power utilization databases contain electric quantity measurement data of CPU load rates, communication flow, currents, voltages, power factors, power, electric quantity rates and the like corresponding to the various intelligent electric meters in original normal running periods. The electric meters of which the data of the CUP load rates and the communication flow are extracted at the step 2 are manufactured by the same manufacturers.
Description
Technical field
The invention belongs to intelligent power grid technology field, particularly to a kind of intelligence based on big data
Can ammeter intrusion detection method.
Background technology
Traditional energy day by day shortage and problem of environmental pollution are the most seriously that human society is persistently sent out
The ultimate challenge that exhibition is faced.For solving energy crisis and environmental problem, can effect technique, can
The various low-carbon technologies such as renewable sources of energy technology, novel traffic technology are fast-developing, and will obtain
Large-scale application.The large-scale application of various low-carbon technologies is concentrated mainly on development of renewable energy
Electricity and terminal use's aspect, make the Generation Side of tradition electrical network and user side characteristic there occurs great
Change, and bring new challenge to defeated, the development of power distribution network and safe operation.So
Its development under, the concept of intelligent grid is arisen at the historic moment, and obtains wide in the world
General approval, becomes the common development trend of world power industry.
Meanwhile, as the terminal of intelligent grid, intelligent electric meter is close with the daily life of user
Cut is closed, and is the solid bridge between electrical network and user.Intelligent electric meter record and transmission electricity consumption
The sensitive informations such as rate, belong to the high pay-off target of network attack, and some disabled user can steal
Take user profile or distort electricity consumption data, causing grid company analysis decision mistake and use
Family and the direct economic loss of grid company.Therefore be badly in need of a kind of Intrusion Detection Technique prevent through
The loss of Ji and the generation of fault.
Intrusion detection is according to certain rule or statistical analysis, by computer system or network
In some key points collect and analytical auditing record, security log, user behavior and network
Whether the information such as packet, check currently to exist in network or system and violate entering of security strategy
Invade behavior and the sign being hacked.
Mass data support under, the every field of scientific research all occur in that from test-type,
Theoretical type, calculation type scientific discovery develop to data-intensive scientific discoveries based on big data
New normal form.Power system the most just has data-intensive feature, and user classifies, bears
The data analysing methods such as lotus prediction and fail-safe analysis have permanent popularizing in power industry
Application.In the last few years, the enforcement built along with intelligent grid and intelligent sensing equipment a large amount of
Installing and using, popularizing of the most senior measurement system, Utilities Electric Co. obtains unprecedented
The data of extensive number.Intelligent electric meter is recordable can be used as security audit and invasion inspection in a large number
The secure data surveyed, utilizes this characteristic, can be from the angle of big data statistics for using
Power information security protection provides new thinking.
A kind of monitoring technology monitoring object existed is to occupy upper strata in system
Server and data acquisition unit, and the intelligent electric meter occuping bottom is multi-point and wide-ranging because of it, calculates,
Poke and limited communications resources, it is difficult to provide the security audit data needed for intrusion detection, still
It is in the state lacking monitoring.
Summary of the invention
It is an object of the invention to provide a kind of intelligent electric meter intrusion detection side based on big data
Method.
The technical scheme is that, a kind of intelligent electric meter intrusion detection sides based on big data
Method, including step:
Step 1, the cpu load rate of periodic collection user's intelligent electric meter record, communication flows, electric current,
Voltage, power factor, power and electricity tariff data, be uploaded to electricity consumption database, electricity consumption number
Historical data according to storehouse storage inside include corresponding with each intelligent electric meter original
The cpu load rate in properly functioning period, communication flows, electric current, voltage, power factor,
The electrical measurement data such as power and electricity rate;
Step 2, extracts same producer, same model ammeter cpu load rate from electricity consumption database and communicates
Data on flows, and the data these extracted upload to management of power use center;
Step 3, management of power use center utilizes the later stage selected to collect in data and original stored data
Cpu load rate and communication flows, calculate standard deviation and root-mean-square error, further according to statistics
Characteristic selects outlier threshold, identifies the intelligent electric meter of exceeded threshold;
Step 4, retrieval cpu load rate or communication flows are higher than setting threshold value intelligent electric meter
Check meter address, confirm the position of ammeter according to the stoichiometric point numbering of association.
The present invention, on the basis of existing power information acquisition system, utilizes embedded operation system
The cpu load rate of system offer and communication flows query function, set up CPU in intelligent electric meter
Rate of load condensate and communication flows inspection software module;Then using the data of detection as security audit
Data, transmit to management of power use center together with original electrical measurement data;Again by exception
Detecting system arranges abnormality detection threshold according to the statistical property of same producer same model mass data
Value, by the lateral comparison between ammeter, or according to single ammeter on a timeline longitudinally
Change, identify exception table meter.Institute's extracting method is without installing and updating disease on intelligent electric meter
Poison inspection software, only need to according to the cpu load rate of intelligent electric meter and communication flows laterally and
Longitudinal comparison differentiates, is not affected with approach by poisoning intrusion mode, can be at intelligent electric meter
The basic need of its protecting information safety are met under limited computing capability and communication bandwidth constraint
Ask.For exploring new applications based on big data, the value-rising of excavation mass data provides
Solid foundation.
Accompanying drawing explanation
Fig. 1 is intelligent electric meter intrusion detection method flow processs based on big data in the embodiment of the present invention
Figure.
Detailed description of the invention
The principle that realizes of the present invention is, for novel intelligent based on chip development such as ARM electricity
For table, because of same model table meter function fix, software and hardware configuration identical, cpu busy percentage base
This is consistent, and communication flows is because of the communication media bit error rate difference, but the most very close.Right
For general computer system, cpu busy percentage rises and network traffic is extremely
Suffer modal sign after malicious intrusions.For intelligent electric meter, same.
Utilize the feature that after suffering Malware invasion, CPU computational load and communication flows increase,
Firstly for having the intelligent electric meter of embedded OS, increase cpu load therein
Rate and the software detection module of communication flows, utilize Linux embedded OS to provide
The interface functions such as Mrtg or Uptime, periodic collection cpu load rate and communication flows number
According to, by these data and the electric current of intelligent electric meter internal gathering, voltage, power factor, merit
Rate uploads to electricity consumption database together with electricity tariff data, the storage of electricity consumption data store internal
Historical data has included the original properly functioning period corresponding with each intelligent electric meter
Cpu load rate, communication flows, electric current, voltage, power factor, power and electricity take
The electrical measurement data such as rate, these can be just whether detection intelligent electric meter entered by Malware
Offer security audit data are provided.
Secondly because different manufacturers, the hardware configuration of different model intelligent electric meter and software function are each
Variant, in order to avoid the degree of accuracy of this differentia influence intrusion detection, management of power use center
Abnormality detection system the most all extracts same producer, same model intelligent electric meter from electricity consumption database
Cpu busy percentage and communication flows data, and the data these extracted upload to electricity consumption
Administrative center.Management of power use center utilizes the later stage selected to collect data and original stored data
In cpu busy percentage and communication flows calculate the statistics such as their standard deviation and root-mean-square error
Index, selects specific threshold further according to statistical property, identifies the intelligent electric meter of exceeded threshold.
Then retrieval cpu load rate or communication flows are higher than setting threshold value intelligent electric meter
Check meter address, confirm the position of ammeter according to the stoichiometric point numbering of association.In the ordinary course of things,
The user that contact staff passes through phone, mobile phone is corresponding with internet remote guide checks and gets rid of
Malware, can also use internet works software to carry out remote assistance to improve efficiency, side
User unversed to computer is helped to put the axe in the helve.If utilizing mobile terminal and internet end all
In the case of cannot solving customer problem, it is necessary for sending contact staff to visit inspection Intelligent electric
Table and catch Malware.
Finally for confirming problematic intelligent electric meter, it is taken off from user's family and profit
It is contained in home position, it is ensured that subscriber household normal electricity consumption with standby ammeter.Then by problem electricity
Watchband goes back to company and analyses in depth its characteristic of malware code, for further further exploration for intelligence
Route of transmission and the attack mode of the similar Malware of energy ammeter lay the foundation.In understanding
During learn, then according to its mechanism of action specify countermeasure for such Malware,
Must open thought, each side leak under attack may be considered that comprehensively, maximum to the greatest extent is exerted
Try hard to avoid and exempt from security incident and economic loss.
Claims (1)
1. an intelligent electric meter intrusion detection method based on big data, it is characterised in that include step
Rapid:
Step 1, the cpu load rate of periodic collection user's intelligent electric meter record, communication flows, electric current,
Voltage, power factor, power and electricity tariff data, be uploaded to electricity consumption database, electricity consumption number
Historical data according to storehouse storage inside include corresponding with each intelligent electric meter original
The cpu load rate in properly functioning period, communication flows, electric current, voltage, power factor,
The electrical measurement data such as power and electricity rate;
Step 2, extracts same producer, same model ammeter cpu load rate from electricity consumption database and communicates
Data on flows, and the data these extracted upload to management of power use center;
Step 3, management of power use center utilizes the later stage selected to collect in data and original stored data
Cpu load rate and communication flows, calculate standard deviation and root-mean-square error, further according to statistics
Characteristic selects threshold value, identifies the intelligent electric meter of exceeded threshold;
Step 4, retrieval cpu load rate or communication flows are higher than the intelligent electric meter of setting threshold value
Check meter address, confirm the position of ammeter according to the stoichiometric point numbering of association.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610429718.1A CN105930724A (en) | 2016-06-16 | 2016-06-16 | Intrusion detection method on basis of big data for intelligent electric meters |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610429718.1A CN105930724A (en) | 2016-06-16 | 2016-06-16 | Intrusion detection method on basis of big data for intelligent electric meters |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105930724A true CN105930724A (en) | 2016-09-07 |
Family
ID=56830913
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610429718.1A Pending CN105930724A (en) | 2016-06-16 | 2016-06-16 | Intrusion detection method on basis of big data for intelligent electric meters |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105930724A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111797436A (en) * | 2020-09-10 | 2020-10-20 | 深圳华工能源技术有限公司 | Energy-saving data counterfeiting identification method for energy-saving equipment of power distribution and utilization system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120144486A1 (en) * | 2010-12-07 | 2012-06-07 | Mcafee, Inc. | Method and system for protecting against unknown malicious activities by detecting a heap spray attack on an electronic device |
| CN103457791A (en) * | 2013-08-19 | 2013-12-18 | 国家电网公司 | Self-diagnosis method of network sampling and control link of intelligent substation |
| CN104239186A (en) * | 2014-09-30 | 2014-12-24 | 陈凤 | Intelligent electric meter virus detection method based on load rate of CPU |
-
2016
- 2016-06-16 CN CN201610429718.1A patent/CN105930724A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120144486A1 (en) * | 2010-12-07 | 2012-06-07 | Mcafee, Inc. | Method and system for protecting against unknown malicious activities by detecting a heap spray attack on an electronic device |
| CN103457791A (en) * | 2013-08-19 | 2013-12-18 | 国家电网公司 | Self-diagnosis method of network sampling and control link of intelligent substation |
| CN104239186A (en) * | 2014-09-30 | 2014-12-24 | 陈凤 | Intelligent electric meter virus detection method based on load rate of CPU |
Non-Patent Citations (1)
| Title |
|---|
| 李志强等: ""基于大数据的智能电表入侵检测方法"", 《电力科学与技术学报》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111797436A (en) * | 2020-09-10 | 2020-10-20 | 深圳华工能源技术有限公司 | Energy-saving data counterfeiting identification method for energy-saving equipment of power distribution and utilization system |
| CN111797436B (en) * | 2020-09-10 | 2020-12-25 | 深圳华工能源技术有限公司 | Energy-saving data counterfeiting identification method for energy-saving equipment of power distribution and utilization system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jaradat et al. | The internet of energy: smart sensor networks and big data management for smart grid | |
| Trakas et al. | Spatial risk analysis of power systems resilience during extreme events | |
| CN105426980B (en) | Power distribution network health index assessment engineering application system | |
| Kang et al. | Big data analytics in China's electric power industry: modern information, communication technologies, and millions of smart meters | |
| CN115063058B (en) | Comprehensive energy situation perception system based on model driving and data driving | |
| Jokar et al. | Intrusion detection in advanced metering infrastructure based on consumption pattern | |
| CN103198139A (en) | Energy consumption analyzing method of user electricity data | |
| Shobol et al. | Overview of big data in smart grid | |
| CN117132025A (en) | Power consumption monitoring and early warning system based on multisource data fusion | |
| Marlen et al. | Application of big data in smart grids: Energy analytics | |
| Althobaiti et al. | Energy theft in smart grids: a survey on data-driven attack strategies and detection methods | |
| CN106022640B (en) | Electric quantity index checking system and method | |
| CN115049410A (en) | Electricity stealing behavior identification method and device, electronic equipment and computer readable storage medium | |
| Alomar | An IOT based smart grid system for advanced cooperative transmission and communication | |
| CN116996220B (en) | Safe storage method and system for big data of power grid | |
| AU2020101173A4 (en) | Advance metering infrastructure system for large scale iot networks data collection by streaming | |
| Ausmus et al. | Big data analytics and the electric utility industry | |
| CN105930724A (en) | Intrusion detection method on basis of big data for intelligent electric meters | |
| CN111366889A (en) | Abnormal electricity utilization detection method for intelligent electric meter | |
| CN105897776A (en) | Safety management and control method based on cloud computation system and safety management and control system based on cloud computation system | |
| CN203261124U (en) | User side response system of smart power grid | |
| Dhupia et al. | A review: Big data analytics in smart grid management | |
| Jiang | Design and implementation of smart community big data dynamic analysis model based on logistic regression model | |
| Mukherjee et al. | Using phasor data for visualization and data mining in smart-grid applications | |
| CN109450934A (en) | Terminal accesses data exception detection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160907 |