CN106685928A - SMV (sampled measured value) network attack grading detection method applicable to digital substation bay level - Google Patents

SMV (sampled measured value) network attack grading detection method applicable to digital substation bay level Download PDF

Info

Publication number
CN106685928A
CN106685928A CN201611108354.3A CN201611108354A CN106685928A CN 106685928 A CN106685928 A CN 106685928A CN 201611108354 A CN201611108354 A CN 201611108354A CN 106685928 A CN106685928 A CN 106685928A
Authority
CN
China
Prior art keywords
data
smv
detection
packet
intrusion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611108354.3A
Other languages
Chinese (zh)
Inventor
朱玛
张亮
杨才明
章坚民
金乃正
李勇
侯连全
金渊文
许海峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Zhejiang Electric Power Co Ltd
Hangzhou Electronic Science and Technology University
Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Zhejiang Electric Power Co Ltd
Hangzhou Electronic Science and Technology University
Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Zhejiang Electric Power Co Ltd, Hangzhou Electronic Science and Technology University, Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201611108354.3A priority Critical patent/CN106685928A/en
Publication of CN106685928A publication Critical patent/CN106685928A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention discloses an SMV (sampled measured value) network attack grading detection method applicable to a digital substation bay level. The method includes steps of packet decryption, packet filtering, packet analysis, MAC (media access control) address abnormity detection, specification-based intrusion detection and historical event based data detection and further includes a final step that final detection results are classified and written into normal event logs and alarm logs and stored after abnormality evident acquisition, abnormal evaluation index calculation is performed according to intrusion data, and alarm and intrusion data and abnormal evaluation indexes are sent to a master station or local alarm display is performed. The SMV network attack grading detection method applicable to the digital substation bay level has advantages that by arrangement of various indicators for abnormal states including MAC address abnormality, SMV bad data, data packet logic detection, data traffic threshold abnormality, primary failure similarity, network attack similarity, uploading SMV faking, uploading SMV tampering and the like, intrusion forms and possible intrusion positions can be determined conveniently and quickly, and dispatch side operation monitoring personnel can be informed conveniently and quickly.

Description

Suitable for digital substation interval layer SMV network attack hierarchical detection methods
Technical field
The present invention relates to one kind is under digital substation interval layer, to the network attack hierarchical detection of its SMV message Method, belongs to power system information security fields.
Background technology
SMV (Sampled Measured Values) crude sampling message, is the true of side apparatus operation of power system Real reflection;Transformer station is very high (must not exceed 4ms) to SMV transmission requirement of real-time, and current MU (Merging Unit) is often right SMV is not added with any protecting information safety measure, therefore there is the very big probability of false data injection attacks;Protection class SMV message Maliciously distorted and reset, relay protection system malfunction, tripping may be caused, caused serious accident;Observing and controlling class SMV is reported Text, is the Main Basiss for regulating and controlling central data collection and monitoring system SCADA/EMS state estimation, and it is maliciously distorted and weight Put, SCADA/EMS may be caused to make mistake or even dangerous decision-making.
Information security intrusion detection forensic technologies are referred to by contrasting each predefined performance indications come to dynamical system Judgement, one kind theory of decision-making and technology, are considered the premise for improving information safety defense, and in every field height is all caused Pay attention to.When system is attacked by UNKNOWN TYPE, intruding detection system will try one's best accurate seat offence position, attack class Type, and be avoided that before software destruction attack vestige is removed, evidence under fire is accessed, to help the safe skill of electric network information Art personnel's analytical attack feature, formulates as early as possible corresponding defence policies, it is to avoid other regional power grids are subjected to similar attack.
In recent years, domestic and international experts and scholars were made that substantial amounts of contribution in power system information security fields.Relatively have It is representational such as:1) Ida. National Laboratory (Idaho Nation Laboratory) is using actual intelligence The industrial software of grid generation, power transmitting device/system and standard constructs SCADA information securities test system/platform NSTB (NationalSCADA TestBed).2) Arizona, USA university (University of Arizona) utilizes OPNET nets Network simulation software, Power World power system simulation softwares are constructed for abnormality detection (such as intrusion detection) research SCADA control systems information security analysis test platform/system (testbed for analyzing security of SCADA control system,TASSCS).3) the different intelligent grid information peace of Europe CRUTIAL project developments two Full test platform/system, for studying the impact caused by various network attacks.
In recent years the country have also been made extensive work in terms of electric power and information consolidation emulation platform is set up, such as 2003 HopkinsonK.M. doctor, J.S.Thorp professors and doctor's Wang Xiaoru cooperative research and development electric power and communication synchronization emulation platform (EPOCHS), using Power System Analysis and simulation software PSCAD, PSS/E, PSLF etc. as electric system simulation instrument, adopt Communication network simulation software NS2 is used as Communication System Simulation instrument, it is intended to the process that analog network is attacked.It is simultaneously Chinese in recent years The units such as Nanrui Group Co., the Central China University of Science and Technology, Southeast China University have carried out the preliminary study of some union simulation platforms, build Power system simulation software and networks simulation technology software kit (OPNET) union simulation platform, to attempt to explore network attack Feature.
In view of this, the present inventor is studied this, is specially developed a kind of suitable for digital substation interval layer Thus SMV network attack hierarchical detection methods, this case produces.
The content of the invention
It is an object of the invention to provide a kind of be applied to digital substation interval layer SMV network attacks hierarchical detection side Method.
To achieve these goals, solution of the invention is:
One kind is applied to digital substation interval layer SMV network attack hierarchical detection methods, comprises the steps:
Step 1. bag decryption:Checking is digitally signed through the SMV bags of digital signature to MU, according to encrypting and decrypting rule Carry out processing data packets;
Step 2. packet filtering:According to the difference of SMV packet MVC initial addresses, SMV packets are filtered out;
Step 3. Packet analyzing:The MAC Address agreement of SMV packet outer layers is peeled off, the data in bag, and handle is extracted MAC Address and bag data are sent to bag abnormality detection module;
Step 4.MAC address abnormality detection:All MAC Address for reaching intrusion detection module will strictly observe predefined Address receive table, once occur with address base in unmatched MAC Address, then detect indicator γMACTrue is set to, is stood Alert and abandon data quarter;
Intrusion detection of the step 5. based on specification:Including mainly for cause Tripping data, bad data, violate logic, Super flow threshold alarm etc.;
Data Detection of the step 6. based on historical events:Whether the current sampled data of detection meets the triggering of historical events Condition, such as excessively stream, overvoltage, short trouble historical events, if meeting, arrange primary fault γlsftIt is designated as true;Then Check whether sampled data meets certain web-based history and attack data model, if meeting, history invasion γ is setlsitIndicate For true etc..
Step 7. last testing result classification write normal event daily record, alarm log, to protecting after abnormal evidence obtaining Deposit;Anomaly assessment index ν is carried out according to invasion datanCalculate;Alarm and invasion data, anomaly assessment index νnBy Shang Song main websites; Or alerted display on the spot.
It is of the present invention suitable for digital substation interval layer SMV network attack hierarchical detection methods, be provided with MAC ground Location exception, SMV bad datas, packet logic detection, data traffic threshold values are extremely, primary fault is similar, network attack is similar, On send SMV to forge, on various abnormality indicators such as send SMV to distort, can fast and easy seat offence form and possible Position is attacked, quickly to inform scheduling side operation monitoring personnel.
The present invention is described in further detail below in conjunction with drawings and the specific embodiments.
Description of the drawings
Fig. 1 is the SMV data detection module block diagrams based on specification of the present embodiment;
Fig. 2 is the SMV messages integrity and digital signature identification process flow diagram flow chart of the present embodiment.
Specific embodiment
As shown in figure 1, a kind of be applied to digital substation interval layer SMV network attack hierarchical detection methods, including such as Lower step:
Step 1. bag decryption:Checking is digitally signed through the SMV bags of digital signature to MU, according to encrypting and decrypting rule Carry out processing data packets;
Step 2. packet filtering:Because GOOSE/SMV is very high to requirement of real-time, GOOSE/SMV message transmissions are by application layer Data Link Layer is directly arrived, UDP/TCP/IP agreements is not used, it is therefore desirable to according to the difference of SMV packet MVC initial addresses, mistake Leach SMV packets;
Step 3. Packet analyzing:The MAC Address agreement of SMV packet outer layers is peeled off, the data in bag, and handle is extracted MAC Address and bag data are sent to bag abnormality detection module.
Step 4.MAC address abnormality detection:All MAC Address for reaching intrusion detection module will strictly observe predefined Address receive table, once occur with address base in unmatched MAC Address, then detect indicator γMACTrue is set to, is stood Alert and abandon data quarter;
Intrusion detection of the step 5. based on specification:Including mainly for cause Tripping data, bad data, violate logic, Super flow threshold alarm etc.;
Data Detection of the step 6. based on historical events:Whether the current sampled data of detection meets the triggering of historical events Condition, such as excessively stream, overvoltage, short trouble historical events, if meeting, arrange primary fault γlsftIt is designated as true;Then Check whether sampled data meets certain web-based history and attack data model, if meeting, history invasion γ is setlsitIndicate For true etc..
Step 7. last testing result classification write normal event daily record, alarm log, to protecting after abnormal evidence obtaining Deposit;Anomaly assessment index ν is carried out according to invasion datanCalculate;Alarm and invasion data, anomaly assessment index νnBy Shang Song main websites; Or alerted display on the spot.
Digital signature described in the present embodiment, not only can guarantee information transmission integrity, differentiate certification sender body Part and prevent information from denial behavior occur in exchanging, while and real-time and safety can be taken into account, thus be considered as transformer station The effective safety measures of station communication.Due in whole SMV messages it is most crucial be also the external world most want intercept and capture information be each should With the data of 4B before each electric parameters in the DataSet domains of service data unit (ASDU) latter half, as long as ensureing this portion Divide the confidentiality of information, then SMV messages essential information will not be revealed.Therefore take to reduce cryptographic calculation, just for adopting It is digitally signed with the key content of message, so improves the real-time of message transmissions.The present embodiment is carried out using SM2 systems Digital signature identification, is to reduce time-consuming, and using based on Hua Da letter peace SSM0901 encryption chips hardware encryption is carried out.By quantitative Encryption it is time-consuming calculate and OPNET softwares transmission delay simulation result, it is final to confirm that result meets IEC62351 communications The requirement to the time delay of SMV message transmissions less than 4ms in system standard.
SMV threshold values Outlier Detection Algorithms:The present embodiment is incorporated into measuring value state estimation algorithm in SCADA/EMS locally In SVDE, local second state estimation is carried out, meet the verifiability feature of information.
State estimation model based on DC power flow is as follows to detect raw data detection algorithm:
Z=Hx+e (1)
In formula, measurement matrix Hm×nIt is a constant Jacobian matrix, normal conditions lower sensor measuring value number is greater than State variable number, i.e. m > n.X is quantity of state to be estimated, and e is measurement error.
State estimation problem solves object function J (x) using weighted least-squares method herein based on redundant measurements Minima obtaining state estimation result, its expression formula is as follows:
J (x)=(z-Hx)TW(z-Hx) (2)
W is the diagonal matrix related to systematic error in formula, the minima that method of least square is solved
WhenWhen (C is threshold values) sets up, show to measure in vector and contain bad data, will measure in vector and estimate to miss The maximum variable of difference is filtered, raw data detection positioning indicator γblTrue is set to, state estimation is re-started, until passing through Till raw data detection.
SMV flow threshold values Outlier Detection Algorithms:SMV packets threshold values depends on sampling rate.In packet filtering module, SMV What the MVC addresses of packet can start from 01-0C-CD-04-00-00, therefore can check that SMV numbers are obtained in its MVC address to flutter According to bag, the quantity and other detailed information of packet per second are recorded.In intrusion detection module, if flutterring the data for obtaining in 1s Bag quantityMore than predefined packet threshold valuesSo this exception will be written into abnormal log and produce alarm, make For the judgment basis that SMV bags can suffer from DoS attack.SMV packet threshold values abnormality detection indicators γfzIt is set to true.SMV Packet threshold valuesComputing formula is as follows:
Wherein m is the quantity of combining unit in 1s,It is sample magnitude resolution, fiIt is the frequency of i-th packet, μsv It is threshold values calculation error coefficient.
The design of intrusion detection storehouse is as follows:
1) Tripping data detection is caused:Whether predominantly detect in bag data containing overvoltage, the mistake for causing relay protection to trip The warning values such as stream.If detecting such data, alarm log is charged to, above send transformer station's integrated system, and regulation and control main website.
2) SMV data Shang Song main website is tampered or forges detection:Cipher mode is only reduction of SMV data from MU to relay Protection device is tampered probability, but SMV reaches main website by telemechanical apparatus long transmission path, and message is tampered Probability it is very big, while also likely to be present SMV data forgery possibility;By upper local state estimation, while receiving The state estimation that main website is beamed back, and contrasted:If 1. unpaired, show to measure original SMV in wide area network transmission mistake There is data forgery in journey, then put and send SMV to forge instruction γSVfkFor true;2. two values differ greatly, then show that measurement is original There is data tampering possibility in SMV, then put and send SMV to distort instruction γ during wide area network transmissionSVtpFor true.
3) logic detection is predefined:The order that sends and receives of packet is to meet certain logical specification (such as data The serial number size of bag), for the packet for not being inconsistent logical is once detected, just it is abandoned, and logic detection is set Indicate γljFor true, alerted.
4) data traffic threshold values exception:Data are have one to make a reservation for into the speed of intrusion detection module through parsing module Adopted threshold values;For those are always more than the bag of threshold values, just have reason to suspect that this MAC Address has been subjected to DoS attack or network Storm attack.
The present embodiment is in intrusion detection lab setting:1. digital signature authentication does not pass through γgj;2. bad data γbl;③ Logic detection does not pass through γlj;4. threshold values exception γfz;5. the similar γ of history primary faultlsft;6. web-based history is attacked similar γlsit;7. SMV is sent to forge γ onSVfk;8. SMV is sent to distort γ onSVtp;9. MAC Address exception γMACDeng 9 kinds of abnormality indicators, And stored count is carried out to it, for the on-line monitoring of detection state and historical statistics of process-level network attack.
Online anomaly assessment index νnCan be defined as follows:
νngl∩γbl∩γlj∩γfz∩γlsft∩γlsit∩γMVfk∩γMVtp∩γMAC (5)
If a certain item testing result exception, positioning indicator value is true, anomaly assessment index νnIt is worth for 1, represents There is abnormal intrusion event in intrusion detection module, intelligent apparatus SVDE to Zhan Kong main websites, regulation and control main website and itself external LED show Screen produces alarm prompt.If anomaly assessment index νnIt is worth for 0, then it represents that original message invasion without exception.
Described in the present embodiment suitable for digital substation interval layer SMV network attack hierarchical detection methods, be provided with MAC Address exception, SMV bad datas, packet logic detection, data traffic threshold values exception, primary fault are similar, network attack phase Like, on send SMV to forge, on various abnormality indicators such as send SMV to distort, can fast and easy seat offence form and may Attack position, so as to quickly inform scheduling side operation monitoring personnel.
The product form and style of above-described embodiment and schema and the non-limiting present invention, any art it is common Appropriate change or modification that technical staff is done to it, all should be regarded as the patent category without departing from the present invention.

Claims (1)

1. it is a kind of to be applied to digital substation interval layer SMV network attack hierarchical detection methods, it is characterised in that including as follows Step:
Step 1. bag decryption:Checking is digitally signed through the SMV bags of digital signature to MU, is carried out according to encrypting and decrypting rule Processing data packets;
Step 2. packet filtering:According to the difference of SMV packet MVC initial addresses, SMV packets are filtered out;
Step 3. Packet analyzing:The MAC Address agreement of SMV packet outer layers is peeled off, the data in bag are extracted, and MAC ground Location and bag data are sent to bag abnormality detection module;
Step 4.MAC address abnormality detection:All MAC Address for reaching intrusion detection module will be strictly observed predefinedly Location receives table, once occurring and unmatched MAC Address in address base, then detects indicator γMACTrue is set to, is accused at once Warn and abandon data;
Intrusion detection of the step 5. based on specification:Including mainly for initiation Tripping data, bad data, violation logic, super stream Amount threshold alarm etc.;
Data Detection of the step 6. based on historical events:Whether the current sampled data of detection meets the triggering bar of historical events Part, such as excessively stream, overvoltage, short trouble historical events, if meeting, arrange primary fault γlsftIt is designated as true;Then examine Look into whether sampled data meets certain web-based history attack data model, if meeting, history invasion γ is setlsitIt is designated as True etc..
Step 7. last testing result classification write normal event daily record, alarm log, to preserving after abnormal evidence obtaining;Root Anomaly assessment index ν is carried out according to invasion datanCalculate;Alarm and invasion data, anomaly assessment index νnBy Shang Song main websites;Or Display is alerted on the spot.
CN201611108354.3A 2016-12-06 2016-12-06 SMV (sampled measured value) network attack grading detection method applicable to digital substation bay level Pending CN106685928A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611108354.3A CN106685928A (en) 2016-12-06 2016-12-06 SMV (sampled measured value) network attack grading detection method applicable to digital substation bay level

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611108354.3A CN106685928A (en) 2016-12-06 2016-12-06 SMV (sampled measured value) network attack grading detection method applicable to digital substation bay level

Publications (1)

Publication Number Publication Date
CN106685928A true CN106685928A (en) 2017-05-17

Family

ID=58866318

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611108354.3A Pending CN106685928A (en) 2016-12-06 2016-12-06 SMV (sampled measured value) network attack grading detection method applicable to digital substation bay level

Country Status (1)

Country Link
CN (1) CN106685928A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809727A (en) * 2018-06-15 2018-11-13 北京科技大学 A kind of intrusion prevention system of DC motor control system
US20210112090A1 (en) * 2019-10-10 2021-04-15 Alliance For Sustainable Energy, Llc Network visualization, intrusion detection, and network healing
US11399042B2 (en) * 2018-07-25 2022-07-26 George Mason University Secure overlay communication model for decentralized autonomous power grid

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103457791A (en) * 2013-08-19 2013-12-18 国家电网公司 Self-diagnosis method of network sampling and control link of intelligent substation
US20140136002A1 (en) * 2011-06-30 2014-05-15 Abb Research Ltd Method for distributed waveform recording in a power distribution system
CN103915897A (en) * 2014-02-28 2014-07-09 电信科学技术仪表研究所 Method and device for monitoring digital substation sampled values
CN105656713A (en) * 2015-12-22 2016-06-08 国电南瑞科技股份有限公司 SMV and GOOSE message filter method based on FPGA
CN106130950A (en) * 2016-05-20 2016-11-16 南京理工大学 Method for detecting abnormality for IEC61850 agreement SV message

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140136002A1 (en) * 2011-06-30 2014-05-15 Abb Research Ltd Method for distributed waveform recording in a power distribution system
CN103457791A (en) * 2013-08-19 2013-12-18 国家电网公司 Self-diagnosis method of network sampling and control link of intelligent substation
CN103915897A (en) * 2014-02-28 2014-07-09 电信科学技术仪表研究所 Method and device for monitoring digital substation sampled values
CN105656713A (en) * 2015-12-22 2016-06-08 国电南瑞科技股份有限公司 SMV and GOOSE message filter method based on FPGA
CN106130950A (en) * 2016-05-20 2016-11-16 南京理工大学 Method for detecting abnormality for IEC61850 agreement SV message

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
侯连全等: "变电站过程层与SMV安全传输的网络攻击检测与取证设计", 《电力系统自动化》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809727A (en) * 2018-06-15 2018-11-13 北京科技大学 A kind of intrusion prevention system of DC motor control system
CN108809727B (en) * 2018-06-15 2020-08-07 北京科技大学 Intrusion prevention system of direct current motor control system
US11399042B2 (en) * 2018-07-25 2022-07-26 George Mason University Secure overlay communication model for decentralized autonomous power grid
US20210112090A1 (en) * 2019-10-10 2021-04-15 Alliance For Sustainable Energy, Llc Network visualization, intrusion detection, and network healing
US11902318B2 (en) * 2019-10-10 2024-02-13 Alliance For Sustainable Energy, Llc Network visualization, intrusion detection, and network healing

Similar Documents

Publication Publication Date Title
Sun et al. Cyber security of a power grid: State-of-the-art
Hong et al. Detection of cyber intrusions using network-based multicast messages for substation automation
CN105407103A (en) Network threat evaluation method based on multi-granularity anomaly detection
CN106982235A (en) A kind of power industry control network inbreak detection method and system based on IEC 61850
CN102340485B (en) Network security situation awareness system and method based on information correlation
CN103067192B (en) A kind of analytical system of network traffics and method
CN109889476A (en) A kind of network safety protection method and network security protection system
CN103149549B (en) Method and system of data processing based on electric energy metering device
CN103581186A (en) Network security situation awareness method and system
CN106685928A (en) SMV (sampled measured value) network attack grading detection method applicable to digital substation bay level
CN105868629A (en) Security threat situation assessment method suitable for electric power information physical system
CN106713354A (en) Method for evaluating vulnerability node of electric cyber-physical system based on undetectable information attack pre-warning technology
CN104811437B (en) A kind of system and method that security strategy is generated in industrial control network
CN105141573B (en) A kind of safety protecting method and system based on WEB access compliance audit
CN107135183A (en) A kind of data on flows monitoring method and device
CN110324323A (en) A kind of new energy plant stand relates to net end real-time, interactive process exception detection method and system
CN106789351A (en) A kind of online intrusion prevention method and system based on SDN
CN105867347A (en) Trans-space cascade fault detection method based on machine learning technology
CN110493180A (en) A kind of substation network communication flow real-time analysis method
Dong et al. Research on abnormal detection of ModbusTCP/IP protocol based on one-class SVM
CN107122884A (en) The appraisal procedure and device of a kind of electrical power distribution automatization system protecting information safety
Panthi Identification of disturbances in power system and DDoS attacks using machine learning
CN107612927A (en) The safety detection method of electric power scheduling automatization system
CN104601567B (en) A kind of indexing security measure method excavated based on information network security of power system event
Tudor et al. Harnessing the unknown in advanced metering infrastructure traffic

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170517