CN110647908A - Automatic transformer substation feature fingerprint extraction method - Google Patents
Automatic transformer substation feature fingerprint extraction method Download PDFInfo
- Publication number
- CN110647908A CN110647908A CN201910719367.1A CN201910719367A CN110647908A CN 110647908 A CN110647908 A CN 110647908A CN 201910719367 A CN201910719367 A CN 201910719367A CN 110647908 A CN110647908 A CN 110647908A
- Authority
- CN
- China
- Prior art keywords
- sequence
- frequent
- transformer substation
- feature
- byte
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000605 extraction Methods 0.000 title claims abstract description 30
- 238000000034 method Methods 0.000 claims abstract description 21
- 238000005065 mining Methods 0.000 claims abstract description 16
- 230000008569 process Effects 0.000 claims abstract description 16
- 238000005516 engineering process Methods 0.000 claims abstract description 7
- 230000006872 improvement Effects 0.000 claims description 3
- 230000010365 information processing Effects 0.000 claims description 3
- 239000000523 sample Substances 0.000 claims description 3
- 238000005303 weighing Methods 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 abstract description 6
- 238000004891 communication Methods 0.000 abstract description 6
- 230000003993 interaction Effects 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E60/00—Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/16—Electric power substations
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Economics (AREA)
- General Engineering & Computer Science (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Tourism & Hospitality (AREA)
- Public Health (AREA)
- Water Supply & Treatment (AREA)
- General Business, Economics & Management (AREA)
- General Health & Medical Sciences (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- Primary Health Care (AREA)
- Marketing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention belongs to the field of transformer substation network security, in particular to a transformer substation feature fingerprint automatic extraction method, aiming at the problems that the workload is large and the protocol interaction process related to network flow needs to be deeply understood when transformer substation feature fingerprint acquisition is carried out manually, the following scheme is provided, the transformer substation feature fingerprint automatic extraction method is used for automatically extracting the transformer substation network flow feature fingerprint, the transformer substation network flow feature fingerprint is extracted through a sequence mode mining algorithm and a feature fingerprint extraction algorithm, and the transformer substation feature fingerprint automatic extraction method comprises the following steps: and capturing the data packet by using a Netflow technology. The invention provides a transformer substation flow characteristic fingerprint analysis method based on a hierarchical analysis method, which is provided by the invention according to a communication structure of three layers and two networks of a transformer substation and the communication characteristics of devices among the layers.
Description
Technical Field
The invention relates to the field of transformer substation network security, in particular to a transformer substation feature fingerprint automatic extraction method.
Background
Attacks on power system information are also typically implemented by security threats to one or more parts of the information system. Due to the high degree of interconnection throughout the power network, the operating state of each section can have a significant impact on the power system. As the transformer substation of the necessary route of electric energy transmission and configuration, the function mainly realizes the functions of converting and adjusting the voltage at two ends of the transformer substation, receiving and redistributing superior electric energy, controlling the electric power flow direction and the like. The transformer substation plays a key role in the whole power system, and because the related functions of the transformer substation are more and more important, the safe and stable operation of the transformer substation becomes one of the key conditions for the normal operation of the whole power system.
At present, the extraction of the characteristic fingerprint is carried out manually, the workload is large, and deep understanding of a protocol interaction process related to network traffic is required. Therefore, it is desirable to provide a method for automatically extracting a feature fingerprint, so as to establish a feature fingerprint library.
Because the original data used for analyzing the network flow characteristics of the transformer substation is captured in a complex transformer substation network environment, the network flow statistical characteristics are obviously influenced by the network environment, for example, the packet interval characteristics of the data are more obviously influenced by the network environment if the characteristics are influenced by the data receiving direction. Meanwhile, the statistical characteristics generated by some burst data (such as switch tripping) cannot represent the normal data volume characteristics of the existing application. It is necessary to reduce the original high-dimensional data to a lower data dimension by retaining the primary information in the original data and eliminating the related secondary information, i.e. retaining the primary features of the traffic.
Because the normal power monitoring and scheduling of the intelligent substation communication system has obvious regularity, frequent sequences in flow data packets can be mined. The flow processed after the main component retention and the secondary component elimination can better mine frequent sequences in the flow and can be used as a characteristic sequence of the network flow data of the transformer substation.
And carrying out similarity comparison on the feature sequence mined in a certain time period of the transformer substation and the features mined at the historical time. Assuming that the similarity threshold is set to be 90%, the feature sequence with the similarity exceeding 90% can be used as the feature fingerprint of the substation network.
Disclosure of Invention
The invention provides a transformer substation feature fingerprint automatic extraction method based on the technical problems that the transformer substation feature fingerprint acquisition is carried out manually, the workload is large, and the protocol interaction process related to network flow needs to be deeply understood.
The invention provides an automatic transformer substation characteristic fingerprint extraction method, which is used for automatically extracting transformer substation network flow characteristic fingerprints, wherein the transformer substation network flow characteristic fingerprints are extracted through a sequence pattern mining algorithm and a characteristic fingerprint extraction algorithm, and the transformer substation characteristic fingerprint automatic extraction method comprises the following steps:
(1) data packet capture
The capture of the data packet is carried out by a Netflow technology;
(2) data principal component information processing
Extracting main information of each captured data packet, removing secondary information, and storing application layer load content of the data packet to be analyzed, wherein the application layer load content is required to be met;
(3) frequent sequence processing
And reading the stored data information from the data linked list, and calling an improved GSP algorithm to carry out frequent sequence mode set statistics.
(4) Similarity contrast of historical features
Carrying out similarity comparison on the feature sequence mined in a certain time period of the transformer substation and the features mined at the historical time, and reserving the feature sequence above a similarity threshold;
(5) result output
And (4) extracting the sequence set statistically obtained in the step (4) as a characteristic fingerprint, and saving an output result in a text item file.
Preferably, the Netflow traffic acquisition technology in step (1) is a set of network traffic statistical protocols, and the main principle is that Netflow processes the first IP packet data of data by using a standard switching mode to generate a Netflow cache, and then the same data is transmitted in the same data based on cache information, and is not matched with related access control and other strategies. A Netflow system comprises three main parts: the system comprises a detector, a collector and a reporting system. The probe is used to listen to network data. The collector is used for collecting the data transmitted by the detector. The reporting system is used to generate easily readable reports from the data collected by the collectors.
Preferably, the definition of the sequence pattern mining algorithm is as follows: let C be the set of transactions T, i.e. C ═ T1,t2,…,tpHere, transaction T is a set of sequences, which can be expressed as: t ═ T1,t2,…,tpAnd
each element i in TjJ 1,2, …, p is referred to as a sequence element. Each transaction has a unique identifier, such as a transaction number, which is denoted as TIC. Let I ═ I1,i2,…,imIs the set of all sequences in the dataset and I is the set of binary words. Any subsequence in I is referred to as a sequence pattern, and if | X | ═ K, the set X is referred to as a K-sequence pattern. Let tkAnd X are respectively the set of transaction and sequence patterns in C, if
Weighing tkContaining sequence pattern X. The support rate of the sequence pattern X is support (X), and if the support (t) X is not less than the specified minimum support rate, the support rate is marked as minsupport: and if not, the X is called as an infrequent sequence mode. Let X, Y be the sequence pattern in the data set C. If it is
Then support (X) is not less than support (Y); if it is
If X is an infrequent sequence pattern, then Y is also an infrequent sequence pattern; if it is
If Y is a frequent sequence pattern, then X is also a frequent sequence pattern.
Preferably, the GSP algorithm in step (3) is to generate a frequent sequence pattern set by a candidate sequence pattern set method, and its core idea is that all subsequences of any frequent sequence pattern set must be frequent sequences. The algorithm divides the process of mining the sequence pattern into two steps: the first step is that through iteration, all sequence mode sets in a transaction database are retrieved, namely the sequence sets with the support degree not lower than a threshold value set by a user; and in the second step, a rule meeting the minimum trust degree of the user is constructed by utilizing the frequent sequence set.
Preferably, the feature fingerprint extraction algorithm is a modified GSP algorithm, and the desired feature set of the feature fingerprint is continuous because the sequence pattern mining results in a discrete sequence set. The GSP algorithm cannot be used directly to build a library of feature fingerprints. And the result of the sequence pattern mining does not contain the position information of the characteristic fingerprint, and the characteristic fingerprint extraction efficiency is low when the result is directly used, so that the improvement needs to be carried out, and the improved algorithm is used as the algorithm for extracting the characteristic fingerprint.
Preferably, the process of extracting the feature code by the improved GSP algorithm is as follows:
1) assume that 100 flows are tested and 8 packets are acquired from each flow as a qualified flow. Setting a support threshold of the frequent sequence mode to be 90%;
2) calculating the support degree of all 1-byte frequent sequence modes, namely all 1 bytes from 0x00 to Oxff, and outputting items meeting the support degree of more than 80 percent as 1-byte feature codes;
3) and combining every two 1-byte frequent sequence modes meeting the support degree to generate candidate 2-byte frequent sequence modes. Calculating the support degree of all 2-byte frequent sequence modes, and outputting the 2-byte frequent sequence modes meeting the conditions;
4) and merging the 2-byte frequent sequence patterns meeting the conditions to generate candidate 3-byte frequent sequence patterns. Calculating the support degree of all 3-byte frequent sequence modes, and outputting the 3-byte frequent sequence modes meeting the conditions;
by analogy, the process flow proceeds until no more frequent sequence patterns are generated.
In the process of merging from the 2-byte frequent sequence mode to the 3-byte frequent sequence mode, the merging principle is that the head bytes and the tail bytes are different, and the frequent sequence modes with the same middle bytes can be merged. For example, the 0x 010 x02 frequent sequence pattern can only be combined with the 0x 020 x03 frequent sequence pattern to generate the 0x 010 x 020 x03 frequent sequence pattern, and the theory basis of the combination is a priori principle.
The beneficial effects of the invention are as follows:
the invention provides a transformer substation flow characteristic fingerprint analysis method based on a hierarchical analysis method, which is provided by the invention according to a communication structure of three layers and two networks of a transformer substation and the communication characteristics of devices among the layers. Taking a substation bay level as an example, the flow characteristic fingerprint takes four levels of protocol flow, protocol type, protocol attribute and protocol content as conditional levels. In the case of the MMS protocol, the traffic and attributes and the protocol content all contain certain characteristics, which are used as the basic layer. The substation flow characteristic fingerprint analysis method based on the hierarchical analysis method establishes weights among hierarchical characteristics, retains coupling characteristics among the characteristic fingerprints, and can effectively reflect the characteristics of the communication flow of the substation.
Drawings
Fig. 1 is a flowchart of an automatic transformer substation feature fingerprint extraction method provided by the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Examples
Referring to fig. 1, an automatic transformer substation feature fingerprint extraction method is used for automatically extracting transformer substation network flow feature fingerprints, wherein the transformer substation network flow feature fingerprints are extracted through a sequence pattern mining algorithm and a feature fingerprint extraction algorithm, and the automatic transformer substation feature fingerprint extraction method includes the following steps:
(1) data packet capture
The capture of the data packet is carried out by a Netflow technology;
(2) data principal component information processing
Extracting main information of each captured data packet, removing secondary information, and storing application layer load content of the data packet to be analyzed, wherein the application layer load content is required to be met;
(3) frequent sequence processing
And reading the stored data information from the data linked list, and calling an improved GSP algorithm to carry out frequent sequence mode set statistics.
(4) Similarity contrast of historical features
Carrying out similarity comparison on the feature sequence mined in a certain time period of the transformer substation and the features mined at the historical time, and reserving the feature sequence above a similarity threshold;
(5) result output
And (4) extracting the sequence set statistically obtained in the step (4) as a characteristic fingerprint, and saving an output result in a text item file.
The Netflow flow acquisition technology in the step (1) is a set of network flow statistical protocols, and the main principle is that Netflow processes the first IP packet data of data by using a standard exchange mode to generate a Netflow cache, and then the same data is transmitted in the same data based on cache information and is not matched with related access control and other strategies. A Netflow system comprises three main parts: the system comprises a detector, a collector and a reporting system. The probe is used to listen to network data. The collector is used for collecting the data transmitted by the detector. The reporting system is used to generate easily readable reports from the data collected by the collectors.
The definition of the sequence pattern mining algorithm is as follows: let C be the set of transactions T, i.e. C ═ T1,t2,…,tpHere, transaction T is a set of sequences, which can be expressed as: t ═ T1,t2,…,tpAnd
each element i in TjJ 1,2, …, p is referred to as a sequence element. Each transaction has a unique identifier, such as a transaction number, which is denoted as TIC. Let I ═ I1,i2,…,imIs the set of all sequences in the dataset and I is the set of binary words. Any subsequence in I is referred to as a sequence pattern, and if | X | ═ K, the set X is referred to as a K-sequence pattern. Let tkAnd X are respectively the set of transaction and sequence patterns in C, if
Weighing tkContaining sequence pattern X. The support rate of the sequence pattern X is support (X), and if support (X) is not less than the specified minimum support rate, it is denoted as minsupport: and if not, the X is called as an infrequent sequence mode. Let X, Y be the sequence pattern in the data set C. If it is
Then support (X) is not less than support (Y); if it is
If X is an infrequent sequence pattern, then Y is also an infrequent sequence pattern; if it is
If Y is a frequent sequence pattern, then X is also a frequent sequence pattern.
The GSP algorithm in the step (3) generates a frequent sequence pattern set by a candidate sequence pattern set method, and the core idea is that all subsequences of any frequent sequence pattern set must be frequent sequences. The algorithm divides the process of mining the sequence pattern into two steps: the first step is that through iteration, all sequence mode sets in a transaction database are retrieved, namely the sequence sets with the support degree not lower than a threshold value set by a user; and in the second step, a rule meeting the minimum trust degree of the user is constructed by utilizing the frequent sequence set.
The feature fingerprint extraction algorithm is an improved GSP algorithm, and a discrete sequence set is obtained by mining a sequence pattern, and a desired feature set of the feature fingerprint is continuous. The GSP algorithm cannot be used directly to build a library of feature fingerprints. And the result of the sequence pattern mining does not contain the position information of the characteristic fingerprint, and the characteristic fingerprint extraction efficiency is low when the result is directly used, so that the improvement needs to be carried out, and the improved algorithm is used as the algorithm for extracting the characteristic fingerprint.
The improved GSP algorithm extraction process of the feature codes comprises the following steps:
1) assume that 100 flows are tested and 8 packets are acquired from each flow as a qualified flow. Setting a support threshold of the frequent sequence mode to be 90%;
2) calculating the support degree of all 1-byte frequent sequence modes, namely all 1 bytes from 0x00 to Oxff, and outputting items meeting the support degree of more than 80 percent as 1-byte feature codes;
3) and combining every two 1-byte frequent sequence modes meeting the support degree to generate candidate 2-byte frequent sequence modes. Calculating the support degree of all 2-byte frequent sequence modes, and outputting the 2-byte frequent sequence modes meeting the conditions;
4) and merging the 2-byte frequent sequence patterns meeting the conditions to generate candidate 3-byte frequent sequence patterns. Calculating the support degree of all 3-byte frequent sequence modes, and outputting the 3-byte frequent sequence modes meeting the conditions;
by analogy, the process flow proceeds until no more frequent sequence patterns are generated.
In the process of merging from the 2-byte frequent sequence mode to the 3-byte frequent sequence mode, the merging principle is that the head bytes and the tail bytes are different, and the frequent sequence modes with the same middle bytes can be merged. For example, the 0x 010 x02 frequent sequence pattern can only be combined with the 0x 020 x03 frequent sequence pattern to generate the 0x 010 x 020 x03 frequent sequence pattern, and the theory basis of the combination is a priori principle.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (6)
1. The automatic transformer substation feature fingerprint extraction method is used for automatically extracting transformer substation network flow feature fingerprints, wherein the transformer substation network flow feature fingerprints are extracted through a sequence pattern mining algorithm and a feature fingerprint extraction algorithm, and the automatic transformer substation feature fingerprint extraction method is characterized by comprising the following steps of:
(1) data packet capture
The capture of the data packet is carried out by a Netflow technology;
(2) data principal component information processing
Extracting main information of each captured data packet, removing secondary information, and storing application layer load content of the data packet to be analyzed, wherein the application layer load content is required to be met;
(3) frequent sequence processing
And reading the stored data information from the data linked list, and calling an improved GSP algorithm to carry out frequent sequence mode set statistics.
(4) Similarity contrast of historical features
Carrying out similarity comparison on the feature sequence mined in a certain time period of the transformer substation and the features mined at the historical time, and reserving the feature sequence above a similarity threshold;
(5) result output
And (4) extracting the sequence set statistically obtained in the step (4) as a characteristic fingerprint, and saving an output result in a text item file.
2. The automatic extraction method of the transformer substation characteristic fingerprint according to claim 1, wherein the Netflow flow acquisition technology in the step (1) is a set of network flow statistical protocols, and the main principle is that Netflow processes first IP packet data of data by using a standard exchange mode to generate a Netflow cache, and then the same data is transmitted in the same data based on cache information and is not matched with related access control and other strategies. A Netflow system comprises three main parts: the system comprises a detector, a collector and a reporting system. The probe is used to listen to network data. The collector is used for collecting the data transmitted by the detector. The reporting system is used to generate easily readable reports from the data collected by the collectors.
3. The automatic substation feature fingerprint extraction method according to claim 1, wherein the definition of the sequence pattern mining algorithm is as follows: let C be the set of transactions T, i.e. C ═ T1,t2,…,tpHere, transaction T is a set of sequences, which can be expressed as: t ═ T1,t2,…,tpAnd
each element i in TjJ 1,2, …, p is referred to as a sequence element. Each transaction has a unique identifier, such as a transaction number, which is denoted as TIC. Let I ═ I1,i2,…,imIs the set of all sequences in the dataset and I is the set of binary words. Any subsequence in I is referred to as a sequence pattern, and if | X | ═ K, the set X is referred to as a K-sequence pattern. Let tkAnd X are respectively the set of transaction and sequence patterns in C, if
Weighing tkContaining sequence pattern X. The support rate of the sequence pattern X is support (X) if
Not less than a specified minimum support rate, denoted as minor: and if not, the X is called as an infrequent sequence mode. Let X, Y be the sequence pattern in the data set C. If it is
Then support (X) is not less than support (Y); if it isIf X is an infrequent sequence pattern, then Y is also infrequentA complex sequence mode; if it is
If Y is a frequent sequence pattern, then X is also a frequent sequence pattern.
4. The automatic substation feature fingerprint extraction method according to claim 1, wherein the GSP algorithm in step (3) is a method for generating a frequent sequence pattern set by using a candidate sequence pattern set, and the core idea is that all subsequences of any frequent sequence pattern set must be frequent sequences. The algorithm divides the process of mining the sequence pattern into two steps: the first step is that through iteration, all sequence mode sets in a transaction database are retrieved, namely the sequence sets with the support degree not lower than a threshold value set by a user; and in the second step, a rule meeting the minimum trust degree of the user is constructed by utilizing the frequent sequence set.
5. The automatic substation feature fingerprint extraction method according to claim 1, wherein the feature fingerprint extraction algorithm is a modified GSP algorithm, and a discrete sequence set is obtained by sequence pattern mining, and a desired feature set of feature fingerprints is continuous. The GSP algorithm cannot be used directly to build a library of feature fingerprints. And the result of the sequence pattern mining does not contain the position information of the characteristic fingerprint, and the characteristic fingerprint extraction efficiency is low when the result is directly used, so that the improvement needs to be carried out, and the improved algorithm is used as the algorithm for extracting the characteristic fingerprint.
6. The method for automatically extracting the characteristic fingerprint of the transformer substation according to claim 1, wherein the improved GSP algorithm is used for extracting the characteristic code in the following steps:
1) assume that 100 flows are tested and 8 packets are acquired from each flow as a qualified flow. Setting a support threshold of the frequent sequence mode to be 90%;
2) calculating the support degree of all 1-byte frequent sequence modes, namely all 1 bytes from 0x00 to Oxff, and outputting items meeting the support degree of more than 80 percent as 1-byte feature codes;
3) and combining every two 1-byte frequent sequence modes meeting the support degree to generate candidate 2-byte frequent sequence modes. Calculating the support degree of all 2-byte frequent sequence modes, and outputting the 2-byte frequent sequence modes meeting the conditions;
4) and merging the 2-byte frequent sequence patterns meeting the conditions to generate candidate 3-byte frequent sequence patterns. Calculating the support degree of all 3-byte frequent sequence modes, and outputting the 3-byte frequent sequence modes meeting the conditions;
by analogy, the process flow proceeds until no more frequent sequence patterns are generated.
In the process of merging from the 2-byte frequent sequence mode to the 3-byte frequent sequence mode, the merging principle is that the head bytes and the tail bytes are different, and the frequent sequence modes with the same middle bytes can be merged. For example, the 0x 010 x02 frequent sequence pattern can only be combined with the 0x 020 x03 frequent sequence pattern to generate the 0x 010 x 020 x03 frequent sequence pattern, and the theory basis of the combination is a priori principle.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910719367.1A CN110647908A (en) | 2019-08-05 | 2019-08-05 | Automatic transformer substation feature fingerprint extraction method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910719367.1A CN110647908A (en) | 2019-08-05 | 2019-08-05 | Automatic transformer substation feature fingerprint extraction method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110647908A true CN110647908A (en) | 2020-01-03 |
Family
ID=68990018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910719367.1A Pending CN110647908A (en) | 2019-08-05 | 2019-08-05 | Automatic transformer substation feature fingerprint extraction method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110647908A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070195344A1 (en) * | 2006-02-01 | 2007-08-23 | Sony Corporation | System, apparatus, method, program and recording medium for processing image |
| CN101640666A (en) * | 2008-08-01 | 2010-02-03 | 北京启明星辰信息技术股份有限公司 | Device and method for controlling flow quantity facing to target network |
| CN104360192A (en) * | 2014-11-12 | 2015-02-18 | 华北电力大学 | Electromagnetic disturbance waveform feature extracting method for transformer substation gas insulation switch |
| CN104520676A (en) * | 2013-04-15 | 2015-04-15 | 弗莱克斯电子有限责任公司 | Virtual personality vehicle communications with third parties |
| CN106559261A (en) * | 2016-11-03 | 2017-04-05 | 国网江西省电力公司电力科学研究院 | A kind of substation network intrusion detection of feature based fingerprint and analysis method |
-
2019
- 2019-08-05 CN CN201910719367.1A patent/CN110647908A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070195344A1 (en) * | 2006-02-01 | 2007-08-23 | Sony Corporation | System, apparatus, method, program and recording medium for processing image |
| CN101640666A (en) * | 2008-08-01 | 2010-02-03 | 北京启明星辰信息技术股份有限公司 | Device and method for controlling flow quantity facing to target network |
| CN104520676A (en) * | 2013-04-15 | 2015-04-15 | 弗莱克斯电子有限责任公司 | Virtual personality vehicle communications with third parties |
| CN104360192A (en) * | 2014-11-12 | 2015-02-18 | 华北电力大学 | Electromagnetic disturbance waveform feature extracting method for transformer substation gas insulation switch |
| CN106559261A (en) * | 2016-11-03 | 2017-04-05 | 国网江西省电力公司电力科学研究院 | A kind of substation network intrusion detection of feature based fingerprint and analysis method |
Non-Patent Citations (3)
| Title |
|---|
| WANG FANRONG: "Summary of distribution network fault location technique", 《IEEE》 * |
| 汪繁荣: "智能变电站网络通信流量实时监测系统及仿真研究", 《中国博士学位论文全文数据库》 * |
| 马刚编著: "《商务智能》", 30 July 2010, 出版发行:沈阳:东北财经大学出版社 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| M Al-Qurabat | A lightweight Huffman-based differential encoding lossless compression technique in IoT for smart agriculture | |
| Abdulzahra et al. | Compression-based data reduction technique for IoT sensor networks | |
| CN113676464A (en) | Network security log alarm processing method based on big data analysis technology | |
| CN109831422B (en) | Encrypted flow classification method based on end-to-end sequence network | |
| CN104616092A (en) | Distributed log analysis based distributed mode handling method | |
| CN107704610A (en) | A kind of power distribution network operation data event correlation analysis system and analysis method | |
| CN115883213B (en) | APT detection method and system based on continuous time dynamic heterogeneous graph neural network | |
| Zhongsheng et al. | Retracted: Traffic identification and traffic analysis based on support vector machine | |
| Tchamkerten et al. | Communication under strong asynchronism | |
| CN116070206B (en) | Abnormal behavior detection method, system, electronic equipment and storage medium | |
| Abdulzahra MSc et al. | Energy conservation approach of wireless sensor networks for IoT applications | |
| Hei et al. | Feature extraction optimization for bitstream communication protocol format reverse analysis | |
| Jayaweera | Bayesian fusion performance and system optimization for distributed stochastic Gaussian signal detection under communication constraints | |
| CN109002856B (en) | Automatic flow characteristic generation method and system based on random walk | |
| Alani et al. | A two-stage cyber attack detection and classification system for smart grids | |
| Chien et al. | Active learning in the geometric block model | |
| CN100493001C (en) | Automatic clustering method for multi-particle size network under G bit flow rate | |
| CN110647908A (en) | Automatic transformer substation feature fingerprint extraction method | |
| CN117119535A (en) | Data distribution method and system for mobile terminal cluster hot spot sharing | |
| Alani et al. | A Survey of Smart Grid Intrusion Detection Datasets | |
| Xin et al. | Research on feature selection of intrusion detection based on deep learning | |
| CN112072783A (en) | Method and device for transmitting second-level load data between end-side equipment and edge-side equipment | |
| CN110401451A (en) | Automatic machine space compression method and system based on character set transformation | |
| Usman et al. | A novel Internet of Things-centric framework to mine malicious frequent patterns | |
| Roh et al. | Energy-efficient two-dimensional skyline query processing in wireless sensor networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200103 |
|
| WD01 | Invention patent application deemed withdrawn after publication |