CN110910271A - Power terminal fingerprint construction method based on power consumption and EMI - Google Patents
Power terminal fingerprint construction method based on power consumption and EMI Download PDFInfo
- Publication number
- CN110910271A CN110910271A CN201910936423.7A CN201910936423A CN110910271A CN 110910271 A CN110910271 A CN 110910271A CN 201910936423 A CN201910936423 A CN 201910936423A CN 110910271 A CN110910271 A CN 110910271A
- Authority
- CN
- China
- Prior art keywords
- data
- emi
- power consumption
- power
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/06—Electricity, gas or water supply
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Economics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Water Supply & Treatment (AREA)
- General Engineering & Computer Science (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Public Health (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses a power terminal fingerprint construction method based on power consumption and EMI. The method utilizes power consumption and EMI signals to construct the fingerprint of the power terminal, and comprises the following steps: 1) acquiring power and EMI data of the power terminal; 2) analyzing and processing the data; 3) extracting key features of the sample and normalizing to obtain a feature vector; 4) and training a classifier by adopting the characteristic vector to obtain the terminal fingerprint. The invention can determine whether the fingerprint generated according to the EMI data and the power consumption characteristics is matched with the fingerprint of the equipment, thereby authenticating the electric power terminal equipment. The method can effectively cope with the current pseudo terminal attack, and does not need to add extra hardware.
Description
Technical Field
The invention belongs to the field of power grid safety, and particularly relates to a power terminal fingerprint construction method based on power consumption and EMI.
Background
However, with the acceleration of the informatization process, the smart grid brings convenience to operation departments and users, and brings certain potential safety hazards, such as network security attack events represented by 'seismic net' and 'black energy' viruses which are outbreaked abroad, and though no major loss is caused to China, the alarm clock for industrial control safety guarantee work in China is knocked out. The intelligent power grid terminal is used as a data acquisition end member and a bottom layer control unit of a power grid, plays a significant role in the intelligent power grid, and once the intelligent power grid terminal is attacked and controlled maliciously, unreliable data, power failure of individual users or privacy leakage are caused slightly, and large-area power failure accidents are caused seriously. To summarize, the major threats faced by the smart grid terminals include:
1) and the security of the pseudo terminal is threatened, and an attacker utilizes the pseudo terminal to tamper and release false information between the distribution automation working master station and the distribution intelligent terminal through counterfeit identity so as to enable the terminal to be incapable of working normally or hijack plaintext communication data between the terminal and the distribution automation master station to acquire privacy data.
2) Physical security threats: the method comprises the steps that damage caused by artificial damage and natural disasters is included, an attacker can directly operate a terminal without protection or with insufficient protection force, user privacy data are obtained, and user configuration is maliciously changed.
In the security threats, physical security is not considered in the scope of the security threats, the method mainly aims at the pseudo terminal threats, the fingerprint of the power terminal is constructed to provide a unique identity authentication mode for the terminal, when a new terminal accesses a network, the equipment can be authenticated through the fingerprint, if the terminal is not authenticated, the equipment can be selected to be refused to access, and therefore the traditional network security threats can be effectively defended by constructing the fingerprint of the power terminal. Establishing a fingerprint for a terminal can provide a unique authentication mechanism for equipment in the use process, and the existing terminal security policy mainly comprises the following steps:
1) in the software upgrading process, because the power terminals are in an unattended state, are distributed widely and have a large range, the existing strategy is usually to perform safety maintenance by installing an upgrade package. Although the software upgrading mode can timely defend software attacks such as virus trojans and the like, the equipment is not authenticated in the software installation process, so that effective defense can not be made on a fake terminal.
2) The hardware is safe, and the hardware upgrading of the power terminal is a huge and slow process. And the fake terminal often can not be effectively distinguished in the process of upgrading the hardware, and the fake terminal can be upgraded along with the upgrading of the terminal.
Therefore, the above two security policies cannot effectively defend against attacks using a fake terminal. The invention aims to construct fingerprints for terminal equipment, so that legal terminals in a power grid can pass authentication, and fake terminals cannot pass authentication, thereby providing a defense strategy for the attack mode.
Disclosure of Invention
In order to establish the electric power terminal fingerprint, the invention provides an electric power terminal fingerprint construction technology based on power consumption and EMI.
The specific scheme of the invention is as follows:
a power terminal fingerprint construction method based on power consumption and EMI utilizes power consumption and EMI signals to construct fingerprints of a power terminal, and specifically comprises the following steps:
1) acquiring power consumption and EMI data of the power terminal;
2) analyzing and processing the data;
3) extracting key features of the sample and normalizing to obtain a feature vector;
4) and training a classifier by adopting the characteristic vector to obtain the terminal fingerprint.
In the above technical solution, the step 2) is specifically to remove all the significant mutation data, then cut the remaining data, and cut the data into a plurality of data segments. Since the EMI signal of the power terminal can be affected by various factors, for example, the EMI signal can be significantly changed by a lightning strike signal under natural conditions, some significantly abrupt data of the data need to be removed.
Furthermore, in order to facilitate subsequent processing, the data of power consumption and EMI needs to be cut, where the data cutting process is: the segmentation is performed for 10s for one data segment. Due to the certainty of the terminal position and the relative stability of the terminal consumed power, the power consumption data of different power terminals can also be used as the characteristic of fingerprint construction.
Further, the method for extracting the key features of the sample in the step 3) comprises the following steps: because the EMI signal changes with time and time, the short-time Fourier transform is carried out on the EMI signal to obtain a characteristic matrix of the EMI signal, and meanwhile, the PCA (principal component analysis) algorithm is used for carrying out dimension reduction processing on the characteristic vector. An EMI based eigenvector is obtained. And extracting sensitive points and stable points in the power consumption data to obtain a characteristic vector based on the power consumption. And normalizing the two groups of feature vectors and then combining the normalized feature vectors to obtain the final feature vector.
Further, for the power consumption data, since the data curves of the same device are similar, the variation of the power consumption amplitude value is very small under the same time scale. In order to reduce the data amount needing to be processed, enhance the representativeness of the data, and define a sensitive point and a stable point, wherein the stable point refers to the point with small amplitude change difference under the same time scale in all power consumption curves, and the points are the points of the same device; the corresponding sensitive points are points in the power consumption curve where the difference of the amplitude changes under the same time scale is obvious, and the points belong to different devices. The extraction method of the sensitive points and the stable points comprises the following steps: f values of a plurality of groups of data with the same length are calculated, and the F values are defined as follows:
where n denotes the number of sets of data, μiDenotes the mean of the ith data point for all groups of data, μ denotes the mean of all data, δiThe standard deviation of all the groups of data corresponding to the ith data point is shown;
and sorting the values of F, wherein the maximum value Fmax and the minimum value of F are Fmin, the point corresponding to the F value in the range of (0.95Fmax, Fmax) is taken as a sensitive point, and the point corresponding to the F value in the range of (Fmin,1.05Fmin) is taken as a stable point. The sensitive points can better distinguish different devices, and the stable points can better represent the devices. The stable points and the sensitive points of each set of training data are extracted as a set of features.
Further, an extrtreses algorithm (see document [ Geurts, p., Ernst, d., and Wehenkel, l. extreme random speeds ] mechaninelearning 63,1(2006), 3-42.) is used in consideration of accuracy and robustness of classification, and positive and negative samples are trained to obtain a classifier for matching the grid terminals.
And (4) by utilizing the classifier obtained by training, whether the fingerprint generated according to the EMI data and the power consumption characteristics is matched with the equipment fingerprint in the fingerprint library or not can be used for authenticating the power terminal equipment.
The invention has the beneficial effects that:
the invention provides a power terminal construction method based on power consumption and EMI signals, which can effectively cope with the current pseudo terminal attack without adding extra hardware, improves the efficiency on the basis of ensuring the stability by using a feature extraction algorithm, and can update a terminal fingerprint library more quickly under the condition that a new legal terminal needs to be accessed.
The invention adopts power consumption and EMI signals to construct fingerprints for the first time, which can effectively defend against the attack of a false terminal, wherein the EMI signals are changed electromagnetic signals generated around the terminal in the power utilization process of a CPU (Central processing Unit) due to internal power electronic devices when the power terminal runs, the change of the electromagnetic signals is different due to the difference of different terminal hardware, and meanwhile, the power consumption of different power terminals is stable while the power consumption of the different power terminals is maintained, the power consumption is different due to the difference of different terminals and the difference of power consumption, so the two signals can be used for constructing the equipment fingerprints of the power terminals.
Because the power terminal is often provided with the magnetometer, and the power consumption data can be obtained from the power terminal, no additional hardware is needed for obtaining the EMI signal and the power consumption data.
Drawings
Figure 1 is a short time fourier transform spectrum of EMI signals for two different power terminals,
fig. 2 is a "sensitive point" and a "stable point" of power consumption curves of two identical terminals and power consumption curves of different terminals.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments.
A specific embodiment of a power terminal construction method based on power consumption and EMI signals comprises the following steps:
1. collecting data
Collecting EMI signals and power consumption data of 100 power terminals;
2. data pre-processing
Removing the remarkable mutation signals in the collected EMI signal data, and segmenting the signals according to a section of 10 s;
3. extracting features to construct fingerprints
Extracting characteristics of the EMI signals and the power consumption data respectively, firstly performing short-time Fourier transform on the EMI signals (as shown in figure 1), and then reducing the dimension of characteristic vectors of the EMI signals by using a PCA algorithm to be used as the characteristic vectors of the EMI signals; then, the power consumption data is subjected to sensitive point and stable point selection (as shown in fig. 2), and sensitive points and stable points in the power consumption data are extracted and used as feature vectors of the power consumption data. And combining the two feature vectors after normalization into a feature vector of the equipment, training a classifier by adopting an ExtraTrees algorithm, and inputting the feature vectors extracted from all data into the classifier for training to obtain a fingerprint library of all 100 terminals.
The sensitive points and stable points are extracted by the following method: f values are calculated for sets of data of the same length, the F values being defined as follows:
where n denotes the number of sets of data, μiDenotes the mean of the ith data point for all groups of data, μ denotes the mean of all data, δiThe standard deviation of all the groups of data corresponding to the ith data point is shown;
and sorting the values of F, wherein the maximum value Fmax and the minimum value of F are Fmin, the point corresponding to the F value in the range of (0.95Fmax, Fmax) is taken as a sensitive point, and the point corresponding to the F value in the range of (Fmin,1.05Fmin) is taken as a stable point. The sensitive points can better distinguish different devices, and the stable points can better represent the devices. For each set of training data we extract its stable and sensitive points as a set of features.
The sensitive points and stable points can also be extracted by using Fisher score algorithm.
4. The authentication process server acquires the EMI signal and power consumption data of the power terminal, judges whether the terminal is in a previous fingerprint library or not by the method for extracting the fingerprint, and if the terminal is not in the fingerprint library, the terminal is the terminal which is not authenticated.
Claims (6)
1. A power terminal fingerprint construction method based on power consumption and EMI is characterized in that a fingerprint of a power terminal is constructed by using power consumption and EMI signals, and specifically comprises the following steps:
1) acquiring power consumption and EMI data of the power terminal;
2) analyzing and processing the data;
3) extracting key features of the sample and normalizing to obtain a feature vector;
4) and training a classifier by adopting the characteristic vector to obtain the terminal fingerprint.
2. The power consumption and EMI based electric power terminal fingerprint construction method as claimed in claim 1, wherein the step 2) is specifically to eliminate all significant mutation data in the EMI signal, then to perform cutting processing on the power consumption and the rest of EMI signal data, and to cut the data into a plurality of data segments.
3. The power consumption and EMI based power terminal fingerprint construction method as claimed in claim 2, wherein the data cutting process is: the segmentation is performed for 10s for one data segment.
4. The power consumption and EMI based power terminal fingerprint construction method as claimed in claim 1, wherein the method for extracting the sample key features in step 3) is as follows: carrying out short-time Fourier transform on the EMI to obtain a characteristic matrix of the EMI, and simultaneously carrying out dimension reduction processing on the characteristic vector by using a principal component analysis algorithm to obtain the characteristic vector based on the EMI; extracting sensitive points and stable points in the power consumption data to obtain a characteristic vector based on power consumption; and normalizing the two groups of feature vectors and then combining the normalized feature vectors to obtain the final feature vector.
5. The power consumption and EMI based power terminal fingerprint construction method as claimed in claim 4, wherein the sensitive points and stable points are extracted by the following method:
f values of a plurality of groups of data with the same length are calculated, and the F values are defined as follows:
where n denotes the number of sets of data, μiDenotes the mean of the ith data point for all groups of data, μ denotes the mean of all data, δiThe standard deviation of all the groups of data corresponding to the ith data point is shown;
and sorting the values of F, wherein the maximum value Fmax and the minimum value of F are Fmin, the point corresponding to the F value in the range of (0.95Fmax, Fmax) is taken as a sensitive point, and the point corresponding to the F value in the range of (Fmin,1.05Fmin) is taken as a stable point.
6. The power consumption and EMI based power terminal fingerprint construction method as claimed in claim 1, wherein in the step 4), an ExtraTrees algorithm is adopted to train the classifier.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910936423.7A CN110910271B (en) | 2019-09-29 | 2019-09-29 | Power terminal fingerprint construction method based on power consumption and EMI |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910936423.7A CN110910271B (en) | 2019-09-29 | 2019-09-29 | Power terminal fingerprint construction method based on power consumption and EMI |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110910271A true CN110910271A (en) | 2020-03-24 |
| CN110910271B CN110910271B (en) | 2021-07-06 |
Family
ID=69815334
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910936423.7A Active CN110910271B (en) | 2019-09-29 | 2019-09-29 | Power terminal fingerprint construction method based on power consumption and EMI |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110910271B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112015116A (en) * | 2020-08-20 | 2020-12-01 | 国网天津市电力公司 | Load sensing method and device capable of collecting electric appliance fingerprints in multi-environment |
| CN112464209A (en) * | 2020-11-30 | 2021-03-09 | 深圳供电局有限公司 | Fingerprint authentication method and device for power terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1731204A (en) * | 2005-08-29 | 2006-02-08 | 南京师范大学 | Mode extraction apparatus and mode extraction method for conductive interference noise |
| US20100285849A1 (en) * | 2006-11-17 | 2010-11-11 | Nokia Corporation | Method and Apparatus For Staged Approach Transient RF Detection And Sensor Power Saving |
| CN106501562A (en) * | 2015-09-04 | 2017-03-15 | 福特全球技术公司 | Isolating difference voltage probe for electromagnetic interference noise source |
| CN108256274A (en) * | 2018-03-09 | 2018-07-06 | 南京师范大学 | Based on the POWER SYSTEM STATE recognition methods for quick and precisely searching for attractor error algorithm |
-
2019
- 2019-09-29 CN CN201910936423.7A patent/CN110910271B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1731204A (en) * | 2005-08-29 | 2006-02-08 | 南京师范大学 | Mode extraction apparatus and mode extraction method for conductive interference noise |
| US20100285849A1 (en) * | 2006-11-17 | 2010-11-11 | Nokia Corporation | Method and Apparatus For Staged Approach Transient RF Detection And Sensor Power Saving |
| CN106501562A (en) * | 2015-09-04 | 2017-03-15 | 福特全球技术公司 | Isolating difference voltage probe for electromagnetic interference noise source |
| CN108256274A (en) * | 2018-03-09 | 2018-07-06 | 南京师范大学 | Based on the POWER SYSTEM STATE recognition methods for quick and precisely searching for attractor error algorithm |
Non-Patent Citations (1)
| Title |
|---|
| 胡继康: "《非侵入式居民家庭能源消耗解聚分析系统的设计与实现》", 《中国优秀硕士学位论文全文数据库工程科技Ⅱ辑》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112015116A (en) * | 2020-08-20 | 2020-12-01 | 国网天津市电力公司 | Load sensing method and device capable of collecting electric appliance fingerprints in multi-environment |
| CN112015116B (en) * | 2020-08-20 | 2024-03-29 | 国网天津市电力公司 | Load sensing method and device capable of collecting appliance fingerprints in multiple environments |
| CN112464209A (en) * | 2020-11-30 | 2021-03-09 | 深圳供电局有限公司 | Fingerprint authentication method and device for power terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110910271B (en) | 2021-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2016082284A1 (en) | Modbus tcp communication behaviour anomaly detection method based on ocsvm dual-profile model | |
| CN110910271B (en) | Power terminal fingerprint construction method based on power consumption and EMI | |
| WO2017071148A1 (en) | Cloud computing platform-based intelligent defense system | |
| Liu | An intrusion detection system based on convolutional neural network | |
| CN110276195A (en) | A kind of smart machine intrusion detection method, equipment and storage medium | |
| CN109257393A (en) | XSS attack defence method and device based on machine learning | |
| Patil et al. | Network traffic anomaly detection using PCA and BiGAN | |
| CN114491524A (en) | Big data communication system applied to intelligent network security | |
| CN112637108B (en) | Internal threat analysis method and system based on anomaly detection and emotion analysis | |
| CN114785563A (en) | Encrypted malicious flow detection method for soft voting strategy | |
| CN110519228B (en) | Method and system for identifying malicious cloud robot in black-production scene | |
| Zhang et al. | Detection of android malware based on deep forest and feature enhancement | |
| Ahmad et al. | A new cryptojacking malware classifier model based on dendritic cell algorithm | |
| CN113132329A (en) | WEBSHELL detection method, device, equipment and storage medium | |
| CN110535821A (en) | A kind of Host Detection method of falling based on DNS multiple features | |
| CN111049828B (en) | Network attack detection and response method and system | |
| CN112464209A (en) | Fingerprint authentication method and device for power terminal | |
| CN113283906A (en) | Payment electricity purchasing risk monitoring method and device based on equipment fingerprint | |
| CN109889527B (en) | Network security protection system based on big data and protection method thereof | |
| CN109284317B (en) | Time sequence directed graph-based stolen information clue extraction and segmented evaluation method | |
| CN116738369A (en) | Traffic data classification method, device, equipment and storage medium | |
| Ren et al. | Application of network intrusion detection based on fuzzy c-means clustering algorithm | |
| CN113542222B (en) | Zero-day multi-step threat identification method based on dual-domain VAE | |
| CN110490577A (en) | A kind of anti-attack method of pasting card, device, SIM pasting card and storage medium | |
| CN114124453A (en) | Network security information processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Ji Xiaoyu Inventor after: Xu Wenyuan Inventor after: Chi Yue Han Inventor after: Yang Weiyong Inventor after: Liu Wei Inventor before: Ji Xiaoyu Inventor before: Xu Wenyuan Inventor before: Chi Yue Han |