CN110933031A - Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM - Google Patents

Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM Download PDF

Info

Publication number
CN110933031A
CN110933031A CN201911022256.1A CN201911022256A CN110933031A CN 110933031 A CN110933031 A CN 110933031A CN 201911022256 A CN201911022256 A CN 201911022256A CN 110933031 A CN110933031 A CN 110933031A
Authority
CN
China
Prior art keywords
power consumption
power
time
lstm
characteristic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911022256.1A
Other languages
Chinese (zh)
Inventor
马立新
李成钢
姜栋潇
田春光
吕项羽
李德鑫
王伟
李洁
徐晓丰
朴哲勇
严威
闫旭
樊轩鸣
周强
李生珠
周宏伟
许鑫
陈宇
王佳蕊
刘晓天
李坚
厉彦杰
冀晓宇
徐文渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
State Grid Corp of China SGCC
State Grid Jibei Electric Power Co Ltd
Electric Power Research Institute of State Grid Jilin Electric Power Co Ltd
State Grid Jilin Electric Power Corp
Original Assignee
Zhejiang University ZJU
State Grid Corp of China SGCC
State Grid Jibei Electric Power Co Ltd
Electric Power Research Institute of State Grid Jilin Electric Power Co Ltd
State Grid Jilin Electric Power Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU, State Grid Corp of China SGCC, State Grid Jibei Electric Power Co Ltd, Electric Power Research Institute of State Grid Jilin Electric Power Co Ltd, State Grid Jilin Electric Power Corp filed Critical Zhejiang University ZJU
Priority to CN201911022256.1A priority Critical patent/CN110933031A/en
Publication of CN110933031A publication Critical patent/CN110933031A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2411Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Artificial Intelligence (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Biophysics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Molecular Biology (AREA)
  • Evolutionary Biology (AREA)
  • Computational Linguistics (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)

Abstract

The invention discloses an LSTM-based intrusion detection method for a power distribution terminal unit of a smart power grid, and belongs to the technical field of information security of the smart power grid. The method comprises the steps of collecting the CPU power consumption of a normal program, extracting characteristics and training a prediction model; in an attack detection stage, collecting DTU power consumption data running in real time to obtain the actual power consumption characteristics at the current t moment; setting a sample window, collecting n samples before t time to obtain theoretical prediction power consumption characteristics of the current t time, calculating Euclidean distance between actual power consumption characteristics and the theoretical prediction power consumption characteristics, and judging whether the attack is suffered. The invention solves the problem that the power distribution terminal unit can not install the intrusion detection software; the LSTM neural network is adopted to improve the detection precision, and the normal change of the system power consumption can be better captured; the method solves the problems that the electromagnetic noise of the power grid environment is large, and the traditional side channel abnormity detection method faces low precision.

Description

Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM
Technical Field
The invention relates to the technical field of intelligent power grid information safety, in particular to an LSTM-based intelligent power grid power distribution terminal unit intrusion detection method.
Background
Electronization is one of the fundamental characteristics of modern power grids. The application of intelligent terminals in power monitoring systems is becoming more common, such as power Distribution Terminal Units (DTUs), feeder remote terminals (FTUs), Remote Terminal Units (RTUs), and distribution transformer remote terminals (TTUs). The intelligent terminals are deployed on different power distribution equipment, and can transmit collected information to the master station in a wired or wireless mode to provide enough information for operators to realize safe and reliable control and operation of the power distribution system. Recent literature, however, has shown that the threat and complexity of cyber attacks on the power grid is increasing. For example, the ukrainian grid has suffered a blackout event due to hacking. But security research for smart terminals is currently less. The current smart grid terminal mainly adopts an embedded system architecture, is limited by processing frequency, has limited safe processing capacity, and is exposed to a larger attack risk in an external environment due to being deployed on terminal equipment. Attacks faced by the intelligent terminal can be mainly divided into logic attacks, intrusion attacks and non-intrusion attacks. The logic attack attacks through the software and the loopholes of the security protocol, and the utilization and the tampering of the loopholes of the program are realized. Intrusive attacks obtain information by observing the communication of the chip and the circuit. The non-invasive attack realizes the estimation of information such as program execution time by analyzing side channel data such as power consumption. Logical attacks incur the greatest loss because they can effect tampering of the program. The method provided by the invention is mainly used for logic attack.
The current intrusion detection method can be classified into a host type and a network type according to the difference of monitored objects, and can be classified into detection based on misuse and detection based on abnormality according to the difference of detection methods. In the former method, a virus feature library to be detected needs to be constructed in advance, and then the virus feature library is matched with actual flow data and the like to realize intrusion detection. Detection based on anomalies requires only counting the normal flow patterns and setting alarm thresholds. An anomaly is considered when the characteristic of the actual flow exceeds the normal flow pattern threshold. At present, research aiming at intrusion detection of an intelligent terminal is less. Liu et al (Liu, y., Wei, l., Xu, w., Xu, q., Zhou, z., & Zhang, K. (2016.). On Code Execution Tracking Power Side-channel.acm Conference On Computer and Communications Security) can restore the instruction Execution sequence by analyzing the Side channel Power consumption information of the microcontroller in the embedded system using the hidden markov model, thereby realizing detection of the instruction executed in the microcontroller and judging whether tampering has been done. Clark et al (Clark, S.S., Fu, K., Guineau, S., Ransford, B., Rahmati, A., Sorber, J., & Xu, W. (2013). Watts UpDoc: Power Side Channels to Non-intuition discovery Untargeted Medical De-vision technology.) propose identifying trojans in PLC and Medical devices based on Power consumption, which can achieve a recognition rate of more than 80% for known attacks in combination with a machine learning method. At present, firmware of a power grid intelligent terminal is formulated by factory, a corresponding attack intrusion detection system is often lacked, a user cannot install intrusion detection software, electromagnetic noise of a power grid environment is large, and the traditional side channel anomaly detection method faces the problems of low precision and the like.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides an LSTM-based intrusion detection method for a power distribution terminal unit of a smart power grid in order to solve the problems that smart terminal equipment of the smart power grid faces logic intrusion such as program tampering and the like, and the existing defense method is difficult to deploy or has low detection precision and the like.
The invention is realized by the following technical scheme:
an LSTM-based intrusion detection method for a power distribution terminal unit of a smart grid comprises the following steps:
s1, acquiring power consumption data of a power Distribution Terminal Unit (DTU) of the intelligent power grid in a normal operation time period T, and performing power frequency noise removal processing;
s2, segmenting the power consumption data subjected to power frequency noise removal processing in a set time window, taking each section of power consumption data as a sample, extracting a characteristic value of each sample, and forming a power consumption characteristic time sequence X of a historical time period T;
s3, constructing an LSTM neural network, and training the LSTM neural network by adopting the power consumption characteristic time sequence X in the step S2 to obtain a trained LSTM neural network model;
s4, collecting DTU power consumption data running in real time, removing power frequency noise, and obtaining the actual power consumption characteristic X at the current t moment according to the step S2t(ii) a Setting a sample window, wherein the sample window is used for collecting n samples before t time, removing power frequency noise processing and extracting characteristics to be used as input of an LSTM neural network model, and obtaining theoretical prediction power consumption characteristics of the current t time
Figure BDA0002247601740000021
S5, calculating the actual power consumption characteristic X at the current t momenttTheoretical prediction power consumption characteristic of current time t
Figure BDA0002247601740000022
When the Euclidean distance is larger than a preset threshold value, judging that the sample at the current time t is abnormal, and predicting the power consumption characteristics of the theory at the time t
Figure BDA0002247601740000023
Prediction for samples at time t + 1; when the Euclidean distance is less than or equal to a preset threshold value, judging that the current sample is normal;
s6, updating the sample window, and repeating the steps S4-S5; if three consecutive abnormal samples are detected, the confirmation program is modified and an alarm is given.
Further, in step S1, the method for acquiring power consumption data specifically includes: a high-precision sampling resistor is connected between a power module and a CPU module of the modular DTU, and the current of the DTU is acquired through the voltage drop at two ends of the sampling resistor so as to acquire the power consumption of the DTU. The precision of the sampling resistor is 0.01%.
Further, the characteristic values in step S2 include a mean value, a skew coefficient, a kurtosis, a spectral mean value, a spectral variance, a spectral standard deviation, a spectral centroid, a time-domain sum, a minimum value, a root-mean-square amplitude, a spectral irregularity, a spectral smoothness, a spread spectrum, a spectral power, and a zero-crossing rate.
Further, the Euclidean distance calculation formula is
Figure BDA0002247601740000031
Wherein
Figure BDA0002247601740000032
Representing theoretical predicted power consumption characteristics
Figure BDA0002247601740000033
The ith characteristic value, xiThe ith characteristic value in the actual power consumption characteristic X is represented, and m represents the number of the characteristic values.
The invention has the beneficial effects that:
(1) by adopting the intrusion detection method based on the power consumption side channel, the problem that the firmware of the power distribution terminal unit of the intelligent power grid is formulated by a manufacturer when leaving a factory and intrusion detection software cannot be installed is solved.
(2) And the LSTM neural network is adopted to analyze and predict the power consumption data, so that the detection precision is improved. The LSTM has better effect than that based on correlation and a single-classification support vector machine, because the operation power consumption of the terminal equipment of the smart grid slightly changes along with time, and the LSTM is an algorithm capable of dynamically adapting, so that the normal change of the system power consumption can be better captured.
(3) The self-adaptive notch filter is used for inhibiting power frequency noise, so that the problems that the electromagnetic noise of a power grid environment is large, and the conventional side channel abnormity detection method is low in precision are solved.
Drawings
FIG. 1 is a schematic diagram of a power consumption collection method;
FIG. 2 is a schematic diagram of an adaptive notch filter for suppressing power frequency noise;
fig. 3 is a prediction error map when the normal program is switched to the abnormal program.
Detailed Description
In order to make the contents and effects of the present invention more apparent, preferred embodiments of the present invention will be described in detail below.
Step one, acquiring power consumption data of a power Distribution Terminal Unit (DTU) of the smart power grid. When the intelligent power grid terminal equipment operates, various bypass information can be generated, including power consumption information, electromagnetic radiation information, sound, temperature and the like. Because strong environmental noise exists in the power grid environment, the running program of the CPU of the terminal equipment cannot be analyzed effectively through electromagnetic, sound and temperature information generated when the CPU runs. However, power consumption and programs when the CPU runs are closely related. Therefore, whether a program operating therein is abnormal is analyzed by analyzing consumption of power consumption of the DTU. As an experimental subject, a PRS-3342BC model DTU of CYG corporation, which is a standard model used by national grid corporation, was used. In this embodiment, five programs are respectively run in the DTU: a normal working program and four exception programs. The four abnormal programs respectively correspond to DTU power distribution switch attack, information acquisition attack, DTU monitoring path number attack and DTU overload attack. As shown in fig. 1, which is a schematic diagram of a power consumption acquisition method of the present invention, a high-precision sampling resistor is connected between a power module and a CPU module of a modular DTU, and a current of the DTU is obtained by collecting a voltage drop across the sampling resistor, thereby obtaining the power consumption of the DTU. In order to improve the sampling precision, a high-precision, high-sampling-rate and high-stability data acquisition device is adopted, and the specific model is a U2541 type high-speed data acquisition device of Keysight company. The sampling frequency is 250K/s, the resolution is 16 bits, and the sampling precision can reach 0.05 mV.
And step two, removing power frequency noise. Because of the interference of power frequency noise in the power grid environment, power frequency noise of the collected signals needs to be removed by adopting a power frequency noise suppression algorithm. And filtering power frequency noise by adopting a self-adaptive notch filter. FIG. 2 is a schematic diagram of an adaptive notch filter for suppressing power frequency noise; the first action is the original signal collected, the second action is the useful signal after the power frequency noise is filtered, and the third action is the power frequency noise. The basic principle of the adaptive Notch filter is that an orthogonal signal with a certain central frequency is used as a reference signal, an input signal is tracked by utilizing the linear combination of the orthogonal signal, and the weight coefficient of the linear combination is continuously adjusted through the residual error of each step, so that the part of the input signal which is linearly related to the reference signal is separated, and the effect of narrow-band filtering is achieved. The method comprises the following specific steps:
(1) reference signal xc(k)=cos(2πfk),xs(k) Sin (2 pi fk), where f 50Hz represents the frequency of the power frequency signal.
(2) For the input signal d (k), the initial value w of the weight vector is selectedc(k)=ws(k) 0.1A (d (k)), a (d (k)) represents the maximum amplitude of d (k).
(3) Discretizing the sampling time, and iterating k from 0 to N according to the following formula under the assumption that N sampling time points are obtained.
y(k)=ωc(k)xc(k)+ωs(k)xs(k)
ε(k)=d(k)-y(k)
ωc(k+1)=ωc(k)+2με(k)xc(k)
ωs(k+1)=ωs(k)+2/ε(k)xs(k)
The finally output epsilon (k) is the obtained useful signal.
And step three, extracting the characteristics of the power consumption information. The selection of the features determines the classification effect of the classifier to a great extent, and therefore, in order to better distinguish a normal program from an abnormal program, it is particularly important to construct an appropriate combination of feature values. Too few eigenvalues cannot meet the requirement of accuracy, and too many eigenvalues can improve the complexity of calculation and increase the training time. Through correlation analysis and experiments, 12 characteristic values are finally selected, wherein the characteristic values are respectively a mean value, a skewness coefficient, a kurtosis and a spectrum mean value of spectrum. The spectral variance. The spectrum standard deviation, the spectrum gravity center, the time domain sum, the minimum value, the root mean square amplitude, the spectrum irregularity, the spectrum smoothness, the spectrum spread, the spectrum power and the zero crossing rate, and the total 12 characteristic values.
And step four, constructing an LSTM neural network detection model and training. The LSTM is a generic name for long and short memory cell based neural networks. The LSTM has good memory capacity for long-term information and is good at capturing internal structure information of time series. Thus, the prediction of the time series can be made at different time scales. Assume that a power consumption is characterized by a time series of X ═ X (1), X (2), … X (N) }, where X (t) is a vector of m dimensions (where m is equal to the feature dimension, 12 is taken according to step three; N is the number of samples into which the power consumption is cut), representing the characteristics of the power consumption samples at time t. And collecting the CPU power consumption of 5 hours in the history of the normal program, and training a prediction model. Predicting the m-dimensional characteristic information of the next time period sample by using the characteristic information of the first n time period samples (for convenience of characteristic extraction, in the case of a sampling rate of 250K, a power consumption sequence with the time length of 1.048576s is used as one sample, so that each sample comprises exactly 2 sampling values at 18 times, wherein n is 20 and represents 20s as a time window); the LSTM structure comprises an input layer of n x m units and an output layer of m units, wherein the LSTM unit has two hidden layers, and full connection is adopted between the two hidden layers. Predicting m-dimensional characteristic information of a next time period sample by using the characteristic information of the previous n time period samples; and comparing the predicted value of the trained LSTM model to the next time point with the actually acquired sample information of the next time point, calculating the Euclidean distance between the predicted value and the actually acquired sample information of the next time point, and when the Euclidean distance is greater than a certain threshold value, regarding the sample as an abnormal point.
The Euclidean distance calculation formula is as follows:
Figure BDA0002247601740000061
wherein therein
Figure BDA0002247601740000062
Representing theoretical predicted power consumption characteristics
Figure BDA0002247601740000063
The ith characteristic value, xiRepresenting the ith characteristic in the actual power consumption characteristic XThe value, τ, represents the detection threshold. From the analysis results of FIG. 3, τ here is taken to be 10.
And fifthly, carrying out anomaly detection on the deployment model. Firstly, collecting a normal sample for a long period of time for training an LSTM network, starting abnormal detection after an LSTM network model is trained, and extracting the characteristics of the currently collected sample in the detection process to obtain a characteristic vector x of a power consumption sample to be detected. And then the LSTM network predicts a theoretical characteristic value sample x of the current moment according to the characteristic vectors of the previous n samples of the current moment, and judges whether the current sample is abnormal or not according to the Euclidean distance. And if the current sample is a normal sample, updating a sample window, if the current sample is an abnormal sample, adding 1 to the count of the abnormal sample, using the predicted value for predicting the next sample, and if three continuous abnormal samples are detected, confirming that the program is modified and sending an alarm.
According to the method, the CPU power consumption of the normal program is collected, the characteristics are extracted, a prediction model is trained, the first n samples can be used for training, so that the running condition of the program at the next moment is predicted, the comparison with the actual condition at the next moment is carried out, and whether the program is attacked or not is judged.
In order to verify the feasibility of the method, the invention tests the prediction conditions of the method for the DTU under normal and abnormal working states in an experimental way, and five programs are respectively operated in the DTU: a normal working program and four exception programs. The four abnormal programs respectively correspond to DTU power distribution switch attack, information acquisition attack, DTU monitoring path number attack and DTU overload attack. Firstly, power consumption data of a DTU normal operation program is collected to train a model, and the power consumption data generated when the DTU operates four kinds of simulation attacks is detected. As shown in fig. 3, in the experiment of four abnormal programs, the first 230 sample points are normal programs, and then are switched to abnormal programs, so that the prediction error is obviously mutated near the 230 th sample point, and the result proves that the false alarm rate of less than 2% and the accuracy rate of more than 90% can be realized.

Claims (4)

1. An LSTM-based intrusion detection method for a power distribution terminal unit of a smart grid is characterized by comprising the following steps:
s1, acquiring power consumption data of a power Distribution Terminal Unit (DTU) of the intelligent power grid in a normal operation time period T, and performing power frequency noise removal processing;
s2, segmenting the power consumption data subjected to power frequency noise removal processing in a set time window, taking each section of power consumption data as a sample, extracting a characteristic value of each sample, and forming a power consumption characteristic time sequence X of a historical time period T;
s3, constructing an LSTM neural network, and training the LSTM neural network by adopting the power consumption characteristic time sequence X in the step S2 to obtain a trained LSTM neural network model;
s4, collecting DTU power consumption data running in real time, removing power frequency noise, and obtaining the actual power consumption characteristic X at the current t moment according to the step S2t(ii) a Setting a sample window, wherein the sample window is used for collecting n samples before t time, removing power frequency noise processing and extracting characteristics to be used as input of an LSTM neural network model, and obtaining theoretical prediction power consumption characteristics of the current t time
Figure FDA0002247601730000011
S5, calculating the actual power consumption characteristic X at the current t momenttTheoretical prediction power consumption characteristic of current time t
Figure FDA0002247601730000012
When the Euclidean distance is larger than a preset threshold value, judging that the sample at the current time t is abnormal, and predicting the power consumption characteristics of the theory at the time t
Figure FDA0002247601730000013
Prediction for samples at time t + 1; when the Euclidean distance is less than or equal to a preset threshold value, judging that the current sample is normal;
s6, updating the sample window, and repeating the steps S4-S5; if three consecutive abnormal samples are detected, the confirmation program is modified and an alarm is given.
2. The LSTM-based intrusion detection method for the power distribution terminal unit of the smart grid according to claim 1, wherein in the step S1, the method for acquiring the power consumption data specifically includes: a high-precision sampling resistor is connected between a power supply module and a CPU module of the modular DTU, and the current of the DTU is acquired by acquiring the voltage drop at two ends of the sampling resistor so as to acquire the power consumption of the DTU; the precision of the sampling resistor is 0.01%.
3. The LSTM-based intrusion detection method for smart grid power distribution terminal units according to claim 1, wherein the characteristic values in step S2 include mean, skew factor, kurtosis, spectral mean, spectral variance, spectral standard deviation, spectral centroid, time domain sum, minimum, root mean square amplitude, spectral irregularity, spectral smoothness, spread spectrum, spectral power, and zero crossing rate.
4. The LSTM-based intrusion detection method for the power distribution terminal unit of the smart grid according to claim 1, wherein the Euclidean distance calculation formula is
Figure FDA0002247601730000021
Wherein
Figure FDA0002247601730000022
Representing theoretical predicted power consumption characteristics
Figure FDA0002247601730000023
The ith characteristic value, xiThe ith characteristic value in the actual power consumption characteristic X is represented, and m represents the number of the characteristic values.
CN201911022256.1A 2019-10-25 2019-10-25 Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM Pending CN110933031A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911022256.1A CN110933031A (en) 2019-10-25 2019-10-25 Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911022256.1A CN110933031A (en) 2019-10-25 2019-10-25 Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM

Publications (1)

Publication Number Publication Date
CN110933031A true CN110933031A (en) 2020-03-27

Family

ID=69849513

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911022256.1A Pending CN110933031A (en) 2019-10-25 2019-10-25 Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM

Country Status (1)

Country Link
CN (1) CN110933031A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112464996A (en) * 2020-11-09 2021-03-09 中国科学院沈阳自动化研究所 Intelligent power grid intrusion detection method based on LSTM-XGboost
CN113067805A (en) * 2021-03-15 2021-07-02 衢州学院 Internet of things weak electromagnetic interference attack detection method and system based on edge calculation
CN113079150A (en) * 2021-03-26 2021-07-06 深圳供电局有限公司 Intrusion detection method for power terminal equipment
CN113158181A (en) * 2021-04-15 2021-07-23 上海交通大学 Method for carrying out end-to-end attack on original side channel data by using neural network
CN113486720A (en) * 2021-06-08 2021-10-08 浙江大学 Video playing content inference method based on high-frequency noise of intelligent terminal device switching power supply
CN113671287A (en) * 2021-08-16 2021-11-19 广东电力通信科技有限公司 Intelligent detection method and system for power grid automation terminal and readable storage medium
CN114297454A (en) * 2021-12-30 2022-04-08 医渡云(北京)技术有限公司 Method and device for discretizing features, electronic equipment and computer readable medium
CN114323116A (en) * 2021-11-17 2022-04-12 招银云创信息技术有限公司 Power system monitoring method and device and computer equipment
CN114358970A (en) * 2021-12-21 2022-04-15 南京千智电气科技有限公司 Safety monitoring method for source network load storage intelligent control terminal
CN115987643A (en) * 2022-12-25 2023-04-18 哈尔滨工程大学 Industrial control network intrusion detection method based on LSTM and SDN
CN116068479A (en) * 2023-03-07 2023-05-05 潍柴动力股份有限公司 Abnormality detection method and device for output performance signal in fuel cell endurance test
CN116108601A (en) * 2023-02-21 2023-05-12 国网吉林省电力有限公司长春供电公司 Power cable depth geometric information supplementing method, detector, equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106125604A (en) * 2016-06-28 2016-11-16 东华理工大学 A kind of ECG signal processing system
CN106888205A (en) * 2017-01-04 2017-06-23 浙江大学 A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis
US20180033144A1 (en) * 2016-09-21 2018-02-01 Realize, Inc. Anomaly detection in volumetric images

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106125604A (en) * 2016-06-28 2016-11-16 东华理工大学 A kind of ECG signal processing system
US20180033144A1 (en) * 2016-09-21 2018-02-01 Realize, Inc. Anomaly detection in volumetric images
CN106888205A (en) * 2017-01-04 2017-06-23 浙江大学 A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陶凤仙: "基于MATLAB的自适应工频信号的陷波器仿真分析", 《科技论坛》 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112464996B (en) * 2020-11-09 2023-07-25 中国科学院沈阳自动化研究所 LSTM-XGBoost-based intelligent power grid intrusion detection method
CN112464996A (en) * 2020-11-09 2021-03-09 中国科学院沈阳自动化研究所 Intelligent power grid intrusion detection method based on LSTM-XGboost
CN113067805A (en) * 2021-03-15 2021-07-02 衢州学院 Internet of things weak electromagnetic interference attack detection method and system based on edge calculation
CN113079150A (en) * 2021-03-26 2021-07-06 深圳供电局有限公司 Intrusion detection method for power terminal equipment
CN113158181A (en) * 2021-04-15 2021-07-23 上海交通大学 Method for carrying out end-to-end attack on original side channel data by using neural network
CN113158181B (en) * 2021-04-15 2022-04-05 上海交通大学 Method for carrying out end-to-end attack on original side channel data by using neural network
CN113486720A (en) * 2021-06-08 2021-10-08 浙江大学 Video playing content inference method based on high-frequency noise of intelligent terminal device switching power supply
CN113486720B (en) * 2021-06-08 2023-12-08 浙江大学 Video playing content deducing method based on high-frequency noise of switching power supply of intelligent terminal equipment
CN113671287A (en) * 2021-08-16 2021-11-19 广东电力通信科技有限公司 Intelligent detection method and system for power grid automation terminal and readable storage medium
CN113671287B (en) * 2021-08-16 2024-02-02 广东电力通信科技有限公司 Intelligent detection method, system and readable storage medium for power grid automation terminal
CN114323116A (en) * 2021-11-17 2022-04-12 招银云创信息技术有限公司 Power system monitoring method and device and computer equipment
CN114323116B (en) * 2021-11-17 2023-12-05 招银云创信息技术有限公司 Power system monitoring method, device and computer equipment
CN114358970A (en) * 2021-12-21 2022-04-15 南京千智电气科技有限公司 Safety monitoring method for source network load storage intelligent control terminal
CN114297454A (en) * 2021-12-30 2022-04-08 医渡云(北京)技术有限公司 Method and device for discretizing features, electronic equipment and computer readable medium
CN115987643A (en) * 2022-12-25 2023-04-18 哈尔滨工程大学 Industrial control network intrusion detection method based on LSTM and SDN
CN116108601A (en) * 2023-02-21 2023-05-12 国网吉林省电力有限公司长春供电公司 Power cable depth geometric information supplementing method, detector, equipment and medium
CN116108601B (en) * 2023-02-21 2023-11-14 国网吉林省电力有限公司长春供电公司 Power cable depth geometric information supplementing method, detector, equipment and medium
CN116068479A (en) * 2023-03-07 2023-05-05 潍柴动力股份有限公司 Abnormality detection method and device for output performance signal in fuel cell endurance test

Similar Documents

Publication Publication Date Title
CN110933031A (en) Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM
CN106888205B (en) Non-invasive PLC anomaly detection method based on power consumption analysis
Adhikari et al. Applying hoeffding adaptive trees for real-time cyber-power event and intrusion classification
Pei et al. PMU placement protection against coordinated false data injection attacks in smart grid
CN110909811A (en) OCSVM (online charging management system) -based power grid abnormal behavior detection and analysis method and system
Chen et al. A novel online detection method of data injection attack against dynamic state estimation in smart grid
CN110390357A (en) A kind of DTU safety monitoring method based on side channel
US20230062725A1 (en) Data Analytics for Smart Electrical Protection Systems
Panthi Anomaly detection in smart grids using machine learning techniques
WO2019133316A1 (en) Reconstruction-based anomaly detection
Huang et al. False data injection attack detection for industrial control systems based on both time-and frequency-domain analysis of sensor data
CN104052730A (en) Intelligent Cyberphysical Intrusion Detection And Prevention Systems And Methods For Industrial Control Systems
CN110971677B (en) Electric power internet of things terminal equipment side channel safety monitoring method based on countermeasure reinforcement learning
CN107517205B (en) Intelligent substation network abnormal flow detection model construction method based on probability
CN117674140B (en) Power distribution network measurement and control system and method
Patil et al. A machine learning approach to distinguish faults and cyberattacks in smart buildings
KR20130020862A (en) Apparatus and method for anomaly detection in scada network using self-similarity
CN111030299A (en) Side channel-based power grid embedded terminal safety monitoring method and system
CN115049410A (en) Electricity stealing behavior identification method and device, electronic equipment and computer readable storage medium
CN117168633B (en) High-low voltage complete equipment protection method and system based on temperature monitoring
Akbarian et al. Intrusion detection on critical smart grid infrastructure
CN112085043B (en) Intelligent monitoring method and system for network security of transformer substation
Li et al. Real-time detecting false data injection attacks based on spatial and temporal correlations
Li et al. Using power side-channel to implement anomaly-based intrusion detection on smart grid terminals
Gokarn et al. Enhancing cyber physical system security via anomaly detection using behaviour analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200327