CN110933031A - Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM - Google Patents
Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM Download PDFInfo
- Publication number
- CN110933031A CN110933031A CN201911022256.1A CN201911022256A CN110933031A CN 110933031 A CN110933031 A CN 110933031A CN 201911022256 A CN201911022256 A CN 201911022256A CN 110933031 A CN110933031 A CN 110933031A
- Authority
- CN
- China
- Prior art keywords
- power consumption
- power
- time
- lstm
- characteristic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2411—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Artificial Intelligence (AREA)
- Computer Networks & Wireless Communication (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Computation (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Biophysics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Molecular Biology (AREA)
- Evolutionary Biology (AREA)
- Computational Linguistics (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
The invention discloses an LSTM-based intrusion detection method for a power distribution terminal unit of a smart power grid, and belongs to the technical field of information security of the smart power grid. The method comprises the steps of collecting the CPU power consumption of a normal program, extracting characteristics and training a prediction model; in an attack detection stage, collecting DTU power consumption data running in real time to obtain the actual power consumption characteristics at the current t moment; setting a sample window, collecting n samples before t time to obtain theoretical prediction power consumption characteristics of the current t time, calculating Euclidean distance between actual power consumption characteristics and the theoretical prediction power consumption characteristics, and judging whether the attack is suffered. The invention solves the problem that the power distribution terminal unit can not install the intrusion detection software; the LSTM neural network is adopted to improve the detection precision, and the normal change of the system power consumption can be better captured; the method solves the problems that the electromagnetic noise of the power grid environment is large, and the traditional side channel abnormity detection method faces low precision.
Description
Technical Field
The invention relates to the technical field of intelligent power grid information safety, in particular to an LSTM-based intelligent power grid power distribution terminal unit intrusion detection method.
Background
Electronization is one of the fundamental characteristics of modern power grids. The application of intelligent terminals in power monitoring systems is becoming more common, such as power Distribution Terminal Units (DTUs), feeder remote terminals (FTUs), Remote Terminal Units (RTUs), and distribution transformer remote terminals (TTUs). The intelligent terminals are deployed on different power distribution equipment, and can transmit collected information to the master station in a wired or wireless mode to provide enough information for operators to realize safe and reliable control and operation of the power distribution system. Recent literature, however, has shown that the threat and complexity of cyber attacks on the power grid is increasing. For example, the ukrainian grid has suffered a blackout event due to hacking. But security research for smart terminals is currently less. The current smart grid terminal mainly adopts an embedded system architecture, is limited by processing frequency, has limited safe processing capacity, and is exposed to a larger attack risk in an external environment due to being deployed on terminal equipment. Attacks faced by the intelligent terminal can be mainly divided into logic attacks, intrusion attacks and non-intrusion attacks. The logic attack attacks through the software and the loopholes of the security protocol, and the utilization and the tampering of the loopholes of the program are realized. Intrusive attacks obtain information by observing the communication of the chip and the circuit. The non-invasive attack realizes the estimation of information such as program execution time by analyzing side channel data such as power consumption. Logical attacks incur the greatest loss because they can effect tampering of the program. The method provided by the invention is mainly used for logic attack.
The current intrusion detection method can be classified into a host type and a network type according to the difference of monitored objects, and can be classified into detection based on misuse and detection based on abnormality according to the difference of detection methods. In the former method, a virus feature library to be detected needs to be constructed in advance, and then the virus feature library is matched with actual flow data and the like to realize intrusion detection. Detection based on anomalies requires only counting the normal flow patterns and setting alarm thresholds. An anomaly is considered when the characteristic of the actual flow exceeds the normal flow pattern threshold. At present, research aiming at intrusion detection of an intelligent terminal is less. Liu et al (Liu, y., Wei, l., Xu, w., Xu, q., Zhou, z., & Zhang, K. (2016.). On Code Execution Tracking Power Side-channel.acm Conference On Computer and Communications Security) can restore the instruction Execution sequence by analyzing the Side channel Power consumption information of the microcontroller in the embedded system using the hidden markov model, thereby realizing detection of the instruction executed in the microcontroller and judging whether tampering has been done. Clark et al (Clark, S.S., Fu, K., Guineau, S., Ransford, B., Rahmati, A., Sorber, J., & Xu, W. (2013). Watts UpDoc: Power Side Channels to Non-intuition discovery Untargeted Medical De-vision technology.) propose identifying trojans in PLC and Medical devices based on Power consumption, which can achieve a recognition rate of more than 80% for known attacks in combination with a machine learning method. At present, firmware of a power grid intelligent terminal is formulated by factory, a corresponding attack intrusion detection system is often lacked, a user cannot install intrusion detection software, electromagnetic noise of a power grid environment is large, and the traditional side channel anomaly detection method faces the problems of low precision and the like.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides an LSTM-based intrusion detection method for a power distribution terminal unit of a smart power grid in order to solve the problems that smart terminal equipment of the smart power grid faces logic intrusion such as program tampering and the like, and the existing defense method is difficult to deploy or has low detection precision and the like.
The invention is realized by the following technical scheme:
an LSTM-based intrusion detection method for a power distribution terminal unit of a smart grid comprises the following steps:
s1, acquiring power consumption data of a power Distribution Terminal Unit (DTU) of the intelligent power grid in a normal operation time period T, and performing power frequency noise removal processing;
s2, segmenting the power consumption data subjected to power frequency noise removal processing in a set time window, taking each section of power consumption data as a sample, extracting a characteristic value of each sample, and forming a power consumption characteristic time sequence X of a historical time period T;
s3, constructing an LSTM neural network, and training the LSTM neural network by adopting the power consumption characteristic time sequence X in the step S2 to obtain a trained LSTM neural network model;
s4, collecting DTU power consumption data running in real time, removing power frequency noise, and obtaining the actual power consumption characteristic X at the current t moment according to the step S2t(ii) a Setting a sample window, wherein the sample window is used for collecting n samples before t time, removing power frequency noise processing and extracting characteristics to be used as input of an LSTM neural network model, and obtaining theoretical prediction power consumption characteristics of the current t time
S5, calculating the actual power consumption characteristic X at the current t momenttTheoretical prediction power consumption characteristic of current time tWhen the Euclidean distance is larger than a preset threshold value, judging that the sample at the current time t is abnormal, and predicting the power consumption characteristics of the theory at the time tPrediction for samples at time t + 1; when the Euclidean distance is less than or equal to a preset threshold value, judging that the current sample is normal;
s6, updating the sample window, and repeating the steps S4-S5; if three consecutive abnormal samples are detected, the confirmation program is modified and an alarm is given.
Further, in step S1, the method for acquiring power consumption data specifically includes: a high-precision sampling resistor is connected between a power module and a CPU module of the modular DTU, and the current of the DTU is acquired through the voltage drop at two ends of the sampling resistor so as to acquire the power consumption of the DTU. The precision of the sampling resistor is 0.01%.
Further, the characteristic values in step S2 include a mean value, a skew coefficient, a kurtosis, a spectral mean value, a spectral variance, a spectral standard deviation, a spectral centroid, a time-domain sum, a minimum value, a root-mean-square amplitude, a spectral irregularity, a spectral smoothness, a spread spectrum, a spectral power, and a zero-crossing rate.
Further, the Euclidean distance calculation formula is
WhereinRepresenting theoretical predicted power consumption characteristicsThe ith characteristic value, xiThe ith characteristic value in the actual power consumption characteristic X is represented, and m represents the number of the characteristic values.
The invention has the beneficial effects that:
(1) by adopting the intrusion detection method based on the power consumption side channel, the problem that the firmware of the power distribution terminal unit of the intelligent power grid is formulated by a manufacturer when leaving a factory and intrusion detection software cannot be installed is solved.
(2) And the LSTM neural network is adopted to analyze and predict the power consumption data, so that the detection precision is improved. The LSTM has better effect than that based on correlation and a single-classification support vector machine, because the operation power consumption of the terminal equipment of the smart grid slightly changes along with time, and the LSTM is an algorithm capable of dynamically adapting, so that the normal change of the system power consumption can be better captured.
(3) The self-adaptive notch filter is used for inhibiting power frequency noise, so that the problems that the electromagnetic noise of a power grid environment is large, and the conventional side channel abnormity detection method is low in precision are solved.
Drawings
FIG. 1 is a schematic diagram of a power consumption collection method;
FIG. 2 is a schematic diagram of an adaptive notch filter for suppressing power frequency noise;
fig. 3 is a prediction error map when the normal program is switched to the abnormal program.
Detailed Description
In order to make the contents and effects of the present invention more apparent, preferred embodiments of the present invention will be described in detail below.
Step one, acquiring power consumption data of a power Distribution Terminal Unit (DTU) of the smart power grid. When the intelligent power grid terminal equipment operates, various bypass information can be generated, including power consumption information, electromagnetic radiation information, sound, temperature and the like. Because strong environmental noise exists in the power grid environment, the running program of the CPU of the terminal equipment cannot be analyzed effectively through electromagnetic, sound and temperature information generated when the CPU runs. However, power consumption and programs when the CPU runs are closely related. Therefore, whether a program operating therein is abnormal is analyzed by analyzing consumption of power consumption of the DTU. As an experimental subject, a PRS-3342BC model DTU of CYG corporation, which is a standard model used by national grid corporation, was used. In this embodiment, five programs are respectively run in the DTU: a normal working program and four exception programs. The four abnormal programs respectively correspond to DTU power distribution switch attack, information acquisition attack, DTU monitoring path number attack and DTU overload attack. As shown in fig. 1, which is a schematic diagram of a power consumption acquisition method of the present invention, a high-precision sampling resistor is connected between a power module and a CPU module of a modular DTU, and a current of the DTU is obtained by collecting a voltage drop across the sampling resistor, thereby obtaining the power consumption of the DTU. In order to improve the sampling precision, a high-precision, high-sampling-rate and high-stability data acquisition device is adopted, and the specific model is a U2541 type high-speed data acquisition device of Keysight company. The sampling frequency is 250K/s, the resolution is 16 bits, and the sampling precision can reach 0.05 mV.
And step two, removing power frequency noise. Because of the interference of power frequency noise in the power grid environment, power frequency noise of the collected signals needs to be removed by adopting a power frequency noise suppression algorithm. And filtering power frequency noise by adopting a self-adaptive notch filter. FIG. 2 is a schematic diagram of an adaptive notch filter for suppressing power frequency noise; the first action is the original signal collected, the second action is the useful signal after the power frequency noise is filtered, and the third action is the power frequency noise. The basic principle of the adaptive Notch filter is that an orthogonal signal with a certain central frequency is used as a reference signal, an input signal is tracked by utilizing the linear combination of the orthogonal signal, and the weight coefficient of the linear combination is continuously adjusted through the residual error of each step, so that the part of the input signal which is linearly related to the reference signal is separated, and the effect of narrow-band filtering is achieved. The method comprises the following specific steps:
(1) reference signal xc(k)=cos(2πfk),xs(k) Sin (2 pi fk), where f 50Hz represents the frequency of the power frequency signal.
(2) For the input signal d (k), the initial value w of the weight vector is selectedc(k)=ws(k) 0.1A (d (k)), a (d (k)) represents the maximum amplitude of d (k).
(3) Discretizing the sampling time, and iterating k from 0 to N according to the following formula under the assumption that N sampling time points are obtained.
y(k)=ωc(k)xc(k)+ωs(k)xs(k)
ε(k)=d(k)-y(k)
ωc(k+1)=ωc(k)+2με(k)xc(k)
ωs(k+1)=ωs(k)+2/ε(k)xs(k)
The finally output epsilon (k) is the obtained useful signal.
And step three, extracting the characteristics of the power consumption information. The selection of the features determines the classification effect of the classifier to a great extent, and therefore, in order to better distinguish a normal program from an abnormal program, it is particularly important to construct an appropriate combination of feature values. Too few eigenvalues cannot meet the requirement of accuracy, and too many eigenvalues can improve the complexity of calculation and increase the training time. Through correlation analysis and experiments, 12 characteristic values are finally selected, wherein the characteristic values are respectively a mean value, a skewness coefficient, a kurtosis and a spectrum mean value of spectrum. The spectral variance. The spectrum standard deviation, the spectrum gravity center, the time domain sum, the minimum value, the root mean square amplitude, the spectrum irregularity, the spectrum smoothness, the spectrum spread, the spectrum power and the zero crossing rate, and the total 12 characteristic values.
And step four, constructing an LSTM neural network detection model and training. The LSTM is a generic name for long and short memory cell based neural networks. The LSTM has good memory capacity for long-term information and is good at capturing internal structure information of time series. Thus, the prediction of the time series can be made at different time scales. Assume that a power consumption is characterized by a time series of X ═ X (1), X (2), … X (N) }, where X (t) is a vector of m dimensions (where m is equal to the feature dimension, 12 is taken according to step three; N is the number of samples into which the power consumption is cut), representing the characteristics of the power consumption samples at time t. And collecting the CPU power consumption of 5 hours in the history of the normal program, and training a prediction model. Predicting the m-dimensional characteristic information of the next time period sample by using the characteristic information of the first n time period samples (for convenience of characteristic extraction, in the case of a sampling rate of 250K, a power consumption sequence with the time length of 1.048576s is used as one sample, so that each sample comprises exactly 2 sampling values at 18 times, wherein n is 20 and represents 20s as a time window); the LSTM structure comprises an input layer of n x m units and an output layer of m units, wherein the LSTM unit has two hidden layers, and full connection is adopted between the two hidden layers. Predicting m-dimensional characteristic information of a next time period sample by using the characteristic information of the previous n time period samples; and comparing the predicted value of the trained LSTM model to the next time point with the actually acquired sample information of the next time point, calculating the Euclidean distance between the predicted value and the actually acquired sample information of the next time point, and when the Euclidean distance is greater than a certain threshold value, regarding the sample as an abnormal point.
The Euclidean distance calculation formula is as follows:
wherein thereinRepresenting theoretical predicted power consumption characteristicsThe ith characteristic value, xiRepresenting the ith characteristic in the actual power consumption characteristic XThe value, τ, represents the detection threshold. From the analysis results of FIG. 3, τ here is taken to be 10.
And fifthly, carrying out anomaly detection on the deployment model. Firstly, collecting a normal sample for a long period of time for training an LSTM network, starting abnormal detection after an LSTM network model is trained, and extracting the characteristics of the currently collected sample in the detection process to obtain a characteristic vector x of a power consumption sample to be detected. And then the LSTM network predicts a theoretical characteristic value sample x of the current moment according to the characteristic vectors of the previous n samples of the current moment, and judges whether the current sample is abnormal or not according to the Euclidean distance. And if the current sample is a normal sample, updating a sample window, if the current sample is an abnormal sample, adding 1 to the count of the abnormal sample, using the predicted value for predicting the next sample, and if three continuous abnormal samples are detected, confirming that the program is modified and sending an alarm.
According to the method, the CPU power consumption of the normal program is collected, the characteristics are extracted, a prediction model is trained, the first n samples can be used for training, so that the running condition of the program at the next moment is predicted, the comparison with the actual condition at the next moment is carried out, and whether the program is attacked or not is judged.
In order to verify the feasibility of the method, the invention tests the prediction conditions of the method for the DTU under normal and abnormal working states in an experimental way, and five programs are respectively operated in the DTU: a normal working program and four exception programs. The four abnormal programs respectively correspond to DTU power distribution switch attack, information acquisition attack, DTU monitoring path number attack and DTU overload attack. Firstly, power consumption data of a DTU normal operation program is collected to train a model, and the power consumption data generated when the DTU operates four kinds of simulation attacks is detected. As shown in fig. 3, in the experiment of four abnormal programs, the first 230 sample points are normal programs, and then are switched to abnormal programs, so that the prediction error is obviously mutated near the 230 th sample point, and the result proves that the false alarm rate of less than 2% and the accuracy rate of more than 90% can be realized.
Claims (4)
1. An LSTM-based intrusion detection method for a power distribution terminal unit of a smart grid is characterized by comprising the following steps:
s1, acquiring power consumption data of a power Distribution Terminal Unit (DTU) of the intelligent power grid in a normal operation time period T, and performing power frequency noise removal processing;
s2, segmenting the power consumption data subjected to power frequency noise removal processing in a set time window, taking each section of power consumption data as a sample, extracting a characteristic value of each sample, and forming a power consumption characteristic time sequence X of a historical time period T;
s3, constructing an LSTM neural network, and training the LSTM neural network by adopting the power consumption characteristic time sequence X in the step S2 to obtain a trained LSTM neural network model;
s4, collecting DTU power consumption data running in real time, removing power frequency noise, and obtaining the actual power consumption characteristic X at the current t moment according to the step S2t(ii) a Setting a sample window, wherein the sample window is used for collecting n samples before t time, removing power frequency noise processing and extracting characteristics to be used as input of an LSTM neural network model, and obtaining theoretical prediction power consumption characteristics of the current t time
S5, calculating the actual power consumption characteristic X at the current t momenttTheoretical prediction power consumption characteristic of current time tWhen the Euclidean distance is larger than a preset threshold value, judging that the sample at the current time t is abnormal, and predicting the power consumption characteristics of the theory at the time tPrediction for samples at time t + 1; when the Euclidean distance is less than or equal to a preset threshold value, judging that the current sample is normal;
s6, updating the sample window, and repeating the steps S4-S5; if three consecutive abnormal samples are detected, the confirmation program is modified and an alarm is given.
2. The LSTM-based intrusion detection method for the power distribution terminal unit of the smart grid according to claim 1, wherein in the step S1, the method for acquiring the power consumption data specifically includes: a high-precision sampling resistor is connected between a power supply module and a CPU module of the modular DTU, and the current of the DTU is acquired by acquiring the voltage drop at two ends of the sampling resistor so as to acquire the power consumption of the DTU; the precision of the sampling resistor is 0.01%.
3. The LSTM-based intrusion detection method for smart grid power distribution terminal units according to claim 1, wherein the characteristic values in step S2 include mean, skew factor, kurtosis, spectral mean, spectral variance, spectral standard deviation, spectral centroid, time domain sum, minimum, root mean square amplitude, spectral irregularity, spectral smoothness, spread spectrum, spectral power, and zero crossing rate.
4. The LSTM-based intrusion detection method for the power distribution terminal unit of the smart grid according to claim 1, wherein the Euclidean distance calculation formula is
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911022256.1A CN110933031A (en) | 2019-10-25 | 2019-10-25 | Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911022256.1A CN110933031A (en) | 2019-10-25 | 2019-10-25 | Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110933031A true CN110933031A (en) | 2020-03-27 |
Family
ID=69849513
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911022256.1A Pending CN110933031A (en) | 2019-10-25 | 2019-10-25 | Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110933031A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112464996A (en) * | 2020-11-09 | 2021-03-09 | 中国科学院沈阳自动化研究所 | Intelligent power grid intrusion detection method based on LSTM-XGboost |
CN113067805A (en) * | 2021-03-15 | 2021-07-02 | 衢州学院 | Internet of things weak electromagnetic interference attack detection method and system based on edge calculation |
CN113079150A (en) * | 2021-03-26 | 2021-07-06 | 深圳供电局有限公司 | Intrusion detection method for power terminal equipment |
CN113158181A (en) * | 2021-04-15 | 2021-07-23 | 上海交通大学 | Method for carrying out end-to-end attack on original side channel data by using neural network |
CN113486720A (en) * | 2021-06-08 | 2021-10-08 | 浙江大学 | Video playing content inference method based on high-frequency noise of intelligent terminal device switching power supply |
CN113671287A (en) * | 2021-08-16 | 2021-11-19 | 广东电力通信科技有限公司 | Intelligent detection method and system for power grid automation terminal and readable storage medium |
CN114297454A (en) * | 2021-12-30 | 2022-04-08 | 医渡云(北京)技术有限公司 | Method and device for discretizing features, electronic equipment and computer readable medium |
CN114323116A (en) * | 2021-11-17 | 2022-04-12 | 招银云创信息技术有限公司 | Power system monitoring method and device and computer equipment |
CN114358970A (en) * | 2021-12-21 | 2022-04-15 | 南京千智电气科技有限公司 | Safety monitoring method for source network load storage intelligent control terminal |
CN115987643A (en) * | 2022-12-25 | 2023-04-18 | 哈尔滨工程大学 | Industrial control network intrusion detection method based on LSTM and SDN |
CN116068479A (en) * | 2023-03-07 | 2023-05-05 | 潍柴动力股份有限公司 | Abnormality detection method and device for output performance signal in fuel cell endurance test |
CN116108601A (en) * | 2023-02-21 | 2023-05-12 | 国网吉林省电力有限公司长春供电公司 | Power cable depth geometric information supplementing method, detector, equipment and medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106125604A (en) * | 2016-06-28 | 2016-11-16 | 东华理工大学 | A kind of ECG signal processing system |
CN106888205A (en) * | 2017-01-04 | 2017-06-23 | 浙江大学 | A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis |
US20180033144A1 (en) * | 2016-09-21 | 2018-02-01 | Realize, Inc. | Anomaly detection in volumetric images |
-
2019
- 2019-10-25 CN CN201911022256.1A patent/CN110933031A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106125604A (en) * | 2016-06-28 | 2016-11-16 | 东华理工大学 | A kind of ECG signal processing system |
US20180033144A1 (en) * | 2016-09-21 | 2018-02-01 | Realize, Inc. | Anomaly detection in volumetric images |
CN106888205A (en) * | 2017-01-04 | 2017-06-23 | 浙江大学 | A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis |
Non-Patent Citations (1)
Title |
---|
陶凤仙: "基于MATLAB的自适应工频信号的陷波器仿真分析", 《科技论坛》 * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112464996B (en) * | 2020-11-09 | 2023-07-25 | 中国科学院沈阳自动化研究所 | LSTM-XGBoost-based intelligent power grid intrusion detection method |
CN112464996A (en) * | 2020-11-09 | 2021-03-09 | 中国科学院沈阳自动化研究所 | Intelligent power grid intrusion detection method based on LSTM-XGboost |
CN113067805A (en) * | 2021-03-15 | 2021-07-02 | 衢州学院 | Internet of things weak electromagnetic interference attack detection method and system based on edge calculation |
CN113079150A (en) * | 2021-03-26 | 2021-07-06 | 深圳供电局有限公司 | Intrusion detection method for power terminal equipment |
CN113158181A (en) * | 2021-04-15 | 2021-07-23 | 上海交通大学 | Method for carrying out end-to-end attack on original side channel data by using neural network |
CN113158181B (en) * | 2021-04-15 | 2022-04-05 | 上海交通大学 | Method for carrying out end-to-end attack on original side channel data by using neural network |
CN113486720A (en) * | 2021-06-08 | 2021-10-08 | 浙江大学 | Video playing content inference method based on high-frequency noise of intelligent terminal device switching power supply |
CN113486720B (en) * | 2021-06-08 | 2023-12-08 | 浙江大学 | Video playing content deducing method based on high-frequency noise of switching power supply of intelligent terminal equipment |
CN113671287A (en) * | 2021-08-16 | 2021-11-19 | 广东电力通信科技有限公司 | Intelligent detection method and system for power grid automation terminal and readable storage medium |
CN113671287B (en) * | 2021-08-16 | 2024-02-02 | 广东电力通信科技有限公司 | Intelligent detection method, system and readable storage medium for power grid automation terminal |
CN114323116A (en) * | 2021-11-17 | 2022-04-12 | 招银云创信息技术有限公司 | Power system monitoring method and device and computer equipment |
CN114323116B (en) * | 2021-11-17 | 2023-12-05 | 招银云创信息技术有限公司 | Power system monitoring method, device and computer equipment |
CN114358970A (en) * | 2021-12-21 | 2022-04-15 | 南京千智电气科技有限公司 | Safety monitoring method for source network load storage intelligent control terminal |
CN114297454A (en) * | 2021-12-30 | 2022-04-08 | 医渡云(北京)技术有限公司 | Method and device for discretizing features, electronic equipment and computer readable medium |
CN115987643A (en) * | 2022-12-25 | 2023-04-18 | 哈尔滨工程大学 | Industrial control network intrusion detection method based on LSTM and SDN |
CN116108601A (en) * | 2023-02-21 | 2023-05-12 | 国网吉林省电力有限公司长春供电公司 | Power cable depth geometric information supplementing method, detector, equipment and medium |
CN116108601B (en) * | 2023-02-21 | 2023-11-14 | 国网吉林省电力有限公司长春供电公司 | Power cable depth geometric information supplementing method, detector, equipment and medium |
CN116068479A (en) * | 2023-03-07 | 2023-05-05 | 潍柴动力股份有限公司 | Abnormality detection method and device for output performance signal in fuel cell endurance test |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110933031A (en) | Intelligent power grid power distribution terminal unit intrusion detection method based on LSTM | |
CN106888205B (en) | Non-invasive PLC anomaly detection method based on power consumption analysis | |
Adhikari et al. | Applying hoeffding adaptive trees for real-time cyber-power event and intrusion classification | |
Pei et al. | PMU placement protection against coordinated false data injection attacks in smart grid | |
CN110909811A (en) | OCSVM (online charging management system) -based power grid abnormal behavior detection and analysis method and system | |
Chen et al. | A novel online detection method of data injection attack against dynamic state estimation in smart grid | |
CN110390357A (en) | A kind of DTU safety monitoring method based on side channel | |
US20230062725A1 (en) | Data Analytics for Smart Electrical Protection Systems | |
Panthi | Anomaly detection in smart grids using machine learning techniques | |
WO2019133316A1 (en) | Reconstruction-based anomaly detection | |
Huang et al. | False data injection attack detection for industrial control systems based on both time-and frequency-domain analysis of sensor data | |
CN104052730A (en) | Intelligent Cyberphysical Intrusion Detection And Prevention Systems And Methods For Industrial Control Systems | |
CN110971677B (en) | Electric power internet of things terminal equipment side channel safety monitoring method based on countermeasure reinforcement learning | |
CN107517205B (en) | Intelligent substation network abnormal flow detection model construction method based on probability | |
CN117674140B (en) | Power distribution network measurement and control system and method | |
Patil et al. | A machine learning approach to distinguish faults and cyberattacks in smart buildings | |
KR20130020862A (en) | Apparatus and method for anomaly detection in scada network using self-similarity | |
CN111030299A (en) | Side channel-based power grid embedded terminal safety monitoring method and system | |
CN115049410A (en) | Electricity stealing behavior identification method and device, electronic equipment and computer readable storage medium | |
CN117168633B (en) | High-low voltage complete equipment protection method and system based on temperature monitoring | |
Akbarian et al. | Intrusion detection on critical smart grid infrastructure | |
CN112085043B (en) | Intelligent monitoring method and system for network security of transformer substation | |
Li et al. | Real-time detecting false data injection attacks based on spatial and temporal correlations | |
Li et al. | Using power side-channel to implement anomaly-based intrusion detection on smart grid terminals | |
Gokarn et al. | Enhancing cyber physical system security via anomaly detection using behaviour analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200327 |