CN112615843A - Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost - Google Patents

Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost Download PDF

Info

Publication number
CN112615843A
CN112615843A CN202011461351.4A CN202011461351A CN112615843A CN 112615843 A CN112615843 A CN 112615843A CN 202011461351 A CN202011461351 A CN 202011461351A CN 112615843 A CN112615843 A CN 112615843A
Authority
CN
China
Prior art keywords
channel
network security
security situation
sae
index
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011461351.4A
Other languages
Chinese (zh)
Other versions
CN112615843B (en
Inventor
刘萧
陈龙
吕磊
李静
黄昆
李嘉周
杨旭东
黄林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Sichuan Electric Power Co Ltd
Original Assignee
State Grid Sichuan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Sichuan Electric Power Co Ltd filed Critical State Grid Sichuan Electric Power Co Ltd
Priority to CN202011461351.4A priority Critical patent/CN112615843B/en
Publication of CN112615843A publication Critical patent/CN112615843A/en
Application granted granted Critical
Publication of CN112615843B publication Critical patent/CN112615843B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S10/00Systems supporting electrical power generation, transmission or distribution
    • Y04S10/50Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Electrically Operated Instructional Devices (AREA)
  • Complex Calculations (AREA)

Abstract

The invention relates to the field of evaluation of network security situation of an information system, provides a power internet of things network security situation evaluation method based on multi-channel SAE-AdaBoost, and aims to solve the problems of poor precision and large generalization error of the existing evaluation method. The main scheme comprises the following steps: network security situation index is divided into a plurality of channels T1,T2,Λ,Tn(ii) a Step 2: for each channel, SAE maps each unlabeled training sample k-dimensional vector x' to m-dimensional coding vector x through the hidden layerhTo obtain a low-dimensional representation x of the high-dimensional datah(ii) a And step 3: the AdaBoost algorithm continuously changes the weights of samples from training data, serially learns a series of weak learners, linearly combines the weak learners into a strong learner, and uses the strong learner to evaluate a corresponding channel; and 4, step 4: AHP comprehensive consideration among channelsThe relative importance of the network security situation is obtained by fusing the evaluation results of a plurality of channels.

Description

Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost
Technical Field
The invention relates to the field of evaluation of network security situation of an information system, in particular to a method for comprehensively evaluating the network security situation of an electric power internet of things based on a multi-channel architecture combined with a sparse self-encoder and an AdaBoost integrated learning algorithm.
Background
In recent years, with the continuous development of the power internet of things, the types of access devices are increasing, the structure of the power internet of things is becoming more complicated, so that the complexity and uncertainty of an information network in the power industry are increasing, and the information security protection of the power internet of things faces a huge challenge. Therefore, the supervision requirement on the overall network security situation of the system is continuously improved, and the traditional network security situation evaluation means cannot meet the efficient and accurate evaluation requirement of a complex system. In order to improve the network security guarantee capability of the power internet of things, accurately and objectively evaluate the network security situation of the power information and effectively guide the information system to operate safely, efficiently and economically, the method for evaluating the network security situation of the power internet of things is very important, and can integrate various network security indexes of the system and realize automatic evaluation.
In the aspect of analyzing each situation index of an object and carrying out comprehensive network security situation evaluation, the invention patent with the application number of CN201910432976.9 and the name of SAE + BPNN-based network security situation evaluation method discloses a comprehensive evaluation method of network security situation, which belongs to the field of network security situation evaluation, wherein the main thought of the comprehensive evaluation method is as follows: normalizing the extracted index data; inputting the normalized index data into a trained deep self-coding neural network to perform dimension reduction processing on the normalized index data; and inputting the index data subjected to the dimensionality reduction treatment into the trained BP neural network so as to evaluate the network security situation. According to the evaluation method, the sparse self-encoder and the BP neural network are combined, the problem that the evaluation data dimension is too large, so that the model construction complexity is high is solved, and a scheme with high evaluation efficiency is provided for network security situation evaluation.
Although the technical method considers the technical defects of the original BPNN method, the idea of network security situation evaluation by combining SAE (sparse self-encoder) and BPNN (back propagation neural network) is adopted, and the problem that the complexity of model construction is higher due to overlarge model evaluation data dimension is solved. However, in terms of a specific used technical method, the patent still uses the most traditional neural network algorithm, the method does not consider the corresponding relation between the indexes and the safety problem, neglects the difference of the network safety problems represented by different types of indexes, causes the characteristic of mixing different types of indexes, and causes interference to the whole characteristic. For enterprise-level information systems with more safety problem factors, such as the power internet of things, the traditional neural network algorithm has certain limitation in the aspect of overall system network safety situation evaluation; furthermore, the traditional neural network algorithm is easy to be over-fitted, thereby causing the accuracy of the model to be reduced.
Disclosure of Invention
The invention aims to solve the problems that the existing method does not consider the corresponding relation between indexes and security problems, ignores the difference of network security problems represented by different indexes, generates the mixed characteristics of different indexes and interferes the overall characteristics, so that the existing evaluation method has poor precision and large generalization error.
In order to solve the technical problems, the invention adopts the following technical scheme:
the invention provides a power Internet of things network security situation evaluation method based on multi-channel SAE-AdaBoost, which comprises the following steps:
step 1: netNetwork security situation index is divided into a plurality of channels T1,T2,Λ,Tn
Step 2: for each channel, SAE maps each unlabeled training sample k-dimensional vector x' to m-dimensional coding vector x through the hidden layerhTo obtain a low-dimensional representation x of the high-dimensional datah
And step 3: for channel TiTraining data set
Figure BDA0002821888600000021
Wherein
Figure BDA0002821888600000022
Representing the sample points, x, after the dimension reduction of step 2hThe data after dimensionality reduction, x refers to index data after channel division, and yiRepresenting the category corresponding to the sample, taking the value as { -1, 1}, and representing that the security event corresponding to the channel occurs when the value is '1', wherein an AdaBoost algorithm continuously changes the weight of the sample from training data, serially learns a series of weak learners, linearly combines the weak learners into a strong learner, and uses the strong learner to evaluate the channel corresponding to the weak learner;
and 4, step 4: the AHP comprehensively considers the relative importance among the channels, and integrates the evaluation results of the multiple channels to obtain the overall network security situation.
In the above technical solution, step 1 includes the following steps:
the network security problem that affects the network security environment is divided into n channels: t is1,T2,Λ,Tn
And dividing the overall situation index into the n channels according to the corresponding relation between each index and the safety problem.
In the above technical solution, step 2 includes the following steps:
s2.1: for each channel TiIndex data of
Figure BDA0002821888600000031
Performing normalization, collectingUsing the minimum-maximum criterion, channel TiThe size range of the index data is narrowed to [0, 1 ]]The method comprises the following steps:
Figure BDA0002821888600000032
wherein x represents index data;
s2.2: to channel TiAnd (3) encoding index data: mapping each unlabeled training sample k-dimensional vector x' into m-dimensional coded vector x through the hidden layerhTo obtain a low-dimensional representation x of the high-dimensional datah
In the above technical solution, step 3 specifically includes:
step 3.1: dm=(wm1,wm2,A,wmN) Representing the weight of the mth weak classifier sample, the weight of the initialized sample point is: d1=(w11,w12,Λ,w1N),
Figure BDA0002821888600000033
Step 3.2: for M ═ 1, 2, Λ, M, use with weight DmTraining a weak learner Gm(x);
Step 3.3: weak learner G for calculationm(x) Classification error of (2):
Figure BDA0002821888600000034
step 3.4: by forward step-by-step algorithm, weak classifier Gm(x) The coefficients of (a) are:
Figure BDA0002821888600000035
step 3.5: update the weight distribution of the m +1 th weak learner sample:
Dm+1=(wm+1,1,wm+1,2,Λ,wm+1,N)
wherein,
Figure BDA0002821888600000036
wherein,
Figure BDA0002821888600000037
wherein Z ismIs a normalization factor, and the main function is to convert wmiNormalized to between 0 and 1, such that
Figure BDA0002821888600000038
Step 3.6: and (3) carrying out linear combination on all weak classifiers by using the coefficient weighting of each weak classifier to obtain a final strong classifier:
Figure BDA0002821888600000041
in the above technical solution, step 4 specifically includes the following steps:
step 4.1: a risk event influence value evaluation table is formulated based on a universal vulnerability scoring system (CVSS):
index (I) Degree of influence Influence value
Confidentiality (C) None (N)/Low (L)/high (H) 0/0.22/0.56
Integrity (I) Does not have (N) to be based onLow (L)/high (H) 0/0.22/0.56
Availability (A) None (N)/Low (L)/high (H) 0/0.22/0.56
Step 4.2: determining each channel T by combining the table in S1iC, I, A values of corresponding security events, and calculating a channel TiInfluence value of
Figure BDA0002821888600000042
Figure BDA0002821888600000043
Step 4.3: and combining the table in the S1, and constructing a paired comparison matrix of the channel by using a paired comparison method from three dimensions of confidentiality, integrity and availability:
Figure BDA0002821888600000044
wherein a isijRepresents a channel TiRelative to the channel TjThe degree of importance of;
step 4.4: calculating a characteristic root lambda, and carrying out consistency check: aw ═ λ w
Defining a consistency index:
Figure BDA0002821888600000045
n represents the number of channels;
defining a consistency ratio:
Figure BDA0002821888600000046
wherein RI is a random consistency index, when the consistency ratio CR is less than 0.1, the inconsistency degree of A is within an allowable range and has satisfactory consistency, and the normalized characteristic vector is used as a weight vector through consistency test, otherwise, a comparison matrix A is reconstructed;
step 4.5: calculating a weight vector w by using the inspected characteristic root lambda, and weighting and fusing all channels to obtain the overall network security situation:
Figure BDA0002821888600000051
wherein, I (t) is a general function, when the parameter t is true, the output is 1; when the parameter t is false, the output is 0,
Figure BDA0002821888600000052
meaning that Ti corresponds to a strong classifier.
Because the invention adopts the technical scheme, the invention has the following beneficial effects:
1. the invention divides the whole index into a plurality of channels, not only fully considers the different network safety problems represented by different types of indexes, but also ensures the independence and the purity of the characteristics in the same channel. A plurality of channels are divided according to the safety problem, and when the network safety situation of the power internet of things is rapidly reduced, the positioning, tracking and tracing of the safety problem are facilitated.
2. Aiming at the problem that the accuracy of the model is reduced due to overfitting of the traditional neural network algorithm, an AdaBoost integrated learning algorithm is introduced, a plurality of weak learners are linearly weighted, the generalization error is reduced, and the accuracy of the model is improved.
3. Based on the CVSS risk event influence value evaluation table, the AHP is used for fusing all the channels to obtain the overall network security situation, and the relative importance among all the channels is comprehensively considered, so that the evaluation result is more dependent and persuasive.
Drawings
Fig. 1 is a schematic diagram of channel division.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
The network security situation indexes are divided into a plurality of channels:
considering that the network security environment is usually affected by a plurality of aspects, the network security problem that can affect the network security environment is divided into n channels: t is1,T2,Λ,Tn
And dividing the overall situation index into the n channels according to the corresponding relation between each index and the safety problem.
The specific steps of the SAE-AdaBoost for respectively evaluating the multiple channels are as follows:
s1: for each channel TiIndex data of
Figure BDA0002821888600000061
Normalizing by using a minimum-maximum standard method to obtain a channel TiThe size range of the index data is narrowed to [0, 1 ]]The method comprises the following steps:
Figure BDA0002821888600000062
s2: to channel TiThe process of coding the index data is to map each unlabeled training sample k-dimensional vector x' into an m-dimensional coding vector x through the hidden layerhTo obtain a low-dimensional representation x of the high-dimensional datah. The method comprises the following specific steps:
(1) normalizing data x '═ x'1,x′2,Λ,x′kMapping to a hidden layer through a linear function and a sigmoid activation function to obtain a coding result
Figure BDA0002821888600000063
Namely:
Figure BDA0002821888600000064
mapping the encoding result y to a reconstruction layer through a linear function and a sigmoid activation function to obtain a decoding result x ″ { x ″)1,x″2,Λ,x″kThe dimension of x "is consistent with the dimension of the original data x', i.e.:
Figure BDA0002821888600000065
wherein x ishFor the encoded data, x 'is the characteristic expression of the original data, x' is the decoded data, w1、w2、b1、b2Weights and biases for input layer to hidden layer, hidden layer to reconstructed layer, respectively.
(2) When the output value of a certain neuron of the hidden layer is close to 1, the unit is in an active state, and conversely, the unit is in an inactive state. For the purpose of "sparseness", a by suppressing most neurons of the hidden layer and leaving them in an "inactive" statej(k) Representing the activation of the jth cell, then the average activation of the ith neuron in the hidden layer is:
Figure BDA0002821888600000066
(3) using KL divergence as PN expression to penalize
Figure BDA0002821888600000067
Deviating by a constant p close to 0, so that most neurons are suppressed for sparseness:
Figure BDA0002821888600000071
Figure BDA0002821888600000072
where Sh represents the number of neurons in the cryptic layer,
Figure BDA0002821888600000073
is composed of
Figure BDA0002821888600000074
And p, relative entropy, which measures the difference between the two distributions. Since the relative entropy is a convex function, when
Figure BDA0002821888600000075
When KL reaches a minimum value. To achieve sparsity limitation, a loss function is defined as:
Figure BDA0002821888600000076
wherein n is the number of samples, and n is the regularization coefficient, x ″iAnd beta is the coefficient of the sparsity limiting penalty term for the output value of the ith group of samples. The above formula consists of three parts, which are a mean square error term, a regularization term and a penalty term.
(4) Optimizing a cost loss function and a parameter w, b through a gradient descent algorithm:
Figure BDA0002821888600000077
Figure BDA0002821888600000078
Figure BDA0002821888600000079
Figure BDA00028218886000000710
wi,bithe weight and the offset of the ith data are respectively expressed, and alpha represents the learning rate. When a certain number of iterations is reached, hidden layer neurons obtain the learning characteristics of high-dimensional data, meanwhile, the sparse self-coding deep neural network has trained corresponding weight vectors w and bias vectors b, and the data x after dimensionality reduction is obtained by substituting w and b into the formula (1)h
S3: is the data x after the dimension reductionhAdding tag data y to obtain channel TiTraining data set
Figure BDA00028218886000000711
Wherein
Figure BDA00028218886000000712
Representing the sample points, y, after S2 dimensionality reductioniAnd representing the category corresponding to the sample, taking the value of { -1, 1}, and representing that the security event corresponding to the channel occurs when the value is '1'. The AdaBoost algorithm continuously changes the weights of samples from training data, serially learns a series of weak learners, and linearly combines the weak learners into a strong learner. The method comprises the following specific steps:
(1)Dm=(wm1,wm2,Λ,wmN) Representing the weight of the mth weak classifier sample, the weight of the initialized sample point is:
Figure BDA0002821888600000081
(2) for M ═ 1, 2, a, M, use is made of a weight DmTraining a weak learner Gm(x) The weak learners here can be neural networks, decision trees, etcThe principle and training process are not repeated.
(3) Weak learner G for calculationm(x) Classification error of (2):
Figure BDA0002821888600000082
i (t) is a general function, and when the parameter t is true, the output is 1; when the parameter t is false, the output is 0.
(4) By forward step-by-step algorithm, weak classifier Gm(x) The coefficients of (a) are:
Figure BDA0002821888600000083
(5) updating the weight distribution D of the m +1 th weak learner samplem+1=(wm+1,1,wmn+1,2,Λ,wm+1,N)
Figure BDA0002821888600000084
Figure BDA0002821888600000085
Wherein Z ismIs a normalization factor, and the main function is to convert wmiNormalized to between 0 and 1, such that
Figure BDA0002821888600000086
(6) And (3) carrying out linear combination on all weak classifiers by using the coefficient weighting of each weak classifier to obtain a final strong classifier:
Figure BDA0002821888600000091
the specific steps of the AHP fusing the evaluation results of the plurality of channels to obtain the overall network security situation are as follows:
s1: a risk event influence value evaluation table is formulated based on a universal vulnerability scoring system (CVSS):
index (I) Degree of influence Influence value
Confidentiality (C) None (N)/Low (L)/high (H) 0/0.22/0.56
Integrity (I) None (N)/Low (L)/high (H) 0/0.22/0.56
Availability (A) None (N)/Low (L)/high (H) 0/0.22/0.56
S2: determining each channel T by combining the table in S1iC, I, A values of corresponding security events, and calculating a channel TiInfluence value of (2):
Figure BDA0002821888600000092
s3: and combining the table in the S1, and constructing a paired comparison matrix of the channel by using a paired comparison method from three dimensions of confidentiality, integrity and availability:
Figure BDA0002821888600000093
wherein a isijRepresents a channel TiRelative to the channel TjThe degree of importance of.
S4: calculating a characteristic root lambda, and carrying out consistency check: aw ═ λ w
Defining a consistency index:
Figure BDA0002821888600000094
defining a consistency ratio:
Figure BDA0002821888600000095
wherein RI is a random consistency index, and when the consistency ratio CR is generally considered to be less than 0.1, the inconsistency degree of A is considered to be within an allowable range, and the A has satisfactory consistency and passes consistency check. Its normalized eigenvector can be used as the weight vector, otherwise it is reconstructed into the comparison matrix a.
S5: calculating a weight vector w by using the inspected characteristic root lambda, and weighting and fusing all channels to obtain the overall network security situation:
Figure BDA0002821888600000101

Claims (5)

1. a multi-channel SAE-AdaBoost-based power Internet of things network security situation assessment method is characterized by comprising the following steps:
step 1: network security situation index is divided into a plurality of channels T1,T2,Λ,Tn
Step 2: for each channel, SAE maps each unlabeled training sample k-dimensional vector x' to m-dimensional coding vector x through the hidden layerhTo obtain high dimensional dataIs expressed as xh
And step 3: for channel TiTraining data set
Figure FDA0002821888590000011
Wherein
Figure FDA0002821888590000012
Representing the sample points, x, after the dimension reduction of step 2hThe data after dimensionality reduction, x refers to index data after channel division, and yiRepresenting the category corresponding to the sample, taking the value as { -1, 1}, and representing that the security event corresponding to the channel occurs when the value is '1', wherein an AdaBoost algorithm continuously changes the weight of the sample from training data, serially learns a series of weak learners, linearly combines the weak learners into a strong learner, and uses the strong learner to evaluate the channel corresponding to the weak learner;
and 4, step 4: the AHP comprehensively considers the relative importance among the channels, and integrates the evaluation results of the multiple channels to obtain the overall network security situation.
2. The method for evaluating the network security situation of the power internet of things based on the multi-channel SAE-AdaBoost as claimed in claim 1, wherein the step 1 comprises the following steps:
the network security problem that affects the network security environment is divided into n channels: t is1,T2,Λ,Tn
And dividing the overall situation index into the n channels according to the corresponding relation between each index and the safety problem.
3. The method for evaluating the network security situation of the power internet of things based on the multi-channel SAE-AdaBoost as claimed in claim 1, wherein the step 2 comprises the following steps:
s2.1: for each channel TiIndex data of
Figure FDA0002821888590000013
Normalizing by using a minimum-maximum standard method to obtain a channel TiThe size range of the index data is narrowed to [0, 1 ]]The method comprises the following steps:
Figure FDA0002821888590000014
wherein x represents index data;
s2.2: to channel TiAnd (3) encoding index data: mapping each unlabeled training sample k-dimensional vector x' into m-dimensional coded vector x through the hidden layerhTo obtain a low-dimensional representation x of the high-dimensional datah
4. The method for evaluating the network security situation of the power internet of things based on the multi-channel SAE-AdaBoost as claimed in claim 1, wherein the step 3 specifically comprises:
step 3.1: dm=(wm1,wm2,Λ,wmN) Representing the weight of the mth weak classifier sample, the weight of the initialized sample point is: d1=(w11,w12,Λ,w1N),
Figure FDA0002821888590000021
Step 3.2: for M ═ 1, 2, Λ, M, use with weight DmTraining a weak learner Gm(x);
Step 3.3: weak learner G for calculationm(x) Classification error of (2):
Figure FDA0002821888590000022
step 3.4: by forward step-by-step algorithm, weak classifier Gm(x) The coefficients of (a) are:
Figure FDA0002821888590000023
step 3.5: update the weight distribution of the m +1 th weak learner sample:
Dm+1=(wm+1,1,wm+1,2,Λ,wm+1,N)
wherein,
Figure FDA0002821888590000024
wherein,
Figure FDA0002821888590000025
wherein Z ismIs a normalization factor, and the main function is to convert wmiNormalized to between 0 and 1, such that
Figure FDA0002821888590000026
Step 3.6: and (3) carrying out linear combination on all weak classifiers by using the coefficient weighting of each weak classifier to obtain a final strong classifier:
Figure FDA0002821888590000027
5. the method for evaluating the network security situation of the power internet of things based on the multi-channel SAE-AdaBoost as claimed in claim 1, wherein the step 4 specifically comprises the following steps:
step 4.1: a risk event influence value evaluation table is formulated based on a universal vulnerability scoring system (CVSS):
index (I) Degree of influence Influence value Confidentiality (C) None (N)/Low (L)/high (H) 0/0.22/0.56 Integrity (I) None (N)/Low (L)/high (H) 0/0.22/0.56 Availability (A) None (N)/Low (L)/high (H) 0/0.22/0.56
Step 4.2: determining each channel T by combining the table in S1iC, I, A values of corresponding security events, and calculating a channel TiInfluence value of
Figure FDA0002821888590000031
Figure FDA0002821888590000032
Step 4.3: and combining the table in the S1, and constructing a paired comparison matrix of the channel by using a paired comparison method from three dimensions of confidentiality, integrity and availability:
Figure FDA0002821888590000033
wherein a isijRepresents a channel TiRelative to the channel TjThe degree of importance of;
step 4.4: calculating a characteristic root lambda, and carrying out consistency check: aw ═ λ w
Defining a consistency index:
Figure FDA0002821888590000034
n represents the number of channels;
defining a consistency ratio:
Figure FDA0002821888590000035
wherein RI is a random consistency index, when the consistency ratio CR is less than 0.1, the inconsistency degree of A is within an allowable range and has satisfactory consistency, and the normalized characteristic vector is used as a weight vector through consistency test, otherwise, a comparison matrix A is reconstructed;
step 4.5: calculating a weight vector w by using the inspected characteristic root lambda, and weighting and fusing all channels to obtain the overall network security situation:
Figure FDA0002821888590000036
wherein, I (t) is a general function, when the parameter t is true, the output is 1; when the parameter t is false, the output is 0,
Figure FDA0002821888590000037
meaning that Ti corresponds to a strong classifier.
CN202011461351.4A 2020-12-08 2020-12-08 Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost Active CN112615843B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011461351.4A CN112615843B (en) 2020-12-08 2020-12-08 Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011461351.4A CN112615843B (en) 2020-12-08 2020-12-08 Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost

Publications (2)

Publication Number Publication Date
CN112615843A true CN112615843A (en) 2021-04-06
CN112615843B CN112615843B (en) 2022-07-08

Family

ID=75234468

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011461351.4A Active CN112615843B (en) 2020-12-08 2020-12-08 Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost

Country Status (1)

Country Link
CN (1) CN112615843B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114374561A (en) * 2022-01-13 2022-04-19 潍坊学院 Network security state evaluation method and device and storage medium
CN118316739A (en) * 2024-06-11 2024-07-09 长春工程学院 Internet of things security situation monitoring method and system based on big data

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104794534A (en) * 2015-04-16 2015-07-22 国网山东省电力公司临沂供电公司 Power grid security situation predicting method based on improved deep learning model
US20180132174A1 (en) * 2016-11-07 2018-05-10 Eero Inc. Systems and methods for enhanced mesh networking
CN109492751A (en) * 2018-11-02 2019-03-19 重庆邮电大学 Network safety situation element securing mechanism based on BN-DBN
CN109547431A (en) * 2018-11-19 2019-03-29 国网河南省电力公司信息通信公司 A kind of network security situation evaluating method based on CS and improved BP
CN110149333A (en) * 2019-05-23 2019-08-20 桂林电子科技大学 A kind of network security situation evaluating method based on SAE+BPNN
CN110647900A (en) * 2019-04-12 2020-01-03 中国人民解放军战略支援部队信息工程大学 Intelligent safety situation prediction method, device and system based on deep neural network
CN110865625A (en) * 2018-08-28 2020-03-06 中国科学院沈阳自动化研究所 Process data anomaly detection method based on time series
CN111404919A (en) * 2020-03-12 2020-07-10 东南大学 Method for sensing diversity of network security states of nuclear power control system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104794534A (en) * 2015-04-16 2015-07-22 国网山东省电力公司临沂供电公司 Power grid security situation predicting method based on improved deep learning model
US20180132174A1 (en) * 2016-11-07 2018-05-10 Eero Inc. Systems and methods for enhanced mesh networking
CN110865625A (en) * 2018-08-28 2020-03-06 中国科学院沈阳自动化研究所 Process data anomaly detection method based on time series
CN109492751A (en) * 2018-11-02 2019-03-19 重庆邮电大学 Network safety situation element securing mechanism based on BN-DBN
CN109547431A (en) * 2018-11-19 2019-03-29 国网河南省电力公司信息通信公司 A kind of network security situation evaluating method based on CS and improved BP
CN110647900A (en) * 2019-04-12 2020-01-03 中国人民解放军战略支援部队信息工程大学 Intelligent safety situation prediction method, device and system based on deep neural network
CN110149333A (en) * 2019-05-23 2019-08-20 桂林电子科技大学 A kind of network security situation evaluating method based on SAE+BPNN
CN111404919A (en) * 2020-03-12 2020-07-10 东南大学 Method for sensing diversity of network security states of nuclear power control system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
FEI LV: "Remote Sensing Image Classification Based on Ensemble Extreme Learning Machine With Stacked Autoencoder", 《IEEE ACCESS 》 *
郭圣明等: "军用信息系统智能化的挑战与趋势", 《控制理论与应用》 *
黄焱: "基于BP神经网络的网络安全态势评估研究", 《佳木斯大学学报(自然科学版)》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114374561A (en) * 2022-01-13 2022-04-19 潍坊学院 Network security state evaluation method and device and storage medium
CN114374561B (en) * 2022-01-13 2023-10-24 潍坊学院 Network security state evaluation method, device and storable medium
CN118316739A (en) * 2024-06-11 2024-07-09 长春工程学院 Internet of things security situation monitoring method and system based on big data

Also Published As

Publication number Publication date
CN112615843B (en) 2022-07-08

Similar Documents

Publication Publication Date Title
CN112070128B (en) Transformer fault diagnosis method based on deep learning
Yang et al. Combined wireless network intrusion detection model based on deep learning
CN109783879B (en) Radar radiation source signal identification efficiency evaluation method and system
CN112615843B (en) Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost
CN110070895B (en) Mixed sound event detection method based on factor decomposition of supervised variational encoder
CN111722046A (en) Transformer fault diagnosis method based on deep forest model
CN113177587B (en) Generalized zero sample target classification method based on active learning and variational self-encoder
CN112147432A (en) BiLSTM module based on attention mechanism, transformer state diagnosis method and system
CN115688024B (en) Network abnormal user prediction method based on user content characteristics and behavior characteristics
CN109389171A (en) Medical image classification method based on more granularity convolution noise reduction autocoder technologies
CN111369045A (en) Method for predicting short-term photovoltaic power generation power
CN113344589A (en) Intelligent identification method for collusion behavior of power generation enterprise based on VAEGMM model
CN110399814B (en) Face recognition method based on local linear representation field adaptive measurement
CN116702132A (en) Network intrusion detection method and system
CN114880538A (en) Attribute graph community detection method based on self-supervision
CN108388918B (en) Data feature selection method with structure retention characteristics
CN115186798A (en) Knowledge distillation-based regeneration TSK fuzzy classifier
CN113724195B (en) Quantitative analysis model and establishment method of protein based on immunofluorescence image
CN114239384A (en) Rolling bearing fault diagnosis method based on nonlinear measurement prototype network
CN114200245A (en) Construction method of line loss abnormity identification model of power distribution network
CN112329918A (en) Anti-regularization network embedding method based on attention mechanism
CN110288002B (en) Image classification method based on sparse orthogonal neural network
CN117113243A (en) Photovoltaic equipment abnormality detection method
CN115759343A (en) E-LSTM-based user electric quantity prediction method and device
Haiyang et al. An improved Canopy-FFCM clustering algorithm for ocean data analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant