CN114666127A - Abnormal flow detection method based on block chain - Google Patents

Abnormal flow detection method based on block chain Download PDF

Info

Publication number
CN114666127A
CN114666127A CN202210284900.8A CN202210284900A CN114666127A CN 114666127 A CN114666127 A CN 114666127A CN 202210284900 A CN202210284900 A CN 202210284900A CN 114666127 A CN114666127 A CN 114666127A
Authority
CN
China
Prior art keywords
node
communication network
mathematical
variables
flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210284900.8A
Other languages
Chinese (zh)
Other versions
CN114666127B (en
Inventor
孟慧平
陆继钊
梅林�
高峰
刘越
郭少勇
党芳芳
李文萃
安致嫄
蔡沛霖
闫丽景
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing University of Posts and Telecommunications
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing University of Posts and Telecommunications
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing University of Posts and Telecommunications, Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202210284900.8A priority Critical patent/CN114666127B/en
Publication of CN114666127A publication Critical patent/CN114666127A/en
Application granted granted Critical
Publication of CN114666127B publication Critical patent/CN114666127B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an abnormal flow detection method based on a block chain, which effectively solves the problem that the effect is not obvious due to the fact that several problems which are not considered exist in the research aiming at defense attack in the prior art. The method comprises the steps of firstly constructing a communication network based on a smart grid by using a block chain and a Software Defined Network (SDN), adopting a cluster structure in the communication network, enabling each cluster to become an SDN domain, selecting an SDN controller in each SDN domain as a cluster head, calculating entropy values of the cluster head and a target IP, preprocessing mathematical variables obtained from flow information of the target IP, and classifying flow by using an automatic encoder according to feature importance of output variables, so that abnormal flow in the communication network is detected, and the safety of the communication network is guaranteed.

Description

Abnormal flow detection method based on block chain
Technical Field
The invention relates to the field of intelligent power grids, in particular to an abnormal flow detection method based on a block chain.
Background
The intelligent power grid combines intelligent equipment such as sensors and intelligent electric meters with emerging information and communication technologies, and continuous management of power customers, assets and operation is achieved. In recent years, the combination of a software defined network SDN and a smart grid, consisting of a control center, smart grid devices and a communication network, has been extensively studied. The Software Defined Network (SDN) provides centralized network control and a programmable application interface, and brings greater expandability to the smart grid. However, advanced communication technologies also make networks more vulnerable to various security threats, particularly from attackers who constitute targeted attacks. An attacker obtains the attribute of the security function through long-term monitoring and decides to launch resource exhaustion attack on a firewall between the substation subnet and the communication bus, and at the moment, the firewall server fails due to the fact that the bandwidth and the processing capacity of the firewall server are exhausted.
At present, many researches on defense attacks exist, for example, the following three patent documents with application numbers CN201811188730.3, CN201911211225.0, and CN201711403221.3 respectively disclose "a block chain and a method for security assurance of SDN network flow rules", "a distributed SDN synchronization method based on a block chain technology", and "a distributed SDN control plane security authentication method based on a block chain thinking", which all have an obvious effect on ensuring an intelligent power network, but also have the phenomena of no consideration of node energy consumption, a small number of malicious nodes, no consideration of processing of abnormal traffic, and no consideration of the energy consumption problem of an SDN controller, so that the effect of the current researches on defense attacks is not obvious.
The present invention therefore provides a new solution to this problem.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a block chain-based abnormal traffic detection method, which effectively solves the problem that the effect is not obvious due to the fact that several problems which are not considered exist in the research on defense attack in the prior art.
The technical scheme for solving the problem is that the abnormal flow detection method based on the block chain specifically comprises the following steps:
s1, constructing a communication network based on a smart grid by using a block chain and a Software Defined Network (SDN), wherein the communication network comprises a data layer, a control layer and a block chain layer, and a distributed SDN controller is arranged in the control layer;
s2, enabling the communication network in the step S1 to adopt a cluster structure, enabling each cluster to become an SDN domain, and selecting an SDN controller as a cluster head in each SDN domain;
s3, calculating entropy values of the cluster heads and the target IP in the step S2, comparing the entropy values with a set upper limit threshold and a set lower limit threshold, and screening out variables with obvious characteristics, wherein the target IP is the IP address of the target node;
s4, collecting the characteristic variables of the target IP in the communication network within a predefined time interval;
s5, calculating the characteristic variables obtained in the step S4 to obtain a mean value, a median, a standard deviation, an entropy value and a variation coefficient;
s6, preprocessing the characteristic variables obtained in the step S4 to further obtain the characteristic importance of the characteristic variables;
and S7, classifying the selected features by using an automatic encoder according to the feature importance, and further obtaining abnormal flow.
Further, the variable with obvious characteristics in step S3 is a variable whose entropy value is not between the set upper threshold and the set lower threshold.
Further, the average value calculation formula in step S5 is:
Figure BDA0003557835870000021
the standard deviation calculation formula is as follows:
Figure BDA0003557835870000022
the formula for calculating the entropy value is as follows:
Figure BDA0003557835870000023
the coefficient of variation is calculated as:
Figure BDA0003557835870000024
where X is the characteristic variable and N is the total number of characteristic variables.
Further, the step S6 preprocesses the importance of the feature variable by using the following specific steps:
and X1, calculating a kini coefficient of the mth decision tree node by using a formula (5), wherein the node m is a node on the decision tree before bifurcation:
Figure BDA0003557835870000025
where K denotes the presence of a K-class characteristic variable in node m, pmkRepresenting the proportion of a characteristic variable k in node m, pmk’Representing the proportion of characteristic variables k different from the node k in the node m, and GIm representing the probability of inconsistency of any two different characteristic variable categories in the node m;
x2, a node l and a node r are two sub-nodes after branching of the decision tree, and the variation of the kini coefficient of the decision point m before and after branching is calculated by using a formula (6):
Figure BDA0003557835870000031
x3, using formula (7) to sum the variation of the kini coefficient obtained in step X2:
Figure BDA0003557835870000032
x4, the importance of the feature using the value obtained by normalizing the sum obtained in step X3 as a feature variable by the formula (8):
Figure BDA0003557835870000033
wherein
Figure BDA0003557835870000034
Representing the summation of the kini coefficients for all the characteristic variables,
Figure BDA0003557835870000035
representing the kiney system of a node VIM on all decision tree nodesAnd summing the numbers, wherein i and j are characteristic variables.
Further, the step S7 of classifying the flow rate of the feature importance of the feature variable by using an automatic encoder specifically includes the following steps:
y1, inputting the feature importance of the feature variable as data X into the VAE training of the variational automatic encoder by the normal flow data set X
Figure BDA0003557835870000036
In theta, the resulting probability coding model
Figure BDA0003557835870000037
And a probabilistic decoding model gθPerforming the following steps;
y2 model for probability coding of data x using an autoencoder
Figure BDA0003557835870000038
And a probabilistic decoding model gθThe reconstruction error e ∈ x-x |, where the data x that yields the reconstruction error e constitutes the flow set xi,i=1,...,N;
Y3, for each flow set xiSeparately processing and using decoder output decoded means
Figure BDA0003557835870000039
Sum variance
Figure BDA00035578358700000310
Two parameters;
y4, decoding mean value output according to step Y3
Figure BDA00035578358700000311
Sum variance
Figure BDA00035578358700000312
Two parameters result in abnormal flow.
The invention realizes the following beneficial effects:
by arranging the distributed cluster with the SDN controller as the core in the communication network, the influence on the communication network when a single point of failure occurs in the prior art is avoided, meanwhile, the nodes and the SDN controller are balanced, and a block chain technology is combined, so that the safety and privacy of the communication network are enhanced, whether abnormal flow exists or not is detected in the communication network, the higher accuracy is achieved on the basis of lower time overhead, the accuracy of the communication network is improved, and the problem that the effects are not obvious due to the fact that the phenomena that node energy consumption is not considered, the number of malicious nodes is small, the abnormal flow is not considered, and the energy consumption problem of the SDN controller is not considered exist in the defense attack research in the prior art is effectively solved.
Drawings
FIG. 1 is a comparison of the effect of the runtime of the present invention.
FIG. 2 is a diagram illustrating comparison of the effect of false alarm rate according to the present invention.
FIG. 3 is a diagram illustrating comparison of the precision ratio of the present invention.
Detailed Description
The foregoing and other technical and functional aspects of the present invention will be apparent from the following detailed description of the embodiments, which proceeds with reference to the accompanying figures 1-3. The structural contents mentioned in the following embodiments are all referred to the attached drawings of the specification.
Exemplary embodiments of the present invention will be described below with reference to the accompanying drawings.
An abnormal flow detection method based on a block chain specifically comprises the following steps:
s1, constructing a communication network based on a smart grid by using a block chain and a Software Defined Network (SDN), wherein the communication network comprises a data layer, a control layer and a block chain layer, and a distributed SDN controller is arranged in the control layer;
s2, enabling the communication network in the step S1 to adopt a cluster structure, enabling each cluster to become an SDN domain, and selecting an SDN controller as a cluster head in each SDN domain;
s3, calculating entropy values of the cluster heads and the target IP in the step S2, comparing the entropy values with a set upper limit threshold and a set lower limit threshold, and screening out variables with obvious characteristics, wherein the target IP is the IP address of the target node;
s4, collecting the characteristic variables of the target IP in the communication network within a predefined time interval;
s5, calculating the characteristic variables obtained in the step S4 to obtain a mean value, a median, a standard deviation, an entropy value and a variation coefficient;
s6, preprocessing the characteristic variables obtained in the step S4 to further obtain the characteristic importance of the characteristic variables;
and S7, classifying the selected features by using an automatic encoder according to the feature importance, and further obtaining abnormal flow.
The obvious variable in step S3 is a variable whose entropy value is not between the set upper threshold and lower threshold.
The average value calculation formula in step S5 is:
Figure BDA0003557835870000041
the standard deviation calculation formula is as follows:
Figure BDA0003557835870000051
the formula for calculating the entropy value is as follows:
Figure BDA0003557835870000052
the coefficient of variation is calculated as:
Figure BDA0003557835870000053
where X is the characteristic variable and N is the total number of characteristic variables.
The step S6 is to pre-process the importance of the feature variable by using the following specific steps:
and X1, calculating a kini coefficient of the mth decision tree node by using a formula (5), wherein the node m is a node on the decision tree before bifurcation:
Figure BDA0003557835870000054
where K denotes the presence of a K-class characteristic variable in node m, pmkRepresenting the proportion of a characteristic variable k in node m, pmk’Representing the proportion of the characteristic variable k different from the node k in the node m, and GIm representing the probability of inconsistency of any two different characteristic variables in the node m;
x2, a node l and a node r are two sub-nodes after branching of the decision tree, and the variation of the kini coefficient of the decision point m before and after branching is calculated by using a formula (6):
Figure BDA0003557835870000055
x3, using formula (7), summing the changes of the kini coefficients obtained in step X2:
Figure BDA0003557835870000056
x4, the importance of the feature using the value obtained by normalizing the sum of the change amounts of the kini coefficients obtained in step X3 by formula (8):
Figure BDA0003557835870000057
wherein
Figure BDA0003557835870000058
The representation sums the kini coefficients of all the characteristic variables,
Figure BDA0003557835870000059
representing a node VIMjAnd summing the kini coefficients on all the decision tree nodes, wherein i and j are characteristic variables.
The step S7 of classifying the flow rate of the feature importance of the feature variable by using the automatic encoder specifically includes the following steps:
y1, inputting the feature importance of the feature variable as data X into the VAE training of the variational automatic encoder by the normal flow data set X
Figure BDA0003557835870000061
In theta, the resulting probability coding model
Figure BDA0003557835870000062
And a probabilistic decoding model gθIn (2), data x is subjected to x → x ' by an auto-encoder, where dim (x) > dim (x '), and to x ' → x "by a decoder, where dim (x) > dim (x"), where
Figure BDA0003557835870000063
For a probabilistic coding model, gθIs a probabilistic decoding model, and muz(i),σz(i)=fφ(z|x(i)),
Figure BDA0003557835870000064
Y2 model for probability coding of data x using an autoencoder
Figure BDA0003557835870000065
And a probabilistic decoding model gθThe reconstruction error e ∈ x-x |, where the data x that yields the reconstruction error e constitutes the flow set xiWhen the reconstruction error belongs to 0, the automatic encoder performs lossless compression;
y3, for each flow set xiSeparately processing and using decoder output decoded means
Figure BDA0003557835870000066
Sum variance
Figure BDA0003557835870000067
Two parameters, first according to a probabilistic coder model
Figure BDA0003557835870000068
Obtaining a flow set xiIs encoded mean value muz(i) Sum variance σz(i) Two parameters and from a probabilistic coder model
Figure BDA0003557835870000069
Flow set x for mid-extractioniTakes the L flows as samples and takes the samples according to a probability decoder model gθOutput decoded mean
Figure BDA00035578358700000610
Sum variance
Figure BDA00035578358700000611
Two parameters;
y4, decoding mean value output according to step Y3
Figure BDA00035578358700000612
Sum variance
Figure BDA00035578358700000613
The two parameters are used to obtain the abnormal flow, i.e. the decoding mean value output according to the step Y3
Figure BDA00035578358700000614
Sum variance
Figure BDA00035578358700000617
Two parameters, calculate flow set xiReconstruction probability generated from Bernoulli distribution
Figure BDA00035578358700000616
When RP (i) < threshold a, flow set xiNormal flow, otherwise abnormal flow.
In the actual use process, firstly, a communication network based on an intelligent power grid is constructed by utilizing a block chain and a Software Defined Network (SDN), a cluster structure is adopted in the communication network, each cluster is made to be an SDN domain, an SDN controller is selected in each SDN domain to serve as a cluster head, entropy values of the cluster head and a target IP are calculated, characteristic variables obtained from flow information of the target IP are preprocessed, therefore, the characteristic importance of output variables are subjected to flow classification by utilizing an automatic encoder, abnormal flow in the communication network is detected, a detection algorithm EP-RF-SVM based on the automatic encoder is compared with three indexes of a forest random algorithm RF, a proximity algorithm KNN and a support vector machine SVM algorithm in the running time, an error probability FPR and a precision probability P, and the effects of the three indexes are compared in figures 1-3, the false alarm rate FPR represents the proportion of the normal flow sample detected in the normal flow sample, and is represented by formula (9), and the smaller the false alarm rate FPR value is, the higher the algorithm performance is, and the precision P represents the proportion of the attack flow sample actually in the sample determined as the attack flow, and is represented by formula (10):
Figure BDA0003557835870000071
Figure BDA0003557835870000072
wherein TP and FP respectively indicate the number of abnormal flows and normal flows in the flows detected as abnormal, FN and TN respectively indicate the number of abnormal flows and normal flows in the flows not detected as abnormal, and it can be known from fig. 1-3 that the detection algorithm EP-RF-SVM based on the automatic encoder of the present application simultaneously shows superior performance in three indexes of operation time, false alarm rate FPR and precision rate P.
The invention realizes the following beneficial effects:
(1) by arranging the distributed cluster taking the SDN controller as the core in the communication network, the influence of the prior art on the communication network when a single-point fault occurs is avoided, the nodes and the SDN controller are balanced at the same time, and a block chain technology is combined, so that the safety and privacy of the communication network are enhanced, whether abnormal flow exists or not is detected in the communication network, the higher accuracy is achieved on the basis of lower time overhead, the accuracy of the communication network is improved, and the problem that the phenomena of node energy consumption, less malicious nodes, abnormal flow treatment and SDN controller energy consumption are not considered in the research on defense attack in the prior art are effectively solved, so that the effect is not obvious.
(2) The abnormal flow detection method using the automatic encoder can automatically detect the abnormal flow and the normal flow, avoids the problem that the safety of a communication network is not guaranteed due to the fact that the abnormal flow is not considered in the prior art, and further guarantees the safety of the communication network.

Claims (5)

1. An abnormal traffic detection method based on a block chain is characterized by specifically comprising the following steps:
s1, constructing a communication network based on the smart grid by using a block chain and a Software Defined Network (SDN), wherein the communication network comprises a data layer, a control layer and a block chain layer, and a distributed SDN controller is arranged in the control layer;
s2, enabling the communication network in the step S1 to adopt a cluster structure, enabling each cluster to become an SDN domain, and selecting an SDN controller as a cluster head in each SDN domain;
s3, calculating entropy values of the cluster heads and the target IP in the step S2, comparing the entropy values with a set upper limit threshold and a set lower limit threshold, and screening out variables with obvious characteristics, wherein the target IP is the IP address of the target node;
s4, collecting the characteristic variables of the target IP in the communication network within a predefined time interval;
s5, calculating the characteristic variables obtained in the step S4 to obtain a mean value, a median, a standard deviation, an entropy value and a variation coefficient;
s6, preprocessing the characteristic variables obtained in the step S4 to further obtain the characteristic importance of the characteristic variables;
and S7, classifying the selected characteristic variables by using an automatic encoder according to the characteristic importance degree, and further obtaining abnormal flow.
2. The method according to claim 1, wherein the variable with obvious characteristics in step S3 is a variable whose entropy value is not between the set upper threshold and the set lower threshold.
3. The abnormal flow detection method based on the blockchain as claimed in claim 1, wherein the mean value calculation formula in the step S5 is:
Figure FDA0003557835860000011
the standard deviation calculation formula is as follows:
Figure FDA0003557835860000012
the formula for calculating the entropy value is as follows:
Figure FDA0003557835860000013
the coefficient of variation is calculated as:
Figure FDA0003557835860000014
where X is the mathematical variable and N is the total number of mathematical variables.
4. The abnormal traffic detection method based on the blockchain according to claim 1, wherein the step S6 is implemented by preprocessing the importance of the mathematical variable through the following specific steps:
and X1, calculating a kini coefficient of the mth decision tree node by using a formula (5), wherein the node m is a node on the decision tree before bifurcation:
Figure FDA0003557835860000021
where K denotes the existence of a class K mathematical variable in node m, pmkDenotes the ratio of the mathematical variable k in node m, pmk’Representing the proportion of mathematical variables k different from the node k in the node m, and GIm representing the probability of inconsistency of any two different mathematical variable categories in the node m;
x2, a node l and a node r are two sub-nodes after the bifurcation of the decision tree, and the variation of the kini coefficient of the decision point m before and after the bifurcation is calculated by using a formula (6):
Figure FDA0003557835860000022
x3, using formula (7) to sum the variation of the kini coefficient obtained in step X2:
Figure FDA0003557835860000023
x4, importance of the feature using the value obtained by normalizing the sum obtained in step X3 as a mathematical variable by the formula (8):
Figure FDA0003557835860000024
wherein
Figure FDA0003557835860000025
The representation sums the kini coefficients for all mathematical variables,
Figure FDA0003557835860000026
representing a node VIMjThe kini coefficients are summed over all decision tree nodes, where i, j are mathematical variables.
5. The abnormal flow detection method based on block chain as claimed in claim 1, wherein said step S7 of classifying the flow of the feature importance of the mathematical variable by using the automatic encoder specifically includes the following steps:
y1, inputting the feature importance of mathematical variables as data X into the training of variational automatic encoder VAE by normal flow data set X
Figure FDA0003557835860000027
In theta, the resulting probability coding model
Figure FDA0003557835860000028
And a probabilistic decoding model gθPerforming the following steps;
y2, obtaining data x in probability coding model by using automatic coder
Figure FDA0003557835860000031
And a probabilistic decoding model gθThe reconstruction error e ∈ x-x |, where the data x that yields the reconstruction error e constitutes the flow set xi,i=1,…,N;
Y3, for each flow set xiSeparately processing and using decoder output decoded means
Figure FDA0003557835860000032
And
Figure FDA0003557835860000033
two parameters;
y4, decoding mean value output according to step Y3
Figure FDA0003557835860000034
Sum variance
Figure FDA0003557835860000035
Two parameters result in abnormal flow.
CN202210284900.8A 2022-03-22 2022-03-22 Abnormal flow detection method based on block chain Active CN114666127B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210284900.8A CN114666127B (en) 2022-03-22 2022-03-22 Abnormal flow detection method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210284900.8A CN114666127B (en) 2022-03-22 2022-03-22 Abnormal flow detection method based on block chain

Publications (2)

Publication Number Publication Date
CN114666127A true CN114666127A (en) 2022-06-24
CN114666127B CN114666127B (en) 2023-05-23

Family

ID=82030509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210284900.8A Active CN114666127B (en) 2022-03-22 2022-03-22 Abnormal flow detection method based on block chain

Country Status (1)

Country Link
CN (1) CN114666127B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200167342A1 (en) * 2018-11-26 2020-05-28 Korea Advanced Institute Of Science And Technology System for Secure Software Defined Networking Based on Block-Chain and Method Thereof
CN112019338A (en) * 2019-05-31 2020-12-01 浙江工商大学 Lightweight safety smart power grid communication method and system based on block chain
CN112528277A (en) * 2020-12-07 2021-03-19 昆明理工大学 Hybrid intrusion detection method based on recurrent neural network
CN112637193A (en) * 2020-12-21 2021-04-09 江苏省未来网络创新研究院 Industrial Internet security situation awareness system based on SDN
CN112800116A (en) * 2021-04-08 2021-05-14 腾讯科技(深圳)有限公司 Method and device for detecting abnormity of service data
CN113807858A (en) * 2021-09-23 2021-12-17 未鲲(上海)科技服务有限公司 Data processing method based on decision tree model and related equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200167342A1 (en) * 2018-11-26 2020-05-28 Korea Advanced Institute Of Science And Technology System for Secure Software Defined Networking Based on Block-Chain and Method Thereof
CN112019338A (en) * 2019-05-31 2020-12-01 浙江工商大学 Lightweight safety smart power grid communication method and system based on block chain
CN112528277A (en) * 2020-12-07 2021-03-19 昆明理工大学 Hybrid intrusion detection method based on recurrent neural network
CN112637193A (en) * 2020-12-21 2021-04-09 江苏省未来网络创新研究院 Industrial Internet security situation awareness system based on SDN
CN112800116A (en) * 2021-04-08 2021-05-14 腾讯科技(深圳)有限公司 Method and device for detecting abnormity of service data
CN113807858A (en) * 2021-09-23 2021-12-17 未鲲(上海)科技服务有限公司 Data processing method based on decision tree model and related equipment

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
王丽霞、李伟、李广野、温鑫: ""基于区块链的电网全业务数据分布式存储应用"", 《信息技术》 *
薛晨子: ""基于区块链的智能电网管控研究"", 《工程科技Ⅱ辑;信息科技》 *
覃玉冰、邓春林、杨柳、肖望、张昊宇: ""基于决策树的网络舆情类型识别模型研究"", 《智能计算机与应用》 *

Also Published As

Publication number Publication date
CN114666127B (en) 2023-05-23

Similar Documents

Publication Publication Date Title
Wainakh et al. Enhancing privacy via hierarchical federated learning
CN111585948B (en) Intelligent network security situation prediction method based on power grid big data
CN108632269B (en) Distributed denial of service attack detection method based on C4.5 decision tree algorithm
CN109767352B (en) Safety situation assessment method for electric power information physical fusion system
CN108182536B (en) CPS security defense method for power distribution network based on finiteness
CN110166454A (en) A kind of composite character selection intrusion detection method based on self-adapted genetic algorithm
CN112422556B (en) Internet of things terminal trust model construction method and system
KR100615080B1 (en) A method for automatic generation of rule-based detection patterns about the bots and worms in the computer network
CN112149967B (en) Power communication network vulnerability assessment method and system based on complex system theory
CN108053126A (en) A kind of electric power CPS methods of risk assessment under Dos attacks
CN103957203A (en) Network security defense system
Mirzaee et al. Fids: A federated intrusion detection system for 5g smart metering network
CN115208604B (en) AMI network intrusion detection method, device and medium
CN117787718A (en) Novel security risk assessment method, device and storage medium for power system situation
CN110598128B (en) Community detection method for large-scale network for resisting Sybil attack
CN114205816B (en) Electric power mobile internet of things information security architecture and application method thereof
Dinh et al. Dynamic economic-denial-of-sustainability (EDoS) detection in SDN-based cloud
CN106789322B (en) The determination method and apparatus of key node in Information Network
CN116015894A (en) Information security management method and system
CN107479518A (en) A kind of method and system for automatically generating alarm association rule
CN109871711A (en) The shared distribution risk control model of ocean big data and method
CN117640223A (en) Dynamic evaluation method, system, equipment and medium for trust degree of electric power Internet of things equipment
Bian et al. Network security situational assessment model based on improved AHP_FCE
CN114666127A (en) Abnormal flow detection method based on block chain
CN116684202A (en) Internet of things information security transmission method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant