CN117692207A - Instruction-level power system service protection method based on weighted similarity matching - Google Patents
Instruction-level power system service protection method based on weighted similarity matching Download PDFInfo
- Publication number
- CN117692207A CN117692207A CN202311701147.9A CN202311701147A CN117692207A CN 117692207 A CN117692207 A CN 117692207A CN 202311701147 A CN202311701147 A CN 202311701147A CN 117692207 A CN117692207 A CN 117692207A
- Authority
- CN
- China
- Prior art keywords
- instruction
- service
- vector
- power system
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 239000013598 vector Substances 0.000 claims abstract description 65
- 238000012549 training Methods 0.000 claims abstract description 32
- 230000002159 abnormal effect Effects 0.000 claims abstract description 19
- 238000004364 calculation method Methods 0.000 claims abstract description 14
- 230000006870 function Effects 0.000 claims abstract description 13
- 238000004458 analytical method Methods 0.000 claims abstract description 5
- 238000013527 convolutional neural network Methods 0.000 claims description 11
- 238000013528 artificial neural network Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 5
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000011478 gradient descent method Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 claims 2
- 238000013523 data management Methods 0.000 claims 1
- 238000012423 maintenance Methods 0.000 claims 1
- 238000012360 testing method Methods 0.000 claims 1
- 238000001514 detection method Methods 0.000 abstract description 16
- 230000005856 abnormality Effects 0.000 abstract description 8
- 238000013136 deep learning model Methods 0.000 abstract description 4
- 230000000694 effects Effects 0.000 abstract description 4
- 238000003062 neural network model Methods 0.000 abstract 1
- 238000002372 labelling Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application relates to a service protection method of an instruction-level power system based on weighted similarity matching, which comprises the following specific steps: and carrying out protocol deep analysis on the service flow in the power system by analyzing the network flow in the power system to obtain a vector of the service instruction. Dividing the business instruction vector into multiple classes according to the electric power characteristics, and carrying out instruction classification and class classification for subsequent calculation of weighted items; and marking the service instruction vector as normal and abnormal according to the system fault moment. And combining all the service instruction vectors in pairs to form a plurality of data pairs, and obtaining a training data set P. Training a convolution neural network model prepared in advance by using the training data set P and the weighting loss function to obtain a trained abnormality detection model, and performing abnormality detection by using the trained abnormality detection model. The problem of in the industry control network unusual data less, training degree of deep learning model effect is not good is solved. The method has the characteristics of high detection precision and capability of detecting unknown business anomalies.
Description
Technical Field
The application relates to the field of industrial control system safety, in particular to a service protection method of an instruction-level power system based on weighted similarity matching.
Background
The power monitoring system plays a key role in modern society and is responsible for ensuring the stable operation of the power system. With advances in information technology, power monitoring systems are increasingly dependent on computerized and networked technologies. However, this also exposes the system to increasingly complex and advanced network threats, such as malware, cyber attacks, and data tampering. In such a context, it becomes critical to provide instruction-level traffic protection for power monitoring systems.
Currently, power monitoring systems typically employ a series of measures to ensure the security of their operation, including network firewalls, intrusion Detection Systems (IDS), encrypted communications, and the like. However, these approaches focus mainly on the network level and the communication level, while the traffic protection at the instruction level is relatively weak. Instruction-level business protection requires attention to software execution inside the system to prevent injection of malicious instructions, hijacking of execution processes, and tampering with critical data. At present, the solution for instruction-level service protection is mainly based on rule matching, namely, a character string of a service instruction is obtained by deeply analyzing the communication flow of a power system, and a series of rules formulated by an expert are used for matching potential high-risk service instructions. However, this approach relies on extensive manpower for rule customization and cannot discover unknown threats. The existing detection method based on instruction matching can not find the problem of unknown business abnormality.
Based on the background, the invention provides a service protection method for an instruction-level power system based on weighted similarity matching. According to the method, the instruction hash of the service instruction is calculated by using a deep learning method, and the unknown abnormal service instruction can be detected by comparing the distances between the service instruction hash codes to perform abnormality detection.
Disclosure of Invention
The embodiment of the application aims to provide a service protection method for an instruction-level power system based on weighted similarity matching, which solves the problems of less abnormal data and poor training effect of a deep learning model in an industrial control network. The existing detection method based on instruction matching can not find the problem of unknown business abnormality. The method has the characteristics of high detection precision and capability of detecting unknown business anomalies.
In order to achieve the above purpose, the present application provides the following technical solutions:
the embodiment of the application provides a service protection method of an instruction-level power system based on weighted similarity matching, which is characterized by comprising the following specific steps:
(1) Collecting network flow in the power system, carrying out protocol analysis on service flow in the network flow to obtain information comprising fields of frame header information, address information, function codes, data fields and the like, combining the information into a vector of 1 x 1024, and filling 0x00 backwards when the field length is insufficient to form a service instruction vectorWherein v is i The i-th service instruction vector is composed of 1024 16-system numbers. Element v in each vector j Is 4 bits long. Wherein 0x00 is the default field filled when the service instruction vector length is less than 1024;
(2) According to the characteristics of the service in the power system, the service instructions are classified into multiple classes according to the operation classes, and each class is numbered. The rules of the operation class instruction classification are shown in the following table:
(3) According to the characteristics of the service in the power system, the service instruction is classified into multiple categories according to the security class, and each category is numbered. The rules of the security level instruction hierarchy are shown in the following table:
(4) And marking the service instruction vector v corresponding to the abnormal moment of the system as abnormal, wherein the corresponding value is 1. The service instruction vector at other moments is marked as normal, and the corresponding value is 0. Each service instruction vector v i Marked d i ;
(5) According to the classification mode in the step (2) and the step (3), each service instruction vector v i The corresponding class number is c i The corresponding security level number is s i . Each service instruction vector v i The corresponding sample label is y i ={d i ,c i ,s i };
(6) All the service instruction vectors are combined in pairs to form a plurality of data pairs Wherein N is the total number of all the collected service instruction vectors, and P is a training data set;
(7) Training the CNN network designed in advance by using the training data set P. Specifically, each tuple (v a ,v b ) Sequentially fetched, first instruction vector v a The input CNN outputs a characteristic hash h with 1 x 64 dimension a . Second instruction vector v b The CNN outputs a characteristic hash h with 1 x 64 dimension when the neural network is input b ;
(8) Calculation of training loss by weighted loss function H (v a ,v b ) The specific calculation steps are as follows:
wherein D is w Is h a And h b Is a euclidean distance of (c). Y is according to tuple (v a ,v b ) Derived from the category to which each belongs, v a And v b And Y is 0 in the normal or abnormal category, otherwise, Y is 1.G (a, b) is according to tuple (v a ,v b ) The corresponding class number and class number. M is the vector dimension of the neural network output, which is 64.I [.] A 1 function, a 1 when the condition is true, and a 0 otherwise. T (T) c Taking 0.6 as category weight; t (T) s Taking 0.8 as the grade weight;
(9) According to the class loss calculated in the step (8), gradient omega of the current model is obtained by using a gradient descent method old Proceeding withGradient update to obtain updated gradient omega new The specific calculation steps are as follows:
wherein eta is learning rate and 0.001 is taken;
(10) Repeating the steps (7) to (9) until training loss l H Less than a set threshold, or the number of iterations reaches a maximum set number. Obtaining a trained model
(11) Sequentially inputting the business instruction vectors in v into the modelObtaining corresponding characteristic hash to form a sample hash group H g =(h 1 ,h 2 ,...,h n );
(12) According to the method in the step (1), the service flow is collected and analyzed in real time to obtain a service instruction vector v at the moment t t . Vector v t Inputting a trained modelObtaining a characteristic hash h t ;
(13) Hash the features h t Hash with sample group H g Characteristic hash h of (3) i Sequentially comparing, calculating Euclidean distance dis between the two i . The specific calculation steps are as follows:
wherein M is the vector dimension output by the neural network and is 64;
(14) In hash group H g In the method, the AND characteristic hash h is obtained t Feature hash h with minimum euclidean distance m Wherein, the method comprises the steps of, wherein,acquisition of h m The corresponding label is d m If d m And if the service instruction is 0, the current service instruction is normal. If d m If it is 1, it judges dis m Whether or not it is smaller than a set threshold T h . If the current service instruction is smaller than the preset threshold, judging that the current service instruction is abnormal, blocking the current service instruction in real time, and guaranteeing the service safety of the power system.
Compared with the prior art, the invention has the beneficial effects that: because the relation between input pairs is utilized during training, and the training is not only dependent on a large amount of labeling data, the training can be performed under the condition that the labeling data are relatively less, and the problem that the training deep learning model is poor in effect due to the fact that abnormal data in an industrial control network are less is solved. By introducing the instruction grading weighting item into the loss function, the model can learn the relation between the service instructions of the power system more quickly, and the method has the characteristic of high abnormality detection precision. By comparing the distances between the hash codes of the business instructions to perform anomaly detection, unknown abnormal business instructions can be detected.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of an instruction-level power system service protection method based on weighted similarity matching.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The terms "first," "second," and the like, are used merely to distinguish one entity or action from another entity or action, and are not to be construed as indicating or implying any actual such relationship or order between such entities or actions.
The basic idea of the invention is that the network flow in the power system is analyzed, and the service flow in the network flow is subjected to protocol deep analysis to obtain the vector of the service instruction. Dividing the service instruction vector into multiple classes according to the characteristics of services in the power system, and classifying the service instruction vector into instruction classes and class classes for subsequent calculation of weighted items; and marking the service instruction vector as normal and abnormal according to the system fault moment. And combining all the service instruction vectors in pairs to form a plurality of data pairs, thereby obtaining a training data set P. Training a Convolutional Neural Network (CNN) model prepared in advance by using the training data set P and the weighted loss function to obtain a trained anomaly detection model, and performing anomaly detection by using the trained anomaly detection model. Because the relation between input pairs is utilized during training, and the training is not only dependent on a large amount of labeling data, the training can be performed under the condition that the labeling data are relatively less, and the problem that the training deep learning model is poor in effect due to the fact that abnormal data in an industrial control network are less is solved. By introducing the instruction grading weighting item into the loss function, the model can learn the relation between the service instructions of the power system more quickly, and the method has the characteristic of high abnormality detection precision. By comparing the distances between the hash codes of the business instructions to perform anomaly detection, unknown abnormal business instructions can be detected. An instruction-level power system business protection method based on weighted similarity matching is provided.
As shown in fig. 1, the invention provides a service protection method of an instruction-level power system based on weighted similarity matching, which comprises the following steps:
(1) Collecting network flow in the power system, carrying out protocol analysis on service flow in the network flow to obtain information comprising fields of frame header information, address information, function codes, data fields and the like, combining the information into a vector of 1 x 1024, and filling 0x00 backwards when the field length is insufficient to form a service instruction vectorWherein v is i The i-th service instruction vector is composed of 1024 16-system numbers. Element v in each vector j Is 4 bits long. Wherein 0x00 is the default field filled when the service instruction vector length is less than 1024;
(2) According to the characteristics of the service in the power system, the service instructions are classified into multiple classes according to the operation classes, and each class is numbered. The rules of the operation class instruction classification are shown in the following table:
(3) According to the characteristics of the service in the power system, the service instruction is classified into multiple categories according to the security class, and each category is numbered. The rules of the security level instruction hierarchy are shown in the following table:
(4) And marking the service instruction vector v corresponding to the abnormal moment of the system as abnormal, wherein the corresponding value is 1. The service instruction vector at other moments is marked as normal, and the corresponding value is 0. Each industryService instruction vector v i Marked d i ;
(5) According to the classification mode in the step (2) and the step (3), each service instruction vector v i The corresponding class number is c i The corresponding security level number is s i . Each service instruction vector v i The corresponding sample label is y i ={d i ,c i ,s i };
(6) All the service instruction vectors are combined in pairs to form a plurality of data pairs Wherein N is the total number of all the collected service instruction vectors, and P is a training data set;
(7) Training the CNN network designed in advance by using the training data set P. Specifically, each tuple (v a ,v b ) Sequentially fetched, first instruction vector v a The input CNN outputs a characteristic hash h with 1 x 64 dimension a . Second instruction vector v b The CNN outputs a characteristic hash h with 1 x 64 dimension when the neural network is input b ;
(8) Calculation of training loss by weighted loss function H (v a ,v b ) The specific calculation steps are as follows:
wherein D is w Is h a And h b Is a euclidean distance of (c). Y is according to tuple (v a ,v b ) Derived from the category to which each belongs, v a And v b And Y is 0 in the normal or abnormal category, otherwise, Y is 1.G (a, b) is according to tuple (v a ,v b ) The corresponding class number and class number. M is the vector dimension of the neural network output, which is 64 in this embodiment. I [.] A 1 function, a 1 when the condition is true, and a 0 otherwise. T (T) c For category weight, 0.6 is taken in this embodiment; t (T) s For the class weight, 0.8 is taken in this embodiment;
(9) According to the class loss calculated in the step (8), gradient omega of the current model is obtained by using a gradient descent method old Gradient update is carried out to obtain an updated gradient omega new The specific calculation steps are as follows:
wherein η is the learning rate, the present embodiment takes 0.001;
(10) Repeating the steps (7) to (9) until training loss l H Less than a set threshold, or the number of iterations reaches a maximum set number. Obtaining a trained model
(11) Sequentially inputting the business instruction vectors in v into the modelObtaining corresponding characteristic hash to form a sample hash group H g =(h 1 ,h 2 ,...,h n );
(12) According to the method in the step (1), the service flow is collected and analyzed in real time to obtain a service instruction vector v at the moment t t . Vector v t Inputting a trained modelObtaining a characteristic hash h t ;
(13) Hash the features h t Hash with sample group H g Characteristic hash h of (3) i Sequentially comparing, calculating Euclidean distance dis between the two i . The specific calculation steps are as follows:
wherein M is the vector dimension output by the neural network, which is 64 in this embodiment;
(14) In hash group H g In the method, the AND characteristic hash h is obtained t Feature hash h with minimum euclidean distance m Wherein, the method comprises the steps of, wherein,acquisition of h m The corresponding label is d m If d m And if the service instruction is 0, the current service instruction is normal. If d m If it is 1, it judges dis m Whether or not it is smaller than a set threshold T h . If the current service instruction is smaller than the preset threshold, judging that the current service instruction is abnormal, blocking the current service instruction in real time, and guaranteeing the service safety of the power system.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application, and various modifications and variations may be suggested to one skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.
Claims (1)
1. The instruction-level power system business protection method based on weighted similarity matching is characterized by comprising the following specific steps of:
(1) Collecting network flow in the power system, carrying out protocol analysis on service flow in the network flow to obtain information containing frame header information, address information, function codes and data fields, combining the information into a vector of 1 x 1024, and filling 0x00 backwards when the field length is insufficient to form a service instruction vector v i =Wherein v is i Representing the ith service instruction vector, consisting of 1024 16-ary numbers, the element v in each vector j Is 4 bits in length;
(2) According to the characteristics of the service in the power system, classifying the service instructions into multiple classes according to the operation classes, numbering each class, and classifying the operation class instructions according to the rule shown in the following table:
(3) According to the characteristics of the service in the power system, classifying the service instructions into multiple categories according to the security class, and numbering each category, wherein the rule of classifying the security class instructions is shown in the following table:
(4) Marking the business instruction vector v corresponding to the abnormal moment of the system as abnormal, the corresponding value is 1, the business instruction vectors at other moments are marked as normal, the corresponding value is 0, and each business instruction vector v i Marked d i ;
(5) According to the classification mode in the step (2) and the step (3), each service instruction vector v i The corresponding class number is c i The corresponding security level number is s i Each service instruction vector v i The corresponding sample label is y i ={d i ,c i ,s i };
(6) All the service instruction vectors are combined in pairs to form a plurality of data pairs Wherein N is the total number of all the collected service instruction vectors, and P is a training data set;
(7) Training a pre-designed CNN network using a training data set P, in particular, training each tuple (v a ,v b ) Sequentially fetched, first instruction vector v a The input CNN outputs a characteristic hash h with 1 x 64 dimension a A second instruction vector v b The CNN outputs a characteristic hash h with 1 x 64 dimension when the neural network is input b ;
(8) Calculation of training loss by weighted loss function H (v a ,v b ) The specific calculation steps are as follows:
wherein D is w Is h a And h b Y is based on the Euclidean distance of the tuple (v a ,v b ) Derived from the category to which each belongs, v a And v b Y is 0, and otherwise 1, G (a, b) is based on the tuple (v a ,v b ) The weighting terms calculated by the corresponding class numbers and class numbers, M is the vector dimension output by the neural network and is 64, I [.] 1 as a function, 1 when the condition is true, otherwise 0, T c Taking 0.6 as category weight; t (T) s Taking 0.8 as the grade weight;
(9) According to the class loss calculated in the step (8), gradient omega of the current model is obtained by using a gradient descent method old Gradient update is carried out to obtain an updated gradient omega new The specific calculation steps are as follows:
wherein eta is learning rate and 0.001 is taken;
(10) Repeating the steps (7) to (9) until training loss l H Less than the set threshold, or the iteration number reaches the maximum set number to obtain a trained model
(11) Sequentially inputting the business instruction vectors in v into the modelObtaining corresponding characteristic hash to form a sample hash group H g =(h 1 ,h 2 ,...,h n );
(12) According to the method in the step (1), the service flow is collected and analyzed in real time to obtain a service instruction vector v at the moment t t Vector v t Inputting a trained modelObtaining a characteristic hash h t ;
(13) Hash the features h t Hash with sample group H g Characteristic hash h of (3) i Sequentially comparing, calculating Euclidean distance dis between the two i The specific calculation steps are as follows:
wherein M is the vector dimension output by the neural network and is 64;
(14) In hash group H g In the method, the AND characteristic hash h is obtained t Feature hash h with minimum euclidean distance m Wherein, the method comprises the steps of, wherein,acquisition of h m The corresponding label is d m If d m If 0, it indicates that the current business instruction is normal, e.gFruit d m If it is 1, it judges dis m Whether or not it is smaller than a set threshold T h If the current service instruction is smaller than the preset threshold, judging that the current service instruction is abnormal, blocking the current service instruction in real time, and guaranteeing the service safety of the power system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311701147.9A CN117692207B (en) | 2023-12-12 | 2023-12-12 | Instruction-level power system service protection method based on weighted similarity matching |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311701147.9A CN117692207B (en) | 2023-12-12 | 2023-12-12 | Instruction-level power system service protection method based on weighted similarity matching |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117692207A true CN117692207A (en) | 2024-03-12 |
| CN117692207B CN117692207B (en) | 2024-05-03 |
Family
ID=90125960
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311701147.9A Active CN117692207B (en) | 2023-12-12 | 2023-12-12 | Instruction-level power system service protection method based on weighted similarity matching |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117692207B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050096949A1 (en) * | 2003-10-29 | 2005-05-05 | International Business Machines Corporation | Method and system for automatic continuous monitoring and on-demand optimization of business IT infrastructure according to business objectives |
| US20140006226A1 (en) * | 2012-06-29 | 2014-01-02 | Fujitsu Limited | Monitoring apparatus and monitoring method |
| CN108200005A (en) * | 2017-09-14 | 2018-06-22 | 国网浙江省电力公司宁波供电公司 | Electric power secondary system network flow abnormal detecting method based on unsupervised learning |
| US20200322366A1 (en) * | 2019-04-03 | 2020-10-08 | General Electric Company | Intelligent data augmentation for supervised anomaly detection associated with a cyber-physical system |
| US20210203605A1 (en) * | 2019-12-31 | 2021-07-01 | Ajou University Industry-Academic Cooperation Foundation | Method and apparatus for detecting abnormal traffic pattern |
| CN113705699A (en) * | 2021-08-31 | 2021-11-26 | 平安科技(深圳)有限公司 | Sample abnormity detection method, device, equipment and medium based on machine learning |
| CN113949527A (en) * | 2021-09-07 | 2022-01-18 | 中云网安科技有限公司 | Abnormal access detection method and device, electronic equipment and readable storage medium |
| US20220224706A1 (en) * | 2020-03-30 | 2022-07-14 | Tencent Technology (Shenzhen) Company Limited | Artificial intelligence-based network security protection method and apparatus, and electronic device |
| US20220385635A1 (en) * | 2021-05-27 | 2022-12-01 | Palo Alto Networks, Inc. | Combined machine learning and formal techniques for network traffic analysis |
| CN115643104A (en) * | 2022-11-10 | 2023-01-24 | 南京奥科服信息技术有限公司 | Network intrusion detection method based on deep supervision discrete hash |
| CN116010836A (en) * | 2022-12-13 | 2023-04-25 | 国网湖北省电力有限公司电力科学研究院 | Instruction level protection method for power grid side equipment based on federal learning framework |
| US20230267368A1 (en) * | 2020-08-10 | 2023-08-24 | Siemens Aktiengesellschaft | System, device and method of detecting abnormal datapoints |
| US11829866B1 (en) * | 2017-12-27 | 2023-11-28 | Intuit Inc. | System and method for hierarchical deep semi-supervised embeddings for dynamic targeted anomaly detection |
-
2023
- 2023-12-12 CN CN202311701147.9A patent/CN117692207B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050096949A1 (en) * | 2003-10-29 | 2005-05-05 | International Business Machines Corporation | Method and system for automatic continuous monitoring and on-demand optimization of business IT infrastructure according to business objectives |
| US20140006226A1 (en) * | 2012-06-29 | 2014-01-02 | Fujitsu Limited | Monitoring apparatus and monitoring method |
| CN108200005A (en) * | 2017-09-14 | 2018-06-22 | 国网浙江省电力公司宁波供电公司 | Electric power secondary system network flow abnormal detecting method based on unsupervised learning |
| US11829866B1 (en) * | 2017-12-27 | 2023-11-28 | Intuit Inc. | System and method for hierarchical deep semi-supervised embeddings for dynamic targeted anomaly detection |
| US20200322366A1 (en) * | 2019-04-03 | 2020-10-08 | General Electric Company | Intelligent data augmentation for supervised anomaly detection associated with a cyber-physical system |
| US20210203605A1 (en) * | 2019-12-31 | 2021-07-01 | Ajou University Industry-Academic Cooperation Foundation | Method and apparatus for detecting abnormal traffic pattern |
| US20220224706A1 (en) * | 2020-03-30 | 2022-07-14 | Tencent Technology (Shenzhen) Company Limited | Artificial intelligence-based network security protection method and apparatus, and electronic device |
| US20230267368A1 (en) * | 2020-08-10 | 2023-08-24 | Siemens Aktiengesellschaft | System, device and method of detecting abnormal datapoints |
| US20220385635A1 (en) * | 2021-05-27 | 2022-12-01 | Palo Alto Networks, Inc. | Combined machine learning and formal techniques for network traffic analysis |
| CN113705699A (en) * | 2021-08-31 | 2021-11-26 | 平安科技(深圳)有限公司 | Sample abnormity detection method, device, equipment and medium based on machine learning |
| CN113949527A (en) * | 2021-09-07 | 2022-01-18 | 中云网安科技有限公司 | Abnormal access detection method and device, electronic equipment and readable storage medium |
| CN115643104A (en) * | 2022-11-10 | 2023-01-24 | 南京奥科服信息技术有限公司 | Network intrusion detection method based on deep supervision discrete hash |
| CN116010836A (en) * | 2022-12-13 | 2023-04-25 | 国网湖北省电力有限公司电力科学研究院 | Instruction level protection method for power grid side equipment based on federal learning framework |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117692207B (en) | 2024-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Karatas et al. | Deep learning in intrusion detection systems | |
| CN111475804B (en) | Alarm prediction method and system | |
| CN110210512B (en) | Automatic log anomaly detection method and system | |
| CN106888205B (en) | Non-invasive PLC anomaly detection method based on power consumption analysis | |
| CN103581186B (en) | A kind of network security situational awareness method and system | |
| CN109379379A (en) | Based on the network inbreak detection method for improving convolutional neural networks | |
| CN111598179B (en) | Power monitoring system user abnormal behavior analysis method, storage medium and equipment | |
| CN114124482B (en) | Access flow anomaly detection method and equipment based on LOF and isolated forest | |
| CN111901340B (en) | Intrusion detection system and method for energy Internet | |
| Chang et al. | Anomaly detection for industrial control systems using k-means and convolutional autoencoder | |
| CN112910859B (en) | Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis | |
| CN112367303B (en) | Distributed self-learning abnormal flow collaborative detection method and system | |
| CN112019529B (en) | New forms of energy electric power network intrusion detection system | |
| CN115277180A (en) | Block chain log anomaly detection and tracing system | |
| CN113067798A (en) | ICS intrusion detection method and device, electronic equipment and storage medium | |
| CN117411703A (en) | Modbus protocol-oriented industrial control network abnormal flow detection method | |
| CN115277113A (en) | Power grid network intrusion event detection and identification method based on ensemble learning | |
| Harbola et al. | Improved intrusion detection in DDoS applying feature selection using rank & score of attributes in KDD-99 data set | |
| CN113902052A (en) | Distributed denial of service attack network anomaly detection method based on AE-SVM model | |
| CN117692207B (en) | Instruction-level power system service protection method based on weighted similarity matching | |
| Tomio et al. | A multi-view intrusion detection model for reliable and autonomous model updates | |
| Tan et al. | Using hidden markov models to evaluate the real-time risks of network | |
| CN114330504A (en) | Network malicious traffic detection method based on Sketch | |
| CN115085948A (en) | Network security situation assessment method based on improved D-S evidence theory | |
| Fuhnwi et al. | Improving network intrusion detection performance: an empirical evaluation using extreme gradient boosting (XGBoost) with recursive feature elimination |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |