CN117692207B - Instruction-level power system service protection method based on weighted similarity matching - Google Patents
Instruction-level power system service protection method based on weighted similarity matching Download PDFInfo
- Publication number
- CN117692207B CN117692207B CN202311701147.9A CN202311701147A CN117692207B CN 117692207 B CN117692207 B CN 117692207B CN 202311701147 A CN202311701147 A CN 202311701147A CN 117692207 B CN117692207 B CN 117692207B
- Authority
- CN
- China
- Prior art keywords
- instruction
- service
- vector
- power system
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 239000013598 vector Substances 0.000 claims abstract description 65
- 238000012549 training Methods 0.000 claims abstract description 34
- 230000002159 abnormal effect Effects 0.000 claims abstract description 20
- 230000006870 function Effects 0.000 claims abstract description 13
- 238000004364 calculation method Methods 0.000 claims abstract description 11
- 238000004458 analytical method Methods 0.000 claims abstract description 5
- 238000013527 convolutional neural network Methods 0.000 claims description 12
- 238000013528 artificial neural network Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 5
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000011478 gradient descent method Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 claims 2
- 238000013523 data management Methods 0.000 claims 1
- 238000012423 maintenance Methods 0.000 claims 1
- 238000012360 testing method Methods 0.000 claims 1
- 238000001514 detection method Methods 0.000 abstract description 16
- 230000005856 abnormality Effects 0.000 abstract description 8
- 230000000694 effects Effects 0.000 abstract description 4
- 238000003062 neural network model Methods 0.000 abstract 1
- 238000002372 labelling Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000013136 deep learning model Methods 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
Abstract
The application relates to a service protection method of an instruction-level power system based on weighted similarity matching, which comprises the following specific steps: and carrying out protocol deep analysis on the service flow in the power system by analyzing the network flow in the power system to obtain a vector of the service instruction. Dividing the business instruction vector into multiple classes according to the electric power characteristics, and carrying out instruction classification and class classification for subsequent calculation of weighted items; and marking the service instruction vector as normal and abnormal according to the system fault moment. And combining all the service instruction vectors in pairs to form a plurality of data pairs, and obtaining a training data set P. Training a convolution neural network model prepared in advance by using the training data set P and the weighting loss function to obtain a trained abnormality detection model, and performing abnormality detection by using the trained abnormality detection model. The problem of in the industry control network unusual data less, training degree of depth learning model effect is not good is solved. The method has the characteristics of high detection precision and capability of detecting unknown business anomalies.
Description
Technical Field
The application relates to the field of industrial control system safety, in particular to a service protection method of an instruction-level power system based on weighted similarity matching.
Background
The power monitoring system plays a key role in modern society and is responsible for ensuring the stable operation of the power system. With advances in information technology, power monitoring systems are increasingly dependent on computerized and networked technologies. However, this also exposes the system to increasingly complex and advanced network threats, such as malware, cyber attacks, and data tampering. In such a context, it becomes critical to provide instruction-level traffic protection for power monitoring systems.
Currently, power monitoring systems typically employ a series of measures to ensure the security of their operation, including network firewalls, intrusion Detection Systems (IDS), encrypted communications, and the like. However, these approaches focus mainly on the network level and the communication level, while the traffic protection at the instruction level is relatively weak. Instruction-level business protection requires attention to software execution inside the system to prevent injection of malicious instructions, hijacking of execution processes, and tampering with critical data. At present, the solution for instruction-level service protection is mainly based on rule matching, namely, a character string of a service instruction is obtained by deeply analyzing the communication flow of a power system, and a series of rules formulated by an expert are used for matching potential high-risk service instructions. However, this approach relies on extensive manpower for rule customization and cannot discover unknown threats. The existing detection method based on instruction matching can not find the problem of unknown business abnormality.
Based on the background, the invention provides a service protection method for an instruction-level power system based on weighted similarity matching. According to the method, the instruction hash of the service instruction is calculated by using a deep learning method, and the unknown abnormal service instruction can be detected by comparing the distances between the service instruction hash codes to perform abnormality detection.
Disclosure of Invention
The embodiment of the application aims to provide a service protection method for an instruction-level power system based on weighted similarity matching, which solves the problems of less abnormal data and poor training effect of a deep learning model in an industrial control network. The existing detection method based on instruction matching can not find the problem of unknown business abnormality. The method has the characteristics of high detection precision and capability of detecting unknown business anomalies.
In order to achieve the above purpose, the present application provides the following technical solutions:
The embodiment of the application provides a service protection method for an instruction-level power system based on weighted similarity matching, which is characterized by comprising the following specific steps:
(1) Collecting network flow in the power system, carrying out protocol analysis on service flow in the network flow to obtain information comprising fields of frame header information, address information, function codes, data fields and the like, combining the information into a vector of 1 x 1024, and filling 0x00 backwards when the field length is insufficient to form a service instruction vector Where v i denotes the ith service instruction vector, consisting of 1024 16 bins. The length of the element v j in each vector is 4 bits. Wherein 0x00 is the default field filled when the service instruction vector length is less than 1024;
(2) According to the characteristics of the service in the power system, the service instructions are classified into multiple classes according to the operation classes, and each class is numbered. The rules of the operation class instruction classification are shown in the following table:
(3) According to the characteristics of the service in the power system, the service instruction is classified into multiple categories according to the security class, and each category is numbered. The rules of the security level instruction hierarchy are shown in the following table:
(4) And marking the service instruction vector v corresponding to the abnormal moment of the system as abnormal, wherein the corresponding value is 1. The service instruction vector at other moments is marked as normal, and the corresponding value is 0. Each business instruction vector v i is labeled d i;
(5) According to the classification method in step (2) and step (3), each service instruction vector v i corresponds to a class number c i and corresponds to a security class number s i. The sample label corresponding to each service instruction vector v i is y i={di,ci,si;
(6) All the service instruction vectors are combined in pairs to form a plurality of data pairs Wherein N is the total number of all the collected service instruction vectors, and P is a training data set;
(7) Training the CNN network designed in advance by using the training data set P. Specifically, each tuple (v a,vb) in the training data set P is sequentially fetched, and the first instruction vector v a is input to CNN, which outputs a1×64-dimensional feature hash h a. The second instruction vector v b is input into the neural network, and the CNN outputs a characteristic hash h b with 1 x 64 dimensions;
(8) The training loss l H(va,vb is calculated by a weighted loss function), the specific calculation steps are as follows:
Wherein D w is the euclidean distance of h a and h b. Y is obtained according to the category to which the tuple (v a,vb) belongs, v a and v b are both normal or abnormal categories, Y is 0, and otherwise, Y is 1.G (a, b) is a weighted term calculated from the class number and the level number corresponding to the tuple (v a,vb). M is the vector dimension of the neural network output, which is 64.I [.] is a 1 function, and if true, is 1, otherwise is 0.T c is category weight, and 0.6 is taken; t s is the grade weight, and 0.8 is taken;
(9) According to the category loss calculated in the step (8), gradient updating is carried out on the gradient omega old of the current model by using a gradient descent method to obtain an updated gradient omega new, and the specific calculation steps are as follows:
Wherein eta is learning rate and 0.001 is taken;
(10) Repeating the steps (7) to (9) until the training loss l H is smaller than the set threshold or the iteration number reaches the maximum set number. Obtaining a trained model
(11) Sequentially inputting the business instruction vectors in v into the modelObtaining corresponding characteristic hashes to form a sample hash group H g=(h1,h2,...,hn);
(12) And (3) according to the method in the step (1), collecting and analyzing the service flow in real time to obtain a service instruction vector v t at the time t. Input vector v t into trained model Obtaining a characteristic hash h t;
(13) The feature hash H t is sequentially compared with the feature hash H i in the sample hash group H g, and the euclidean distance dis i therebetween is calculated. The specific calculation steps are as follows:
Wherein M is the vector dimension output by the neural network and is 64;
(14) In the hash group H g, a feature hash H m having the smallest euclidean distance from the feature hash H t is taken, wherein, And obtaining a mark corresponding to h m as d m, and if d m is 0, indicating that the current service instruction is normal. If d m is 1, it is judged whether dis m is less than the set threshold T h. If the current service instruction is smaller than the preset threshold, judging that the current service instruction is abnormal, blocking the current service instruction in real time, and guaranteeing the service safety of the power system.
Compared with the prior art, the invention has the beneficial effects that: because the relation between input pairs is utilized during training, and the training is not only dependent on a large amount of labeling data, the training can be performed under the condition that the labeling data are relatively less, and the problem that the training deep learning model is poor in effect due to the fact that abnormal data in an industrial control network are less is solved. By introducing the instruction grading weighting item into the loss function, the model can learn the relation between the service instructions of the power system more quickly, and the method has the characteristic of high abnormality detection precision. By comparing the distances between the hash codes of the business instructions to perform anomaly detection, unknown abnormal business instructions can be detected.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of an instruction-level power system service protection method based on weighted similarity matching.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The terms "first," "second," and the like, are used merely to distinguish one entity or action from another entity or action, and are not to be construed as indicating or implying any actual such relationship or order between such entities or actions.
The basic idea of the invention is that the network flow in the power system is analyzed, and the service flow in the network flow is subjected to protocol deep analysis to obtain the vector of the service instruction. Dividing the service instruction vector into multiple classes according to the characteristics of services in the power system, and classifying the service instruction vector into instruction classes and class classes for subsequent calculation of weighted items; and marking the service instruction vector as normal and abnormal according to the system fault moment. And combining all the service instruction vectors in pairs to form a plurality of data pairs, thereby obtaining a training data set P. Training a Convolutional Neural Network (CNN) model prepared in advance by using the training data set P and the weighted loss function to obtain a trained anomaly detection model, and performing anomaly detection by using the trained anomaly detection model. Because the relation between input pairs is utilized during training, and the training is not only dependent on a large amount of labeling data, the training can be performed under the condition that the labeling data are relatively less, and the problem that the training deep learning model is poor in effect due to the fact that abnormal data in an industrial control network are less is solved. By introducing the instruction grading weighting item into the loss function, the model can learn the relation between the service instructions of the power system more quickly, and the method has the characteristic of high abnormality detection precision. By comparing the distances between the hash codes of the business instructions to perform anomaly detection, unknown abnormal business instructions can be detected. An instruction-level power system business protection method based on weighted similarity matching is provided.
As shown in fig. 1, the invention provides a service protection method of an instruction-level power system based on weighted similarity matching, which comprises the following steps:
(1) Collecting network flow in the power system, carrying out protocol analysis on service flow in the network flow to obtain information comprising fields of frame header information, address information, function codes, data fields and the like, combining the information into a vector of 1 x 1024, and filling 0x00 backwards when the field length is insufficient to form a service instruction vector Where v i denotes the ith service instruction vector, consisting of 1024 16 bins. The length of the element v j in each vector is 4 bits. Wherein 0x00 is the default field filled when the service instruction vector length is less than 1024;
(2) According to the characteristics of the service in the power system, the service instructions are classified into multiple classes according to the operation classes, and each class is numbered. The rules of the operation class instruction classification are shown in the following table:
(3) According to the characteristics of the service in the power system, the service instruction is classified into multiple categories according to the security class, and each category is numbered. The rules of the security level instruction hierarchy are shown in the following table:
(4) And marking the service instruction vector v corresponding to the abnormal moment of the system as abnormal, wherein the corresponding value is 1. The service instruction vector at other moments is marked as normal, and the corresponding value is 0. Each business instruction vector v i is labeled d i;
(5) According to the classification method in step (2) and step (3), each service instruction vector v i corresponds to a class number c i and corresponds to a security class number s i. The sample label corresponding to each service instruction vector v i is y i={di,ci,si;
(6) All the service instruction vectors are combined in pairs to form a plurality of data pairs Wherein N is the total number of all the collected service instruction vectors, and P is a training data set;
(7) Training the CNN network designed in advance by using the training data set P. Specifically, each tuple (v a,vb) in the training data set P is sequentially fetched, and the first instruction vector v a is input to CNN, which outputs a1×64-dimensional feature hash h a. The second instruction vector v b is input into the neural network, and the CNN outputs a characteristic hash h b with 1 x 64 dimensions;
(8) The training loss l H(va,vb is calculated by a weighted loss function), the specific calculation steps are as follows:
Wherein D w is the euclidean distance of h a and h b. Y is obtained according to the category to which the tuple (v a,vb) belongs, v a and v b are both normal or abnormal categories, Y is 0, and otherwise, Y is 1.G (a, b) is a weighted term calculated from the class number and the level number corresponding to the tuple (v a,vb). M is the vector dimension of the neural network output, which is 64 in this embodiment. I [.] is a1 function, and if true, is 1, otherwise is 0.T c is the category weight, which is 0.6 in this embodiment; t s is the class weight, which is 0.8 in this example;
(9) According to the category loss calculated in the step (8), gradient updating is carried out on the gradient omega old of the current model by using a gradient descent method to obtain an updated gradient omega new, and the specific calculation steps are as follows:
Wherein η is the learning rate, the present embodiment takes 0.001;
(10) Repeating the steps (7) to (9) until the training loss l H is smaller than the set threshold or the iteration number reaches the maximum set number. Obtaining a trained model
(11) Sequentially inputting the business instruction vectors in v into the modelObtaining corresponding characteristic hashes to form a sample hash group H g=(h1,h2,...,hn);
(12) And (3) according to the method in the step (1), collecting and analyzing the service flow in real time to obtain a service instruction vector v t at the time t. Input vector v t into trained model Obtaining a characteristic hash h t;
(13) The feature hash H t is sequentially compared with the feature hash H i in the sample hash group H g, and the euclidean distance dis i therebetween is calculated. The specific calculation steps are as follows:
wherein M is the vector dimension output by the neural network, which is 64 in this embodiment;
(14) In the hash group H g, a feature hash H m having the smallest euclidean distance from the feature hash H t is taken, wherein, And obtaining a mark corresponding to h m as d m, and if d m is 0, indicating that the current service instruction is normal. If d m is 1, it is judged whether dis m is less than the set threshold T h. If the current service instruction is smaller than the preset threshold, judging that the current service instruction is abnormal, blocking the current service instruction in real time, and guaranteeing the service safety of the power system.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and variations will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (1)
1. The instruction-level power system business protection method based on weighted similarity matching is characterized by comprising the following specific steps of:
(1) Collecting network flow in the power system, carrying out protocol analysis on service flow in the network flow to obtain information containing frame header information, address information, function codes and data fields, combining the information into a vector of 1 x 1024, and filling 0x00 backwards when the field length is insufficient to form a service instruction vector v i = Wherein v i represents an ith service instruction vector, which consists of 1024 16-ary numbers, and the length of the element v j in each vector is 4 bits;
(2) According to the characteristics of the service in the power system, classifying the service instructions into multiple classes according to the operation classes, numbering each class, and classifying the operation class instructions according to the rule shown in the following table:
(3) According to the characteristics of the service in the power system, classifying the service instructions into multiple categories according to the security class, and numbering each category, wherein the rule of classifying the security class instructions is shown in the following table:
(4) Marking a service instruction vector v corresponding to the abnormal moment of the system as abnormal, wherein the corresponding value is 1, the service instruction vectors at other moments are marked as normal, the corresponding value is 0, and the mark of each service instruction vector v i is d i;
(5) According to the classification method in step (2) and step (3), each service instruction vector v i corresponds to a class number c i, the corresponding security class number s i, and the sample label corresponding to each service instruction vector v i is y i={di,ci,si;
(6) All the service instruction vectors are combined in pairs to form a plurality of data pairs Wherein N is the total number of all the collected service instruction vectors, and P is a training data set;
(7) Training a designed CNN network by using a training data set P, specifically, sequentially taking out each tuple (v a,vb) in the training data set P, wherein a first instruction vector v a is input into the CNN, the CNN outputs a characteristic hash h a with 1 x 64 dimensions, a second instruction vector v b is input into the neural network, and the CNN outputs a characteristic hash h b with 1 x 64 dimensions;
(8) The training loss l H(va,vb is calculated by a weighted loss function), the specific calculation steps are as follows:
wherein D w is the Euclidean distance of h a and h b, Y is obtained according to the category to which the tuple (v a,vb) belongs, v a and v b are both normal or abnormal categories, Y is 0, otherwise 1, G (a, b) is a weighted term calculated according to the category number and the class number corresponding to the tuple (v a,vb), M is the vector dimension output by the neural network, 64, I [.] is a 1 function, the condition is true and is 1, otherwise 0, T c is category weight, and 0.6 is taken; t s is the grade weight, and 0.8 is taken;
(9) According to the category loss calculated in the step (8), gradient updating is carried out on the gradient omega old of the current model by using a gradient descent method to obtain an updated gradient omega new, and the specific calculation steps are as follows:
Wherein eta is learning rate and 0.001 is taken;
(10) Repeating the steps (7) to (9) until the training loss l H is smaller than the set threshold value or the iteration number reaches the maximum set number of times to obtain a trained model
(11) Sequentially inputting the business instruction vectors in v into the modelObtaining corresponding characteristic hashes to form a sample hash group H g=(h1,h2,...,hn);
(12) According to the method in the step (1), the service flow is collected and analyzed in real time to obtain a service instruction vector v t at the time t, and the vector v t is input into a trained model Obtaining a characteristic hash h t;
(13) The feature hash H t is compared with the feature hash H i in the sample hash group H g in sequence, and the Euclidean distance dis i between the feature hash H t and the feature hash group H g is calculated, wherein the specific calculation steps are as follows:
Wherein M is the vector dimension output by the neural network and is 64;
(14) In the hash group H g, a feature hash H m having the smallest euclidean distance from the feature hash H t is taken, wherein, Obtaining a mark d m corresponding to h m, if d m is 0, indicating that the current service instruction is normal, if d m is 1, judging whether dis m is smaller than a set threshold T h, if so, judging that the current service instruction is abnormal, blocking the current service instruction in real time, and guaranteeing the service safety of the power system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311701147.9A CN117692207B (en) | 2023-12-12 | 2023-12-12 | Instruction-level power system service protection method based on weighted similarity matching |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311701147.9A CN117692207B (en) | 2023-12-12 | 2023-12-12 | Instruction-level power system service protection method based on weighted similarity matching |
Publications (2)
Publication Number | Publication Date |
---|---|
CN117692207A CN117692207A (en) | 2024-03-12 |
CN117692207B true CN117692207B (en) | 2024-05-03 |
Family
ID=90125960
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311701147.9A Active CN117692207B (en) | 2023-12-12 | 2023-12-12 | Instruction-level power system service protection method based on weighted similarity matching |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117692207B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108200005A (en) * | 2017-09-14 | 2018-06-22 | 国网浙江省电力公司宁波供电公司 | Electric power secondary system network flow abnormal detecting method based on unsupervised learning |
CN113705699A (en) * | 2021-08-31 | 2021-11-26 | 平安科技(深圳)有限公司 | Sample abnormity detection method, device, equipment and medium based on machine learning |
CN113949527A (en) * | 2021-09-07 | 2022-01-18 | 中云网安科技有限公司 | Abnormal access detection method and device, electronic equipment and readable storage medium |
CN115643104A (en) * | 2022-11-10 | 2023-01-24 | 南京奥科服信息技术有限公司 | Network intrusion detection method based on deep supervision discrete hash |
CN116010836A (en) * | 2022-12-13 | 2023-04-25 | 国网湖北省电力有限公司电力科学研究院 | Instruction level protection method for power grid side equipment based on federal learning framework |
US11829866B1 (en) * | 2017-12-27 | 2023-11-28 | Intuit Inc. | System and method for hierarchical deep semi-supervised embeddings for dynamic targeted anomaly detection |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050096949A1 (en) * | 2003-10-29 | 2005-05-05 | International Business Machines Corporation | Method and system for automatic continuous monitoring and on-demand optimization of business IT infrastructure according to business objectives |
JP5942639B2 (en) * | 2012-06-29 | 2016-06-29 | 富士通株式会社 | Monitoring device, monitoring program, and monitoring method |
US11252169B2 (en) * | 2019-04-03 | 2022-02-15 | General Electric Company | Intelligent data augmentation for supervised anomaly detection associated with a cyber-physical system |
KR102291869B1 (en) * | 2019-12-31 | 2021-08-19 | 아주대학교산학협력단 | Method and apparatus for anomaly detection of traffic pattern |
CN111131335B (en) * | 2020-03-30 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Network security protection method and device based on artificial intelligence and electronic equipment |
EP3955076A1 (en) * | 2020-08-10 | 2022-02-16 | Siemens Aktiengesellschaft | System, device and method of detecting abnormal datapoints |
US20220385635A1 (en) * | 2021-05-27 | 2022-12-01 | Palo Alto Networks, Inc. | Combined machine learning and formal techniques for network traffic analysis |
-
2023
- 2023-12-12 CN CN202311701147.9A patent/CN117692207B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108200005A (en) * | 2017-09-14 | 2018-06-22 | 国网浙江省电力公司宁波供电公司 | Electric power secondary system network flow abnormal detecting method based on unsupervised learning |
US11829866B1 (en) * | 2017-12-27 | 2023-11-28 | Intuit Inc. | System and method for hierarchical deep semi-supervised embeddings for dynamic targeted anomaly detection |
CN113705699A (en) * | 2021-08-31 | 2021-11-26 | 平安科技(深圳)有限公司 | Sample abnormity detection method, device, equipment and medium based on machine learning |
CN113949527A (en) * | 2021-09-07 | 2022-01-18 | 中云网安科技有限公司 | Abnormal access detection method and device, electronic equipment and readable storage medium |
CN115643104A (en) * | 2022-11-10 | 2023-01-24 | 南京奥科服信息技术有限公司 | Network intrusion detection method based on deep supervision discrete hash |
CN116010836A (en) * | 2022-12-13 | 2023-04-25 | 国网湖北省电力有限公司电力科学研究院 | Instruction level protection method for power grid side equipment based on federal learning framework |
Also Published As
Publication number | Publication date |
---|---|
CN117692207A (en) | 2024-03-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111475804B (en) | Alarm prediction method and system | |
CN106888205B (en) | Non-invasive PLC anomaly detection method based on power consumption analysis | |
US20210319113A1 (en) | Method for generating malicious samples against industrial control system based on adversarial learning | |
CN114124482B (en) | Access flow anomaly detection method and equipment based on LOF and isolated forest | |
Chang et al. | Anomaly detection for industrial control systems using k-means and convolutional autoencoder | |
CN111598179B (en) | Power monitoring system user abnormal behavior analysis method, storage medium and equipment | |
CN113162893B (en) | Attention mechanism-based industrial control system network flow abnormity detection method | |
CN111901340A (en) | Intrusion detection system and method for energy Internet | |
CN115277180B (en) | Block chain log anomaly detection and tracing system | |
CN110309884A (en) | Electricity consumption data anomalous identification system based on ubiquitous electric power Internet of Things net system | |
CN112019529B (en) | New forms of energy electric power network intrusion detection system | |
CN113067798A (en) | ICS intrusion detection method and device, electronic equipment and storage medium | |
CN115277113A (en) | Power grid network intrusion event detection and identification method based on ensemble learning | |
Harbola et al. | Improved intrusion detection in DDoS applying feature selection using rank & score of attributes in KDD-99 data set | |
CN117692207B (en) | Instruction-level power system service protection method based on weighted similarity matching | |
CN117411703A (en) | Modbus protocol-oriented industrial control network abnormal flow detection method | |
CN112653675A (en) | Intelligent intrusion detection method and device based on deep learning | |
Zhang et al. | Using machine learning techniques to improve intrusion detection accuracy | |
CN115333915B (en) | Heterogeneous host-oriented network management and control system | |
Tomio et al. | A multi-view intrusion detection model for reliable and autonomous model updates | |
Tan et al. | Using hidden markov models to evaluate the real-time risks of network | |
CN114330504A (en) | Network malicious traffic detection method based on Sketch | |
CN113468555A (en) | Method, system and device for identifying client access behavior | |
CN116647374B (en) | Network flow intrusion detection method based on big data | |
EP4254237A1 (en) | Security data processing device, security data processing method, and computer-readable storage medium for storing program for processing security data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |