基于报文分析的非法外联信息自动检测方法  

作　　者：胡海生 HU Haisheng(Guangdong Power Grid Co.,Ltd..Electric Power Science Research Institute,Guangzhou 510080,China)

机构地区：[1]广东电网有限责任公司电力科学研究院

出　　处：《自动化与仪器仪表》2019年第10期153-156,共4页Automation & Instrumentation

基　　金：中国南方电网公司科技项目(No.GDKJXM20161899)

摘　　要：根据发改委14号令等相关政策法规,严禁电力监控系统非法外联S跨区互联。目前常见的基于路由和关键字分析的非法外联自动检测方法存在着检测率低、误报率高的缺陷,提出基于报文分析的非法外联信息自动检测方法,该方法将字典学习模型引入自动检测流程中,首先对采集的电力工控系统数据进行格式化、数值化以及标准化处理,得到标准数据集。利用字典学习模型对数据集进行降维,并对电力工控系统中的数据稀疏特征进行提取,将得到的稀疏特征引入到构建的非法外联信息自动检测模型中,并对重构误差进行计算,根据重构误差值对非法外联信息进行判别,可以实现对电力工控系统中非法外联信息的自动检测。实验结果显示,提出的基于报文分析的非法外联信息自动检测方法检测率比传统方法高出12.99%,误报率比传统方法低了23.5%,充分说明提出的基于报文分析的非法外联信息自动检测方法检测精准度更高,具备更好的性能。According to the relevant policies and regulations of the National Development and Reform Commission,etc.,it is strictly forbidden to illegally connect and cross-zone the power monitoring system.At present,the common illegal detection method based on routing and keyword analysis has the defects of low detection rate and high false positive rate.An automatic detection method is proposed for illegal outreach information based on message analysis.This method will be a dictionary learning model.Introduce the automatic detection process,firstly format,digitize and standardize the collected power industrial control system data to obtain a standard data set.The dictionary learning model is used to reduce the dimension of the data set,and the sparse features of the power industrial control system are extracted.The sparse features are introduced into the constructed automatic detection model of illegal outreach information,and the reconstruction error is calculated.According to the reconstruction error value,the illegal outreach information is discriminated,and the automatic detection of illegal outreach information in the power industrial control system can be realized.The experimental results show that the detection rate of the proposed automatic detection method of illegal outreach information based on message analysis is 12.99% higher than the traditional method,and the false alarm rate is 23.5% lower than the traditional method,which fully demonstrates the illegal analysis based on message analysis.The joint information automatic detection method has higher detection accuracy and better performance.

关 键 词：电力工控系统 非法外联信息 字典学习 检测 

分 类 号：TP274.5[自动化与计算机技术—检测技术与自动化装置]