基于动态增量聚类分析的电力信息网络攻击模式识别算法  被引量：29

作　　者：陈霖 许爱东 蒋屹新 杨航[3] 吕华辉[3] 匡晓云 樊凯[3] CHEN Lin;XU Aidong;JIANG Yixin;YANG Hang;LU Huahui;KUANG Xiaoyun;FAN Kai(Electric Power Research Institute,CSG,Guangzhou 510663,China;Guangdong Provincial Key La-boratory of Power System Network Security,Guangzhou 510663,China;China Southern Power Grid Co.,Ltd.,Guangzhou 510663,China)

机构地区：[1]南方电网科学研究院,广州510663 [2]广东省电力系统网络安全企业重点实验室,广州510663 [3]中国南方电网有限责任公司,广州510663

出　　处：《南方电网技术》2020年第8期25-32,共8页Southern Power System Technology

基　　金：中国南方电网有限责任公司科技项目(ZBKJXM20180006)。

摘　　要：随着数字电网建设的逐步开展,物联网与传统电网相结合形成的电力物联网正成为关键一环。然而,电力物联网所面临的网络安全威胁形势将更加复杂,主要表现在两个方面:一方面是物联网终端设备本身的安全缺陷所引入的不可控风险;另一方面是承载终端设备控制信息流与数据流的电力信息网络遭受入侵的风险。而其中关键的技术则是对攻击模式的准确识别,从而有利于安全运维队伍进一步分析敌人的攻击手段、攻击路径和攻击习惯,为下一步的攻击防御做好准备。本文通过改进机器学习中的聚类分析算法,建立了一种基于动态增量聚类分析的网络攻击模式识别算法模型,该模型具有大数据场景下的聚类分析能力,并能够对孤立数据进行清除、对聚类类别进行控制和对聚类后的模式数据进行后处理,进一步提升攻击模式识别的准确率。此外,本文还综合运用了开源网络入侵检测数据集对算法模型进行分析验证,对其正确性与有效性进行评估。最后,还将算法模型进行实际应用,取得了一定的实际效果。With the gradual development of digital power grid construction,power Internet of Things is becoming more and more important.However,the security threat will be more complex,which is mainly manifested in two aspects:the uncontrollable risk caused by the terminal equipment itself;and the risk of invasion of the power information network.It is necessary to use effective intrusion detection methods to prevent unknown network attacks,and the key technology is the accurate identification of the attack mode,which is conducive to the security operation and maintenance team to further analyze the enemy s attack means,attack path and attack habits,and prepare for the next attack defense.In this paper,by improving the clustering analysis algorithm in machine learning,a network attack pattern recognition algorithm model based on clustering analysis is established.This model has the clustering analysis ability in the big data scenario.It can clear the isolated data,control the clustering categories and post process the clustered pattern data,so as to further improve the accuracy of attack pattern recognition.In addition,this paper also uses the open source network intrusion detection data set to analyze and verify the algorithm model,and evaluate its correctness and effectiveness.Finally,the algorithm is applied in practice.

关 键 词：电力物联网 电力信息网络 动态增量聚类分析 入侵检测 机器学习 网络安全 

分 类 号：TM73[电气工程—电力系统及自动化]