基于模糊聚类的多类簇归属电力实体行为异常检测算法  被引量：4

作　　者：郭禹伶 左晓军 崔景洋 王颖 张光华[2] GUO Yuling;ZUO Xiaojun;CUI Jingyang;WANG Ying;ZHANG Guanghua(State Grid Hebei Electric Power Research Institute,Shijiazhuang,Hebei 050021,China;School of Information Science and Engineering,Hebei University of Science and Technology,Shijiazhuang,Hebei 050018,China)

机构地区：[1]国网河北省电力有限公司电力科学研究院,河北石家庄050021 [2]河北科技大学信息科学与工程学院,河北石家庄050018

出　　处：《河北科技大学学报》2022年第5期528-537,共10页Journal of Hebei University of Science and Technology

基　　金：国家重点研发计划项目(2018YFB0804701);国家自然科学基金(62072239);河北省科技计划项目(20377725D)。

摘　　要：针对数字化主动电网中电力实体行为复杂化、攻击手段隐蔽化等问题,提出了一种基于模糊聚类的多类别归属异常检测算法。首先,对电力实体行为相似性的度量方式进行优化,并基于优化后的度量方法构建模糊聚类算法,通过多次迭代得到实体行为对应各类别的隶属度矩阵;其次,根据类别软划分隶属度矩阵,分别计算实体在各个类别内的近邻距离、近邻密度与近邻相对异常因子等参数;最后,分析实体在各类簇内的相对异常情况,判断该电力实体行为是否属于异常行为。结果表明,与LOF,K-Means和Random Forest算法相比,新方法具有更高的异常行为检出数量和更优的异常检测评价指标,解决了传统异常检测算法样本评价角度单一的问题,进一步提高了数字化主动电网抵御未知威胁的能力。Aiming at the problems of complex behavior of power entities and concealed attack means in the digital active power grid, a multi-category attribution anomaly detection algorithm based on fuzzy clustering was proposed.Firstly, the similarity measurement method of power entity behavior was optimized, a fuzzy clustering algorithm was constructed based on the measurement value, and the membership matrix of entity behavior corresponding to various classes was obtained through several iterations.Secondly, the nearest neighbor distance, nearest neighbor density, and nearest neighbor relative anomaly factor of entities in each category were calculated according to the category softening membership matrix.Finally, the relative abnormal situation of the entity in various clusters was analyzed to judge whether the behavior of the power entity belongs to the abnormal behavior category.The results show that compared with LocalOutlier Factor(LOF),K-means, and RandomForest algorithms, the new method has detected more abnormal behaviors and achieved better anomaly detection evaluation indexes.The problem of a single evaluation angle of samples in traditional anomaly detection algorithms was solved and the ability of the digital active power grid to resist unknown threats was improved.

关 键 词：数据安全与计算机安全 用户与实体行为分析 数字化主动电网 模糊聚类 异常检测 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术] TM769[自动化与计算机技术—计算机科学与技术]