基于多分类器的电力监控系统未知威胁检测方法  

作　　者：苏扬 曹扬 郭舒扬 韩晓鹏 张伟丽 SU Yang;CAO Yang;GUO Shuyang;HAN Xiaopeng;ZHANG Weili(China Southern Power Grid,Power Dispatching and Control Center,Guangzhou 510663,China;Purple Mountain Laboratories,Endogenous Security Research Center,Nanjing 211111,China;Information Engineering University,Zhengzhou 450001,China)

机构地区：[1]中国南方电网电力调度控制中心,广东广州510663 [2]紫金山实验室内生安全研究中心,江苏南京211111 [3]信息工程大学,河南郑州450001

出　　处：《信息工程大学学报》2025年第1期57-63,82,共8页Journal of Information Engineering University

摘　　要：传统网络防御技术依赖先验知识,面对复杂且隐蔽的未知威胁时,防御能力有限。为应对这一挑战,提出一种基于内生安全理论和动态异构冗余(DHR)构造的未知威胁检测方法,旨在提升电力监控系统中的异常流量感知精度。该方法融合多种分类器优势,采用动态、异构、冗余的学习框架,通过集成学习、判别式模型等异构学习方法,增强模型的鲁棒性与精度。核心技术包括多分类器表决与反馈机制,通过迭代优化调整样本分布,持续提升检测性能。该方法有降低单一模型的泛化问题、减少陷入局部极小的风险以及扩展表示空间提升适应性等优点。实验结果表明,该方法在电力监控系统中检测未知威胁的高准确性。The traditional network defense technologies,which rely on prior knowledge,are thus limited in effectiveness against complex,covert,and unknown threats.An unknown threat detection method is proposed,based on endogenous security theory and the dynamic heterogeneous redundancy(DHR)architecture,to improve the accuracy of anomaly detection in traffic within power monitoring systems.In this method,the advantages of multiple classifiers are integrated and a dynamically heterogeneous and redundant learning framework is adopted.Ensemble learning,discriminative models,and other heterogeneous learning techniques are leveraged to enhance the robustness and accuracy of the model.The core technology involved consists of multi-classifier voting and feedback mechanisms,which are utilized to iteratively optimize and adjust sample distribution for continuous improvement in detection performance.The advantages of the method include reducing the generalization issue of single models,mitigating the risk of falling into local minima,and expanding the representation space to enhance adaptability.Experimental results showed that high accuracy in detecting unknown threats in power monitoring systems is achieved by using the proposed method.

关 键 词：电力监控系统 内生安全 未知威胁检测 异常检测 态势感知 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术]