摘要
针对电力网络等特定领域的网络异常检测问题,该文提出了一种新的网络异常检测框架。该框架采用模糊逻辑规则表示领域知识,建立了区间2型模糊逻辑系统用于计算网络安全信念度量。在此基础上,设计了通信流识别策略将整个网络数据流划分为多个通信流,并针对每个通信流提出一种基于自组织映射(SOM)的异常检测方法。该方法采用安全信念度量动态地调整检测方法关键参数的阈值,以提升检测性能。进一步地,考虑网络安全信念的影响设计了一种综合安全决策策略,解决了不同通信流检测结果的冲突问题。小型智能电网网络实验验证结果表明,该文方法能有效地提升检测性能。
A novel network anomaly detection framework for the smart grid network is proposed here.In the framework,the fuzzy logic based rules are used to represent the expert linguistic domain knowledge,and an interval type-2 fuzzy logic system is built to evaluate the cyber-security context.The network traffic is divided into individual communication streams. For each communication stream,a self-organizing mapping( SOM)-based anomaly detection approach is put forward to detect abnormal network behaviors and dynamically turn the threshold of key algorithm parameters using the evaluated cyber-security context. A comprehensive security decision policy considering the evaluated cyber-security context is designed to solve the conflict of detection results over several communication streams. The results of empirical experiments on a small scale smart grid network show that the proposed approach can effectively improve the detection performance.
出处
《南京理工大学学报》
EI
CAS
CSCD
北大核心
2016年第2期229-235,共7页
Journal of Nanjing University of Science and Technology
基金
国家电网公司科技项目(52420014001)
关键词
异常检测
模糊逻辑系统
领域知识
自组织映射
anomaly detection
fuzzy logic system
domain knowledge
self-organizing mapping
