基于集中器SIM卡状态分析的异常检测

Abnormal detection based on SIM card behavior analysis in concentrator

为解决用电信息采集系统面临的非法入侵问题,本文提出了一种基于集中器SIM卡异常行为分析的方法,构建非法入侵检测系统,实现对于主站的入侵保护。在对系统进行非法入侵的过程中,入侵者需要依赖于系统中的GPRS模块,而对于GPRS模块进行非法访问和使用时会产生一系列的异常行为。基于此,本方案首先实现了在入侵检测系统中对于这一系列异常行为的捕获,并以将结果以日志的形式存储起来,用以进行实时建模,用改进的K-means和iForest算法将正常行为与异常行为聚类区分,实现对于异常行为的检测,发现疑似异常点后,再结合心跳帧机制判断确认,如果确认访问者为非法身份则发出警告,并拒绝访问请求。经仿真分析,该方案能够检测出目前用电采集系统主站被非法入侵的行为,并具有很好的拓展性和前瞻性。

In order to solve the problem of illegal intrusion faced by the power information collection system,this paper proposes a method based on the analysis of the abnormal behavior of the concentrator SIM card to construct an illegal intrusion detection system,and realizes the intrusion protection for the primary station.In the process of illegally invading the system,the intruder needs to rely on the GPRS module in the system,and a series of abnormal behaviors will occur when the GPRS module is illegally accessed and used.Based on this,the scheme first realizes the capture of this series of abnormal behaviors in the intrusion detection system,then stores the results in the form of logs for real-time modeling,using the improved K-means and iForest algorithms.The normal behavior is distinguished from the abnormal behavior clustering.The detection of abnormal behavior is realized.After the suspected abnormal point is found,the heartbeat frame mechanism is used to judge and confirm.If the visitor is confirmed to be an illegal identity,a warning is issued and the access request is denied.Through simulation analysis,the scheme can detect the illegal invasion of the main station of the current power collection system,and has a good expansion and forward-looking.