摘要
以准确、高效地检测工控设备异常为目的,研究基于数据挖掘与关联分析的工控设备异常运行状态自动化检测方法。以采集的某电厂DCS网络全流量数据形成的工控设备运行状态日志序列为输入,通过预处理、特征提取等方式获取待监测的工控设备运行状态数据的特征向量,通过凝聚型层次聚类算法聚类特征向量初步区分工控设备正常、异常运行状态数据,再利用基于矩阵的Apriori算法,挖掘工控设备正常运行状态构建正常行为模式库,以关联分析获取的工控设备正常运行状态规则集为参照,通过相似度对比输出工控设备异常运行状态的自动化检测结果。实验结果表明:该方法能够准确检测出工控设备异常运行状态,检测效率高、误差小。
To accurately and effectively detect abnormal industrial control equipment, this paper studies the automatic detection method of abnormal running state of industrial control equipment based on data mining and correlation analysis. Taking the running status log sequence of industrial control equipment formed by the collected DCS network full flow data of a power plant as input, the feature vectors of the running state data of industrial control equipment to be monitored are obtained through pre-processing and feature extraction, and the clustering hierarchical clustering algorithm is used to preliminarily distinguish the normal and abnormal running state data of industrial control equipment. Then, the Apriori algorithm based on matrix is used to mine industrial control equipment normal operation of building normal behavior pattern library, which takes the rule set of the normal running state of industrial control equipment obtained by correlation analysis as a reference, and outputs the automatic detection result of abnormal running state of industrial control equipment through similarity comparison. The experimental results indicate that the method can accurately detect the abnormal running state of industrial control equipment, with high detection efficiency and small error.
作者
赵明明
司红星
刘潮
ZHAO Mingming;SI Hongxing;LIU Chao(State Grid Cyber Security Technology(Beijing)Co.,Ltd.,Beijing 102209,China;Siwei Chuangzhi(Beijing)Technology Development Co.,Ltd.,Beijing 100085,China)
出处
《信息安全与通信保密》
2022年第4期1-10,共10页
Information Security and Communications Privacy
关键词
数据挖掘
关联分析
工控设备
异常运行状态
自动化检测
APRIORI算法
data mining
correlation analysis
industrial control equipment
abnormal running state
automatic detection
Apriori algorithm
