摘要
为了提高电网调度通信网恶意入侵行为监测效率,避免蠕虫、病毒等恶意入侵行为给电网调度通信网带来的严重威胁,提出基于数据挖掘技术和机器学习算法的电网调度通信网恶意入侵行为自动化监测方法。使用行为字节序列表示恶意入侵行为特征,利用变长N-gram滑动窗口提取恶意入侵行为特征,采用加权信息增益的过滤类特征选择算法,进行恶意入侵行为特征降维,运用所得特征训练朴素贝叶斯分类器,实现电网调度通信网恶意入侵行为的自动化分类监测。实例测试结果表明:本文方法的恶意入侵行为漏报率低于45%;本文方法计算的正常行为特征值介于0.1~0.3之间,最大特征值为0.26,恶意入侵行为及其变种行为的特征值均高于0.7;监测的不同类型恶意入侵行为数量始终低于20;对不同恶意入侵行为的捕获时间均保持在10 min以内。以上数据证明,本文方法提高了恶意入侵行为监测效率,能够减少入侵行为对电网调度通信网的恶意破坏。
In order to avoid the serious threat of malicious intrusions such as worms and viruses to the power grid dispatching communication network,an automatic detecting method of malicious intrusion of power grid dispatching communication network based on data mining and machine learning is proposed.The behavior byte sequence is used to represent the characteristics of malicious intrusion behavior,the variable length N-gram sliding window is used to extract the characteristics of malicious intrusion behavior,the filtering class feature selection algorithm with weighted information gain is used to reduce the dimension of malicious intrusion behavior features,and the obtained features are used to train the naive Bayesian classifier to realize the automatic classification and detecting of malicious intrusion behavior in power grid dispatching communication network.The test results show that the feature length of malicious intrusion has a profound impact on the detecting effect of this method,and a larger feature length of malicious intrusion should be selected.The higher the risk level,the greater the characteristic value.This method can effectively identify normal behavior,malicious intrusion behavior and its variants.The number of different types of malicious intrusion detected is always less than 20.The earliest capture time for different malicious intrusion behaviors is kept within 10 min.
作者
高宇
GAO Yu(Northeast branch of State Grid Corporation of China,Hydro-power management Department,Shenyang 110180,China)
出处
《测试技术学报》
2023年第2期178-184,共7页
Journal of Test and Measurement Technology
关键词
电网调度
通信网
恶意入侵行为
自动化监测
加权信息增益
朴素贝叶斯
power grid dispatching
communication network
malicious intrusion
automatic detecting
weighted information gain
naive bayes