电网调度通信网恶意入侵行为的自动化监测

Automatic Detecting Method of Malicious Intrusion in Power Grid Dispatching Communication Network

为了提高电网调度通信网恶意入侵行为监测效率,避免蠕虫、病毒等恶意入侵行为给电网调度通信网带来的严重威胁,提出基于数据挖掘技术和机器学习算法的电网调度通信网恶意入侵行为自动化监测方法。使用行为字节序列表示恶意入侵行为特征,利用变长N-gram滑动窗口提取恶意入侵行为特征,采用加权信息增益的过滤类特征选择算法,进行恶意入侵行为特征降维,运用所得特征训练朴素贝叶斯分类器,实现电网调度通信网恶意入侵行为的自动化分类监测。实例测试结果表明:本文方法的恶意入侵行为漏报率低于45%;本文方法计算的正常行为特征值介于0.1~0.3之间,最大特征值为0.26,恶意入侵行为及其变种行为的特征值均高于0.7;监测的不同类型恶意入侵行为数量始终低于20;对不同恶意入侵行为的捕获时间均保持在10 min以内。以上数据证明,本文方法提高了恶意入侵行为监测效率,能够减少入侵行为对电网调度通信网的恶意破坏。

In order to avoid the serious threat of malicious intrusions such as worms and viruses to the power grid dispatching communication network,an automatic detecting method of malicious intrusion of power grid dispatching communication network based on data mining and machine learning is proposed.The behavior byte sequence is used to represent the characteristics of malicious intrusion behavior,the variable length N-gram sliding window is used to extract the characteristics of malicious intrusion behavior,the filtering class feature selection algorithm with weighted information gain is used to reduce the dimension of malicious intrusion behavior features,and the obtained features are used to train the naive Bayesian classifier to realize the automatic classification and detecting of malicious intrusion behavior in power grid dispatching communication network.The test results show that the feature length of malicious intrusion has a profound impact on the detecting effect of this method,and a larger feature length of malicious intrusion should be selected.The higher the risk level,the greater the characteristic value.This method can effectively identify normal behavior,malicious intrusion behavior and its variants.The number of different types of malicious intrusion detected is always less than 20.The earliest capture time for different malicious intrusion behaviors is kept within 10 min.