电力网络安全告警信息挖掘研究与实现

Research and implementation of power network security alarm information mining

为提高电力企业对于海量告警信息的数据挖掘能力,构建一个基于DP-k-means聚类算法的电力网络安全告警信息挖掘模型。首先,分别采用距离部分DP和MAX-IFP算法对传统的k-means聚类算法和FP-growth算法进行改进,由此得到基于DP-k-means的聚类算法和改进的MAX-IFP关联规则分析算法;然后将两种算法应用到告警日志分析模块中以实现告警信息的数据聚类挖掘和关联规则分析。结果表明,与其他的聚类算法相比,提出的DP-k-means聚类算法的聚类效果更好,平方和误差SSE仅为19.457,误报率仅为5.91%,而检测率高达96.29%;提出的改进MAX-IFP算法在不同支持度下比其他关联规则挖掘算法的挖掘分析所需时间更少;与人工筛选相比,提出的电力网络安全告警信息挖掘方法能够在保证关联规则挖掘效果的同时,实现对误告警进准确的识别。由此说明,本模型能够有效提升告警信息挖掘效果,进而提高电力企业网络的防御能力,具有一定的实际应用价值。

In order to improve the data mining ability of power enterprises for massive alarm information,a power network security alarm information mining model based on DP-k-means clustering algorithm is constructed.Firstly,the traditional k-means clustering algorithm and FP-FP algorithm are modified by the distance part DP and MAX-IFP algorithm,respectively,to obtain the clustering algorithm based on DP-k-means and the improved MAX-IFP association rule analysis algorithm;then the two algorithms are applied to the alarm log analysis module to realize data cluster mining and association rule analysis of alarm information.The results show that,compared with other clustering algorithms,the proposed DP-k-means clustering algorithm has better clustering effect,the sum of square error SSE is only 19.457,the false alarm rate is only 5.91%,and the detection rate is 96.29%;the improved MAX-IFP algorithm takes less time for mining analysis than other association rules mining algorithms under different support;compared with the manual screening,the proposed power network security alarm information mining method can realize the accurate identification of false alarm while ensuring the mining effect of association rules.This shows that this model can effectively improve the effect of alarm information mining,and then improve the defense ability of the power enterprise network,which has a certain practical application value.