基于深度学习的电力工控流量应用层报文异常检测

Deep Learning Based Anomaly Detection for Application-layer Message of Power Industrial Control Communication Traffic

准确可靠的电力工控流量异常检测方法是识别网络攻击和实现主动防御的关键手段,对于保证电网的安全稳定运行具有重要意义。文中针对现有电力工控流量异常检测方法存在的检测深度不足、攻击分类少、未知异常识别能力弱等问题,提出了一种基于飞蛾扑火优化(MFO)算法和一维卷积神经网络(1D-CNN)的电力工控流量应用层报文异常检测方法。首先,在深度协议解析的基础上对流量数据的应用层报文进行多维度特征提取;其次,利用随机森林算法计算特征重要度,剔除冗余特征;然后,训练所搭建的1D-CNN报文异常检测模型,并结合MFO算法进行超参数调优,提升模型性能;最后,利用Softmax分类器输出报文的异常检测结果。仿真结果验证了所提方法的有效性。

An accurate and reliable anomaly detection method for power industrial control communication traffic is a key means to identify network attacks and achieve active defense,which is of great significance to ensure the safe and stable operation of power grids.This paper proposes a method for detecting application-layer message anomalies in power industrial control communication traffic based on the moth-flame optimization(MFO)algorithm and one-dimensional convolutional neural network(1D-CNN)to address the problems of insufficient detection depth,few attack classifications,and weak recognition of unknown anomalies in existing anomaly detection methods for power industrial control communication traffic.First,the depth protocol parsing is used to extract multi-dimensional features of application-layer message of traffic data.Secondly,redundant features are eliminated by calculating the feature importance through the random forest algorithm.Then,the built 1D-CNN anomaly detection model is trained and combined with the MFO algorithm to optimize the hyperparameters for improving the model performance.Finally,the Softmax classifier is employed to output the anomaly detection results of the message.The simulation results verify the effectiveness of the proposed method.