面向电力数据攻击的无监督机器学习入侵检测方法

Intrusion Detection Methods Based on Unsupervised Machine Learning for Power Data Attacks

针对电力系统的虚假数据注入攻击,研究基于无监督机器学习的电力入侵检测方法。首先,构建稀疏且隐蔽的虚假数据注入攻击(False Data Injection Attacks,FDIAs)模型,得到优化后的FDIAs;其次,采用孤立森林、隐马尔可夫模型两种无监督机器学习算法构建入侵检测框架,分别通过构建二叉树和孤立树、状态序列的预测等实现电力系统的FDIAs入侵检测;再次,采用合理的性能指标全面地对入侵检测性能进行评估;最后,与极端梯度提升、随机森林等监督机器学习算法进行对比实验,基于IEEE电力系统平台验证基于孤立森林等无监督机器学习入侵检测算法的优劣。实验结果表明:无监督机器学习算法可自动从数据中发现特征,相对于基于极端梯度提升、随机森林的入侵检测方法的失效,基于孤立森林的入侵检测方法在无标签数据的前提下,其综合F1-score仍达到0.9942。

A power intrusion detection method based on unsupervised machine learning against false data injection attacks in power systems is proposed.Firstly,a sparse and covert False Data Injection Attacks(FDIAs)model is constructed to obtain optimized FDIAs.Secondly,two unsupervised machine learning algorithms,i.e.,isolated forest and hidden Markov model,are used to construct an intrusion detection framework for power systems,where FDIAs intrusion detection is achieved by constructing binary tree and isolated tree and prediction of state sequences respectively.Thirdly,the reasonable indicators are introduced to comprehensively evaluate the performance of the intrusion detection.Finally,the experiments are compared with supervised machine learning algorithms such as extreme gradient boosting and random forest,and the advantages of unsupervised machine learning intrusion detection algorithms based on isolated forest are verified based on the IEEE power system platform.The experimental results show that unsupervised machine learning algorithms can automatically extract features from data.Compared to the failure of intrusion detection methods based on extreme gradient boosting and random forest,the intrusion detection method based on isolated forest achieves a comprehensive F1 score of 0.9942 with unlabeled data.