摘要
目前,网络攻击已成为新型武器,敌对势力利用网络攻击成功破坏电力等国家关键基础设施已成为现实。电网智能终端攻击一般针对电力特有的协议和特定的业务逻辑,具有攻击目标明确、操作隐蔽、潜伏时间长等特点,且一般通过集团式甚至是国家级实施攻击。目前电网智能终端系统在攻击检测方面主要是借鉴传统IT系统已较成熟技术,检测网络侧的安全事件,但无法检测到如伪造控制指令等针对系统业务指令级的异常安全事件。针对电网网络侧流量检测,本研究提出了基于单类支持向量机OCSVM的流量异常检测技术,其基本思想就是通过机器学习的方法对数据进行二分类,并且只需要一类样本就可以训练检测模型,对噪声样本数据具有鲁棒性,很好地满足了工控系统的数据不平衡特点。
At present,network attacks have become a new type of weapon,where hostile forces have successfully used network attacks to destroy critical national infrastructures like power systems.Smart terminal attacks on power grids generally target electricity specific protocols and specific business logic,and have characteristics such as clear targets,covert operations,and long latency.They are generally carried out through group or even national level attacks.At present,the intelligent terminal system of the power grid mainly draws on the mature technology of traditional IT systems in attack detection,detecting security events on the network side,failing to detect abnormal security events targeting the system's business instruction level,such as forged control instructions.This study proposes a traffic anomaly detection technology based on single class support vector machine(OcsvM)for power grid network side flow detection.The fundamental principle of ocsvM involves using machine learning to classify data into binary categories using only one class of samples for training the detection model.It is robust to noise sample data and well meets the data imbalance characteristics of industrial control systems.
出处
《自动化博览》
2024年第4期50-53,共4页
Automation Panorama1
