计算机工程 ›› 2020, Vol. 46 ›› Issue (11): 35-41.doi: 10.19678/j.issn.1000-3428.0057541

• 热点与综述 • 上一篇    下一篇

一种基于DBN-RF的电网工控系统异常识别方法

舒斐1, 陈涛2, 王斌1, 杨慧婷1, 李明轩1   

  1. 1. 国网新疆电力有限公司电力科学研究院, 乌鲁木齐 830011;
    2. 国网新疆电力有限公司, 乌鲁木齐 830063
  • 收稿日期:2020-03-02 修回日期:2020-04-16 发布日期:2020-04-22
  • 作者简介:舒斐(1988-),男,工程师、硕士,主研方向为工控安全、大数据安全、物联网安全;陈涛,高级工程师;王斌、杨慧婷,硕士;李明轩,高级工程师。
  • 基金项目:
    国网新疆电力有限公司基金"电力行业工业控制系统安全监测与深度检测技术研究"(5230DK18000V)。

An Anomaly Identification Method for Power Grid Industrial Control System Based on DBN-RF

SHU Fei1, CHEN Tao2, WANG Bin1, YANG Huiting1, LI Mingxuan1   

  1. 1. Electric Power Science Research Institute of State Grid Xinjiang Electric Power Co., Ltd., Urumqi 830011, China;
    2. State Grid Xinjiang Electric Power Co., Ltd., Urumqi 830063, China
  • Received:2020-03-02 Revised:2020-04-16 Published:2020-04-22

摘要: 电网作为国家关键基础设施,对其进行网络安全防护至关重要,而通过对电网工控系统流量预警可达到维护电网安全的目的。结合深度置信网络(DBN)和随机森林(RF)算法,提出一种电网工控系统异常识别方法。通过构建DBN模型完成对多个流量特征之间关联特性的深度挖掘,学习适用于电网工控系统流量的特征提取模式。在此基础上,将特征学习后的流量与恶意攻击流量输入RF检测模型,并逐步调优模型参数,学习得到最优检测模型。根据电网流量特性,从经典入侵检测数据集KDD99中筛选出相似数据集进行测试。实验结果表明,该方法检测率达到96.16%而误报率仅为3.49%,与逻辑回归模型、多分类支持向量机模型、DBN模型及K-means算法相比,能够更准确地识别电网工控系统中的异常流量。

关键词: 电网安全, 电网工控系统, 流量异常检测, 深度置信网络, 随机森林算法

Abstract: It is crucial to provide network security protection for power grid,one kind of national key infrastructure.Network security can be maintained by providing traffic warnings for the power grid Industrial Control System(ICS).To this end,this paper proposes an abnormal identification method that combines Deep Belief Network(DBN) with the Random Forest(RF) algorithm for the power grid ICS.The method constructs a DBN model to implement the in-depth mining of the correlation characteristics between multiple traffic characteristics and learn the feature extraction modes applicable to the traffic of power grid ICS.On this basis,the traffic whose characteristics are learnt and the malicious attack traffic are input into the RF detection model,and the model parameters are gradually adjusted for learning to obtain the optimal detection model.Tests are carried out on the data sets that are selected based on the features of power grid traffic from the classic intrusion detection data set,KDD99.Experimental results show that the accuracy rate of this method reaches 96.16% while the false alarm rate is only 3.49%.Compared with logistic regression model,multi-classification support vector machine model,DBN model and K-means algorithm,the proposed method can more accurately identify abnormal traffic in power grid ICS.

Key words: power grid security, power grid Industrial Control System(ICS), traffic anomaly detection, Deep Belief Network(DBN), Random Forest(RF) algorithm

中图分类号: