杜浩良,孔飘红,金学奇,黄银强
DU Haoliang,KONG Piaohong,JIN Xueqi,HUANG Yinqiang

• 1:国网浙江省电力有限公司金华供电公司
• 2:国网浙江省电力有限公司

摘要(Abstract)：

随着信息技术的快速发展,通信、计算机和电网构成多功能复杂系统,通信设施的复杂化使智能电网网络安全问题日益严峻。为确保电力信息网络具有更高的安全性能,必须有效识别电力信息网络存在的入侵攻击。对此,提出了一种基于CNN(卷积神经网络)和LSTM(长短期记忆)网络的混合网络的异常检测方法,混合网络通过提取网络流量数据特征以获得较高的检测率,同时为减少模型训练样本中不同攻击类型样本数量不平衡对模型性能的影响,采用类别权重优化方法来提高模型鲁棒性。经实验证明,所提方法能够有效提高识别网络攻击的准确率。
With the rapid development of information technology, communication, computers and power grids constitute a multi-functional complex system. The complex communication facilities make network security of smart grid increasingly serious. Only by identifying intrusive attacks in power communication networks can higher safety performance be guaranteed. Therefore, the paper proposes a hybrid network anomaly detection method based on convolutional neural network(CNN) and long short-term memory(LSTM) network is proposed. The hybrid network obtains a high detection rate by extracting the characteristics of network traffic data. At the same time, the class weight optimization method is used to improve the robustness of the model to reduce the impact of the imbalanced number of different attack types on the model performance. The experimental results show that the method can effectively improve the accuracy of cyberattack identification.

关键词(KeyWords)： 卷积神经网络;异常检测;长短期记忆;网络安全;电力系统安全
convolutional neural network;anomaly detection;long short-term memory;cyber security;power system security

Abstract:

Keywords:

基金项目(Foundation): 国网浙江省电力有限公司科技项目（5211JH1900M2）

作者(Author): 杜浩良,孔飘红,金学奇,黄银强
DU Haoliang,KONG Piaohong,JIN Xueqi,HUANG Yinqiang

DOI: 10.19585/j.zjdl.202112016

参考文献(References)：

• [1]田伟宏.智能变电站网络异常检测方法的研究与实现[D].北京：中国科学院大学（中国科学院沈阳计算技术研究所），2020.
• [2]汤奕，陈倩，李梦雅，等.电力信息物理融合系统环境中的网络攻击研究综述[J].电力系统自动化，2016,40(17):59-69.
• [3]刘亚丽，孟令愚，丁云峰.电网工控系统流量异常检测的应用与算法改进[J].计算机系统应用，2018,27(3):173-178.
• [4]陈德成.入侵攻击下电力信息网络安全态势感知研究[D].南京：南京邮电大学，2019.
• [5]刘君玲，吴小羽，曹岩.采用关联分析改进基于攻击签名的入侵检测的技术[J].吉林工程技术师范学院学报，2004,20(12):1-5.
• [6]汪涛，邵定宏.一种采用统计分析的入侵检测原型系统[J].微计算机信息，2007,23(30):111-112.
• [7]解滨，董新玉，梁皓伟.基于三支动态阈值K-means聚类的入侵检测算法[J].郑州大学学报（理学版），2020,52(2):64-70.
• [8]张旭.基于主成分分析的网络入侵检测研究[J].计算机安全，2013(2):27-30.
• [9]李怡晨.基于机器学习的电力工控网络流量异常检测技术研究[D].上海：上海交通大学，2019.
• [10]冯杰.基于卷积神经网络的网络入侵检测算法研究[D].太原：山西大学，2020.
• [11]XU H,FANG C,CAO Q Q,et al.Application of a distance-weighted KNN algorithm improved by moth-flame optimization in network intrusion detection[C]//2018 IEEE4th International Symposium on Wireless Systems within the International Conferences on Intelligent Data Acqui sition and Advanced Computing Systems(IDAACS-SWS).Lviv,Ukraine:IEEE,2018:166-170.
• [12]姚潍，王娟，张胜利.基于决策树与朴素贝叶斯分类的入侵检测模型[J].计算机应用，2015,35(10):2883-2885.
• [13]EESA A S,ORMAN Z,BRIFCANI A M A.A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems[J].Expert systems with applications,2015,42(5):2670-2679.
• [14]KIM J,KIM J,THU H L T,et al.Long short term memory recurrent neural network classifier for intrusion detection[C]//2016 International Conference on Platform Technology and Service(PlatCon).Jeju,Korea(South):IEEE,2016:1-5.
• [15]SUNDERMEYER M,NEY H,SCHLüTER R.From feedforward to recurrent LSTM neural networks for language modeling[C]//IEEE/ACM Transactions on Audio,Speech,and Language Processing,[S.l.]:IEEE,2015,23(3):517-529.
• [16]SUTSKEVER I,VINYALS O,LE Q V.Sequence to sequence learning with neural networks[C]//Advances in neural information processing systems.[S.l.∶s.n.],2014:3104-3112.
• [17]贾志淳，辛民栋，李彦谚，等.基于相似度计算的网络攻击分类方法[J].渤海大学学报（自然科学版），2020,41(2):169-177.