基于根因分析的电力监控系统日志大数据处理方法Massive Log Data Processing Method of Electric Power Monitoring System Based on Root Cause Analysis
卢巍,施程辉,吴靖,杨帆,张若伊,郭抒然
LU Wei,SHI Chenghui,WU Jing,YANG Fan,ZHANG Ruoyi,GUO Shuran
摘要(Abstract):
电力监控系统内大量安全设备产生海量安全日志数据,而调度主站网络安全管理平台对日志数据的处理仅停留在对个别日志属性的归并处理,因此迫切需要新的数据处理方法来提升网络安全运维管理效率。为深层次挖掘安全日志中的潜在价值信息,提出一种基于根因分析的数据处理方法,通过对非结构化的日志数据进行结构性处理,引入一种适用于电网安全日志分析的启发式算法,对电网设备日志进行聚类分析。实验评估的结果显示,该处理方法可以深层次挖掘安全日志中的潜在价值信息,辅助指导网络安全管理工作,提高运维管理效率。
Many security devices in the power monitoring system generate massive safety log data. However,the processing method used by the network security management platform of the dispatching master station is only limited to the merging of individual log attributes. Therefore, it is urgently required to have a new data processing method to improve the maintenance and management efficiency of network security. To further explore potential value information in safety log, the paper proposes a data processing method based on root cause analysis, which introduces a heuristic algorithm applicable to grid safety log analysis by structurally processing the nonstructural log data and implements cluster analysis on grid equipment logs. The experiment assessment result indicates that the method can further explore potential value information in the safety log,help guide network safety management and improve maintenance and management efficiency.
关键词(KeyWords):
电力监控系统;日志;大数据;根因分析法
power monitoring system;log;big data;root cause analysis
基金项目(Foundation): 国网浙江省电力有限公司科技项目(5211HZ17000J)
作者(Author):
卢巍,施程辉,吴靖,杨帆,张若伊,郭抒然
LU Wei,SHI Chenghui,WU Jing,YANG Fan,ZHANG Ruoyi,GUO Shuran
DOI: 10.19585/j.zjdl.201912012
参考文献(References):
- [1]李敏,李炜,于仕,等.基于大数据分析和未知威胁感知的电网企业信息安全主动防护体系研究[J].科技广场,2016(8):82-85.
- [2]段军红,崔阿军,张驯,等.面向智能电网的网络信息安全架构[J].信息安全与技术,2015(11):52-54.
- [3]金学成,孙炜,梁野,等.电力二次系统内网安全监视平台的设计和实现[J].电力系统自动化,2011(16):99-104.
- [4]国家电网公司关于加快推进电力监控系统网络安全管理平台建设的通知[G].北京:国家电网公司,2017.
- [5]耿永明.电力监控系统网络安全监测装置功能及实施[J].科技风,2018(8):204.
- [6]郭抒然,凌芝.新一代电力监控系统网络安全管理平台建设及告警分析[J].中国新通信,2018(17):149-152.
- [7]冯国平,古明生,吉小恒.电网非结构化数据管理平台研究与实现[J].南方能源建设,2015(2):222-225.
- [8]胡聪,刘翠玲,吴尚.基于大数据日志的预警技术分析[J].电气技术,2017(6):95-99.
- [9]应毅,任凯,刘亚军.基于大数据的网络日志分析技术[J].计算机科学,2018(增):353-357.
- [10]胡沐创.大数据日志分析平台应用探索与实践[J].金融科技时代,2018(1):33-36.
- [11]何嘉仪.基于数据挖掘的网络日志检测与实现[D].长沙:湖南大学,2014.
- [12]JULISCH,KLAUS.Clustering intrusion detection alarms to support root cause analysis[R].ACM transactions on information and system security(TISSEC)6.4,2003:443-471.
- [13]丛明煜,王丽萍.现代启发式算法理论研究[J].高技术通讯,2003,13(5):105-110.
- [14]PERDISCI,ROBERTO,GIORGIO GIACINTO,et al.Alarm clustering for intrusion detection systems in computer net works[J].Engineering Applications of Artificial Intelligence19.4(2006):429-438.
- [15]JULISCH,KLAUS,MARC DACIER.Mining intrusion detection alarm for actionable knowledg[J].Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining.ACM,2002.
- [16]杨婧,辛明勇.基于拉依达准则的计量自动化系统数据准确性判断方法[J].电力大数据,2017,20(11):74-78.
- [17]蔡桂华,韩涛,范伟,等.基于海量数据的区域新能源监控与决策支持[J].电网与清洁能源,2017,33(12):115-122.