庄卫金,方国权,张廷忠,陈中
ZHUANG Weijin,FANG Guoquan,ZHANG Tingzhong,CHEN Zhong

• 1:中国电力科学研究院
• 2:国网江苏省电力有限公司检修分公司
• 3:国网山东省电力公司潍坊供电公司
• 4:东南大学电气工程学院

摘要(Abstract)：

随着电力工控系统内负荷终端的大量部署,系统遭受网络入侵的风险将极大提高。在将网络入侵检测技术应用于电力工控系统时,已开发的检测模型往往无法取得理想效果,而训练新的模型又将面临安全、隐私等原因造成的数据采集困难。因此,研究一种基于特征抽取的入侵检测方法,该方法通过堆叠稀疏自编码器结构提取抽象特征,以SVM(支持向量机)分类器为输出层实现入侵检测。在模型训练过程中引入迁移学习策略进行优化,经算例验证该方法能有效提升模型面向有限数量目标域内数据的检测效果和训练效率。
With the large number of load terminals in the electric power industrial system, the risk of intrusion will be greatly increased. When applying network intrusion detection technology to the system, the developed detection model cannot achieve good results, and training a new model will face data collection difficulty caused by security and privacy. On the basis of this, this paper proposes a network intrusion detection method based on feature extraction, which extracted abstract features by the structure of stacked sparse autoencoders and implements intrusion detection with an SVM classifier as the output layer. Also, this paper improves the training process based on the transfer learning strategy, and the example verifies that the method can effectively improve the performance of intrusion detection and training efficiency with limited number of practical data in target domain of electric power industrial system.

关键词(KeyWords)： 电力工控系统;入侵检测;特征抽取;迁移学习;堆叠稀疏自编码器
electric power industrial system;intrusion detection;feature extraction;transfer learning;stacked sparse auto-encoder

Abstract:

Keywords:

基金项目(Foundation): 国家重点研发计划项目（2017YFB0902600）;; 国家电网有限公司科技项目（SGJS0000DKJS1700840）

作者(Author): 庄卫金,方国权,张廷忠,陈中
ZHUANG Weijin,FANG Guoquan,ZHANG Tingzhong,CHEN Zhong

DOI: 10.19585/j.zjdl.202109012

参考文献(References)：

• [1]姚建国，杨胜春，王珂，等.智能电网“源-网-荷”互动运行控制概念及研究框架[J].电力系统自动化，2012,36(21):1-6.
• [2]李田，苏盛，杨洪明，等.电力信息物理系统的攻击行为与安全防护[J].电力系统自动化，2017,41(22):162-167.
• [3]陈霖，许爱东，蒋屹新，等.基于动态增量聚类分析的电力信息网络攻击模式识别算法[J].南方电网技术，2020,14(8):25-32.
• [4]ZHAO G,ZHANG C,ZHENG H,et al.Intrusion detection using deep belief network and probabilistic neural network[C]//2017 IEEE International Conference on Computational Science and Engineering(CSE)and IEEE International Conference on Embedded and Ubiquitous Computing(EUC). July 21-24,2017,Guangzhou,China.IEEE,2017:639-642.
• [5]江泽涛，马伟康.基于多步的多分类器在入侵检测中的研究[J].计算机应用与软件，2021,38(3):303-308.
• [6]ZHANG H,DAI S,LI Y,et al.Real-time distributed-random-forest-based network intrusion detection system using apache spark[C]//2018 IEEE 37th International Performance Computing and Communications Conference(IPCCC).November 17-19,2018,Orlando,FL,USA.IEEE,2018:1-7.
• [7]吕云彤，厉建宾，葛云龙，等.源网荷实时交互异常检测技术研究[J].计算机技术与发展，2019,29(8):58-62.
• [8]章锐，费稼轩，石聪聪，等.特定攻击场景下电力工控系统恶意攻击关联分析方法[J].中国电力，2019,52(10):1-10.
• [9]OTOUM S,KANTARCI B,MOUFTAH H T.On the feasibility of deep learning in sensor network intrusion detection[J].IEEE Networking Letters,2019,1(2):68-71.
• [10]郝建军，王启银，张兴忠.基于支持向量机的电网通信入侵检测技术[J].电测与仪表，2019,56(22):109-114.
• [11]PAN S J,YANG Q.A Survey on transfer learning[J].IEEE Transactions on Knowledge&Data Engineering,2010,22(10):1345-1359.
• [12]ALSHALALI T,JOSYULA D.Fine-tuning of pre-trained deep learning models with extreme learning machine[C]//2018 International Conference on Computational Science and Computational Intelligence(CSCI).December 12-14,2018,Las Vegas,NV,USA:469-473.
• [13]WANI M A,AFZAL S.A new framework for fine tuning of deep networks[C]//2017 16th IEEE International Conference on Machine Learning and Applications(ICMLA),December 18-21,2017,Cancun,Mexico,359-363.
• [14]WEN L,GAO L,LI X.A new deep transfer learning based on sparse auto-encoder for fault diagnosis[J].IEEE Transactions on Systems,Man,and Cybernetics:Systems,2019,49(1):136-144.
• [15]曾安，张艺楠，潘丹，等.基于稀疏降噪自编码器的深度置信网络[J].计算机应用，2017,37(9):2585-2589.
• [16]MEENA G,CHOUDHARY R R.A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA[C]//2017 International Conference on Computer,Communications and Electronics(Comptelix).July 1-22017,Jaipur,India:553-558.
• [17]刘杰，李喜旺.基于图神经网络的工控网络异常检测算法[J].计算机系统应用，2020,29(12):234-238.
• [18]SZEGEDY C,LIU W,JIA Y,et al.Going deeper with convolutions[C]//2015 IEEE Conference on Computer Vision and Pattern Recognition(CVPR),June 7-12,2015,Boston,MA,USA:1-9.