基于单类支持向量机OCSVM的流量异常检测技术研究与应用
Research and Application of Traffic Anomaly Detection Technology Using the One-Class Support Vector Machine(OCSVM)
张坤三 1傅杰 2倪文书 2黄泰宁3
作者信息
- 1. 国网福建省电力有限公司漳州供电公司
- 2. 国网福建省电力有限公司信息通信分公司
- 3. 国网信通亿力科技有限责任公司
- 折叠
摘要
目前,网络攻击已成为新型武器,敌对势力利用网络攻击成功破坏电力等国家关键基础设施已成为现实.电网智能终端攻击一般针对电力特有的协议和特定的业务逻辑,具有攻击目标明确、操作隐蔽、潜伏时间长等特点,且一般通过集团式甚至是国家级实施攻击.目前电网智能终端系统在攻击检测方面主要是借鉴传统IT系统已较成熟技术,检测网络侧的安全事件,但无法检测到如伪造控制指令等针对系统业务指令级的异常安全事件.针对电网网络侧流量检测,本研究提出了基于单类支持向量机OCSVM的流量异常检测技术,其基本思想就是通过机器学习的方法对数据进行二分类,并且只需要一类样本就可以训练检测模型,对噪声样本数据具有鲁棒性,很好地满足了工控系统的数据不平衡特点.
Abstract
At present,network attacks have become a new type of weapon,where hostile forces have successfully used network attacks to destroy critical national infrastructures like power systems.Smart terminal attacks on power grids generally target electricity specific protocols and specific business logic,and have characteristics such as clear targets,covert operations,and long latency.They are generally carried out through group or even national level attacks.At present,the intelligent terminal system of the power grid mainly draws on the mature technology of traditional IT systems in attack detection,detecting security events on the network side,failing to detect abnormal security events targeting the system's business instruction level,such as forged control instructions.This study proposes a traffic anomaly detection technology based on single class support vector machine(OCSVM)for power grid network side flow detection.The fundamental principle of OCSVM involves using machine learning to classify data into binary categories using only one class of samples for training the detection model.It is robust to noise sample data and well meets the data imbalance characteristics of industrial control systems.
关键词
单类支持向量机/OCSVM/流量异常检测Key words
One-Class Support Vector Machine/OCSVM/Traffic anomaly detection引用本文复制引用
出版年
2024
NETL
NSTL
万方数据