摘要
准确快速检测智能变电站通信网络异常流量是发现系统异常、实现安全态势感知和主动防御的关键技术,对保证智能电网安全稳定运行有着重要意义。文中提出了基于时-频域混合特征的智能变电站通信网络异常流量检测新方法。首先,设计了基于分形自回归积分滑动平均(FARIMA)流量模型和小波包分析方法的流量频域特征提取方法,并结合电力信息流时域特征构建时-频域混合特征集。进而,采用人工蜂群优化的支持向量机算法进行异常流量辨识。最后,基于某110 kV变电站的站内实际网络流量和CIC DDoS2019数据集、KDD99数据集进行仿真,结果表明所提算法对网络异常流量识别有更低的误判率和漏检率。
Accurate and rapid identification of abnormal traffic in smart substation communication network is the primary key technology for rapid detection of system anomalies, and realization of safety situational awareness and active defense, which is of great significance to ensure safe and stable operation of smart grid. This paper proposes a new abnormal traffic detection method of smart substation communication network based on time-frequency domain mixed features. Firstly, a method of extracting the features of traffic in frequency domain is designed based on the fractional autoregressive integrated moving average(FARIMA)traffic model and the wavelet packet analysis method. In addition, combined with the time-domain features of power information flow, a mixed time-frequency domain feature set is constructed. Then the support vector machine(SVM) algorithm optimized by artificial bee colony(ABC) is used to identify the abnormal traffic. Finally, the simulation is conducted based on the network traffic in a 110 kV substation, the CIC DDoS2019 data set and the KDD99 data set. The results show that the proposed algorithm has low misjudging and missing rates in abnormal traffic detection.
作者
杨挺
侯昱丞
赵黎媛
盆海波
原凯
宋毅
YANG Ting;HOU Yucheng;ZHAO Liyuan;PEN Haibo;YUAN Kai;SONY Yi(Key Laboratory of the Ministry of Education on Smart Power Grids(Tianjin University),Tianjin 300072,China;State Grid Economic and Technological Research Institute Co.,Ltd.,Beijing 102209,China)
出处
《电力系统自动化》
EI
CSCD
北大核心
2020年第16期79-86,共8页
Automation of Electric Power Systems
基金
国家自然科学基金资助项目(61971305)
国家重点研发计划资助项目(2017YFE0132100)
国家电网公司科技项目(SGTJDK00DWJS1800232)。
关键词
智能变电站
变电站通信网络
流量模型
异常流量检测
smart substation
substation communication network(SCN)
traffic model
abnormal traffic detection
