| Smart grid is the key infrastructure of the country,and its network security is an important link to ensure the national important infrastructure security.SOC as a secure operation mechanism for adaptive and continuous improvement of information security,it is practically significant to address the challenge to the network security of the smart grid.Firstly,based on the information security framework,a new SOC model is built and the function and system view of the SOC architecture are proposed in this thesis.Besides,the security challenges faced by smart grids and the security operation requirements of smart grids are analyzed here,then the architecture of smart grid SOC system is constructed and the technical route of smart grid SOC evolution is pointed out,respectively.Secondly,the paper focuses on the research of smart grid SOC platform,and proposes a system architecture design scheme for smart grid SOC platform of a grid enterprise.The technology of smart grid exposed surface control,data feature extraction of abnormal traffic detection,anomaly detection algorithm,abnormal classification problem and multi-label learning technology in SOC platform implementation are deeply studied.Finally,the application effect of a grid enterprise SOC platform built and operated is analyzed.The main research contents and innovations of the thesis work are as follows:1.Based on information security framework and adaptive network security theory,a new basic model for SOC is built and the SOC architecture is designed.Taking the requirement of the development strategy and key business to security as its drive,the proposed architecture set up the security policies and drive the detection/monitoring,protection and response processes for security operation.And a continuous improvement mechanism is built for the adaptive evolution of the SOC by risk assessment,security operation efficiency assessment,security policies optimization and policy establishment processes.The purpose is to complete the continuous improvement of the established SOC mechanism and realize the adaptive evolution of SOC.2.Based on the analysis of the characteristics and security of smart grid technology,the smart grid SOC architecture and implementation program are proposed.Taking a grid enterprise smart grid as an example,the design scheme and implementation plan of the smart grid SOC platform are proposed.3.Aiming at the characteristics of the exposed surface,the control system and the design of the control system of the exposed face are proposed.4.The data feature extraction,anomaly detection algorithm and abnormal classification problem of abnormal traffic detection in SOC are studied.According to the network intrusion behavior model,a typical network behavior feature and CMP behavior feature extraction algorithm are proposed.Auto Encoder,PCA and Copula were used to detect the anomaly of the data,and the Copula-based anomaly detection method is deduced in detail.The GRU neural network is used to classify the unsupervised anomaly detection results to realize the interpretation of the machine learning results of anomaly detection.5.Hercules learning is a special form of multi-label learning in SOC application.According to the ability of classifier to distinguish labels,the whole label set is divided into several non-overlapping groups.In each group,the classifier can assign a unique label to each sample as accurately as possible.A Hercules learning algorithm based on label grouping optimization is proposed,and the algorithm is applied to multiple data sets.The results show that the algorithm has obvious advantages over the classical weak label learning algorithm in Hercules learning tasks.Based on the above design,the SOC platform was initially designed and deployed.The key technical methods proposed were verified by experiments.The experimental results show that the proposed methods can effectively solve the corresponding problems,and the overall performance is better than the traditional methods. |
PDF Full Text Request