| With the continuous development of the smart grid and the energy internet,the power grid gradually forms cyber-physical system for real-time sensing,dynamic control,security monitoring and application services through a large number of terminal equipment and information networks.The data interaction between the information system terminal equipment and the information processing center makes the electrical grid physical system face more potential threats of attack.The attacker can use hacking to inject malicious data into the information system or directly destroy the network,which can lead to physical system failure or even paralysis.And the attack that the attacker creates for the cyber-physical system is mostly not a single attack,but is composed of a series of attacks with related relationships.However,at present,most of the traditional grid safety monitoring methods use statistical methods for data thresholds to detect data anomalies,and can not effectively extract malignant data from the grid,nor can they analyze the correlations between malignant data.Therefore,in order to solve the above problems,this topic proposes a vicious data link identification method based on the definition of a vicious data link,which can help grid security staff to understand the attacker's attack process,improve the defense level of the power grid,and lay a foundation for the establishment of an active defense system for power grids.This paper studies the identification method of the malignant data chain of the cyber-physical system from two aspects.In order to improve the efficiency of extracting malicious data in the context of power grid big data,a two-stage malignant data extraction method based on repeated neural network and self-organizing neural network model is proposed.The basic idea is to divide the extraction task into malignant data detection and malignant data extraction: In the malignant data detection stage,a repetitive neural network based method was used to filter out normal data sets from grid big data in time series,reducing the amount of data processing needed for the extraction of malignant data;At the stage of malignant data extraction,a self-organizing neural network was used to establish a transition probability matrix to extract the malignant data with low probability of transfer.In order to identify the malignant data chains hidden in malignant data sets,a malignant data chain recognition algorithm based on continuous common itemsets was designed.The algorithm established a time-marked frequent pattern tree to preserve the malignant data sets with temporal characteristics,and then used items.Combine the policies for pruning,optimize the size of the search space,and increase the efficiency of frequent itemset mining.The malignant data chain is identified from this frequent item set by means of a continuous set of common items.This paper makes use of the grid's malignant data detection and extraction methods and the malignant data chain identification algorithm based on continuous common itemsets,and combines the actual grid telemetry and communication system data to verify the results.The results show that this algorithm is more suitable for efficiency and effect than the traditional methods.Data Detection and Extraction in Big Data Environment,and the identified malicious data chain can reflect attacker's attack preference. |
PDF Full Text Request