Research On Active Defense Technology Based On Power System Network Security

The electric power industry is the most important basic energy industry in the development of national economy,which is also the cornerstone of economic development and social progress.As an advanced productive force and basic industry,electric power industry not only plays a vital role in the development of national economy,but also is closely related to people's daily life and social stability.At the same time,because the software and hardware of power system in our country are not fully self-controlled,database,middleware and third-party software are widely vulnerable,and the security situation is not optimistic.The malicious behavior and means under the background of new technology are more abundant,with stronger concealment,distribution,persistency and clarity of purpose.It is precisely because of the serious dependence of the power system on the network that the power system network is facing multiple threats and vulnerable to illegal attacks.This thesis focuses on active defense technology for power system network security.According to the analysis and comparison of traditional network security technologies,the active defense technology based on honeypot is emphatically analyzed.The vulnerability analysis for power system network security is carried out.Considering the network structure,function and characteristics of power system,the distributed interactive vulnerability,application integration and sharing vulnerabilities for power system network are emphatically analyzed in view of the existing network attack behavior of power system.On this basis,an active defense system of power system network with honeypot is designed,and a detection method based on entropy vector mapping is proposed against application level DDoS attacks in power system network.For malicious code attacks with penetrating means,a deep learning model based on convolutional neural network is established to effectively detect,identify and classify attack behaviors.The experimental results show that the detection method based on entropy vector mapping can effectively distinguish DDOS attacks from legitimate access behavior.The detection method based on deep learning model is superior to the traditional detection method,whose classification accuracy for nine types of malicious codes reaches more than 90%.