Research On Anomaly Detection Technology Of Power Industrial Control Network Traffic Based On Machine Learning

The smart grid is generated with the development of the existing power grid in the information age,which plays an important role in the construction of national infrastructure.With the continuous development of the smart grid,the power grid system has gradually changed from the previously relatively closed form to the open and changeable form.At the same time,affected by new technologies such as big data,internet of things,cloud computing,mobile internet and so on,the smart grid is faced with more and more severe security issues.So it has become an important topic of how to protect the smart grid effectively.Power industrial control system is an important part of the smart grid.As far as the system security protection is concerned,network traffic anomaly detection is an important technical measure that cannot be ignored.For the problem of network traffic anomaly detection in power industrial control system,machine learning based network traffic anomaly detection technology is one of the current mainstream research directions,but there is still room for further research in this aspect.Therefore,from the perspective of automatic labeling of sample data categories,this thesis conducts a study on machine learning based network traffic anomaly detection technologies of the power industrial control system.First of all,the mainstream of the current power industrial control network traffic anomaly detection technology which based on machine learning,usually uses manual or semi-automatic sample category annotation to label training samples.This method will lead to waste of labor and affect the accuracy of detection.In view of this,this paper introduces The Restricted Boltzmann Machine(RBM)network to learn the characteristics of network traffic data.then,constructs a self-learning multi-RBM benchmark model through hierarchical clustering to complete the automatic labeling of sample categories.Finally,according to the above methods,an abnormal traffic detection method which based multi-RBM model(MRBM-AD)is proposed.The experimental results show that: M-RBM-AD can complete the automatic category labeling of traffic data,and has a high accuracy of network traffic anomaly detection.Secondly,to further improve the efficiency and the accuracy,an improved M-RBM-AD method(IM-RBM-AD)is proposed.IM-RBM-AD consists of the following components: the Principal Component Analysis(PCA)to reduce the dimensions of traffic data,the “Pruning” to process the RBM models,the standardized Euclidean distance to calculate the similarity of RBM models,and the interleaved merging time segment lifting method to improve the fault tolerance rate.Experimental results show that the improved method achieves the reduction in dimensions,and the operating efficiency is improved when the amount of traffic data is large.The accuracy of abnormal traffic detection is also improved.Finally,for benchmark models in preceding methods,it is not easy to present intelligible characteristics of network traffic for inspectors,especially when faced with large classifications Afn and small classifications Fn of various applications.In addition,considering that the decision tree can make up for the above deficiency,a new network traffic anomaly detection method(I-DT-AD)is proposed to further increase the accuracy of anomaly detection,and the new method is based on the combination of the automatic annotation of sample data and the improved decision tree.Experimental results show that the proposed method can reflect the explicit characteristics of network traffic,and has higher accuracy than both the common decision tree based method and the aforementioned IM-RBM-AD method.In addition,compared with the IM-RBM-AD method,the operating efficiency are not significantly reduced.