Research On Key Technologies Of Intrusion Detection For Smart Grid

The rapid development of the Internet and the Internet of Things not only brings convenience to people’s lives,but also brings network security risks.As the most basic and important infrastructure in people’s life,smart grid controls the process of power generation,transmission,transformation,distribution,and dispatch.The security of smart grid is the guarantee for the normal operation of people’s lives.In order to realize security prevention and control in smart grid,it is necessary to realize the combination of security architecture and accurate intrusion detection algorithm,block abnormal intrusions from all aspects,and ensure the security of the system.From the perspective of intrusion detection system framework and algorithm,this paper studies key technologies of intrusion detection for smart grid.In this paper,through the research on the intrusion detection system and algorithms of the smart grid network,the macro-architecture and the intrusion detection algorithm are studied respectively.From the perspective of macro-architecture,this paper proposes the Block-based Training architecture(BT)as the intrusion detection system architecture.From the perspective of intrusion detection algorithms,two intrusion detection algorithms are proposed for the content and structure of traffic packets.For the anomaly detection of content features,an intrusion detection algorithm based on recursive feature based on cross-validation elimination and variational autoencoder(RFECV-VAE)is proposed.For the anomaly detection of structural features of traffic packets,an intrusion detection algorithm based on dual graph convolutional neural network and autoencoder(DGCNAE)is proposed.The main work and innovations of this paper are:(1)In order to solve the management difficulties caused by the large number of intelligent terminals and the heterogeneous problem of regional network attacks,this paper proposes a blockbased training architecture to manage logically adjacent intelligent terminals in blocks.And the Leader-Follower mode is proposed to solve the problem of heterogeneity of regional traffic characteristics.The combination of the block structure and the Leader-Follower mode realizes the intelligent management of the intelligent power terminals by the system,so that each terminal can accurately process the traffic of local characteristics,and reduce the waste of computing resources of the intelligent terminal for repeated traffic packets.(2)In order to perform anomaly detection on traffic packets based on content features,the RFECV-VAE algorithm in this paper is proposed.The algorithm includes three modules: feature selection,variational autoencoder and anomaly decision.The method performs feature selection on the dataset through recursive feature elimination based on cross-validation,and uses random forest for cross-validation,then uses variational autoencoder to train the processed dataset,and finally uses the reconstruction probability to make abnormal judgments for samples.Compared with other algorithms,it is proved that the algorithm is not only superior to other algorithms in various indicators,but also has a certain improvement in training time,and is suitable for abnormal identification of massive and high-dimensional data in smart grids.(3)In order to perform anomaly identification on traffic samples based on structural features,this paper proposes the DGCNAE algorithm.The algorithm includes three modules: subgraph division,graph feature extraction and graph flow anomaly detection.In the experiment,three datasets of IDS2017,Reddit,and Digg are used for experimental simulation.First,each dataset is divided into subgraphs by timestamp,and the points,edges,adjacency matrices and categories of each subgraph are determined.Then,through the dual graph convolutional neural network,the features of attributes and structures are extracted,and the complete features of the subgraphs are obtained through fusion.Finally,the normal subgraph is used for the training of the autoencoder,and the abnormality judgment of the subgraph is carried out according to the reconstruction error in the testing stage.The performance of different algorithms on the three data sets proves that the algorithm can not only capture the attribute characteristics of traffic,but also capture the structural characteristics between traffic to a certain extent,and mine the characteristics of abnormal traffic more deeply.