摘要
针对电力通信网等工业互联网中非受控终端不能通过安装代理软件进行异常行为监测的问题,采用非侵入式网络监听手段,采集各终端设备进网流量、出网流量、IP组播流量、IP广播流量、会话总数等数据,提出一种基于长短时记忆网络的自适应动态多核单类支持向量机方法(Long ShortTerm Memory Adaptive Dynamic Multiple Kernel One Class Support Vector Machine,LSTM-ADMK-OCSVM),精确刻画各类非受控终端正常工作行为模态,构建异常行为描述和监测模型,实现对非受控终端设备非设定异常行为安全监测。通过电力信息内网非受控终端实际系统实验,得出所提方法可有效对非受控终端异常行为进行监测,精度达到95.36%,满足实际系统应用要求。
In view of the problem that uncontrolled terminals in industrial Internet such as power communication network cannot monitor abnormal behaviors through installing agents,non⁃intrusive network monitoring methods are adopted to collect data such as inbound traffic,outbound traffic,IP multicast,IP broadcast,and total number of session from each terminal device a method of Long Short⁃Term Memory Adaptive Dynamic Multiple Kernel One Class Support Vector Machine(LSTM⁃ADMK⁃OCSVM)based on non⁃intrusive network monitoring is proposed to accurately characterize the normal working behavior patterns of various uncontrolled terminals,establish an abnormal behavior description and monitoring model,and achieve secure detection of non⁃set abnormal behaviors of uncontrolled terminal devices.Through practical system experiments on uncontrolled terminals in the power information intranet,it is concluded that the proposed method can monitor abnormal behaviors of uncontrolled terminals with a precision of 95.36%,meeting the requirements of practical system applications.
作者
季晨宇
欧朱建
姜鑫东
马益锋
JI Chenyu;OU Zhujian;JIANG Xindong;MA Yifeng(Nantong Power Supply Branch,State Grid Jiangsu Electric Power Co.,Ltd.,Nantong 226000,China)
出处
《电子设计工程》
2025年第24期131-137,共7页
Electronic Design Engineering
基金
2023年国网江苏省电力有限公司第三批面向生产一线的科技项目包(南通公司)(NT2023002)。
关键词
非受控终端
多核单类支持向量机
异常行为检测
长短时记忆网络
uncontrolled terminals
multiple kernel One Class Support Vector Machine
abnormal behavior detec⁃tion
Long Short⁃Term Memory
