山东电力技术2025,Vol.52Issue(6):52-61,74,11.DOI:10.20097/j.cnki.issn1007-9904.2025.06.006
基于无监督自适应机制的电力工控流量异常检测方法
Anomaly Detection Method for Power Industrial Control System Flow Based on Unsupervised Adaptive Mechanism
摘要
Abstract
Abnormal flow detection in power industrial control systems(ICS)is a critical technology for ensuring the normal operation of control systems and identifying potential network attacks.This paper takes the IEC 60870-5-104 protocol as an example and proposes an unsupervised abnormal flow detection method for power ICS based on convolutional autoencoder(CAE)and adaptive threshold adjustment.The method addresses the limitations of current ICS flow anomaly detection methods,including inadequate detection capability,poor interpretability,and lack of dynamic adjustment mechanisms.Initially,session packets from large volumes of normal ICS traffic are extracted for feature generation using a sliding window approach,forming input vectors.Subsequently,the constructed CAE model is trained,with optimal hyperparameters determined through cross-validation,and the model is solidified.During the detection phase,real-time traffic session packets are reconstructed by the model,and reconstruction errors are calculated.An adaptive threshold adjustment mechanism is then used to dynamically generate a threshold interval,enabling anomaly determination and detection output.Finally,experiments with typical anomalous traffic are conducted to validate the model,with results showing that the proposed method accurately identifies various anomalies in power ICS environments and effectively improves safety protection capabilities.关键词
电力工控流量/异常检测/深度学习/卷积自编码器/自适应阈值Key words
electric power industrial control flow/anomaly detection/deep learning/convolutional autoencoder/adaptive threshold分类
计算机与自动化引用本文复制引用
马力,王丹,计士禹,刘锦利,石贺..基于无监督自适应机制的电力工控流量异常检测方法[J].山东电力技术,2025,52(6):52-61,74,11.基金项目
国家电网有限公司总部科技项目"新一代电力网络安全专用安全防护及监测装备关键技术研究"(5108-202413050A-1-1-ZN). Science and Technology Project of State Grid Corporation of China"Research on Key Technologies of Special Security Protection and Monitoring Equipment for New Generation Power Network Security"(5108-202413050A-1-1-ZN). (5108-202413050A-1-1-ZN)
