华东师范大学学报(自然科学版) ›› 2023, Vol. 2023 ›› Issue (5): 122-134.doi: 10.3969/j.issn.1000-5641.2023.05.011

• 数据学习系统 • 上一篇    下一篇

基于并行深度森林的配用电通信网络异常流量检测

周政雷1(), 陈俊1, 潘俊涛1, 袁培森2,*()   

  1. 1. 广西电网有限责任公司 计量中心, 南宁 530024
    2. 南京农业大学 人工智能学院, 南京 210031
  • 收稿日期:2023-07-05 出版日期:2023-09-25 发布日期:2023-09-20
  • 通讯作者: 袁培森 E-mail:1468118403@qq.com;peiseny@njau.edu.cn
  • 作者简介:周政雷, 男, 硕士, 工程师, 主要研究方向为电能计量、计量自动化和网络安全. E-mail: 1468118403@qq.com
  • 基金资助:
    国家自然科学基金(61806097); 江苏省农业科技自主创新资金(SCX(21)3059); 上海市大数据管理系统工程研究中心开放基金(HYSY21022)

Parallel deep-forest-based abnormal traffic detection for power distribution communication networks

Zhenglei ZHOU1(), Jun CHEN1, Juntao PAN1, Peisen YUAN2,*()   

  1. 1. Measurement Center, Guangxi Power Grid Co. Ltd., Nanning 530024, China
    2. College of Artificial Intelligence, Nanjing Agricultural University, Nanjing 210031, China
  • Received:2023-07-05 Online:2023-09-25 Published:2023-09-20
  • Contact: Peisen YUAN E-mail:1468118403@qq.com;peiseny@njau.edu.cn

摘要:

随着网络攻击手段的不断发展, 配用电通信网络安全防护面临严峻挑战. 为解决配用电通信网络异常流量检测效率低、检测精度不足的问题, 从特征提取和流量分类这两个方面进行改进研究, 提出了一种配用电通信网络异常流量检测的新方法. 在特征提取方面, 使用时频域特征提取方法, 采用自适应冗余提升多小波包变换快速提取频域特征, 结合配用电网络通信特点提取时域特征; 在流量分类检测方面, 提出了基于分布式计算框架的并行深度森林分类算法, 并对训练与分类任务调度策略进行了优化. 使用终端流量及常用异常流量检测数据集进行实验, 结果表明所提方法对配用电网络异常流量检测的误报率仅为2.63%, 准确率可达98.29%, 并且深度森林并行计算能均衡地分配任务, 显著地加速了训练与分类过程.

关键词: 异常流量检测, 配用电通信网络, 时频域特征, 深度森林, 并行计算

Abstract:

With the continuous development of network attack methods, it is becoming increasingly difficult to protect the security of power communication networks. Currently, the detection accuracy of abnormal traffic in distribution communication networks is insufficient and the efficiency of abnormal traffic detection is low. To address these issues, a new method for abnormal traffic detection in distribution communication networks is proposed, in which feature extraction and traffic classification are improved. The proposed method utilizes a time-frequency domain feature extraction method, using an adaptive redundancy boosting multiwavelet packet transform to quickly extract frequency-domain features, while time-domain features are extracted using the communication characteristics of the distribution network. To improve traffic classification and detection, a parallel deep forest classification algorithm is proposed based on a distributed computing framework, and the training and classification task scheduling strategies are optimized. The experimental results show that the false alarm rate of the proposed method is only 2.63% and the accuracy rate for the detection of abnormal traffic in distribution networks is 98.29%.

Key words: abnormal traffic detection, power distribution communication network, time-frequency domain features, deep forest, parallel computing

中图分类号: