Unlock instant, AI-driven research and patent intelligence for your innovation.

Substation terminal account anomaly detection method based on machine learning

An anomaly detection and machine learning technology, applied in machine learning, instruments, electrical components, etc., can solve the problems of non-generalization, inaccurate and untimely account anomaly detection, etc., and achieve the effect of preventing violations

Pending Publication Date: 2022-04-05
STATE GRID ZHEJIANG ELECTRIC POWER CO LTD HANGZHOU POWER SUPPLY CO
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The current account anomaly detection scheme for substation terminal security scenarios mainly focuses on the comparison features extracted from various vulnerabilities. Some features extracted from the traffic data generated during the login account access process are matched with the comparison features to determine whether the login account is abnormal. , the above detection scheme has the disadvantage of no generalization ability, and can only detect account anomalies for specified vulnerabilities, which has the problem of inaccurate and untimely account anomaly detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Substation terminal account anomaly detection method based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] Such as figure 1 As shown, this embodiment proposes a machine learning-based abnormal detection method for substation terminal accounts, including:

[0043] S1: Collect the access log generated by the login account accessing the substation terminal, input the access log into the trained behavior analysis engine, and screen out the login account with abnormal behavior in the access log;

[0044] S2: Obtain the mapping relationship between the login account and the login IP, and identify the abnormal type of the login account based on the mapping relationship;

[0045] S3: Output the identification results of login accounts with abnormal behaviors and abnormal types as an abnormality detection report.

[0046]This embodiment builds a behavior analysis engine based on user and entity behavior analysis technology (User and Entity Behavior Analytics, UEBA) to realize comprehensive monitoring of terminal access in substations, and can detect login accounts that deviate from ...

Embodiment 2

[0065] The difference between Embodiment 2 and Embodiment 1 is that when S2 is executed to classify and analyze abnormal types, a machine learning model is used to implement, specifically including:

[0066] Respectively obtain the second historical access log generated by the substation terminal when logging in to multiple IPs with the same account and logging in to multiple accounts with the same IP;

[0067] Obtain the historical mapping relationship between the historical login account number and the historical login IP in the second historical access log as a training sample, and train the machine learning model according to the training;

[0068] Input the mapping relationship between login account and login IP into the trained machine learning model to judge the abnormal type of the mapping relationship.

[0069] In this embodiment, the machine learning model is a support vector machine (Support Vector Machine, SVM), and the SVM model is a generalized linear classifier ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a transformer substation terminal account anomaly detection method based on machine learning, which comprises the following steps: acquiring an access log generated when a login account accesses a transformer substation terminal, inputting the access log into a trained behavior analysis engine, and screening out the login account with an abnormal behavior in the access log; obtaining a mapping relationship between the login account and the login IP, and identifying an abnormal type of the login account based on the mapping relationship; and generating an account anomaly detection result of the transformer substation terminal in combination with the login account with the abnormal behavior and the identification result of the anomaly type. According to the method, the UEBA behavior analysis technology is utilized, the access log of the transformer substation terminal is combined, comprehensive monitoring of the access condition of the transformer substation terminal is achieved, the login account deviating from the normal login behavior can be found in time, and the login account and the login IP maliciously accessing the transformer substation terminal can be effectively recognized.

Description

technical field [0001] The invention belongs to the field of substation terminal account management, and in particular relates to a machine learning-based abnormality detection method for substation terminal accounts. Background technique [0002] With the rapid development of Internet of Things technology in the era of big data, remote login is often used to access substation terminals in the substation operation and maintenance of smart grid at this stage. Therefore, the security detection of login accounts has become an important link in maintaining the network security of substation terminals. The current account anomaly detection scheme for substation terminal security scenarios mainly focuses on the comparison features extracted from various vulnerabilities. Some features extracted from the traffic data generated during the login account access process are matched with the comparison features to determine whether the login account is abnormal. , the above-mentioned det...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/40G06K9/62G06N20/00
CPCY04S10/50
Inventor 樊立波孙智卿陈益芳屠永伟宣羿罗少杰陈元中钱锦
Owner STATE GRID ZHEJIANG ELECTRIC POWER CO LTD HANGZHOU POWER SUPPLY CO