电网工控系统流量异常检测的应用与算法改进

“两化融合”的工业控制网络的安全问题不断突显.电力作为国家重要基础设施，其电网工控系统的安全防护工作极其重要.本文根据电网工控系统中控制网的内防水平低且其安全监测和防护缺乏内部网络流量异常检测的现状，分析了电网工控系统的组成结构、网络安全需求及面临的威胁.提出了将流量异常检测技术应用于针对电网工控系统控制网的安全防护中，形成针对电网工控系统控制网的两级安全防护.然后研究了流量异常检测方法的分类和特点以及电网工控系统的网络流量数据特点，提出了基于熵的动态半监督K-means算法并辅以单类支持向量机对半监督K-means算法进行改进，为提升电力系统内防水平奠定基础.

Application and Algorithm Improvement of Abnormal Traffic Detection in Smart Grid Industrial Control System

The safety of industrial control network is becoming more prominent. Electric power is an important national infrastructure, so the safety protection of smart grid industrial control system is extremely important. In smart grid industrial control system, according to the status quo of the low internal protection level of the control network and the lack of internal network of anomaly traffic detection, this paper analyzes the composition of the industrial control system, the network security demand, and the threats faced by the smart grid industrial control system. It proposes to apply traffic anomaly detection technology to the security protection of smart grid industrial control system, which forms the two-level security protection. Then, the classification and characteristics of traffic anomaly detection methods and the characteristics of network traffic of smart grid industrial control system are studied. And it proposes a dynamic semi-supervised K-means algorithm based on entropy and OCSVM to improve the semi-supervised K-means algorithm for improving the internal protection level of the smart grid industrial control system.