Research On Security Monitoring Technology Of Power IoT Terminals Based On Machine Learning

This paper focuses on the security issues of power Internet of Things terminal equipment.We firstly analyze the security threats of power Internet of Things terminal equipment from the network,business and application levels.Then,to address some of the problems in the current security monitoring of power Internet of Things terminal equipment,are proposed the IEC104 protocol network abnormal traffic generation method,the thermal power generation system terminal equipment business security monitoring method,and the DTU and charging pile application security monitoring method respectively.1.Aiming at solving the problem of lack of training samples when training intrusion detection systems for IEC104 protocol,a method for generating network abnormal traffic based on transfer learning is proposed to transfer attack features between the traffic of two different protocols.And related experiments were carried out between two different networks of TCP protocol and two different networks of Modbus and IEC104 protocol,and three attack test cases such as replay attacks were generated.The experimental results show that the generated traffic can retain the original dataset's attack feature,and can effectively improve the accuracy of the intrusion detection system.2.Aiming at solving the problem of business-related attacks on power Internet of Things,a business security monitoring technology based on rule learning is proposed.First,from an overall perspective,a business modeling method based on Petri nets and process mining is proposed.We first construct the business event logs and then perform the business mining.Finally,the consistency check proves that the generated model can effectively fit the event log.Then,from the perspective of terminal nodes,a business security monitoring technology based on rule learning is proposed,and the RIPPER algorithm is used to mine business rules,and a high accuracy rate is achieved on the constructed thermal power system business attack dataset.3.Aiming at solving the problems of embedded device resource limitation and self-enclosed in the application security monitoring of power Internet of Things terminal equipment,a nonintrusive business security monitoring method is proposed.By collecting the power consumption side channel information generated by the application program at runtime,extracting features,and training an anomaly monitoring model based on LSTM,anomaly-based malicious program intrusion detection is realized.Finally,a prototype system for anomaly monitoring was constructed and verified by experiments on DTU and charging piles.