부산대학교 도서관

At present, network attacks have become a new type of weapon, and it has become a reality for hostile forces to use network attacks to successfully destroy key national infrastructure such as electricity. Smart terminal attacks on power grids generally target electricity specific protocols and specific business logic, and have characteristics such as clear targets, covert operations, and long latency. They are generally carried out through group or even national level attacks. At present, the intelligent terminal system of the power grid mainly draws on the mature technology of traditional IT systems in attack detection, detecting security events on the network side, and cannot detect abnormal security events targeting the system's business instruction level, such as forged control instructions. This study proposes a traffic anomaly detection technology based on single class support vector machine (OCSVM) for power grid network side flow detection. The basic idea of OCSVM is to use machine learning methods to binary data, and only one class of samples is needed to train the detection model. It is robust to noise sample data and well meets the data imbalance characteristics of industrial control systems.