基于EEMD-LSTM的需求响应终端DDoS攻击检测方法

doi:10.12204/j.issn.1000-7229.2022.04.009

电力建设 ›› 2022, Vol. 43 ›› Issue (4): 81-90.doi: 10.12204/j.issn.1000-7229.2022.04.009

基于EEMD-LSTM的需求响应终端DDoS攻击检测方法

李彬¹(), 魏吟娬¹(), 祁兵¹(), 孙毅¹(), 陈宋宋²

1.华北电力大学电气与电子工程学院,北京市 102206
2.中国电力科学研究院有限公司,北京市 100192

收稿日期:2021-09-14 出版日期:2022-04-01 发布日期:2022-03-24
通讯作者: 魏吟娬 E-mail:direfish@163.com;825665268@qq.com;qbing@ncepu.edu.cn;sy@ncepu.edu.cn
作者简介:李彬(1983),男,博士,副教授,主要研究方向为电气信息技术及电力系统通信,E-mail: direfish@163.com;
祁兵(1965),男,教授,主要研究方向为电力节能、自动需求响应,E-mail: qbing@ncepu.edu.cn;
孙毅(1972),男,教授,主要研究方向为电力大数据与电网能效节能相关技术,E-mail: sy@ncepu.edu.cn;
陈宋宋(1987),男,工程师,主要研究方向为能效与智能用电技术。
基金资助:
国家电网有限公司总部科技项目“分布式‘源荷储’资源聚合调控通信技术研究及应用”(5700-202258216A-1-1-ZN)

DDoS Attack Detection Method Based on EEMD-LSTM for Demand Response Terminal

LI Bin¹(), WEI Yinwu¹(), QI Bing¹(), SUN Yi¹(), CHEN Songsong²

1. School of Electric and Electronic Engineering, North China Electric Power University, 102206, China
2. China Electric Power Research Institute, Beijing 100192, China

Received:2021-09-14 Online:2022-04-01 Published:2022-03-24
Contact: WEI Yinwu E-mail:direfish@163.com;825665268@qq.com;qbing@ncepu.edu.cn;sy@ncepu.edu.cn
Supported by:
Science and Technology Program of State Grid Corporation of China(5700-202258216A-1-1-ZN)

摘要/Abstract

摘要：

随着需求响应(demand response,DR)业务及“源-网-荷-储”互动调控的发展,越来越多需求响应终端接入电力网络,需要针对需求响应终端受到分布式拒绝服务(distributed denial of service,DDoS)攻击行为进行预测与防御技术研究。针对当前电力系统网络攻击研究,重点考虑攻击流量自相似特征,提出了一种基于集合经验模态分解(ensemble empirical mode decomposition,EEMD)与长短期记忆(long short-term memory,LSTM)网络相结合的双重检测方法。首先通过集合经验模态分解攻击流量提取模态特征;其次基于改进的LSTM神经网络进行攻击检测;最后进行仿真实验及对比分析,EEMD-LSTM神经网络的检测方法与传统LSTM检测方法相比具有更好的动态性能,有效提高了DDoS攻击检测精度。

关键词: 需求响应终端, 分布式拒绝服务(DDoS)攻击, 集合经验模态分解(EEMD), 长短期记忆(LSTM)网络, 攻击检测

Abstract:

With the development of demand response (DR) business and interactive regulation of “source-network-load-storage”, as more and more demand response terminals access the power network, it is necessary to carry out the prediction and defense technology research on the distributed denial of service (DDoS) behavior of demand response terminals. Aiming at the current network attack research of power system, this paper focuses on the self-similar characteristics of attack traffic, and proposes a network attack model based on ensemble empirical mode decomposition (EEMD) and long short-term memory (LSTM). The detection method firstly extracts the modal features by ensemble empirical mode decomposition attack traffic, then detects the attack applying the improved LSTM neural network, and finally carries out the simulation experiment and comparative analysis. Compared with the traditional LSTM detection method, the EEMD-LSTM neural network detection method has better dynamic performance and effectively improves the DDoS attack detection accuracy.

Key words: demand response terminal, distributed denial of service attack, ensemble empirical mode decomposition, long short-term memory network, attack detection

中图分类号:

TM73

李彬, 魏吟娬, 祁兵, 孙毅, 陈宋宋. 基于EEMD-LSTM的需求响应终端DDoS攻击检测方法[J]. 电力建设, 2022, 43(4): 81-90.

LI Bin, WEI Yinwu, QI Bing, SUN Yi, CHEN Songsong. DDoS Attack Detection Method Based on EEMD-LSTM for Demand Response Terminal[J]. ELECTRIC POWER CONSTRUCTION, 2022, 43(4): 81-90.

图/表 11

图1 管控云平台系统下需求响应终端受DDoS攻击

Fig.1 Demand response terminal in the cloud platform system under attack by DDoS

表1 需求响应业务流特征分析

Table 1 Characteristics analysis of demand response business flow

图2 不同尺度下DDoS攻击流量

Fig.2 DDoS attack traffic in different scales

图3 EEMD分解时域模态

Fig.3 EEMD decomposition of time-domain modes

图4 EEMD分解频域模态

Fig.4 EEMD decomposition of frequency-domain modes

图5 LSTM神经网络结构

Fig.5 Structure of LSTM neural network

表2 数据集关键特征

Table 2 Key features of data set

图6 调参后准确率对比

Fig.6 Comparison of accuracy after parameter adjustment

图7 调参后损失率对比

Fig.7 Comparison of loss after parameter adjustment

图8 EEMD-LSTM检测与LSTM神经网络对比

Fig.8 Comparison between EEMD-LSTM detection and LSTM neural network

图9 DDoS检测方法准确率对比

Fig.9 Comparison of accuracy of DDoS detection methods

参考文献 26

[1]	WANG J, ZHANG F, LIU H, et al. A novel interruptible load scheduling model based on the improved chicken swarm optimization algorithm[J]. CSEE Journal of Power and Energy Systems, 2021, 7(2):232-240.
[2]	徐飞阳, 薛安成, 常乃超, 等. 电力系统自动发电控制网络攻击与防御研究现状与展望[J]. 电力系统自动化, 2021, 45(3):3-14.
	XU Feiyang, XUE Ancheng, CHANG Naichao, et al. Research status and prospect of cyber attack and defense on automatic generation control in power system[J]. Automation of Electric Power Systems, 2021, 45(3):3-14.
[3]	LIU C S, LIANG H, CHEN T W. Network parameter coordinated false data injection attacks against power system AC state estimation[J]. IEEE Transactions on Smart Grid, 2021, 12(2):1626-1639. doi: 10.1109/TSG.2020.3033520 URL
[4]	王琦, 邰伟, 汤奕, 等. 面向电力信息物理系统的虚假数据注入攻击研究综述[J]. 自动化学报, 2019, 45(1):72-83.
	WANG Qi, TAI Wei, TANG Yi, et al. A review on false data injection attack toward cyber-physical power system[J]. Acta Automatica Sinica, 2019, 45(1):72-83.
[5]	何金栋, 王宇, 赵志超, 等. 智能变电站嵌入式终端的网络攻击类型研究及验证[J]. 中国电力, 2020, 53(1):81-91.
	HE Jindong, WANG Yu, ZHAO Zhichao, et al. Type and verification of network attacks on embedded terminals of intelligent substation[J]. Electric Power, 2020, 53(1):81-91.
[6]	LIU J L, GU Y Y, ZHA L J, et al. Event-triggered H∞ load frequency control for multiarea power systems under hybrid cyber attacks[J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2019, 49(8):1665-1678. doi: 10.1109/TSMC.2019.2895060 URL
[7]	张龙, 王劲松. SDN中基于信息熵与DNN的DDoS攻击检测模型[J]. 计算机研究与发展, 2019, 56(5):909-918.
	ZHANG Long, WANG Jinsong. DDoS attack detection model based on information entropy and DNN in SDN[J]. Journal of Computer Research and Development, 2019, 56(5):909-918.
[8]	ERHAN D, ANARIM E. Hybrid DDoS detection framework using matching pursuit algorithm[J]. IEEE Access, 2020, 8:118912-118923. doi: 10.1109/ACCESS.2020.3005781 URL
[9]	齐宁, 程林, 田立亭, 等. 考虑柔性负荷接入的配电网规划研究综述与展望[J]. 电力系统自动化, 2020, 44(10):193-207.
	QI Ning, CHENG Lin, TIAN Liting, et al. Review and prospect of distribution network planning research considering access of flexible load[J]. Automation of Electric Power Systems, 2020, 44(10):193-207.
[10]	刘林, 祁兵, 李彬, 等. 面向电力物联网新业务的电力通信网需求及发展趋势[J]. 电网技术, 2020, 44(8):3114-3130.
	LIU Lin, QI Bing, LI Bin, et al. Requirements and developing trends of electric power communication network for new services in electric Internet of Things[J]. Power System Technology, 2020, 44(8):3114-3130.
[11]	祖国强, 肖峻, 穆云飞, 等. 计及分布式电源与需求响应的智能配电系统安全域[J]. 电力系统自动化, 2020, 44(8):100-107.
	ZU Guoqiang, XIAO Jun, MU Yunfei, et al. Security region for smart distribution system considering distributed generator and demand response[J]. Automation of Electric Power Systems, 2020, 44(8):100-107.
[12]	孙厚涛, 朱金大, 武迪, 等. 智能用电技术在智慧城市中的应用[J]. 电气自动化, 2019, 41(4):1-4.
	SUN Houtao, ZHU Jinda, WU Di, et al. Application of technique for intelligent use of electricity in smart cities[J]. Electrical Automation, 2019, 41(4):1-4.
[13]	JIA Y Z, ZHONG F T, ALRAWAIS A, et al. Flowguard: an intelligent edge defense mechanism against IoT DDoS attacks[J]. IEEE Internet of Things Journal, 2020, 7(10):9552-9562. doi: 10.1109/JIOT.2020.2993782 URL
[14]	DU S L, WANG Y E, DONG L J, et al. Secure consensus of multiagent systems with DoS attacks via a graph-based approach[J]. Information Sciences, 2021, 570:94-104. doi: 10.1016/j.ins.2021.03.054 URL
[15]	张晨, 唐湘滟, 程杰仁, 等. 基于多核学习的自适应DDoS攻击检测方法[J]. 计算机工程与科学, 2019, 41(8):1381-1389.
	ZHANG Chen, TANG Xiangyan, CHENG Jieren, et al. An adaptive DDoS attack detection method based on multiple-kernel learning[J]. Computer Engineering & Science, 2019, 41(8):1381-1389.
[16]	PRASEED A, THILAGAM P S. DDoS attacks at the application layer: Challenges and research perspectives for safeguarding web applications[J]. IEEE Communications Surveys & Tutorials, 2019, 21(1):661-685.
[17]	国家能源局. 电力需求响应信息交换规范: DL/T 1867—2018[S]. 北京: 中国电力出版社, 2019.
	National Energy Bureau of the People’s Republic of China. Specification for information exchange of power demand response: DL/T 1867—2018[S]. Beijing: China Electric Power Press, 2019.
[18]	肖勇, 吴昊文, 王宗义, 等. 面向可中断负荷控制的需求响应通信业务优化[J]. 电力系统自动化, 2020, 44(15):36-43.
	XIAO Yong, WU Haowen, WANG Zongyi, et al. Communication service optimization of demand response for interruptible load control[J]. Automation of Electric Power Systems, 2020, 44(15):36-43.
[19]	OpenADR Alliance. OpenADR 2.0 profile specification b profile[EB/OL]. [2021-09-01]. https://openadr.Memberclicks.net/assets/DoNotChange/openadr2Obprofilespecificationvl.1packagepublic.zip.
[20]	郭伟, 邱菡, 周天阳, 等. 基于IP熵变量的DDoS攻击溯源模型[J]. 计算机工程与设计, 2019, 40(12):3367-3374.
	GUO Wei, QIU Han, ZHOU Tianyang, et al. DDoS attack source tracing model based on IP entropy variable[J]. Computer Engineering and Design, 2019, 40(12):3367-3374.
[21]	金秀章, 刘岳, 于静, 等. 基于变量选择和EMD-LSTM网络的出口SO₂浓度预测[J]. 中国电机工程学报, 2021, 41(24):8475-8484.
	JIN Xiuzhang, LIU Yue, YU Jing, et al. Prediction of outlet SO₂ concentration based on variable selection and EMD-LSTM network[J]. Proceedings of the CSEE, 2021, 41(24):8475-8484.
[22]	FAN X P, ZHANG Y J, KREHBIEL P R, et al. Application of ensemble empirical mode decomposition in low-frequency lightning electric field signal analysis and lightning location[J]. IEEE Transactions on Geoscience and Remote Sensing, 2020, 59(1):86-100. doi: 10.1109/TGRS.2020.2991724 URL
[23]	陈媛. 基于滤波辅助的PEEMD与Hilbert谱分析方法的高程时间序列特征提取[J]. 测绘地理信息, 2021, 46(S1):126-130.
	CHEN Yuan. Feature extraction of height time series based on filter-assisted PEEMD and Hilbert spectrum analysis[J]. Journal of Geomatics, 2021, 46(S1):126-130.
[24]	TYAGI T, SUMATHI P. Comprehensive performance evaluation of computationally efficient discrete Fourier transforms for frequency estimation[J]. IEEE Transactions on Instrumentation and Measurement, 2020, 69(5):2155-2163. doi: 10.1109/TIM.2019.2922751 URL
[25]	庄世杰, 於志勇, 郭文忠, 等. 基于Zoneout的跨尺度循环神经网络及其在短期电力负荷预测中的应用[J]. 计算机科学, 2020, 47(9):105-109.
	ZHUANG Shijie, YU Zhiyong, GUO Wenzhong, et al. Short term load forecasting via zoneout-based multi-time scale recurrent neural network[J]. Computer Science, 2020, 47(9):105-109.
[26]	孙庆凯, 王小君, 张义志, 等. 基于LSTM和多任务学习的综合能源系统多元负荷预测[J]. 电力系统自动化, 2021, 45(5):63-70.
	SUN Qingkai, WANG Xiaojun, ZHANG Yizhi, et al. Multiple load prediction of integrated energy system based on long short-term memory and multi-task learning[J]. Automation of Electric Power Systems, 2021, 45(5):63-70.

基于EEMD-LSTM的需求响应终端DDoS攻击检测方法

DDoS Attack Detection Method Based on EEMD-LSTM for Demand Response Terminal

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 26

相关文章 1

编辑推荐

Metrics

本文评价