An Intrusion Detection System Based on Big Data for Power System

摘要

On the background of information and energy interconnection, the whole power system generated a huge amount of data with diverse structure, complicated sources and large scale from both cyber devices and physical components, which is a typical cyber-physical system (CPS). These data exhibit data feature such as large quantity, complicated data item, complex processing logic, long storage cycle and high frequency calculation. Therefore, from a CPS perspective, the power system is facing intrusions that are more damaging, complicated and wide spreading. Currently, most power system network intrusion detection systems are founded manually. Especially, the detection knowledge used for identify intrusion action is provided by security expert and complied into the network intrusion detection system (IDS). The defect of this approach is that it needs the continuing input of upgraded knowledge concerning the intrusion detection, which may not suit for the complex power CPS. Therefore, the expansion and adaptability of such term is not suitable in the context of big data problem. In this paper, we propose hierarchic IDS that combines misuse detection and abnormal detection for Power System. Data mining algorithms are used to build the rules by studying and analyzing historical monitor date. The prototype implemented proves that the model proposed can detect cyber-attacks accurately with low false positive and false negative rate.