Terminal Access Data Anomaly Detection Based on GBDT for Power User Electric Energy Data Acquisition System

  • Qian MaEmail author
  • Bin Xu
  • Bang Sun
  • Feng Zhai
  • Baojiang Cui
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 29)


In recent years, the vulnerability attack on the industrial control system appears more organized and diverse. In this paper, we focus on power user electric energy data acquisition system and its communication protocol, namely 376.1 master station communication protocol. The system is an important infrastructure in national economy and people’s livelihood. To efficiently discover abnormal behaviors during its communication, we propose a terminal access data anomaly detection model based on gradient boosting decision tree (GBDT). Firstly, through analyzing the characteristics of the communication protocol and different kinds of terminal access data, we construct a high-quality multidimensional feature set. Then we choose GBDT as the abnormal access data detection model. The experimental result shows that the detection model has a high detection accuracy and outperforms its counterparts.


Power user electric energy data acquisition system 376.1 master station communication protocol Anomaly detection Feature extraction GBDT 



This work was supported by Research and Application of Key Technologies for Unified Data Collection of Multi-meter (JL71-17-007) and National Natural Science Foundation of China (No. U1536122).


  1. 1.
    Ahmed, M., Naser Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)CrossRefGoogle Scholar
  2. 2.
    Manocha, S., Girolami, M.: An empirical analysis of the probabilistic K-nearest Neighbor Classifier. Patt. Recogn. Lett. 28, 1818–1824 (2007)CrossRefGoogle Scholar
  3. 3.
    Moore, D.: Internet traffic classification using Bayesian analysis techniques. In: Proceedings of ACM SIGMETRICS (2005)Google Scholar
  4. 4.
    Kumar, G., Kumar, K., Sachdeva, M.: The use of artificial intelligence based techniques for intrusion detection: a review (2010)CrossRefGoogle Scholar
  5. 5.
    Sahar, S., Hashem, M., Taymoor, M.: Intrusion detection using multi-stage neural network. Int. J. Comput. Sci. Inf. Secur. 8(4), 14–20 (2010)Google Scholar
  6. 6.
    Zhao, Z., Mehrotra, K.G., Mohan, C.K.: Online anomaly detection using random forest. In: International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, pp. 135–147. Springer, Cham (2018)Google Scholar
  7. 7.
    Feng, H., Li, M., Hou, X., et al.: Study of network intrusion detection method based on SMOTE and GBDT. Appl. Res. Comput. (2017)Google Scholar
  8. 8.
    Rawat, S.: Efficient data mining algorithms for intrusion detection. In: Proceedings of the 4th Conference on Engineering of Intelligent Systems (EIS 2004) (2005)Google Scholar
  9. 9.
    Li, H.: Research and implementation of an anomaly detection model based on clustering analysis. In: International Symposium on Intelligent Information Processing and Trusted Computing (2010)Google Scholar
  10. 10.
    Rui, Z., Shaoyan, Z., Yang, L., Jianmin, J.: Network anomaly detection using one class support vector machine. In: Proceedings of the International Multi Conference of Engineers and Computer Scientists (2008)Google Scholar
  11. 11.
    Eskin, E., Arnold, A., Preraua, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. In: Barber, D., Jajodia, S. (eds.) Data Mining for Security Applications. Kluwer Academic Publishers, BostonGoogle Scholar
  12. 12.
    Honig, A.: Adaptive model generation: an architecture for the deployment of data mining based intrusion detection systems. In: Barbar, D., Jajodia, S. (eds.) Data Mining for Security Applications. Kluwer Academic Publishers, Boston (2002)Google Scholar
  13. 13.
    Yang, J., et al.: Multi-classification for malicious URL based on improved semi-supervised algorithm. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and Embedded and Ubiquitous Computing (EUC), vol. 1. IEEE (2017)Google Scholar
  14. 14.
    Chen, C., Gong, Y., Tian, Y.: Semi-supervised learning methods for network intrusion detection. In: 2008 IEEE International Conference on Systems, Man and Cybernetics, SMC 2008, pp. 2603–2608. IEEE (2008)Google Scholar
  15. 15.
    Liu, K., Liao, X.: Design and implementation of Q/GDW 376. 1 protocol and DL/T 645 protocol conversion. Adv. Technol. Electr. Eng. Energy 32(02), 72–75+81 (2013)Google Scholar
  16. 16.
    Natekin, A., Knoll, A.: Gradient boosting machines, a tutorial. Front. Neurorobot. 7 (2013)Google Scholar
  17. 17.
    Kleinbaum, D.G., Klein, M.: Introduction to logistic regression. Stat. Biol. Health 31(4), 1–39 (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Qian Ma
    • 1
    • 3
    Email author
  • Bin Xu
    • 2
  • Bang Sun
    • 1
    • 3
  • Feng Zhai
    • 2
  • Baojiang Cui
    • 1
    • 3
  1. 1.School of Cyberspace SecurityBeijing University of Posts and TelecommunicationsBeijingChina
  2. 2.China Electric Power Research InstituteBeijingChina
  3. 3.National Engineering Laboratory for Mobile Network SecurityBeijingChina

Personalised recommendations