Abstract
In recent years, the vulnerability attack on the industrial control system appears more organized and diverse. In this paper, we focus on power user electric energy data acquisition system and its communication protocol, namely 376.1 master station communication protocol. The system is an important infrastructure in national economy and people’s livelihood. To efficiently discover abnormal behaviors during its communication, we propose a terminal access data anomaly detection model based on gradient boosting decision tree (GBDT). Firstly, through analyzing the characteristics of the communication protocol and different kinds of terminal access data, we construct a high-quality multidimensional feature set. Then we choose GBDT as the abnormal access data detection model. The experimental result shows that the detection model has a high detection accuracy and outperforms its counterparts.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
BCD code is the abbreviation of Binary-Coded Decimal.
- 2.
AFN code is the application layer function code in the frame format. More detailed information can be found in [15].
- 3.
Fn is the information class identification code in 376.1 protocol. More detailed information can be found in [15].
- 4.
ERC20 is the message authentication error record in 376.1 protocol. More detailed information can be found in [15].
References
Ahmed, M., Naser Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)
Manocha, S., Girolami, M.: An empirical analysis of the probabilistic K-nearest Neighbor Classifier. Patt. Recogn. Lett. 28, 1818–1824 (2007)
Moore, D.: Internet traffic classification using Bayesian analysis techniques. In: Proceedings of ACM SIGMETRICS (2005)
Kumar, G., Kumar, K., Sachdeva, M.: The use of artificial intelligence based techniques for intrusion detection: a review (2010)
Sahar, S., Hashem, M., Taymoor, M.: Intrusion detection using multi-stage neural network. Int. J. Comput. Sci. Inf. Secur. 8(4), 14–20 (2010)
Zhao, Z., Mehrotra, K.G., Mohan, C.K.: Online anomaly detection using random forest. In: International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, pp. 135–147. Springer, Cham (2018)
Feng, H., Li, M., Hou, X., et al.: Study of network intrusion detection method based on SMOTE and GBDT. Appl. Res. Comput. (2017)
Rawat, S.: Efficient data mining algorithms for intrusion detection. In: Proceedings of the 4th Conference on Engineering of Intelligent Systems (EIS 2004) (2005)
Li, H.: Research and implementation of an anomaly detection model based on clustering analysis. In: International Symposium on Intelligent Information Processing and Trusted Computing (2010)
Rui, Z., Shaoyan, Z., Yang, L., Jianmin, J.: Network anomaly detection using one class support vector machine. In: Proceedings of the International Multi Conference of Engineers and Computer Scientists (2008)
Eskin, E., Arnold, A., Preraua, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. In: Barber, D., Jajodia, S. (eds.) Data Mining for Security Applications. Kluwer Academic Publishers, Boston
Honig, A.: Adaptive model generation: an architecture for the deployment of data mining based intrusion detection systems. In: Barbar, D., Jajodia, S. (eds.) Data Mining for Security Applications. Kluwer Academic Publishers, Boston (2002)
Yang, J., et al.: Multi-classification for malicious URL based on improved semi-supervised algorithm. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and Embedded and Ubiquitous Computing (EUC), vol. 1. IEEE (2017)
Chen, C., Gong, Y., Tian, Y.: Semi-supervised learning methods for network intrusion detection. In: 2008 IEEE International Conference on Systems, Man and Cybernetics, SMC 2008, pp. 2603–2608. IEEE (2008)
Liu, K., Liao, X.: Design and implementation of Q/GDW 376. 1 protocol and DL/T 645 protocol conversion. Adv. Technol. Electr. Eng. Energy 32(02), 72–75+81 (2013)
Natekin, A., Knoll, A.: Gradient boosting machines, a tutorial. Front. Neurorobot. 7 (2013)
Kleinbaum, D.G., Klein, M.: Introduction to logistic regression. Stat. Biol. Health 31(4), 1–39 (2010)
Acknowledgments
This work was supported by Research and Application of Key Technologies for Unified Data Collection of Multi-meter (JL71-17-007) and National Natural Science Foundation of China (No. U1536122).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ma, Q., Xu, B., Sun, B., Zhai, F., Cui, B. (2019). Terminal Access Data Anomaly Detection Based on GBDT for Power User Electric Energy Data Acquisition System. In: Barolli, L., Xhafa, F., Khan, Z., Odhabi, H. (eds) Advances in Internet, Data and Web Technologies. EIDWT 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 29. Springer, Cham. https://doi.org/10.1007/978-3-030-12839-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-12839-5_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12838-8
Online ISBN: 978-3-030-12839-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)