CN111383128A - Method and system for monitoring running state of power grid embedded terminal equipment - Google Patents
Method and system for monitoring running state of power grid embedded terminal equipment Download PDFInfo
- Publication number
- CN111383128A CN111383128A CN202010157020.5A CN202010157020A CN111383128A CN 111383128 A CN111383128 A CN 111383128A CN 202010157020 A CN202010157020 A CN 202010157020A CN 111383128 A CN111383128 A CN 111383128A
- Authority
- CN
- China
- Prior art keywords
- power grid
- embedded terminal
- state
- data
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000012544 monitoring process Methods 0.000 title claims abstract description 21
- 238000012549 training Methods 0.000 claims abstract description 58
- 238000012360 testing method Methods 0.000 claims abstract description 44
- 238000013528 artificial neural network Methods 0.000 claims abstract description 19
- 230000008569 process Effects 0.000 claims description 28
- 238000004891 communication Methods 0.000 claims description 12
- 230000002159 abnormal effect Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 10
- 238000010606 normalization Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000004913 activation Effects 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 230000003213 activating effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- ORILYTVJVMAKLC-UHFFFAOYSA-N Adamantane Natural products C1C(C2)CC3CC1CC2C3 ORILYTVJVMAKLC-UHFFFAOYSA-N 0.000 description 1
- 241000282326 Felis catus Species 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000013078 crystal Substances 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000013210 evaluation model Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 210000002569 neuron Anatomy 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/50—Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Computation (AREA)
- Biophysics (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Biomedical Technology (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Artificial Intelligence (AREA)
- Data Mining & Analysis (AREA)
- Economics (AREA)
- Public Health (AREA)
- Water Supply & Treatment (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
The invention discloses a method and a system for monitoring the running state of embedded terminal equipment of a power grid, and belongs to the technical field of intelligent power grid safety. The method comprises the following steps: acquiring historical operating data of the power grid embedded terminal equipment in different safety states; determining operation characteristics representing historical operation data of the power grid embedded terminal equipment within preset time according to the collected historical operation data; building a GRU neural network architecture according to the operation characteristics, dividing historical operation data into a training set and a test set, and inputting the training set and the test set into the GRU neural network architecture for training to obtain a training model; the method comprises the steps of collecting operation data of the power grid embedded terminal equipment to be monitored, testing the operation data by using a training model, and determining the operation state of the power grid embedded terminal equipment to be monitored. The method has higher accuracy and stronger robustness for identifying the running state of the embedded terminal equipment of the power grid.
Description
Technical Field
The invention relates to the technical field of intelligent power grid safety, in particular to a method and a system for monitoring the running state of embedded terminal equipment of a power grid.
Background
The power system is closely related to our lives, and as a platform for electric energy production and transmission, the power system needs to meet the requirements of reliability, flexibility and economy. With the rapid improvement of the informatization degree of the power system, the power grid is continuously developed towards a more intelligent direction. The embedded technology has become an indispensable part for controlling and monitoring a power system as one of the technologies with the widest application range at present, is widely applied to various links of an intelligent power grid, such as a PLC, an RTU, an HMI and the like in a power engineering control system, and plays a crucial role in the development of the intelligent power system. The power grid embedded terminal equipment brings more security risks while the power grid is more networked, intelligent and multifunctional. Because embedded equipment is widely deployed in the privacy sensitive and safety field, once damaged, the safety of the electric power engineering control system is greatly influenced, the electric power equipment is in failure, the normal operation of the smart grid is threatened, and the national and social safety are seriously threatened. The safety monitoring of the embedded terminal equipment of the intelligent power grid is beneficial to timely discovering the abnormal condition of the equipment, so that the system can predict and intercept the attack before being subjected to illegal attack, and the safety and stability operation of the power system can be guaranteed. At present, security research aiming at the embedded terminal equipment of the smart power grid mainly focuses on the aspects of access control and security evaluation models, and few researches are carried out on the security monitoring problem of the embedded terminal equipment.
Disclosure of Invention
The invention provides a method for monitoring the running state of embedded terminal equipment of a power grid aiming at the problems, which comprises the following steps:
acquiring historical operating data of the power grid embedded terminal equipment in different safety states;
determining operation characteristics representing historical operation data of the power grid embedded terminal equipment within preset time according to the collected historical operation data;
building a GRU neural network architecture according to the operation characteristics, dividing historical operation data into a training set and a test set, and inputting the training set and the test set into the GRU neural network architecture for training to obtain a training model;
the method comprises the steps of collecting operation data of the power grid embedded terminal equipment to be monitored, testing the operation data by using a training model, and determining the operation state of the power grid embedded terminal equipment to be monitored.
Optionally, the historical operating data includes: the method comprises the following steps of CPU occupancy rate, memory occupancy rate, process stack state, calling frequency, kernel variable information state, calling time sequence state and application layer communication flow state of the power grid embedded terminal equipment.
Optionally, determining an operation characteristic representing historical operation data of the power grid embedded terminal device within a preset time specifically includes:
determining the average value, variance, skewness and kurtosis of the CPU occupancy rate, the memory occupancy rate, the calling frequency and the communication flow state of the application layer within preset time according to historical operating data;
vectorizing the process stack state, the core variable information state and the calling time sequence state according to the historical operating data to obtain vectorized data of the process stack state, the core variable information state and the calling time sequence state;
and carrying out normalization processing on the average value, the variance, the skewness, the kurtosis and the vectorization data, and determining the operation characteristics representing the historical operation data of the power grid embedded terminal equipment within the preset time.
Optionally, the historical operating data is divided into a training set and a test set in a ratio of 1: 5.
Optionally, the method further comprises: and sending out early warning when the abnormal operation state of the embedded terminal equipment of the power grid to be monitored is determined.
The invention also provides a system for monitoring the running state of the embedded terminal equipment of the power grid, which comprises the following components:
the acquisition module is used for acquiring historical operating data of the power grid embedded terminal equipment in different safety states;
the extraction module is used for determining the operation characteristics representing the historical operation data of the power grid embedded terminal equipment within the preset time according to the collected historical operation data;
the training module is used for constructing a GRU neural network architecture according to the operation characteristics, dividing historical operation data into a training set and a test set, and inputting the training set and the test set into the GRU neural network architecture for training to obtain a training model;
and the test module is used for acquiring the operation data of the power grid embedded terminal equipment to be monitored, testing the operation data by using the training model and determining the operation state of the power grid embedded terminal equipment to be monitored.
Optionally, the historical operating data includes: the method comprises the following steps of CPU occupancy rate, memory occupancy rate, process stack state, calling frequency, kernel variable information state, calling time sequence state and application layer communication flow state of the power grid embedded terminal equipment.
Optionally, determining an operation characteristic representing historical operation data of the power grid embedded terminal device within a preset time specifically includes:
determining the average value, variance, skewness and kurtosis of the CPU occupancy rate, the memory occupancy rate, the calling frequency and the communication flow state of the application layer within preset time according to historical operating data;
vectorizing the process stack state, the core variable information state and the calling time sequence state according to the historical operating data to obtain vectorized data of the process stack state, the core variable information state and the calling time sequence state;
and carrying out normalization processing on the average value, the variance, the skewness, the kurtosis and the vectorization data, and determining the operation characteristics representing the historical operation data of the power grid embedded terminal equipment within the preset time.
Optionally, the historical operating data is divided into a training set and a test set in a ratio of 1: 5.
Optionally, the test module is further configured to send an early warning when it is determined that the operation state of the power grid embedded terminal device to be monitored is abnormal.
The method deeply analyzes the running state characteristics suitable for the power grid embedded terminal equipment, and has higher accuracy and stronger robustness for identifying the running state of the power grid embedded terminal equipment.
Drawings
FIG. 1 is a flow chart of a method for monitoring the operation status of a power grid embedded terminal device according to the present invention;
FIG. 2 is a flowchart of an embodiment of a method for monitoring an operating status of an embedded terminal device of a power grid according to the present invention;
FIG. 3 is a flow chart of a GRU neural network architecture constructed according to an embodiment of the method for monitoring the operation status of the power grid embedded terminal device;
FIG. 4 is a flowchart illustrating abnormal data detection of the operation state of the power grid embedded terminal device according to an embodiment of the method for monitoring the operation state of the power grid embedded terminal device of the present invention;
fig. 5 is a system structure diagram for monitoring the operation state of the power grid embedded terminal device according to the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
The invention provides a method for monitoring the running state of embedded terminal equipment of a power grid, which comprises the following steps as shown in figure 1:
acquiring historical operating data of the power grid embedded terminal equipment in different safety states;
determining operation characteristics representing historical operation data of the power grid embedded terminal equipment within preset time according to the collected historical operation data;
building a GRU neural network architecture according to the operation characteristics, dividing historical operation data into a training set and a test set, and inputting the training set and the test set into the GRU neural network architecture for training to obtain a training model;
the method comprises the steps of collecting operation data of the power grid embedded terminal equipment to be monitored, testing the operation data by using a training model, determining the operation state of the power grid embedded terminal equipment to be monitored, and sending out early warning when the operation state of the power grid embedded terminal equipment to be monitored is determined to be abnormal.
Historical operating data, including: the method comprises the following steps of CPU occupancy rate, memory occupancy rate, process stack state, calling frequency, kernel variable information state, calling time sequence state and application layer communication flow state of the power grid embedded terminal equipment.
Determining the operation characteristics of historical operation data of the power grid embedded terminal equipment within the representation preset time specifically comprises the following steps:
determining the average value, variance, skewness and kurtosis of the CPU occupancy rate, the memory occupancy rate, the calling frequency and the communication flow state of the application layer within preset time according to historical operating data;
vectorizing the process stack state, the core variable information state and the calling time sequence state according to the historical operating data to obtain vectorized data of the process stack state, the core variable information state and the calling time sequence state;
and carrying out normalization processing on the average value, the variance, the skewness, the kurtosis and the vectorization data, and determining the operation characteristics representing the historical operation data of the power grid embedded terminal equipment within the preset time.
The historical operating data was divided into training and test sets in a 1:5 ratio.
The present invention will be further illustrated with reference to the following examples;
the method of the invention, as shown in fig. 2, comprises the following steps:
step 1: developing a data acquisition client capable of acquiring equipment operation state data on the power grid embedded terminal, and collecting the operation state data of the power grid embedded terminal in different safety states:
step 1.1: the method comprises the following steps that a development client side utilizes a system API or a programming language API to collect running state data of the power grid embedded terminal equipment;
step 1.2: recording data acquired when the power grid embedded terminal equipment normally operates as a positive sample P, recording data when the power grid embedded terminal equipment operates with a malicious program as a negative sample N, and extracting operating state data of the power grid embedded terminal equipment to obtain a data set D for subsequent training, wherein the data line number is m, the data column number is N, and denoising the data by using a box separation method, wherein the operating state data of the terminal equipment mainly comprises the following data:
device CPU occupancy (direct call API-available for psutil. CPU _ percent (0));
device memory occupancy (memory occupancy is obtained through API-psutuil.
Process stack state (obtained by directly calling API-sys. _ getframe (n));
system call frequency (the situation where system calls can be tracked using the strand of linux);
kernel variable information state (different operating systems have different kernel variables and acquisition modes, for example, some key system kernel global variables in linux include current pointers, jiffies, system crystal oscillator master frequency, and the like);
(system call timing state (also getting system call information, saving it as a sequence);
and the application layer communicates the traffic state (the traffic speed is obtained through a psutil packet of python).
Step 1.3: because the embedded terminal equipment of the power grid normally operates most of the time and has less attack data, the invention increases the number of sample instances by random oversampling. Specifically, in the present invention, the negative examples are in a few classes, and there are
D' is the sampled data set.
Step 2: according to the power grid embedded terminal running state data, a characteristic capable of representing a period of time is constructed, and the power grid embedded terminal equipment running state data characteristic within one minute is taken.
The method comprises the following specific steps:
step 2.1: calculating the average value, the variance, the average value, the skewness and the kurtosis of the CPU occupancy rate in one minute according to the CPU occupancy rate obtained before;
step 2.2: calculating the average value, the variance and the range of the memory occupancy rate within one minute according to the previously obtained memory occupancy rate;
step 2.3: calculating the average value, the variance and the skewness of the system calling frequency within one minute according to the system calling frequency obtained previously;
step 2.4: calculating the average value, the variance, the maximum value and the range of the flow state within one minute according to the flow state obtained before;
step 2.5: one-hot coding each item contained in the process stack, vectorizing the process stack state, and establishing a process dictionary, wherein if the number of the effective processes is n, the vector with the length of n +1 is obtained after the one-hot coding, for example, for the process A, the vector is represented by [ 100 … 00 ] n + 1, the process B is represented by [ 010 … 00 ] n + 1, and the process not in the dictionary is represented by [ 000 … 01 ];
step 2.6: encoding the kernel variables into an embedding vector, the length of which is the number of selected kernel variables (for example, using three system kernel variables, the kernel variable case is represented by [ x1 x2 x3 ]);
step 2.7: performing one-hot encoding on each item contained in the system call, and vectorizing the system call time sequence, wherein the encoding mode of the system call is similar to that of the process stack;
step 2.8: and normalizing all data to obtain features.
And step 3: and (4) building a GRU neural network framework through a TensorFlow tool.
The specific steps are shown in fig. 3, and include:
step 3.1: initializing a Sequential model, model ═ Sequential ()
Step 3.2: add a GRU neural network layer with input dimension being the training set dimension and output dimension being 32, specifically model.
Step 3.3: adding a full connection layer (sense), setting the number of sense input nodes to be 32, activating function activation ═ return', return (the reconstructed Linear unit) activating function expression f (x) ═ max (0, x), specifically model.
Step 3.4: a full connection layer (sense) is added, a sense layer input node 32 is set, and the activation function activation is 'softmax', namely, the normalized exponential function. Add (depth), where cat _ num is the upper neuron input dimension.
Step 3.5: compiling the model, setting an evaluation method as 'accurve', setting an optimization mode as 'adam', setting a loss function as 'binary _ cross _ sensory', namely using logarithmic loss, and building a GRU neural network model.
And 4, step 4: and segmenting the running state data of the power grid embedded terminal equipment into a training set and a testing set, and training the neural network.
The method comprises the following specific steps:
step 4.1: randomly dividing the acquired data into a training set (recorded as D _ tr) and a testing set (recorded as D _ val) according to the proportion of 1:5, and ensuring that the data distribution in the training set and the testing set is consistent. That is, for all features in the data set, the training set and test set mean are uniform E (D _ tr) ≈ E (D _ val), the training set and test set bit number are uniform var (D _ tr) ≈ var (D _ val), and the training set and test set variance are uniform M (D _ tr) ≈ M (D _ val).
Step 4.2: training the neural network, and setting the cycle number epoch to 10. Specific, model _ fit (X _ train, y _ train, validity _ data ═ X _ test, y _ test, epoch ═ 10). In the formula, X _ train and y _ train are respectively a feature and a label column in a training set, X _ test and y _ test are respectively a feature and a label column in a testing set, and the probability that the equipment operates normally can be obtained according to the running state data of the equipment by the model obtained after training.
Step 4.3: and calculating an anomaly monitoring threshold value. And determining a threshold value by adopting an F1-score evaluation index because the number of positive and negative samples of the running state of the embedded equipment is greatly different. By setting different thresholds, Thresh _ best with the highest F1-score on the test set is the threshold for finally determining whether the equipment is abnormal.
And 5: and monitoring whether the power grid embedded terminal equipment operates normally or not, as shown in fig. 4.
Step 5.1: after the embedded terminal device is smoothly connected to the master station, the client continuously acquires the running state data, periodically uploads the data to the master station through the network port, and records the running state data uploaded by the embedded terminal device of the power grid as Raw _ data.
Step 5.2: and the master station performs data preprocessing and denoising on the collected Raw data Raw _ data as same as those in training, and extracts the features in the Raw _ data according to a feature extraction method in the training and records the features as D _ ts.
Step 5.3: monitoring the operation state of the terminal equipment, taking the operation state characteristics of the terminal equipment as input, obtaining the probability P (label is 1| D _ ts) that the terminal equipment normally operates and the probability value P (label is 0| D _ ts) that the terminal equipment abnormally operates, and obtaining the probability P (label is 1| D _ ts) that the terminal equipment normally operates when the terminal equipment normally operatests) And if the operation is less than Thresh _ best, the equipment is considered to be abnormal, and an alarm is triggered.
The present invention further provides a system 200 for monitoring the operation status of the power grid embedded terminal device, as shown in fig. 5, including:
the acquisition module 201 is used for acquiring historical operating data of the power grid embedded terminal equipment in different safety states;
the extraction module 202 is used for determining the operation characteristics representing the historical operation data of the power grid embedded terminal equipment within the preset time according to the collected historical operation data;
the training module 203 is used for constructing a GRU neural network architecture according to the operation characteristics, dividing historical operation data into a training set and a test set, and inputting the training set and the test set into the GRU neural network architecture for training to obtain a training model;
the testing module 204 collects the operation data of the power grid embedded terminal device to be monitored, tests the operation data by using the training model, determines the operation state of the power grid embedded terminal device to be monitored, and sends out early warning when determining that the operation state of the power grid embedded terminal device to be monitored is abnormal.
Historical operating data, including: the method comprises the following steps of CPU occupancy rate, memory occupancy rate, process stack state, calling frequency, kernel variable information state, calling time sequence state and application layer communication flow state of the power grid embedded terminal equipment.
Determining the operation characteristics of historical operation data of the power grid embedded terminal equipment within the representation preset time specifically comprises the following steps:
determining the average value, variance, skewness and kurtosis of the CPU occupancy rate, the memory occupancy rate, the calling frequency and the communication flow state of the application layer within preset time according to historical operating data;
vectorizing the process stack state, the core variable information state and the calling time sequence state according to the historical operating data to obtain vectorized data of the process stack state, the core variable information state and the calling time sequence state;
and carrying out normalization processing on the average value, the variance, the skewness, the kurtosis and the vectorization data, and determining the operation characteristics representing the historical operation data of the power grid embedded terminal equipment within the preset time.
The historical operating data was divided into training and test sets in a 1:5 ratio.
The method deeply analyzes the running state characteristics suitable for the power grid embedded terminal equipment, and has higher accuracy and stronger robustness for identifying the running state of the power grid embedded terminal equipment.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The scheme in the embodiment of the application can be implemented by adopting various computer languages, such as object-oriented programming language Java and transliterated scripting language JavaScript.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. A method for monitoring the operational status of a grid embedded terminal device, the method comprising:
acquiring historical operating data of the power grid embedded terminal equipment in different safety states;
determining operation characteristics representing historical operation data of the power grid embedded terminal equipment within preset time according to the collected historical operation data;
building a GRU neural network architecture according to the operation characteristics, dividing historical operation data into a training set and a test set, and inputting the training set and the test set into the GRU neural network architecture for training to obtain a training model;
the method comprises the steps of collecting operation data of the power grid embedded terminal equipment to be monitored, testing the operation data by using a training model, and determining the operation state of the power grid embedded terminal equipment to be monitored.
2. The method of claim 1, the historical operational data, comprising: the method comprises the following steps of CPU occupancy rate, memory occupancy rate, process stack state, calling frequency, kernel variable information state, calling time sequence state and application layer communication flow state of the power grid embedded terminal equipment.
3. The method according to claim 1, wherein the determining operation characteristics characterizing historical operation data of the power grid embedded terminal device within a preset time specifically comprises:
determining the average value, variance, skewness and kurtosis of the CPU occupancy rate, the memory occupancy rate, the calling frequency and the communication flow state of the application layer within preset time according to historical operating data;
vectorizing the process stack state, the core variable information state and the calling time sequence state according to the historical operating data to obtain vectorized data of the process stack state, the core variable information state and the calling time sequence state;
and carrying out normalization processing on the average value, the variance, the skewness, the kurtosis and the vectorization data, and determining the operation characteristics representing the historical operation data of the power grid embedded terminal equipment within the preset time.
4. The method of claim 1, wherein the historical operating data is divided into a training set and a testing set in a 1:5 ratio.
5. The method of claim 1, further comprising: and sending out early warning when the abnormal operation state of the embedded terminal equipment of the power grid to be monitored is determined.
6. A system for monitoring the operational status of a power grid embedded terminal device, the system comprising:
the acquisition module is used for acquiring historical operating data of the power grid embedded terminal equipment in different safety states;
the extraction module is used for determining the operation characteristics representing the historical operation data of the power grid embedded terminal equipment within the preset time according to the collected historical operation data;
the training module is used for constructing a GRU neural network architecture according to the operation characteristics, dividing historical operation data into a training set and a test set, and inputting the training set and the test set into the GRU neural network architecture for training to obtain a training model;
and the test module is used for acquiring the operation data of the power grid embedded terminal equipment to be monitored, testing the operation data by using the training model and determining the operation state of the power grid embedded terminal equipment to be monitored.
7. The system of claim 6, the historical operating data, comprising: the method comprises the following steps of CPU occupancy rate, memory occupancy rate, process stack state, calling frequency, kernel variable information state, calling time sequence state and application layer communication flow state of the power grid embedded terminal equipment.
8. The system according to claim 6, wherein the determining operation characteristics characterizing historical operation data of the power grid embedded terminal device within a preset time specifically includes:
determining the average value, variance, skewness and kurtosis of the CPU occupancy rate, the memory occupancy rate, the calling frequency and the communication flow state of the application layer within preset time according to historical operating data;
vectorizing the process stack state, the core variable information state and the calling time sequence state according to the historical operating data to obtain vectorized data of the process stack state, the core variable information state and the calling time sequence state;
and carrying out normalization processing on the average value, the variance, the skewness, the kurtosis and the vectorization data, and determining the operation characteristics representing the historical operation data of the power grid embedded terminal equipment within the preset time.
9. The system of claim 6, wherein the historical operating data is divided into a training set and a testing set in a 1:5 ratio.
10. The system of claim 6, wherein the test module is further configured to issue an early warning when the operating state of the power grid embedded terminal device to be monitored is determined to be abnormal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010157020.5A CN111383128A (en) | 2020-03-09 | 2020-03-09 | Method and system for monitoring running state of power grid embedded terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010157020.5A CN111383128A (en) | 2020-03-09 | 2020-03-09 | Method and system for monitoring running state of power grid embedded terminal equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111383128A true CN111383128A (en) | 2020-07-07 |
Family
ID=71221477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010157020.5A Pending CN111383128A (en) | 2020-03-09 | 2020-03-09 | Method and system for monitoring running state of power grid embedded terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111383128A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111738467A (en) * | 2020-08-25 | 2020-10-02 | 杭州海康威视数字技术股份有限公司 | Running state abnormity detection method, device and equipment |
| CN113671287A (en) * | 2021-08-16 | 2021-11-19 | 广东电力通信科技有限公司 | Intelligent detection method and system for power grid automation terminal and readable storage medium |
| CN113675947A (en) * | 2021-07-27 | 2021-11-19 | 北京智芯微电子科技有限公司 | Power transmission side equipment state monitoring method of power transmission gateway and power transmission gateway |
| CN114168203A (en) * | 2020-09-10 | 2022-03-11 | 成都鼎桥通信技术有限公司 | Dual-system running state control method and device and electronic equipment |
| CN115277079A (en) * | 2022-06-22 | 2022-11-01 | 国网河南省电力公司信息通信公司 | Method and system for monitoring information attack of power terminal |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110335168A (en) * | 2019-04-22 | 2019-10-15 | 山东大学 | Method and system based on GRU optimization power information acquisition terminal fault prediction model |
| WO2019233047A1 (en) * | 2018-06-07 | 2019-12-12 | 国电南瑞科技股份有限公司 | Power grid dispatching-based operation and maintenance method |
| CN110571792A (en) * | 2019-07-29 | 2019-12-13 | 中国电力科学研究院有限公司 | Analysis and evaluation method and system for operation state of power grid regulation and control system |
-
2020
- 2020-03-09 CN CN202010157020.5A patent/CN111383128A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019233047A1 (en) * | 2018-06-07 | 2019-12-12 | 国电南瑞科技股份有限公司 | Power grid dispatching-based operation and maintenance method |
| CN110335168A (en) * | 2019-04-22 | 2019-10-15 | 山东大学 | Method and system based on GRU optimization power information acquisition terminal fault prediction model |
| CN110571792A (en) * | 2019-07-29 | 2019-12-13 | 中国电力科学研究院有限公司 | Analysis and evaluation method and system for operation state of power grid regulation and control system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111738467A (en) * | 2020-08-25 | 2020-10-02 | 杭州海康威视数字技术股份有限公司 | Running state abnormity detection method, device and equipment |
| CN114168203A (en) * | 2020-09-10 | 2022-03-11 | 成都鼎桥通信技术有限公司 | Dual-system running state control method and device and electronic equipment |
| CN114168203B (en) * | 2020-09-10 | 2024-02-13 | 成都鼎桥通信技术有限公司 | Dual-system running state control method and device and electronic equipment |
| CN113675947A (en) * | 2021-07-27 | 2021-11-19 | 北京智芯微电子科技有限公司 | Power transmission side equipment state monitoring method of power transmission gateway and power transmission gateway |
| CN113671287A (en) * | 2021-08-16 | 2021-11-19 | 广东电力通信科技有限公司 | Intelligent detection method and system for power grid automation terminal and readable storage medium |
| CN113671287B (en) * | 2021-08-16 | 2024-02-02 | 广东电力通信科技有限公司 | Intelligent detection method, system and readable storage medium for power grid automation terminal |
| CN115277079A (en) * | 2022-06-22 | 2022-11-01 | 国网河南省电力公司信息通信公司 | Method and system for monitoring information attack of power terminal |
| CN115277079B (en) * | 2022-06-22 | 2023-11-24 | 国网河南省电力公司信息通信公司 | Power terminal information attack monitoring method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111383128A (en) | Method and system for monitoring running state of power grid embedded terminal equipment | |
| CN106888205B (en) | Non-invasive PLC anomaly detection method based on power consumption analysis | |
| CN111585948B (en) | Intelligent network security situation prediction method based on power grid big data | |
| CN105471882A (en) | Behavior characteristics-based network attack detection method and device | |
| CN111798312A (en) | Financial transaction system abnormity identification method based on isolated forest algorithm | |
| CN111600919B (en) | Method and device for constructing intelligent network application protection system model | |
| CN108063768B (en) | Network malicious behavior identification method and device based on network gene technology | |
| CN103679025B (en) | A kind of malicious code detecting method based on dendritic cell algorithm | |
| CN111901340A (en) | Intrusion detection system and method for energy Internet | |
| CN114124460B (en) | Industrial control system intrusion detection method and device, computer equipment and storage medium | |
| CN116668039A (en) | Computer remote login identification system and method based on artificial intelligence | |
| CN111030299A (en) | Side channel-based power grid embedded terminal safety monitoring method and system | |
| CN113378161A (en) | Security detection method, device, equipment and storage medium | |
| CN117141265A (en) | Operation monitoring system and method for intelligent wireless charging pile | |
| CN113282920A (en) | Log abnormity detection method and device, computer equipment and storage medium | |
| CN116881958A (en) | Power grid big data safety protection method, system, electronic equipment and storage medium | |
| CN115037559B (en) | Data safety monitoring system based on flow, electronic equipment and storage medium | |
| CN108710912B (en) | Time sequence logic approximate model detection method and system based on two-classification machine learning | |
| CN110445776A (en) | A kind of unknown attack Feature Selection Model construction method based on machine learning | |
| CN116126807A (en) | Log analysis method and related device | |
| CN117033913A (en) | Abnormality detection method and device based on power equipment portrait, and storage medium | |
| CN115587358A (en) | Binary code similarity detection method and device and storage medium | |
| CN115604016B (en) | Industrial control abnormal behavior monitoring method and system of behavior feature chain model | |
| CN115865458B (en) | Network attack behavior detection method, system and terminal based on LSTM and GAT algorithm | |
| CN117312804B (en) | Intelligent data perception monitoring method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |