信息网络安全 ›› 2023, Vol. 23 ›› Issue (4): 90-101.doi: 10.3969/j.issn.1671-1122.2023.04.010

• 理论研究 • 上一篇    下一篇

基于安全高效联邦学习的智能电网入侵检测模型

刘长杰, 石润华()   

  1. 华北电力大学控制与计算机工程学院,北京 102206
  • 收稿日期:2022-12-10 出版日期:2023-04-10 发布日期:2023-04-18
  • 通讯作者: 石润华 E-mail:rhshi@ncepu.edu.cn
  • 作者简介:刘长杰(1996—),男,河北,硕士研究生,主要研究方向为联邦学习、入侵检测|石润华(1974—),男,安徽,教授,博士,主要研究方向为量子信息安全。
  • 基金资助:
    国家自然科学基金(61772001)

A Smart Grid Intrusion Detection Model for Secure and Efficient Federated Learning

LIU Changjie, SHI Runhua()   

  1. School of Control and Computer Engineering, North China Electric Power University, Beijing 102206, China
  • Received:2022-12-10 Online:2023-04-10 Published:2023-04-18
  • Contact: SHI Runhua E-mail:rhshi@ncepu.edu.cn

摘要:

智能电网的快速发展使得电力传输更加高效,而电网系统和信息通信技术的高度集成也使电力系统面临更多的网络威胁。入侵检测作为一种检测网络攻击的有效方法受到了广泛关注,现有的检测方案大多基于强有力的假设:单个机构高质量的攻击示例足够多并且愿意分享他们的数据。然而,实际生活中单个机构所产生的数据不仅数量很少而且具有各自特点,这些机构通常并不愿意分享他们的数据,而使用单一机构的数据并不足以训练出一个高准确率的通用检测模型。鉴于此,文章提出一种安全高效的智能电网入侵检测方法。具体来说,首先引入联邦学习框架协同训练一个通用的入侵检测模型,以保护本地数据的安全并间接扩充数据量;然后设计了一个安全的通信协议,来保护训练过程中模型参数的安全性,防止攻击者窃听对其进行推理攻击;最后通过选择良好客户端进行全局聚合,在保证模型快速收敛的同时减少参与者的数量以降低通信带宽。实验结果表明,在保证模型收敛的情况下,文章所提模型提高了入侵检测的准确率,保护了数据隐私,同时降低了通信成本。

关键词: 联邦学习, 智能电网, 入侵检测

Abstract:

The rapid development of smart grids has led to more efficient power transmission, and the high level of integration of grid systems and ICTs has exposed power systems to more cyber threats. Intrusion detection has received a lot of attention as an effective method to detect cyber attacks, and most of the existing schemes are based on the strong assumption that a single organization has enough high-quality attack examples and is willing to share their data. However, in real life, individual institutions not only generate a small amount of data but also have individual characteristics and are usually not willing to share their data, and using such single institution data is not sufficient to train a general model with high accuracy. In view of this, this paper proposed a secure and efficient approach for smart grid intrusion detection. Specifically, first, a federated learning framework was introduced to collaboratively train a generic intrusion detection model to protect the security of local data and allow indirect expansion of the data volume; Second, a secure communication protocol was designed to protect the security of model parameters in training and prevent eavesdroppers from eavesdropping on them for inference attacks; Finally, by selecting a good client for global aggregation, the fast convergence of the model was guaranteed and the number of participants was reduced to reduce the communication bandwidth. The experimental results show that the accuracy of intrusion detection is improved, data privacy is protected, and communication cost is reduced while ensuring model convergence.

Key words: federated learning, smart grid, intrusion detection

中图分类号: