CN-121984885-A - Communication network panoramic monitoring system and method for coal mine substation

Abstract

The invention discloses a communication network panoramic monitoring system and method for a coal mine substation, which belong to the technical field of industrial communication monitoring, and are used for carrying out real-time data acquisition on communication nodes in the coal mine substation to generate a standardized communication data set, calculating a communication flow trend deviation rate and a communication active period variation rate based on the data set, constructing an enhancement characteristic data set together with an original communication index, inputting the enhancement characteristic into a time sequence prediction model based on a long-short-period memory neural network to generate a predicted value and calculate an abnormal residual score, carrying out abnormal behavior recognition by combining a K-Means clustering result and the abnormal score, carrying out graphical display on abnormal communication nodes on a panoramic topological graph, and triggering communication alarm when a plurality of continuous time windows are abnormal.

Inventors

• QIN LEI
• GE HAIBIN
• ZHANG HAIYAN
• ZHEN YANGQING
• WU JINGJIAN
• WANG XIAONAN

Assignees

• 济宁市金桥煤矿

Dates

Publication Date

20260505

Application Date

20260210

Claims (9)

1. 1. A coal mine substation communication network panoramic monitoring method is characterized by comprising the following steps: Real-time data acquisition is carried out on a communication network in the coal mine substation, communication index data of each communication node in a preset time window are obtained, and a standardized communication data set is generated; Calculating a traffic trend offset rate of a current communication node communication traffic change trend compared with a historical average trend in a target time window based on the standardized communication data set, and calculating a communication activity period change rate of a current communication node activity time period distribution compared with a historical normal period template; The method comprises the steps of forming a multidimensional feature vector by the flow trend offset rate, the communication activity period change rate and an original communication index, outputting an enhanced feature data set, inputting the enhanced feature data set into an LSTM-based time sequence prediction model, predicting the communication behavior of a communication node in a current time window, generating a predicted value sequence, carrying out residual calculation on an actual acquisition value and a predicted value, and obtaining an abnormal residual score of the communication node; based on the enhanced feature data set, adopting a K-Means clustering algorithm to perform clustering analysis on communication behaviors, inputting the calculated abnormal residual scores, and judging whether the communication data points are abnormal or not: Graphically displaying the identified abnormal communication nodes and the states thereof on a communication network panoramic topological graph, and triggering communication alarm if the same communication node is marked as abnormal in a plurality of continuous time windows.
2. 2. The method for panoramic monitoring of a communication network of a coal mine substation according to claim 1, wherein the communication index data comprises a data packet number, a data byte number, a bandwidth utilization rate, an active connection number, a communication protocol type, a communication direction, a communication session duration, a device unique identifier and a sampling timestamp.
3. 3. The method for panoramic monitoring of a communication network of a coal mine substation according to claim 1, wherein the calculating of the flow trend offset ratio of the communication flow change trend of the current communication node in the target time window compared with the historical average trend is specifically as follows: Setting two time windows, namely a current time window Wcurr, the length of which is n, a history window set { Whisti } and a plurality of front time windows, wherein the length of each window is n; the data points in each window are: And wherein: for the i-th sampling point in time, A communication flow value for a corresponding point in time; For any pair of points And And i < j, calculate its slope: All of Calculating the slope of the points to form a slope set: Taking the median of the set S as the trend slope of the window: β=mean (S); Current window slope score Calculating slope for each window in the history window set to obtain slope set The historical average slope is: calculating a flow trend offset rate TSR according to the current window slope and the historical average slope: 。
4. 4. the method for panoramic monitoring of a communication network of a coal mine substation according to claim 1, wherein the calculation of the communication activity period variability of the current communication node activity time period distribution compared with the historical normal period template is specifically as follows: Setting the period length as T, and recording the occurrence time of each communication event in the target time window And mapped to angle values: And wherein: e [0,2 pi ]) the angle set of the current time window: Angle set of historical normal cycle templates: respectively calculating the circle average value of the current period and the history period: And the current period circle average value: historical cycle circle mean: Calculating circle concentration for measuring the concentration of communication active time The expression is: N represents the number of samples participating in the calculation, namely the number of communication active events in a certain time window, and the concentration of the current period is as follows: Historical cycle concentration: and integrating the phase offset and the period concentration change, and defining the communication active period change rate APD as follows: Wherein, the method comprises the steps of, 。
5. 5. The method for panoramic monitoring of a communication network of a coal mine substation according to claim 1, wherein training of the time sequence prediction model based on the long-short-term memory neural network is characterized in that enhancement feature vectors of continuous 10 time windows of communication nodes are used as model input, enhancement feature vectors of a predicted 11 th time window are used as training targets, mean square error is used as a loss function, an Adam optimizer is used for training, training rounds are 100, batch size is 64, and the model is used for online prediction after training is completed.
6. 6. The method for panoramic monitoring of a coal mine substation communication network according to claim 5, wherein the calculation of the abnormal residual scores comprises the steps of carrying out difference value processing on a predicted value and an actual acquisition value according to dimensions, obtaining residual vectors by using a relative error calculation mode, carrying out Z-score standardization on the current residual vectors based on historical residual means and standard deviations in the last 30 time windows, and finally averaging the standardized residual vectors to obtain the abnormal residual scores.
7. 7. The method for panoramic monitoring of a communication network of a coal mine substation according to claim 1, wherein in the K-Means cluster analysis process, abnormal residual scores of each communication data point are added into an enhanced feature vector as additional feature dimensions to form an extended feature vector, an optimal cluster number K is determined by adopting a contour coefficient method, and after clustering, abnormal data points are identified by judging whether Euclidean distance between the communication data point and a clustering center is greater than a behavior deviation threshold value or not and judging whether the corresponding abnormal residual scores exceed a combined judgment mode of the scoring threshold value or not.
8. 8. The method for panoramic monitoring of a communication network of a coal mine substation according to claim 1, wherein the triggering of communication alarms comprises setting a sliding abnormal state buffer zone for each communication node, recording abnormal marking states in the last 5 time windows, generating communication abnormal events and automatically setting alarm levels according to continuous abnormal times if the abnormal marking times are greater than or equal to 3 times, wherein the abnormal times are 3 corresponding to general alarms and the abnormal times are 5 or more corresponding to serious alarms.
9. 9. A coal mine substation communication network panoramic monitoring system for implementing the coal mine substation communication network panoramic monitoring method as claimed in any one of claims 1-8, which is characterized by comprising: the data acquisition module is used for acquiring real-time data of a communication network in the coal mine substation, acquiring communication index data of each communication node in a preset time window and generating a standardized communication data set; The calculation module is used for calculating the flow trend offset rate of the communication flow change trend of the current communication node in the target time window compared with the historical average trend based on the standardized communication data set and calculating the communication activity period change rate of the current communication node activity time period distribution compared with the historical normal period template; The model prediction module is used for forming a multidimensional feature vector by the flow trend offset rate, the communication activity period variation rate and the original communication index together, outputting an enhanced feature data set, inputting the enhanced feature data set into an LSTM-based time sequence prediction model, predicting the communication behavior of the communication node in a current time window, generating a predicted value sequence, carrying out residual calculation on an actual acquisition value and a predicted value, and obtaining an abnormal residual score of the communication node; the anomaly judgment module is used for carrying out cluster analysis on the communication behavior by adopting a K-Means clustering algorithm based on the enhanced feature data set, inputting the calculated anomaly residual scores, and judging whether the communication data points are anomaly or not: And the alarm module graphically displays the identified abnormal communication nodes and the states thereof on the communication network panoramic topological graph, and if the same communication node is marked as abnormal in a plurality of continuous time windows, the communication alarm is triggered.

Description

Communication network panoramic monitoring system and method for coal mine substation Technical Field The invention relates to the technical field of industrial communication monitoring, in particular to a communication network panoramic monitoring system and method for a coal mine substation. Background The coal mine substation communication network panoramic monitoring refers to comprehensive, real-time and visual monitoring and management of a communication network system in a coal mine substation. By deploying the network monitoring equipment and the management platform, the system can perform panoramic sensing and display on the running state, equipment connection, data flow, abnormal conditions and the like of the communication network, and ensure the stable running of the network and the safe and reliable information transmission. The monitoring mode is helpful for timely finding and removing network faults, and improves the automation and intelligence level of the coal mine power supply system. In the prior art, when a K-Means clustering algorithm is used for identifying the flow mode change in a communication network of a coal mine substation, the algorithm is highly sensitive to abnormal points and outliers, and abnormal flow (such as progressive ARP attack or slow scanning behavior) which slowly evolves or is low in frequency is easily misjudged as normal flow. This is because K-Means lacks the perception of time series characteristics and forces all data to be classified into fixed clusters, resulting in potential security risks being "averaged" or "masked", thereby affecting the ability of the monitoring system to timely identify and pre-warn of concealed communication anomalies. Disclosure of Invention The invention aims to provide a coal mine substation communication network panoramic monitoring system and a coal mine substation communication network panoramic monitoring method, which are used for solving the defects in the background technology. In order to achieve the purpose, the invention provides the technical scheme that the communication network panoramic monitoring method for the coal mine substation comprises the following steps: Real-time data acquisition is carried out on a communication network in the coal mine substation, communication index data of each communication node in a preset time window are obtained, and a standardized communication data set is generated; Calculating a traffic trend offset rate of a current communication node communication traffic change trend compared with a historical average trend in a target time window based on the standardized communication data set, and calculating a communication activity period change rate of a current communication node activity time period distribution compared with a historical normal period template; The method comprises the steps of forming a multidimensional feature vector by the flow trend offset rate, the communication activity period change rate and an original communication index, outputting an enhanced feature data set, inputting the enhanced feature data set into an LSTM-based time sequence prediction model, predicting the communication behavior of a communication node in a current time window, generating a predicted value sequence, carrying out residual calculation on an actual acquisition value and a predicted value, and obtaining an abnormal residual score of the communication node; based on the enhanced feature data set, adopting a K-Means clustering algorithm to perform clustering analysis on communication behaviors, inputting the calculated abnormal residual scores, and judging whether the communication data points are abnormal or not: Graphically displaying the identified abnormal communication nodes and the states thereof on a communication network panoramic topological graph, and triggering communication alarm if the same communication node is marked as abnormal in a plurality of continuous time windows. Preferably, the communication index data includes a number of data packets, a number of data bytes, a bandwidth utilization, a number of active connections, a communication protocol type, a communication direction, a communication session duration, a device unique identifier, and a sampling time stamp. Preferably, the calculating the flow trend offset rate of the current communication node in the target time window according to the communication flow change trend compared with the historical average trend specifically includes: Setting two time windows, namely a current time window Wcurr, the length of which is n, a history window set { Whisti } and a plurality of front time windows, wherein the length of each window is n; the data points in each window are: And wherein: for the i-th sampling point in time, A communication flow value for a corresponding point in time; For any pair of points AndAnd i < j, calculate its slope: All of Calculating the slope of the points to form a slope set: Taking the median