CN-122001797-A - Protocol identification method for electric power internet of things terminal

Abstract

The invention discloses a protocol identification method for an electric power Internet of things terminal, which comprises the steps of interacting with the electric power Internet of things terminal, obtaining protocol data in the interaction process, preprocessing the data to form a payload data set, extracting characteristics of the payload data in the payload data set to obtain input characteristics, inputting the input characteristics into an electric power Internet of things terminal equipment protocol classification model constructed based on a density space clustering method, carrying out learning training, outputting a classification model after training is finished, inputting to-be-classified current network protocol message data subjected to data preprocessing and characteristic extraction into the trained classification model, classifying, and outputting a classification result. The method of the invention does not depend on manual labeling any more, reduces the influence of manual intervention and errors, can rapidly adapt to the access of new equipment and the change of protocols in the dynamic environment of the terminal equipment of the electric power internet of things, and ensures the stability and the safety of an electric power system.

Inventors

• ZHAO XICHAO
• ZHOU ZHONGRAN
• Zou Xuxi
• ZHAO HUA

Assignees

• 国网电力科学研究院有限公司

Dates

Publication Date

20260508

Application Date

20241108

Claims (10)

1. 1. The protocol identification method for the electric power internet of things terminal is characterized by comprising the following steps of: Interacting with the electric power Internet of things terminal, acquiring protocol data in the interaction process, and preprocessing the protocol data to form a payload data set; Extracting characteristics of the effective load data in the effective load data set to obtain input characteristics; Inputting the input features into an electric power internet of things terminal equipment protocol classification model constructed based on a density space clustering method, performing learning training, and outputting a classification model after training is finished; inputting the data of the current network protocol message to be classified after data preprocessing and feature extraction into the trained classification model for classification, and outputting a classification result.
2. 2. The method for identifying a protocol for an electric power internet of things terminal according to claim 1, wherein the forming a payload data set comprises: acquiring protocol data of different intelligent power internet of things terminals, wherein the protocol data at least comprises 5000 pieces of data, analyzing application layer data in protocol pcap packet data, clearing invalid characters in the data by using a regular expression, and extracting hexadecimal effective load application data; Performing hexadecimal-to-decimal data conversion on the payload application data, and filling blank fields by using fixed decimal values to ensure that different data lengths are consistent; The data is scale normalized to form a payload data set in numerical form.
3. 3. The protocol identification method for the electric power internet of things terminal according to claim 2, wherein the scale normalization process: Wherein μ represents an average value of data corresponding to each protocol type, σ represents a standard deviation of data, and x * and x represent data after normalization processing and before normalization processing, respectively.
4. 4. The protocol identification method for an electric power internet of things terminal according to claim 1 or 2, wherein the feature extraction of the payload data in the payload data set comprises: selecting effective characteristics closely related to message byte length, inter-message distance and address information data by using a characteristic extraction technology, and taking the effective characteristics as input characteristics; The input features include at least a single packet length, a packet average length, a difference between a single packet and a longest packet length, and a difference between a single packet and a shortest packet length.
5. 5. The protocol identification method for the electric power internet of things terminal according to claim 4, wherein the input features are input into an electric power internet of things terminal equipment protocol classification model constructed based on a density spatial clustering method, and learning training is performed, and the method comprises the following steps: Constructing a sample set D= { x 1 ,x 2 ,x 3 ,…,x n }, setting neighborhood parameters epsilon and MinPts based on the input characteristics, wherein epsilon is a sample distance threshold value, and MinPts is the minimum sample number required for forming a cluster; For each sample point x i , calculate its euclidean distance d (x i ,x j ) from all other sample points x j : Wherein x ik and x jk represent the kth eigenvalues of samples x i and x j , respectively, and m is the total number of features; For sample points x i , counting the number of sample points meeting d (x i ,x j ). Ltoreq.epsilon.including x i itself; If the point number N i in the epsilon neighborhood of x i is more than or equal to MinPts, marking x i as a core point; Adding all sample points marked as core points in the neighborhood into a core point set CorePoints, and classifying the sample points into the same cluster C; repeating the steps until all the neighborhood samples of the core points are processed; And outputting the classification result, namely all the identified class clusters C 1 ,C 2 ,…,C m .
6. 6. The protocol identification method for the electric power internet of things terminal according to claim 5, wherein the classification result at least comprises protocol type labels corresponding to various clusters, including, but not limited to, modbus, DNP3, IEC104, MQTT protocol names, each cluster representing a protocol type; The classification result is represented in the form of a map or list to show the correspondence between data samples and protocol types.
7. 7. The protocol identification method for the electric power internet of things terminal according to claim 6, wherein the specific process of classification is: Marking sample points, wherein the sample points meeting the point N i in epsilon neighborhood are taken as core points, the sample points which are not core points but are positioned in epsilon neighborhood of a certain core point are taken as boundary points, and the sample points which are not core points nor boundary points are taken as noise points, so that the noise points are removed; assigning an initial cluster mark to each core point, and starting a new cluster; For each core point, adding all points in the epsilon neighborhood of the core point, including the core point and the boundary point, into the same cluster; if the points in the epsilon neighborhood are also core points, recursively adding the points in the epsilon neighborhood into the same cluster; repeating the above process until the current cluster can not be expanded; repeating the steps for core points which are not processed until all the core points are processed; And outputting classified clusters, wherein each cluster represents a protocol type and at least comprises Modbus, DNP3, IEC104 and MQTT, and each sample point is endowed with a class label of the cluster, namely the protocol type.
8. 8. The protocol identification method for the electric power internet of things terminal according to claim 5, wherein the model output with the best learning training effect is selected as the final classification model based on the K-fold cross validation method, and the mathematical expression formula is as follows: Where y final_prediction is the final result output and y prediction (i) is the output of each model in the 5-fold cross validation.
9. 9. A computer device, comprising: One or more processors; a memory storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising the flow of the power internet of things terminal-oriented protocol identification method of any one of claims 1-8.
10. 10. A computer-readable medium storing software, wherein the software includes instructions executable by one or more computers, the instructions causing the one or more computers to perform operations comprising the flow of the power internet of things terminal-oriented protocol identification method of any one of claims 1-8.

Description

Protocol identification method for electric power internet of things terminal Technical Field The invention relates to the technical field of electric power Internet of things and information communication, in particular to a protocol identification method for an electric power Internet of things terminal. Background With the rapid development of the electric power internet of things, the intelligent degree of electric power equipment is continuously improved, challenges of power grid management and operation and maintenance are increasingly complex, the electric power internet of things system is characterized in that electric power equipment is monitored and managed in real time through various intelligent terminal equipment, accurate control of the running condition of the electric power grid is achieved, under the background that requirements of consumers on electric power service and quality are higher and higher, electric power enterprises and power grid management departments need more efficient operation and maintenance management tools and service systems, however, with the increase of intelligent electric power internet of things terminal equipment, the non-uniformity of protocols among equipment becomes a great pain point in the electric power grid management and operation and maintenance work. At present, the protocols adopted by the terminal equipment of the electric power Internet of things are various, such as 698 protocol, 645 protocol and Modbus protocol, even the protocols of some equipment are unknown, so that electric power operation and maintenance personnel face great challenges in the process of equipment access and management, the protocol standards of the electric power Internet of things are not unified, the isomerism of the equipment and the incompatibility of the protocols lead to complexity of data acquisition and processing, the electric power operation and maintenance personnel need to manually confirm the protocol type of the equipment and configure and debug the equipment, a great deal of time and manpower resources are consumed in the process, the equipment cannot work normally due to incorrect configuration, the stability and the safety of an electric power system are affected, and in addition, the existing automatic management system still depends on manual labeling and testing in the aspect of protocol classification, so that the working efficiency is low, and the flexibility and the expansibility are lacking. When the scale of the terminal equipment of the electric power internet of things is continuously enlarged, how to efficiently and accurately automatically classify and manage various equipment protocols becomes a technical problem to be solved urgently. Disclosure of Invention This section is intended to summarize some aspects of embodiments of the application and to briefly introduce some preferred embodiments, which may be simplified or omitted in this section, as well as the description abstract and the title of the application, to avoid obscuring the objects of this section, description abstract and the title of the application, which is not intended to limit the scope of this application. The present invention has been made in view of the above-described problems occurring in the prior art. Therefore, the method solves the technical problems of various protocols, unknown protocols, complex manual configuration and low efficiency in the existing automatic protocol classification process of the terminal equipment of the electric power internet of things. In order to solve the technical problems, the invention provides the following technical scheme that the method interacts with an electric power internet of things terminal to acquire protocol data in the interaction process, and performs data preprocessing on the protocol data to form a payload data set; Extracting characteristics of the effective load data in the effective load data set to obtain input characteristics; Inputting the input features into an electric power internet of things terminal equipment protocol classification model constructed based on a density space clustering method, performing learning training, and outputting a classification model after training is finished; inputting the data of the current network protocol message to be classified after data preprocessing and feature extraction into the trained classification model for classification, and outputting a classification result. As a preferred scheme of the protocol identification method for the terminal of the electric power internet of things, the forming a payload data set includes: acquiring protocol data of different intelligent power internet of things terminals, wherein the protocol data at least comprises 5000 pieces of data, analyzing application layer data in protocol pcap packet data, clearing invalid characters in the data by using a regular expression, and extracting hexadecimal effective load application data; Performing