Terminal Access Data Anomaly Detection Based on GBDT for Power User Electric Energy Data Acquisition System

Abstract

In recent years, the vulnerability attack on the industrial control system appears more organized and diverse. In this paper, we focus on power user electric energy data acquisition system and its communication protocol, namely 376.1 master station communication protocol. The system is an important infrastructure in national economy and people’s livelihood. To efficiently discover abnormal behaviors during its communication, we propose a terminal access data anomaly detection model based on gradient boosting decision tree (GBDT). Firstly, through analyzing the characteristics of the communication protocol and different kinds of terminal access data, we construct a high-quality multidimensional feature set. Then we choose GBDT as the abnormal access data detection model. The experimental result shows that the detection model has a high detection accuracy and outperforms its counterparts.