Unsupervised Network Traffic Anomaly Detection Method Based on Attribute Graph in Power Internet of Things

With the rapid development of computer and communication technology, the power Internet of Things has become an inevitable trend of intelligent and informatized power grid construction. However, the openness of the power Internet of Things makes it more vulnerable to cyber attacks and affects the normal operation of the power system. Therefore, in order to improve the stability of the power system, it is necessary to detect the abnormality of the traffic data generated by the network attack and give early warning of the attack in time. However, almost all existing network traffic anomaly detection methods are strongly dependent on labeled data, manually selected features, and balanced datasets. These methods are not only expensive, but also difficult to distinguish unknown abnormal types. This paper proposes a network traffic anomaly detection method based on autoencoder and attribute graph. This method is designed to learn generic abstract features by autoencoder and avoid the influence of manual features. Then the network traffic is abstracted into an attribute graph based on abstract features, and an anomaly detection model based on the attribute graph is designed to filter out anomalous traffic depending on topology and similarity. At last, the feasibility and effectiveness of the algorithm proposed is verified, on the two network traffic public datasets (NSL-KDD and CICIDS2017). Experimental result demonstrate that the model proposed in this paper has better detection performance compared with other state-of-the-art network traffic anomaly detection algorithms in unsupervised condition, which can be effectively used for imbalanced dataset.