Security assessment of power data link based on dynamic weight change

The Data link security assessment is to ensure the security of data transmission, data storage and data usage in the link. It is an important standard to reflect the safety of data link in time and accurately. We proposed a data link security assessment model based on dynamic weights. The model is evaluated from four aspects: intrusion detection, data content detection, data storage index detection, and data usage permission detection. For each aspect, we used the method of setting dynamic weights to score and evaluate. By setting dynamic weights, we can promptly reflect the potential safety hazards and remind the staff. At present, the security evaluation system for data links is not perfect. The model we proposed can evaluate and score from multiple aspects to reflect the security status of the link.


Introduction
The evaluation model is widely used in many fields. The evaluation model mainly reflects the problems of the data to be evaluated in time through scoring. It can be used in many fields such as quality assessment, status assessment and safety assessment. With the rapid development of mobile Internet technology and the arrival of the Internet and the information age in the 21st century, data has become the most important strategic core resource. Enterprise competition has entered the era of big data competition, requiring companies to efficiently integrate, centralize and manage data and operate scientifically to create huge value for the enterprise, promote the transformation of the enterprise, and win the competitive advantage in the market. With the rapid development of the ubiquitous power Internet of Things and the continuous advancement of the construction of data centers, the data resources possessed by the power system are constantly enriched. However, in the data link monitoring, there are still many problems in data management. By establishing a power data link security assessment system, better security protection of power system data is given. This paper proposes a new power data link security assessment model based on dynamic variable weights, which can reflect the security issues in the data link in time. First of all, we divide this model into four modules for testing by data type classification. The data of different modules have different types of characteristics. We have set a corresponding variable weight scoring method for the modules. This method of scoring can strengthen the attention to important indicators, and the deduction table and the error show a proportional relationship. After obtaining the evaluation scores of the four modules, we will again use the dynamic weighting method to obtain the overall score of the link security. This method focuses on key issues as the main goal. The lower the evaluation value, the greater the weight, and serious problems will be given Serious warning. The experimental analysis shows that our method can better remind the staff than the currently used evaluation model.

Related work
The currently used evaluation model algorithms generally use analytic hierarchy process, order relationship analysis and entropy method to set the weight and score. Xiao [1]proposed the use of multiple correlation coefficient weighting method for weight assignment. Jia [2] et al. proposed the fuzzy analytic hierarchy process for safety assessment. Ma [5]uses the sequence relationship analysis method to evaluate the energy saving of power plants. The weight values of these methods cannot be changed at any time according to the actual situation.
Currently, in terms of intrusion detection, more methods are used based on traditional machine learning and deep learning, and the results of using these methods for detection are not bad. Alom [3] and others used DBN to conduct experiments on the intrusion detection data NSL-KDD, and they obtained 97.5% accuracy using only 40% of the training data. Fiore [4]and others proposed the use of a semi-supervised restricted Boltzmann machine for anomaly detection, and they obtained 96% accuracy. The accuracy of these methods can reach a good standard, but there is still room for improvement [6][7].

Sections, subsections and subsubsections
In this part, we will introduce in detail the data link security assessment model based on dynamic variable weight. In the first part, we respectively introduce the content and indicators of the four detection modules. In the second part, we focus on the variable weight scoring system. Finally, we introduce the security assessment system that integrates the four modules in the data link.

Module detection basis
In the detection part of the data link security assessment model, we divided it into 4 parts, namely intrusion detection, data content detection, data storage index detection, and data usage permission detection.
For the intrusion detection part, we selected the auto-encoder for intrusion detection after experimental comparison.
For the data content detection part, we use a string matching algorithm to detect the data in the data link. The purpose of string matching is to detect whether the sent data are a set data type, and to detect the existence of illegal data. The intruder may implement attack behaviors by inserting some attack data into the transmitted data, and performing string data inspection on the transmitted data can provide good security protection.
For the data storage indicator detection part, we set some important security indicators according to the data storage specification requirements, which include the compliance of the data storage path, the compliance of the data storage backup situation and more. These indicators are tested by data storage systems and databases, and compliance is "1" and non-compliance is "0". Through this detection of data storage behavior is reasonable, to prevent attackers from intruding through the data storage stage.
For the data usage permission detection part, we mainly detect user ID and user permissions, and detect whether there are illegal users using data and whether users are performing illegal operations.
The above is the detection basis for the four parts of the data link security evaluation model. For the detection results, we will set weights and score accordingly.

Module scoring system based on variable weight
The module scoring system scores the corresponding modules, and we have established different scoring methods according to the particularity of the data characteristics. We divide data content detection and data storage index detection into one group and use one scoring standard. We divide intrusion detection and data use permission detection into one group and use one scoring standard. First, let's introduce the scoring standards used in data content detection and data storage index detection. Divide the two parts into one group and use one scoring standard because they detect more indicators, and each indicator will output a test result. An error in one indicator will not cause particularly serious harm like the other two parts. For this part of the scoring, we use the weighted arithmetic increase method.
The weight arithmetic increase method is simply to set a unique weight for each error. The more the number of errors, the greater the weight, the more points will be deducted. We first set the upper and lower limits of the scoring system. For the upper limit, we set a full score of 100 points, and the first error will be deducted 40 points. From the second error, we will use the weighted arithmetic increase method to deduct points. The reason why we set the first error deduction to a fixed value is that we want to make the difference between right and wrong more obvious, so as to better remind the staff to correct the error. For the lower limit, we set the total number of errors not to exceed 50% of the total number of indicators. When there are too many errors, we will directly score zero to alert the staff. Then remove the first error and the error exceeding the specified number, and we will use the weighted arithmetic increase method to score the remaining number of errors.
We take the data storage indicator as an example to make a detailed introduction. First, we set a basic deduction weight W2, and set the value of W2 to 1. This weight is the weight of the deduction for the second error. When the 3rd, 4th,..., nth error occurs, Wn=n-1, the weight of the deduction for each error increases with the increase of the error number. Let the deduction base corresponding to the deduction weight be S2. The base deduction algorithm is shown in formula 1. S2 and W2 correspond to each other, and S2 as the base for deduction also represents the deduction for the second error. The data storage index has 10 detection indexes, the maximum number of errors is 5, and if there are more than 5 errors, it is zero. Except for the first error, the weights and deducted points for other errors are shown in Table 1 Next, we will introduce the scoring standards used in intrusion detection and data use permission detection. Since these two parts are very important to data link security, their scoring system is also very strict, and their scores are only 0 or 100. If problems occur, they must be discovered and resolved in time. If it is normal during intrusion detection, give 100 points, and directly give 0 points when an intrusion occurs. If there is no violation of the data usage permission test, 100 points will be given, and 0 points will be directly given if there is a violation.

Data link security assessment model based on dynamic variable weight
Next, the scoring of the four parts needs to be integrated to form the final scoring of our evaluation system. This scoring system uses a dynamic variable weight method for scoring. We set a weight value for the scores of the four detection modules for data content detection, data storage index detection, intrusion detection, and data usage permission detection, respectively, a1, a2, a3, and a4. We set the scores obtained by the four modules as t1, t2, t3, and t4. We set the final score as T. We hope that the weight values of the first two modules can change with the changes in the scores obtained by the modules, so that problems can be reflected to the staff in time. So we set the weight value of each part to 100 minus the score of each part, so that the lower the score, the higher the weight, and the problem can be reflected in time. The latter two modules are given higher importance. When there is a problem, the total score is directly 0. If there is no problem, it will not participate in the final score. We set the state of the latter two modules when there is a problem, in this case the total

Experiment
In this section we will show the experimental details in detail. First, we conduct experiments on the KDD99-based intrusion detection data set, and select the best detection algorithm through experiments. Then we input the relevant data collected from the electric power big data center into our model for evaluation, and compare it with the commonly used analytic hierarchy process, order relationship analysis method and entropy weight method.

Intrusion detection experiment
In recent years, machine learning methods have been used a lot in intrusion detection, and the effect is very good. In order to select better machine learning methods for intrusion detection, we compare them through experiments. We chose logistic regression, naive Bayes, KNN, decision tree, random forest, BP neural network and auto-encoder for experimental comparison. The algorithm selection is made by comparing accuracy, precision, recall and f1 score.

Data link security assessment model experiment based on dynamic variable weight
We collected horizontal and vertical data from the electric power big data center for security assessment and scoring. For the detection of data content, we collected 21 data detection indicators such as MID, CLUSTER_AREA, UPDATED_TIME, etc. For data storage indicator detection, we collected the 10 indicators mentioned in Section 3 as the detection indicators. For intrusion detection and data usage permission detection, we also collected relevant indicators for security assessment. We will use these indicators to compare the final safety assessment scores through the analytic hierarchy process, order relationship analysis, entropy method and our proposed model.

Experimental results
In this part, we first show the experimental comparison results based on the KDD99 intrusion detection data set, and then show the comparison results between our proposed model and other evaluation and scoring methods.

Intrusion detection experiment results.
We use the KDD99 data set as an experimental data set for experiments. Through the use of logistic regression, naive Bayes, KNN, decision tree, random forest, BP neural network and auto-encoder, the experimental results in Table 2 are obtained. By comparing the results of accuracy, precision, recall and f1 score, we found that the accuracy of the detection results obtained by the auto-encoder algorithm is significantly better than other algorithms, so we use the auto-encoder algorithm for the intrusion detection part of our proposed model.

Experimental results of data link security assessment model based on dynamic variable weight.
We input the data collected from the electric power big data center to generate data sets into the analytic hierarchy process, order relationship analysis method, entropy weight method and our proposed model for comparison. We set data content detection, data storage index detection, intrusion detection, and data use permission detection as part one, part two, part three, and part four, respectively. Since the analytic hierarchy process, the order relationship analysis method and the entropy weight method adopt a unified weight setting and are not divided into four parts for weight setting and scoring like our proposed model, we first use Table 3 to carry out these three methods. Table 3. Experimental results of analytic hierarchy process, order relation method and entropy method.

Evaluation algorithm
The first part of the number of errors We will show the error situation in each of the four parts. Since these three methods are not divided into parts for scoring, we only make the final score based on the algorithm, and we will round down the final score. In Table 4 we show the results of scoring using our proposed model. Comparing the results in Table 3 and Table 4, it can be found that when data usage permissions and intrusion detection are flawed, the lower level skips access to the upper level content, and the data are illegally invaded and modified, it can be directly judged as 0 points, which better reminds the staff to find errors. The staff's slack is caused by the high score. The method can clearly show the problem

Summary
How to detect and discover existing security problems in time during the transmission of power data through the data link is extremely critical. In order to model and solve this problem, we propose a power data link security assessment model based on dynamic variable weights. Compared with the regular evaluation and scoring model, this model can feedback the problems to the staff in a more timely manner. We divide the model into four parts for scoring, and finally we will do total scoring. In the final scoring, we use a dynamic variable weight method to set the weight. The part with a low block score will occupy a large weight. The lower the score, the greater the weight, which reflects the safety problem in time. The experimental results verify the advantages of our proposed power data link security assessment model based on dynamic variable weights compared with common models.