Detection of probe flow anomalies using information entropy and random forest method

Aiming at the problems of excessive dependence on manual work, low detection accuracy and poor real-time performance of current probe flow anomaly detection in power system network security detection, a detection method for calculating information entropy of probe flow and random forest classification is proposed. Firstly, the network probe stream data are captured and aggregated in real-time to extract network stream metadata. Secondly, by calculating Pearson correlation coefficient and maximum mutual information coefficient, feature selection of network metadata is carried out. Finally, the information entropy and stochastic forest algorithm are combined to detect the anomaly of probe traffic based on the selected key feature groups, and the probe traffic is accurately classified by multiple incremental learning. The results show that the proposed method can quickly locate the abnormal position of probe traffic and analyze the abnormal points, which greatly reduces the workload of application platform for power system security monitoring, and has high detection accuracy. It effectively improves the reliability and early warning ability of power system network security.