Research on encrypted malicious traffic detection in power information interaction: application of the electricity multi-granularity flow representation learning approach.

With the rapid digital transformation of power systems, encrypted communication technologies are increasingly adopted to enhance data privacy and security. However, this trend also creates potential covert channels for malicious traffic, making the detection of encrypted malicious traffic a critical challenge. Current detection methods often struggle to capture both fine-grained semantic interactions during the TLS handshake and global temporal patterns in traffic behavior, particularly in domain-specific contexts like power systems. This paper proposes the Electricity Multi-Granularity Flow Representation Learning (E-MGFlow) approach to address these issues. E-MGFlow integrates field-level and packet-level granularity analyses, leveraging a multi-head attention mechanism and bidirectional LSTM to effectively capture local semantic details and global traffic dynamics. The method is further optimized for power systems by incorporating device state information and bidirectional communication features. Experimental results on the DataCon dataset and a power information interaction dataset demonstrate that E-MGFlow significantly improves detection performance, achieving 93.64% precision and 93.76% recall with a low false positive rate of 6.52%. The approach offers substantial practical value for securing power system networks against sophisticated cyber threats, ensuring timely detection and defense against potential attacks.