Internal apt attack detection and early warning system of power system based on network architecture
A power system and network architecture technology, applied in the field of information security, can solve the problems of lagging information management, inadequate construction of information institutions, infection attacks, etc.
Active Publication Date: 2018-04-24
STATE GRID CHONGQING ELECTRIC POWER CO ELECTRIC POWER RES INST +1
View PDF3 Cites 2 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0007] (2) The attacker launches an infection attack on the home computer, personal computer and other computers that can access the Internet of the relevant staff of the nuclear power plant, and further infects the U disk of the relevant personnel
[0015] At present, there are still many problems in the network information security of electric power enterprises: insufficient construction of information organization, imperfect security legal system, lagging information management, dependence on foreign countries for software and hardware, and weak security awareness, etc.
These problems have increased the difficulty for power companies to deal with APT attacks
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0064] The present invention will be further described below in conjunction with drawings and embodiments.
[0065] Although there are various means of internal APT attacks in electric power, they still have stages. The attack process can be divided into five stages: detection period, intrusion period, latent diffusion period, data mining period and exit period:
[0066] During the detection period, attackers use technical and social engineering methods to collect a large amount of key information about system business processes and usage. The data comes from social networking sites, blogs, and company websites, and even purchase relevant information through some channels and process the collected content. Research to confirm the attack direction and attack method.
[0067] During the intrusion, after the attacker determines the attack target, he will try to break through the defense line of the attack target in various ways. Common penetration and breakthrough methods include...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides an electric power system interior APT attack detection and pre-warning system based on network architecture. The system comprises a user terminal monitoring sub-system, a server monitoring sub-system and a cloud platform management sub-system. According to the characteristic that APT attacks are all pervasive, the APT attack detection and pre-warning system containing a user terminal and a system server is designed. The detection and pre-warning system has the common network security management function, meanwhile conducts analysis of exceptions on logs and events, and excavates and repairs loopholes of the system, after a network system is suffered from the APT attacks, data of attacked equipment can be quickly restored, and the system assists security managers in reversely tracking an attack source.
Description
technical field [0001] The invention relates to the technical field of information security, in particular to a detection and early warning system for APT attacks. Background technique [0002] Advanced persistent threat (Advanced Persistent Threat, APT) is a complex, multi-faceted, long-term and persistent cyber attack against a specific organization. It is a type of cybercrime for commercial and political purposes. It has the characteristics of long-term operation and planning, and high concealment. [0003] According to the intrusion method, APT attacks are divided into two types: one is to attack the company's public server, and then use the server as a springboard to attack the company's internal network. This type of attack is called external APT attack; the other is to attack the company's employees. This type of attack is known as an internal APT attack, which is more difficult to prevent and more concealed. [0004] APT attacks have been discovered many times in r...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/1416H04L63/20
Inventor 张明哲徐瑞林陈涛朱珠雷娟张伟徐鑫
Owner STATE GRID CHONGQING ELECTRIC POWER CO ELECTRIC POWER RES INST