Causal knowledge-based power information network attack scene reconstruction method and system
A network attack and power information technology, applied in transmission systems, electrical components, electrical digital data processing, etc., can solve the problems of alarm division and automatic identification of false alarms, complex and difficult causal knowledge, and relying on expert knowledge, etc. Carry out targeted, improve defense measures, and enrich the effect of scene information
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Example Embodiment
[0043] Example 1
[0044] The embodiment of the present invention provides a method for reconstructing a power information network attack scenario based on causal knowledge, such as figure 1 shown, including the following steps:
[0045] Step S1: Receive alarm information uploaded by the security device in the network. In this embodiment of the present invention, when a network attacker attacks the target network, the attacker's attack action will trigger security devices in the target network, such as IDS (Intrusion Detection System), firewall, etc., to generate alarm information (such as log alarms) ; After the security device generates the alarm information, it uploads the generated alarm information to the server.
[0046] Step S2: Format the alarm information, and eliminate incomplete alarm information. In the embodiment of the present invention, to preprocess the alarm information, firstly, IDMEF (The Intrusion Detection Message Exchange Format, intrusion detection me...
Example Embodiment
[0088] Example 2
[0089] The embodiment of the present invention provides a power information network attack scenario reconstruction system based on causal knowledge, such as Figure 8 shown, including:
[0090] The receiving module 1 is used for receiving the alarm information uploaded by the security device in the network. This module executes the method described in step S1 in Embodiment 1, and details are not repeated here.
[0091] The preprocessing module 2 is used to format the alarm information and eliminate the incomplete alarm information. This module executes the method described in step S2 in Embodiment 1, and details are not repeated here.
[0092] The filtering module 3 is used for extracting alarm events from the alarm information, arranging the alarm events into an alarm sequence in chronological order, obtaining an alarm period value according to the alarm sequence, checking the correctness of the alarm period value, and filtering false alarm information. ...
Example Embodiment
[0097] Example 3
[0098] An embodiment of the present invention provides a computer device, such as Figure 9 As shown, the device may include a processor 71 and a memory 72, wherein the processor 71 and the memory 72 may be connected by a bus or otherwise, Figure 9 Take connection via bus as an example.
[0099] The processor 71 may be a central processing unit (Central Processing Unit, CPU). The processor 71 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or Other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components and other chips, or a combination of the above types of chips.
[0100] As a non-transitory computer-readable storage medium, the memory 72 can be used to store non-transitory software programs, non-tr...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap