Causal knowledge-based power information network attack scene reconstruction method and system

A network attack and power information technology, applied in transmission systems, electrical components, electrical digital data processing, etc., can solve the problems of alarm division and automatic identification of false alarms, complex and difficult causal knowledge, and relying on expert knowledge, etc. Carry out targeted, improve defense measures, and enrich the effect of scene information

Pending Publication Date: 2020-08-14
GLOBAL ENERGY INTERCONNECTION RES INST CO LTD +3
View PDF2 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Therefore, the technical problem to be solved by the present invention is to overcome the defects in the prior art of excessive reliance on expert knowledge, difficulty in alarm division and automatic identific

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Causal knowledge-based power information network attack scene reconstruction method and system
  • Causal knowledge-based power information network attack scene reconstruction method and system
  • Causal knowledge-based power information network attack scene reconstruction method and system

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0043] Example 1

[0044] The embodiment of the present invention provides a method for reconstructing a power information network attack scenario based on causal knowledge, such as figure 1 shown, including the following steps:

[0045] Step S1: Receive alarm information uploaded by the security device in the network. In this embodiment of the present invention, when a network attacker attacks the target network, the attacker's attack action will trigger security devices in the target network, such as IDS (Intrusion Detection System), firewall, etc., to generate alarm information (such as log alarms) ; After the security device generates the alarm information, it uploads the generated alarm information to the server.

[0046] Step S2: Format the alarm information, and eliminate incomplete alarm information. In the embodiment of the present invention, to preprocess the alarm information, firstly, IDMEF (The Intrusion Detection Message Exchange Format, intrusion detection me...

Example Embodiment

[0088] Example 2

[0089] The embodiment of the present invention provides a power information network attack scenario reconstruction system based on causal knowledge, such as Figure 8 shown, including:

[0090] The receiving module 1 is used for receiving the alarm information uploaded by the security device in the network. This module executes the method described in step S1 in Embodiment 1, and details are not repeated here.

[0091] The preprocessing module 2 is used to format the alarm information and eliminate the incomplete alarm information. This module executes the method described in step S2 in Embodiment 1, and details are not repeated here.

[0092] The filtering module 3 is used for extracting alarm events from the alarm information, arranging the alarm events into an alarm sequence in chronological order, obtaining an alarm period value according to the alarm sequence, checking the correctness of the alarm period value, and filtering false alarm information. ...

Example Embodiment

[0097] Example 3

[0098] An embodiment of the present invention provides a computer device, such as Figure 9 As shown, the device may include a processor 71 and a memory 72, wherein the processor 71 and the memory 72 may be connected by a bus or otherwise, Figure 9 Take connection via bus as an example.

[0099] The processor 71 may be a central processing unit (Central Processing Unit, CPU). The processor 71 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or Other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components and other chips, or a combination of the above types of chips.

[0100] As a non-transitory computer-readable storage medium, the memory 72 can be used to store non-transitory software programs, non-tr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a causal knowledge-based power information network attack scene reconstruction method and system. The method comprises the steps: receiving alarm information uploaded by security equipment in a network; formatting the alarm information, and removing incomplete alarm information; extracting alarm events from the alarm information, arranging the alarm events into an alarm sequence according to a time sequence, performing correctness check on an alarm period value obtained according to the alarm sequence, and filtering false alarm information; clustering the alarm events in the alarm sequence according to the correlation between the alarm event addresses, and dividing an attack scene sequence; mining a statistical association relationship among the alarm event types ofthe safety equipment in the attack scene sequence to form causal knowledge; and judging an attack scene of the alarm sequence by utilizing a preset algorithm. By implementing the method and the device, the association analysis capability of massive alarm events is improved, information loss in alarm information preprocessing is avoided, and convenient conditions are provided for subsequent causalknowledge construction in an actual environment.

Description

technical field [0001] The invention relates to the field of electric power information security, in particular to a method and system for reconstructing attack scenarios of electric power information network based on causal knowledge. Background technique [0002] With the promotion of the company's ubiquitous power Internet of Things strategy and the extensive application of advanced information and communication technology and Internet + in the power grid, the power system has gradually broken the previous closedness and proprietary nature, and the construction of an open, interactive and widely interconnected power business system As the deployment becomes more widespread, the power business system suffers from more and more cyber attacks, and the attack methods become more complex and diverse. APT (advanced persistent threat, advanced persistent threat) attack cases have been discovered. In response to such security risks, a variety of security protection devices are de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F17/14G06Q10/06G06Q50/06G06Q50/30
CPCG06F17/141G06Q10/0635G06Q50/06G06Q50/30H04L63/1425H04L63/1441
Inventor 崔洁席泽生张波马媛媛李洁邵志鹏管小娟陈牧陈璐李尼格李勇陈亮王建宽张国强殷博林永峰石伟
Owner GLOBAL ENERGY INTERCONNECTION RES INST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap