Cloud network end cooperative defense method and system based on end-side edge computing

Abstract

The invention discloses a cloud network end cooperative defense method and system based on end-side edge computing, and relates to information security of an electric power industrial control system. The method comprises the following steps: setting an edge computing center at a terminal side, collecting industrial control system terminal equipment information and communication flow information, defining and identifying attribute characteristics of an electric power industrial control terminal by utilizing equipment fingerprints, automatically collecting the fingerprints of the electric power industrial control terminal equipment by utilizing an Nmap scanning method, establishing a training model by a decision tree algorithm, and achieving the dynamic fingerprint authentication of the terminal equipment; through setting a switch mirror image, intelligent monitoring host flow control and cloud computing center training flow baseline, industrial control terminal equipment flow anomaly detection is realized, and a cloud cooperative defense technology based on edge computing is realized. Through flow data acquisition, information entropy quantification flow characteristic attribute preprocessing and improved semi-supervised clustering K-means algorithm training, abnormal flow detection of the electric power industrial control intranet is realized, and cloud network real-time defense based on abnormal flow detection is realized.

Description

technical field [0001] The invention relates to information security protection of an electric power industrial control system, in particular to a cloud-network-end collaborative defense method and system based on end-side edge computing. Background technique [0002] With the rapid development of the smart grid, the security problems of the power industrial control system itself are becoming more and more serious. In recent years, frequent security incidents in power industrial control systems, especially the emergence of APT attacks such as "Stuxnet", "Flame" and "Poison Zone", fully reflect the seriousness of the situation faced by industrial control system information security. [0003] Due to the location at the edge of the industrial control system, the variety of forms, and the complexity of features, the terminal equipment of the industrial control system often becomes the primary target of attackers, who use illegally accessed industrial control terminals to attack ...

AI Technical Summary

Problems solved by technology

The defect of this detection method is: the detection of abnormality is only for packet comparison on the port mirroring switch, only the number, length, and protocol of the communication data packets can be compared, and the data packets are not analyzed according to the cloud platform, and the communication is obtained through training. The characteristics of the data packet, the false positive rate and the detection rate are not very good

However, the industrial control system requires low latency and real-time network contr

Images