A cloud-network-end collaborative defense method and system based on device-side edge computing

Abstract

The invention discloses a cloud-network-end collaborative defense method and system based on end-side edge computing, and relates to information security of an electric power industrial control system. The method includes: setting up an edge computing center on the terminal side, collecting terminal equipment information and communication flow information of the industrial control system, using device fingerprints to define and identify attribute characteristics of power industrial control terminals, using Nmap scanning method to automatically collect fingerprints of power industrial control terminal equipment, and making decisions The tree algorithm establishes the training model to realize the dynamic authentication of terminal device fingerprints; through the setting of switch mirroring, intelligent monitoring of host flow control, and cloud computing center training flow baseline, the abnormal detection of industrial control terminal device flow is realized, and the "cloud" collaborative defense technology based on edge computing is realized . Through traffic data collection, information entropy quantification, preprocessing of traffic characteristic attributes, and improved semi-supervised clustering K-means algorithm training, the abnormal traffic detection of the power industrial control intranet is realized, and the "cloud network" real-time defense based on abnormal traffic detection is realized.

Description

technical field [0001] The invention relates to information security protection of an electric power industrial control system, in particular to a cloud-network-end collaborative defense method and system based on end-side edge computing. Background technique [0002] With the rapid development of the smart grid, the security problems of the power industrial control system itself are becoming more and more serious. In recent years, frequent security incidents in power industrial control systems, especially the emergence of APT attacks such as "Stuxnet", "Flame" and "Poison Zone", fully reflect the seriousness of the situation faced by industrial control system information security. [0003] Due to the location at the edge of the industrial control system, the variety of forms, and the complexity of features, the terminal equipment of the industrial control system often becomes the primary target of attackers, who use illegally accessed industrial control terminals to attack ...

AI Technical Summary

Problems solved by technology

The defect of this detection method is: the detection of abnormality is only for packet comparison on the port mirroring switch, only the number, length, and protocol of the communication data packets can be compared, and the data packets are not analyzed according to the cloud platform, and the communication is obtained through training. The characteristics of the data packet, the false positive rate and the detection rate are not very good

However, the industrial control system requires low latency and real-time network control. With the increase of computing business, the cloud computing center also uses the service mode to process the massive data generated by the industrial control system equipment in real time. Due to the massive data generated by the industrial control system equipment, all the data is given to cloud computing. Central computing analysis cannot guarantee real-time performance, and needs to work collaboratively based on edge computing and cloud computing platforms. However, such a solution has not been proposed in the prior art

Images