Cross-Domain Data Link Security Portrait Based Attack Traceability Correlation

Abstract

To address the problem of attackers invading the power system through cross-domain attacks and vulnerability exploitation, current research is focusing on security portrait technology. By creating a security portrait of the power system, real-time supervision and comprehensive understanding of abnormal user behavior can be achieved. However, traditional network traffic anomaly detection methods based on clustering analysis often have low accuracy. This article proposes an improved k-means clustering-based traffic anomaly detection method, which improves the efficiency and accuracy of constructing security portraits based on abnormal traffic. Secondly, the Yen's shortest path algorithm is used to select the optimal set in the path to determine the network attack path location, and finally, the attack traceability correlation of cross-domain data link security portraits is achieved, improving the recognition efficiency to 91.7% on the original basis.