{"title":"An APT Attack Detection Method of a New-type Power System Based on STSA-transformer","authors":"Yuancheng Li, Jiexuan Yuan","doi":"10.2174/2352096516666230428104141","DOIUrl":null,"url":null,"abstract":"\n\nComplex structures such as a high proportion of power electronic equipment has brought new challenges to the safe and stable operation of new-type power system, increasing the possibility of the system being attacked, especially the more complex Advanced Persistent Threat (APT). This kind of attack has a long duration and strong concealment.\n\n\n\nTraditional detection methods target a relatively single attack mode, and the time span of APT processed is relatively short. None of them can effectively capture the long-term correlation in the attack, and the detection rate is low. These methods can’t meet the safety requirements of the new-type power system. In order to solve this problem, this paper proposes an improved transformer model called STSA-transformer algorithm, and applies it to the detection of APT in new-type power systems.\n\n\n\nIn the STSA-transformer model, the network traffic collected from the power system is first converted into a sequence of feature vectors, and the location information and local feature of the sequence, is extracted by combining position encoding with convolutional embedding operations, and then global characteristics of attack sequences is captured using the multi-head self-attention mechanism of the transformer encoder, the higher-frequency features of the attention are extracted through the self-learning threshold operation, combined with the PowerNorm algorithm to standardize the samples, and finally classify the network traffic of the APT.\n\n\n\nAfter multiple rounds of training on the model, the expected effect can be achieved and applied to the APT detection of a new-type power system.\n\n\n\nThe experimental results show that the proposed STSA-transformer algorithm has better detection accuracy and lower detection false-alarm rate than traditional deep learning algorithms and machine learning algorithms.\n","PeriodicalId":43275,"journal":{"name":"Recent Advances in Electrical & Electronic Engineering","volume":"46 1","pages":""},"PeriodicalIF":0.6000,"publicationDate":"2023-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Recent Advances in Electrical & Electronic Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2174/2352096516666230428104141","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0
Abstract
Complex structures such as a high proportion of power electronic equipment has brought new challenges to the safe and stable operation of new-type power system, increasing the possibility of the system being attacked, especially the more complex Advanced Persistent Threat (APT). This kind of attack has a long duration and strong concealment.
Traditional detection methods target a relatively single attack mode, and the time span of APT processed is relatively short. None of them can effectively capture the long-term correlation in the attack, and the detection rate is low. These methods can’t meet the safety requirements of the new-type power system. In order to solve this problem, this paper proposes an improved transformer model called STSA-transformer algorithm, and applies it to the detection of APT in new-type power systems.
In the STSA-transformer model, the network traffic collected from the power system is first converted into a sequence of feature vectors, and the location information and local feature of the sequence, is extracted by combining position encoding with convolutional embedding operations, and then global characteristics of attack sequences is captured using the multi-head self-attention mechanism of the transformer encoder, the higher-frequency features of the attention are extracted through the self-learning threshold operation, combined with the PowerNorm algorithm to standardize the samples, and finally classify the network traffic of the APT.
After multiple rounds of training on the model, the expected effect can be achieved and applied to the APT detection of a new-type power system.
The experimental results show that the proposed STSA-transformer algorithm has better detection accuracy and lower detection false-alarm rate than traditional deep learning algorithms and machine learning algorithms.
期刊介绍:
Recent Advances in Electrical & Electronic Engineering publishes full-length/mini reviews and research articles, guest edited thematic issues on electrical and electronic engineering and applications. The journal also covers research in fast emerging applications of electrical power supply, electrical systems, power transmission, electromagnetism, motor control process and technologies involved and related to electrical and electronic engineering. The journal is essential reading for all researchers in electrical and electronic engineering science.