基于dpi变压器的新型电力系统APT攻击检测

IF 0.6 Q4 ENGINEERING, ELECTRICAL & ELECTRONIC

Recent Advances in Electrical & Electronic Engineering Pub Date : 2023-05-04 DOI:10.2174/2352096516666230504111123

Yuancheng Li, Yazhuo Zhang

{"title":"基于dpi变压器的新型电力系统APT攻击检测","authors":"Yuancheng Li, Yazhuo Zhang","doi":"10.2174/2352096516666230504111123","DOIUrl":null,"url":null,"abstract":"\n\nIn recent years, the frequent occurrence of network security attacks in the power field has brought huge risks to the production, transmission, and supply of power systems, and Advanced Persistent Threat (APT) is a covert advanced network security attack, which has become one of the network security risks that cannot be ignored in the construction of new power systems.\n\n\n\nThis study aims to resist the increasing risk of APT attacks in the construction of new power systems, this paper proposes an attack detection model based on Deep Packet Inspection (DPI) and Transformer\n\n\n\nFirstly, we extracted 606 traffic characteristics from the original traffic data through the extended CIC Flowmeter and used them all to train the Transformer network. Then, we used the DPI-Transformer model and traffic labels to perform feature analysis on the traffic data and finally obtained the APT-Score. If the APT-Score is greater than the threshold, the alarm module is triggered.\n\n\n\nBy analyzing the headers and payloads of the network traffic in the APT-2020 dataset, the experimental results show that the detection accuracy of APT attacks by the DPI-Transformer detection model is significantly higher than that of the current mainstream APT attack detection algorithms.\n\n\n\nCombined with the characteristics of the new power system and APT attacks, this paper proposes an attack detection model DPI-Transformer, which proves that the model has greatly improved the detection accuracy.\n","PeriodicalId":43275,"journal":{"name":"Recent Advances in Electrical & Electronic Engineering","volume":"33 1","pages":""},"PeriodicalIF":0.6000,"publicationDate":"2023-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"APT Attack Detection of a New Power System Based on DPI-Transformer\",\"authors\":\"Yuancheng Li, Yazhuo Zhang\",\"doi\":\"10.2174/2352096516666230504111123\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"\\n\\nIn recent years, the frequent occurrence of network security attacks in the power field has brought huge risks to the production, transmission, and supply of power systems, and Advanced Persistent Threat (APT) is a covert advanced network security attack, which has become one of the network security risks that cannot be ignored in the construction of new power systems.\\n\\n\\n\\nThis study aims to resist the increasing risk of APT attacks in the construction of new power systems, this paper proposes an attack detection model based on Deep Packet Inspection (DPI) and Transformer\\n\\n\\n\\nFirstly, we extracted 606 traffic characteristics from the original traffic data through the extended CIC Flowmeter and used them all to train the Transformer network. Then, we used the DPI-Transformer model and traffic labels to perform feature analysis on the traffic data and finally obtained the APT-Score. If the APT-Score is greater than the threshold, the alarm module is triggered.\\n\\n\\n\\nBy analyzing the headers and payloads of the network traffic in the APT-2020 dataset, the experimental results show that the detection accuracy of APT attacks by the DPI-Transformer detection model is significantly higher than that of the current mainstream APT attack detection algorithms.\\n\\n\\n\\nCombined with the characteristics of the new power system and APT attacks, this paper proposes an attack detection model DPI-Transformer, which proves that the model has greatly improved the detection accuracy.\\n\",\"PeriodicalId\":43275,\"journal\":{\"name\":\"Recent Advances in Electrical & Electronic Engineering\",\"volume\":\"33 1\",\"pages\":\"\"},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2023-05-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Recent Advances in Electrical & Electronic Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2174/2352096516666230504111123\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Recent Advances in Electrical & Electronic Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2174/2352096516666230504111123","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

摘要

近年来，电力领域网络安全攻击事件频发，给电力系统的生产、输电、供电带来了巨大的风险，而高级持续威胁(Advanced Persistent Threat, APT)是一种隐蔽的高级网络安全攻击，已成为新建电力系统建设中不可忽视的网络安全风险之一。为了抵御新型电力系统建设中日益增加的APT攻击风险，本文提出了一种基于深度包检测(Deep Packet Inspection, DPI)和Transformer的攻击检测模型。首先，通过扩展CIC流量计从原始流量数据中提取606个流量特征，并全部用于训练Transformer网络。然后，我们使用DPI-Transformer模型和交通标签对交通数据进行特征分析，最终得到APT-Score。如果APT-Score大于设置的阈值，则触发告警模块。通过分析APT-2020数据集中网络流量的报头和有效负载，实验结果表明，DPI-Transformer检测模型对APT攻击的检测精度明显高于目前主流的APT攻击检测算法。结合新型电力系统和APT攻击的特点，提出了一种DPI-Transformer攻击检测模型，实验证明该模型大大提高了检测精度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

APT Attack Detection of a New Power System Based on DPI-Transformer

In recent years, the frequent occurrence of network security attacks in the power field has brought huge risks to the production, transmission, and supply of power systems, and Advanced Persistent Threat (APT) is a covert advanced network security attack, which has become one of the network security risks that cannot be ignored in the construction of new power systems. This study aims to resist the increasing risk of APT attacks in the construction of new power systems, this paper proposes an attack detection model based on Deep Packet Inspection (DPI) and Transformer Firstly, we extracted 606 traffic characteristics from the original traffic data through the extended CIC Flowmeter and used them all to train the Transformer network. Then, we used the DPI-Transformer model and traffic labels to perform feature analysis on the traffic data and finally obtained the APT-Score. If the APT-Score is greater than the threshold, the alarm module is triggered. By analyzing the headers and payloads of the network traffic in the APT-2020 dataset, the experimental results show that the detection accuracy of APT attacks by the DPI-Transformer detection model is significantly higher than that of the current mainstream APT attack detection algorithms. Combined with the characteristics of the new power system and APT attacks, this paper proposes an attack detection model DPI-Transformer, which proves that the model has greatly improved the detection accuracy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Recent Advances in Electrical & Electronic Engineering ENGINEERING, ELECTRICAL & ELECTRONIC-

CiteScore

1.70

自引率

16.70%

发文量

101

期刊介绍： Recent Advances in Electrical & Electronic Engineering publishes full-length/mini reviews and research articles, guest edited thematic issues on electrical and electronic engineering and applications. The journal also covers research in fast emerging applications of electrical power supply, electrical systems, power transmission, electromagnetism, motor control process and technologies involved and related to electrical and electronic engineering. The journal is essential reading for all researchers in electrical and electronic engineering science.