Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Causal knowledge-based power information network attack scene reconstruction method and system

A network attack and power information technology, applied in transmission systems, electrical components, electrical digital data processing, etc., can solve the problems of alarm division and automatic identification of false alarms, complex and difficult causal knowledge, and relying on expert knowledge, etc. Carry out targeted, improve defense measures, and enrich the effect of scene information

Pending Publication Date: 2020-08-14
GLOBAL ENERGY INTERCONNECTION RES INST CO LTD +3
View PDF2 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Therefore, the technical problem to be solved by the present invention is to overcome the defects in the prior art of excessive reliance on expert knowledge, difficulty in alarm division and automatic identification of false alarms, many unknown parameters, and complicated and difficult causal knowledge, thereby providing a causal knowledge-based Method and system for reconstruction of power information network attack scene

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Causal knowledge-based power information network attack scene reconstruction method and system
  • Causal knowledge-based power information network attack scene reconstruction method and system
  • Causal knowledge-based power information network attack scene reconstruction method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] The embodiment of the present invention provides a power information network attack scenario reconstruction method based on causal knowledge, such as figure 1 shown, including the following steps:

[0045] Step S1: Receive alarm information uploaded by security devices in the network. In the embodiment of the present invention, when a network attacker attacks the target network, the attacker's attack action will trigger security devices in the target network, such as IDS (Intrusion Detection System), Firewall, etc. to generate alarm information (such as log alarm) ; After the security device generates the alarm information, it uploads the generated alarm information to the server.

[0046] Step S2: format the alarm information, and eliminate incomplete alarm information. In the embodiment of the present invention, the alarm information is preprocessed. First, IDMEF (The Intrusion Detection Message Exchange Format) is used to format the alarm information; secondly, the...

Embodiment 2

[0089] The embodiment of the present invention provides a power information network attack scenario reconstruction system based on causal knowledge, such as Figure 8 shown, including:

[0090] The receiving module 1 is configured to receive alarm information uploaded by security devices in the network. This module executes the method described in step S1 in Embodiment 1, which will not be repeated here.

[0091] The preprocessing module 2 is used to format the alarm information and remove incomplete alarm information. This module executes the method described in step S2 in Embodiment 1, which will not be repeated here.

[0092] The filtering module 3 is used to extract alarm events from the alarm information, arrange the alarm events into an alarm sequence in chronological order, obtain the alarm cycle value according to the alarm sequence, and check the correctness of the alarm cycle value to filter false alarm information. This module executes the method described in ste...

Embodiment 3

[0098] An embodiment of the present invention provides a computer device, such as Figure 9 As shown, the device may include a processor 71 and a memory 72, wherein the processor 71 and the memory 72 may be connected via a bus or in other ways, Figure 9 Take connection via bus as an example.

[0099] The processor 71 may be a central processing unit (Central Processing Unit, CPU). Processor 71 can also be other general processors, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-Programmable Gate Array, FPGA) or Other chips such as programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or combinations of the above-mentioned types of chips.

[0100] As a non-transitory computer-readable storage medium, the memory 72 can be used to store non-transitory software programs, non-transitory computer-exe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a causal knowledge-based power information network attack scene reconstruction method and system. The method comprises the steps: receiving alarm information uploaded by security equipment in a network; formatting the alarm information, and removing incomplete alarm information; extracting alarm events from the alarm information, arranging the alarm events into an alarm sequence according to a time sequence, performing correctness check on an alarm period value obtained according to the alarm sequence, and filtering false alarm information; clustering the alarm events in the alarm sequence according to the correlation between the alarm event addresses, and dividing an attack scene sequence; mining a statistical association relationship among the alarm event types ofthe safety equipment in the attack scene sequence to form causal knowledge; and judging an attack scene of the alarm sequence by utilizing a preset algorithm. By implementing the method and the device, the association analysis capability of massive alarm events is improved, information loss in alarm information preprocessing is avoided, and convenient conditions are provided for subsequent causalknowledge construction in an actual environment.

Description

technical field [0001] The invention relates to the field of electric power information security, in particular to a method and system for reconstructing attack scenarios of electric power information network based on causal knowledge. Background technique [0002] With the promotion of the company's ubiquitous power Internet of Things strategy and the extensive application of advanced information and communication technology and Internet + in the power grid, the power system has gradually broken the previous closedness and proprietary nature, and the construction of an open, interactive and widely interconnected power business system As the deployment becomes more widespread, the power business system suffers from more and more cyber attacks, and the attack methods become more complex and diverse. APT (advanced persistent threat, advanced persistent threat) attack cases have been discovered. In response to such security risks, a variety of security protection devices are de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F17/14G06Q10/06G06Q50/06G06Q50/30
CPCH04L63/1425H04L63/1441G06F17/141G06Q10/0635G06Q50/06G06Q50/40
Inventor 崔洁席泽生张波马媛媛李洁邵志鹏管小娟陈牧陈璐李尼格李勇陈亮王建宽张国强殷博林永峰石伟
Owner GLOBAL ENERGY INTERCONNECTION RES INST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com