基于多步攻击检测的电力监控系统安全事件检测模型
首发时间:2019-07-15
摘要:本文提出了一个基于多步攻击检测的电力监控系统安全事件分析模型,模型通过IP关联构建攻击树,攻击树经过聚合处理后转化为攻击链;经过负因果关联和非继发事件对攻击链进行剪枝和降噪,形成最终的攻击链和可视化攻击图。该模型依靠少量的先验知识自动化提取多步攻击事件,并展示其在IP之间的转移轨迹。
关键词: 网络空间安全 智能电网安全 告警关联 多步攻击检测 攻击图
For information in English, please click here
A Multi-step Attack Detection Model Based on Alerts of Smart Grid
Abstract:In this paper, a multi-step attack detection model based on alerts of SGMS is proposed. In this model, alert graphs are constructed through IP correlation, and then transformed into candidate attack chains after being aggregated. Consequently, the candidate preliminary attack chains are pruned and denoised by negative causal correlation and non-cascading events. Finally, attack chains and visual attack graphs are formed. Our proposal model needs a little of priori knowledge while automatically extracting multi-step attack events and demonstrating the trajectories among IPs.
Keywords: Cyberspace Security Smart Grid Security Alert correlation Multi-step attack Attack graph
引用
No.****
同行评议
勘误表
基于多步攻击检测的电力监控系统安全事件检测模型
评论
全部评论0/1000