An Anomaly Detection Framework for Internal and External Interaction of Power Grid Information Network based on the Attack-chain Knowledge Graph
Authors: 
Qianqian Jin, Mingyan Li, Peng Gao, Ye WangAuthors Info & Claims
Qianqian Jin, Mingyan Li, Peng Gao, Ye WangAuthors Info & ClaimsPages 544 - 550
Abstract
With the gradual opening of the interaction method between the internal and external network, how to effectively detect the attack for the internal network through the external network becomes more and more important. However, traditional security protection measures cannot well detect unknown attacks and multi-step attacks, which leads to a constant threat. This paper proposes a network security knowledge graph model based on an extended attack-chain, combined with a multi-layer anomaly detection system to detect the threat lurked in the network. Finally, the application of the multi-layer anomaly detection framework in the security protection for internal and external boundary of state grid information network is prospected.
References
[1]
Shaji RS, Dev VS, Brindha T. A methodological review on attack and defense strategies in cyber warfare. Wireless Networks. 2019,25(6):3323-3334.
[2]
XIN Yaozhong, SHI Junjie, ZHOU Jingyang. Technology Development Trends of Smart Grid Dispatching and Control Systems[J]. Automation of Electric Power Systems. 2015,39(1):2-8.
[3]
GAO Kunlun, XIN Yaozhong, Li Zhao. Development and Process of Cybersecurity Protection Architecture for Smart Grid Dispatching and Control Systems[J]. Automation of Electric Power Systems. 2015,39(1):48-52.
[4]
Order of the national development and Reform Commission of the people's Republic of China NO.14[J]. The Bulletin of the State Council of the people's Republic of China. 2014.
[5]
GUAN Xiaojuan, HE Gaofeng, ZHOU Cheng, LI Weiwei, HUANG Xiuli. Research on Intranet and Extranet Boundary Security Monitoring Model for Smart Grid[J]. Electric Power Information and Communication Technology. 2016,14(4):66-69.
[6]
YE Shuiyong, WU Bin, CHEN Qingping, etc. Design and Implementation of Monitoring System for Information Intranet-Extranet Boundary Security[J]. 2019,40(1):59-62.
[7]
Hutchins EM, Cloppert MJ, Amin RM. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research. 2011,1(1):80.
[8]
LIU Wenyan, HUO Shuming, Chen Yang. Analysis and study of cyber attack chain model[J]. Journal on Communications. 2018,39(S2):88-94.
[9]
Horridge M, Knublauch H, Rector A, Stevens R, Wroe C. A practical guide to building OWL ontologies using the Protégé-OWL plugin and CO-ODE tools edition 1.0. University of Manchester. 2004.
[10]
Noy N, McGuinness DL. Ontology development 101. Knowledge Systems Laboratory, Stanford University. 2001.
[11]
Grover A, Leskovec J. node2vec: Scalable feature learning for networks. In Proceedings of the 22nd ACM SIGKDD international conference on Knowledge discovery and data mining. 2016,13:855-864.
[12]
Church KW. Word2Vec. Natural Language Engineering. 2017,23(1):155-62.
[13]
Ramos J. Using tf-idf to determine word relevance in document queries. InProceedings of the first instructional conference on machine learning. 2003,242(1):29-48.
[14]
Blondel VD, Guillaume JL, Lambiotte R, Lefebvre E. Fast unfolding of communities in large networks. Journal of statistical mechanics: theory and experiment. 2008(10):10008.
[15]
Liu FT, Ting KM, Zhou ZH. Isolation forest. In2008 eighth ieee international conference on data mining. 2008,12(15):413-422.
[16]
Deshpande M, Kuramochi M, Wale N, Karypis G. Frequent substructure-based approaches for classifying chemical compounds. IEEE Transactions on Knowledge and Data Engineering. 2005 Jun 27;17(8):1036-50.
[17]
Miller JJ. Graph database applications and concepts with Neo4j. InProceedings of the Southern Association for Information Systems Conference, Atlanta, GA, USA. 2013,2324(36).
[18]
Partner J, Vukotic A, Watt N . Neo4j in Action[J]. Pearson Schweiz Ag, 2014.
Recommendations
Graph-based anomaly detection
KDD '03: Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data miningAnomaly detection is an area that has received much attention in recent years. It has a wide variety of applications, including fraud detection and network intrusion detection. A good deal of research has been performed in this area, often using strings ...
A Formal Framework for Program Anomaly Detection
RAID 2015: Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 9404Program anomaly detection analyzes normal program behaviors and discovers aberrant executions caused by attacks, misconfigurations, program bugs, and unusual usage patterns. The merit of program anomaly detection is its independence from attack ...
Research on Detection Method of Large-Scale Network Internal Attack Based on Machine Learning
Machine Learning for Cyber SecurityAbstractAiming at the problem of inaccurate analysis of forged address attack behavior in current detection methods, this paper proposes a large-scale network attack detection method based on machine learning. A large-scale network internal attack ...
Comments
Information & Contributors
Information
Published In
June 2022
905 pages
ISBN:9781450397179
DOI:10.1145/3548608
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 14 October 2022
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICCIR 2022
ICCIR 2022: 2022 2nd International Conference on Control and Intelligent Robot
June 24 - 26, 2022
Nanjing, China
Acceptance Rates
Overall Acceptance Rate 131 of 239 submissions, 55%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 48Total Downloads
- Downloads (Last 12 months)23
- Downloads (Last 6 weeks)2
Reflects downloads up to 15 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format