计算机与现代化

• 信息安全 • 上一篇    下一篇

基于蚁群算法的电力数据网络APT攻击预警模型

  

  1. (遵义市供电局信息中心,贵州遵义563000)
  • 收稿日期:2018-05-22 出版日期:2019-01-30 发布日期:2019-01-30
  • 作者简介:梁晶亮(1975-),男,贵州遵义人,高级工程师,本科,研究方向:电网信息安全,E-mail: powergridlyj@tom.com; 黄军胜(1978-),男,贵州遵义人,高级工程师,本科,研究方向:电网信息安全; 白树军,贵州遵义人,高级工程师,研究方向:电网信息安全; 王鹏,贵州遵义人,高级工程师,研究方向:电网信息安全; 李睿,贵州遵义人,高级工程师,研究方向:电网信息安全。
  • 基金资助:
    遵义供电局网络威胁主动发现和预警研究项目(0603002017030102XX00001)

APT Attack Prediction Model for Power Data Network Based on Ant Colony Algorithm

  1. (Information Center, Zunyi Power Supply Bureau, Zunyi 563000, China)
  • Received:2018-05-22 Online:2019-01-30 Published:2019-01-30

摘要: 高级持续性威胁(Advanced Persistent Threat, APT)是通过预先对攻击对象的业务流程和目标系统进行多维度、多阶段、多对象的持续信息采集,隐匿地实现网络空间的数据窃取。电力网络具有天然的稳定性需求,其覆盖广、涉及面大、灾后损失大。当前APT攻击预警技术存在网络节点碎片化的有限安全域以及全域特征动态检测问题。本文提出基于蚁群算法的电力数据网络APT攻击预警模型。通过设计电力网络的全域可信系统模型,采用流形进行安全边界扩散,将碎片化节点进行柔性关联,确保全域安全控制。构建APT攻击的时效模型,实现攻击对可信系统的损害分析。将APT攻击特征等效为蚁群信息素,实现对APT攻击的自动跟踪和适应。通过实际测试表明,蚁群APT监测预警算法的预警精度有效提升12.6%。

关键词: 高级持续性威胁, 安全威胁, 攻击预警, 蚁群算法

Abstract:  Advanced Persistent Threat (ATP) continuously collects business processes and target systems of attack objects in advance by the way of multi-dimension, multi-stage and multi-object, and anonymously implements data theft of network space. The power network has the natural stability demand, it covers a wide range, involves large scale and has great loss after disaster. There exist the problems of the limited security domain of network node fragmentation and the dynamic detection of the whole domain feature in current APT attack predictions. In this paper, an ATP attack prediction model for power data network based on ant colony algorithm is proposed. By designing the global trusted system model of power network, we use manifold to spread the security boundary and link the fragmented nodes to ensure global security control. The time model of APT attack is built to realize the damage analysis of the attack to the trusted system. Attack prediction model is equivalent to ant colony pheromone, which realizes automatic tracking and adaptation of APT attack. The tests and simulations show that the new model improves prediction accuracy by 12.6%.

Key words: advanced persistent threat, security threat, attack prediction, ant colony algorithm

中图分类号: