一种基于ATT&CK的新型电力系统APT攻击建模  被引量:4

An Advanced Persistent Threat Model of New Power System Based on ATT&CK

在线阅读下载全文

作  者:李元诚[1] 罗昊 王庆乐 李建彬 LI Yuancheng;LUO Hao;WANG Qingle;LI Jianbin(School of Control and Computer Engineering,North China Electric Power University,Beijing 102206,China)

机构地区:[1]华北电力大学控制与计算机工程学院,北京102206

出  处:《信息网络安全》2023年第2期26-34,共9页Netinfo Security

摘  要:以新能源为主体的新型电力系统,新能源与多元负荷形态比例大幅提升。高比例的可再生新能源与电力电子设备的接入以及供给侧和需求侧的随机性,导致电网遭受的攻击面增大,攻击者利用隐蔽和复杂的手段针对新型电力系统发动高级可持续威胁攻击,严重影响电网调度与能源消纳。文章基于ATT&CK知识库建立了面向新型电力系统APT攻击的杀伤链模型,针对传统方法难以将APT攻击技术划分到杀伤链攻击阶段,从而导致安全员无法迅速做出防御决策的情况,提出了一种基于杀伤链模型的APT攻击技术阶段划分方法,并采用Bert模型对技术文本进行语义分析,自动将攻击技术划分到所属阶段。实验结果表明,文章所提方法比现有模型具有更好的效果。The establishment of a new power system with new energy as the main body has greatly increased the proportion of new energy and multiple load forms.The high proportion of renewable energy and power electronic equipment access,as well as the randomness of the supply side and the demand side,lead to an increase in the attack surface of the power grid.Advanced persistent threat(APT),which tamper or block data,seriously affect grid scheduling and energy consumption.Based on the ATT&CK knowledge base,a kill chain model for APT attacks on new power systems was established.It is difficult to divide the APT attack technology into the kill chain attack stage,resulting in the inability of security personnel to make defense decision-making quickly,a method of dividing APT attack technology stages based on the kill chain model was proposed.The Bert model was used to perform semantic analysis on technical texts,and the attack technologies were automatically divided into their respective stages by training the model.Experimental results show that this method achieves better results than existing models.

关 键 词:新型电力系统 APT攻击 ATT&CK 攻击建模 Bert模型 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象