Abstract
Introduction: In recent years, the frequent occurrence of network security attacks in the power field has brought huge risks to the production, transmission, and supply of power systems, and Advanced Persistent Threat (APT) is a covert advanced network security attack, which has become one of the network security risks that cannot be ignored in the construction of new power systems.
Objective: This study aims to resist the increasing risk of APT attacks in the construction of new power systems, this paper proposes an attack detection model based on Deep Packet Inspection (DPI) and Transformer.
Methods: Firstly, we extracted 606 traffic characteristics from the original traffic data through the extended CIC Flowmeter and used them all to train the Transformer network. Then, we used the DPI-Transformer model and traffic labels to perform feature analysis on the traffic data and finally obtained the APT-Score. If the APT-Score is greater than the threshold, the alarm module is triggered.
Results: By analyzing the headers and payloads of the network traffic in the APT-2020 dataset, the experimental results show that the detection accuracy of APT attacks by the DPI-Transformer detection model is significantly higher than that of the current mainstream APT attack detection algorithms.
Conclusion: Combined with the characteristics of the new power system and APT attacks, this paper proposes an attack detection model DPI-Transformer, which proves that the model has greatly improved the detection accuracy.
Graphical Abstract
[http://dx.doi.org/10.1145/3530812]
[http://dx.doi.org/10.1109/TDEI.2015.004999]
[http://dx.doi.org/10.1109/ACCESS.2022.3194516]
[http://dx.doi.org/10.1016/j.measurement.2021.110686]
[http://dx.doi.org/10.1016/j.ins.2020.08.095]
[http://dx.doi.org/10.1016/j.cose.2019.06.015]
[http://dx.doi.org/10.13334/j.0258-8013.pcsee.212716]
[http://dx.doi.org/10.1109/MWC.2008.4599219]
[http://dx.doi.org/10.1109/TITS.2019.2906038]
Philadelphia, PA. [http://dx.doi.org/10.1145/1921168.1921179]
[http://dx.doi.org/10.1016/j.cose.2011.12.012]