APT Attack Detection of a New Power System based on DPI-transformer

Yazhuo      Zhang; Yuancheng      Li

doi:10.2174/2352096516666230504111123

Abstract

Introduction: In recent years, the frequent occurrence of network security attacks in the power field has brought huge risks to the production, transmission, and supply of power systems, and Advanced Persistent Threat (APT) is a covert advanced network security attack, which has become one of the network security risks that cannot be ignored in the construction of new power systems.

Objective: This study aims to resist the increasing risk of APT attacks in the construction of new power systems, this paper proposes an attack detection model based on Deep Packet Inspection (DPI) and Transformer.

Methods: Firstly, we extracted 606 traffic characteristics from the original traffic data through the extended CIC Flowmeter and used them all to train the Transformer network. Then, we used the DPI-Transformer model and traffic labels to perform feature analysis on the traffic data and finally obtained the APT-Score. If the APT-Score is greater than the threshold, the alarm module is triggered.

Results: By analyzing the headers and payloads of the network traffic in the APT-2020 dataset, the experimental results show that the detection accuracy of APT attacks by the DPI-Transformer detection model is significantly higher than that of the current mainstream APT attack detection algorithms.

Conclusion: Combined with the characteristics of the new power system and APT attacks, this paper proposes an attack detection model DPI-Transformer, which proves that the model has greatly improved the detection accuracy.

« Previous Next »

Graphical Abstract

[1]
"Strive to achieve carbon peak before 2030 and carbon neutrality before 2060 – winning the tough battle of low-carbon transformation [EB\OL]",  Available From: http://www.gov.cn/xinwen/2021-04/02/content_5597403.htm
[2]
A.K. Sood,  and R.J. Enbody, "Targeted cyberattacks: A superset of advanced persistent threats", IEEE Secur. Priv., vol. 11, no. 1, pp. 54-61, 2012.
[3]
Z. Chen, J. Liu, Y. Shen, M. Simsek, B. Kantarci, H.T. Mouftah,  and P. Djukic, "Machine learning-enabled IOT security: Open issues and challenges under advanced persistent threats", ACM Comput. Surv., vol. 55, no. 5, pp. 1-37, 2023.
 [http://dx.doi.org/10.1145/3530812]
[4]
D.E.A. Mansour, "Development of a new graphical technique for dissolved gas analysis in power transformers based on the five combustible gases", IEEE Trans. Dielectr. Electr. Insul., vol. 22, no. 5, pp. 2507-2512, 2015.
 [http://dx.doi.org/10.1109/TDEI.2015.004999]
[5]
K.N. Koutras, G.D. Peppas, T.T. Fetsis, S.N. Tegopoulos, V.P. Charalampakos, A. Kyritsis, A.G. Yiotis, I.F. Gonos,  and E.C. Pyrgioti, "Dielectric and Thermal response of TiO2 and SiC natural ester based nanofluids for use in power transformers", IEEE Access, vol. 10, pp. 79222-79236, 2022.
 [http://dx.doi.org/10.1109/ACCESS.2022.3194516]
[6]
M. Elsisi, M.Q. Tran, K. Mahmoud, D-E.A. Mansour, M. Lehtonen,  and M.M.F. Darwish, "Effective IoT-based deep learning platform for online fault diagnosis of power transformers against cyberattacks and data uncertainties", Measurement, vol. 190, p. 110686, 2022.
 [http://dx.doi.org/10.1016/j.measurement.2021.110686]
[7]
Y. Su, Y. Zhao,  and C. Niu, "Robust anomaly detection for multivariate time series through stochastic recurrent neural network",. In Proceedings of the 25th ACM SIGKDD international conference on knowledge discovery & data mining., 2019, pp. 2848-2856 
[8]
K. Hundman, V. Constantinou,  and C. Laporte, "Detecting spacecraft anomalies using lstms and nonparametric dynamic thresholding",. In Proceedings of the 24th ACM SIGKDD international conference on knowledge discovery & data mining., 2018, pp. 387-395 
[9]
J. Audibert, P. Michiardi,  and F. Guyard, "Unsupervised anomaly detection on multivariate time series",. In Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, 2020, pp. 3395-3404 
[10]
D. Li, D. Chen,  and B. Jin, "Text and Time Series",. In 28th International Conference on Artificial Neural Networks, Munich, Germany, 2019, pp. 703-716 
[11]
C. Do Xuan, "Detecting APT attacks based on network traffic using machine learning", J. Web Eng., vol. 20, no. 1, 2021.
[12]
W. Han, J. Xue, Y. Wang, F. Zhang,  and X. Gao, "APTMalInsight: Identify and cognize APT malware based on system call information and ontology knowledge framework", Inf. Sci., vol. 546, pp. 633-664, 2021.
 [http://dx.doi.org/10.1016/j.ins.2020.08.095]
[13]
T. Schindler, "Anomaly detection in log data using graph databases and machine learning to defend advanced persistent threats", arXiv:1802.00259, vol. 2018, 2018.
[14]
W.U. Hassan, A. Bates,  and D. Marino, "Tactical provenance analysis for endpoint detection and response systems",. 2020 IEEE Symposium on Security and Privacy (SP). IEEE., 2020, pp. 1172-1189. San Francisco
[15]
J.E. Rubio, C. Alcaraz, R. Roman,  and J. Lopez, "Current cyber-defense trends in industrial control systems", Comput. Secur., vol. 87, p. 101561, 2019.
 [http://dx.doi.org/10.1016/j.cose.2019.06.015]
[16]
Z. Zhang,  and C. Kang, "Challenges and prospects for building a new power system under the goal of carbon neutrality", Zhongguo Dianji Gongcheng Xuebao, vol. 42, no. 8, p. 13, 2022.
[17]
B. Li, M. Chen, H. Zhong, Z. Ma, D. Liu,  and G. He, "A review of long-term planning of new power systems with a high proportion of renewable energy[J/OL]", In Proceedings of the CSEE, 2018, pp. 1-27 
 [http://dx.doi.org/10.13334/j.0258-8013.pcsee.212716]
[18]
G. Draper-Gil, A.H. Lashkari,  and M.S.I. Mamun, "Characterization of encrypted and vpn traffic using time-related", In Proceedings of the 2nd international conference on information systems security and privacy (ICISSP), Italy, 2016, pp. 407-414 
[19]
A. Dijk, "Detection of Advanced Persistent Threats using Artificial Intelligence for Deep Packet Inspection", In 2021 IEEE International Conference on Big Data (Big Data). IEEE., Orlando, FL, 2021, pp. 2092-2097 
[20]
P. Malhotra, A. Ramakrishnan,  and G. Anand, "LSTM-based encoder-decoder for multi-sensor anomaly detection", arXiv:1607.00148, 2016.
[21]
S. Rajasegarar, C. Leckie,  and M. Palaniswami, "Anomaly detection in wireless sensor networks", IEEE Wirel. Commun., vol. 15, no. 4, pp. 34-40, 2008.
 [http://dx.doi.org/10.1109/MWC.2008.4599219]
[22]
F. van Wyk, Y. Wang, A. Khojandi,  and N. Masoud, "Real-time sensor anomaly detection and identification in automated vehicles", IEEE Trans. Intell. Transp. Syst., vol. 21, no. 3, pp. 1264-1276, 2020.
 [http://dx.doi.org/10.1109/TITS.2019.2906038]
[23]
S. Myneni, A. Chowdhary,  and A. Sabur, "DAPT 2020 - Constructing a Benchmark Dataset for Advanced Persistent Threats",. In International Workshop on Deployable Machine Learning for Security Defense., 2020, pp. 138-163  San Diego, CASpringer International Publishing,
[24]
N. Moustafa,  and J. Slay, "UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)",. In Military Communications and Information Systems Conference MilCIS), 2015. IEEE., 2015.  Canberra 
[25]
A Saha,  and A. Das, "A detailed analysis of the issues and solutions for securing data", Iosrjournals Org., vol. 4, no. 5, 2012.
[26]
L. Dhanabal,  and S P Shantharajah, "A study on NSL-KDD dataset for intrusion detection system based on classification algorithms", Int. J. adv. res. comput. commun. eng., vol. 4, no. 6, 2015.
[27]
R. Fontugne, P. Borgnat,  and P. Abry, "MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking",. In Proceedings of the 2010 ACM Conference on Emerging Networking., 2010. 
 Philadelphia, PA. [http://dx.doi.org/10.1145/1921168.1921179]
[28]
A. Shiravi, H. Shiravi, M. Tavallaee,  and A.A. Ghorbani, "Toward developing a systematic approach to generate benchmark datasets for intrusion detection", Comput. Secur., vol. 31, no. 3, pp. 357-374, 2012.
 [http://dx.doi.org/10.1016/j.cose.2011.12.012]
[29]
R K Cunningham, R P Lippmann,  and D J Fried, "Evaluating intrusion detection systems without attacking your friends: The 1998 darpa intrusion detection evaluation",. Defense Technical Information Center, vol. 1999. 1999.
[30]
R. Wagner, M. Fredrikson,  and D. Garlan, "An Advanced Persistent Threat Exemplar", Defense Technical Information Center, vol. 2017, 2017.

Rights & Permissions Print Cite

Journal Information

For Authors

For Editors

For Reviewers

Explore Articles

Open Access

Open Access Articles

For Visitors

DOI https://dx.doi.org/10.2174/2352096516666230504111123	Print ISSN 2352-0965
Publisher Name Bentham Science Publisher	Online ISSN 2352-0973

Recent Advances in Electrical & Electronic Engineering

APT Attack Detection of a New Power System based on DPI-transformer

Abstract Play Pause

Graphical Abstract

Related Journals

Related Books

Abstract