Research And Implementation Of Security Analysis Scheme Of Key Data In Electric Power Industry Based On UEBA

As a national foundation industry,analyzing the key data of electric power industry has become the focus of data security research.The log data is the key basis of conducting key data security analysis of electric power industry.By extracting log templates from the log data of electric power industry,researchers can judge security incidents accurately and make decisions according to the criticality of security incidents.At present,although the research on log template extraction method has made great progress,there are some shortcomings.In addition,with the rapid increase of related enterprises’ internal data in the electric power industry,due to the lack of reliable internal threat detection schemes,security incidents occur frequently.The existing research on internal threat detection doesn’t go far enough.It is urgent to study a new method dedicated to internal threat detection.Based on the above problems,this thesis will mainly study and implement the security analysis scheme of key data in the electric power industry.The specific research contents are as follows:A log template extraction method of electric power industry based on improved FT-Tree algorithm is proposed.This method improves the FT-Tree algorithm,which does not allow to merge similar log templates after extracting the log templates,and has the drawback of redundancy.Based on the original method,similar log templates are merged.The merging of similar log templates is mainly realized by local hash sensitive algorithm SimHash algorithm.Experiments show that this improved method reduces the redundancy of log template,improves the quality of log template extraction method and achieves fairly good results.An internal threat detection method based on UEBA technology in electric power industry is proposed.This method takes into account the users’ behavior sequence features,action features and role features.And this method makes comprehensive analysis to identify and detect anomalies.The MS-TCN model is used to learn user behavior sequence features.The AC-BiLSTM model is used to learn user action features.And the average of all normal user action features in the same user group is selected as the reference value for role features.The relevant experiments show that this method is greatly improved compared with other internal threat methods,and can effectively detect internal threats.The prototype system of important data security analysis in the electric power industry is designed and implemented.This system mainly visualizes the method of extracting power industry log data template based on the improved FT-Tree algorithm and the new internal threat detection method based on UEBA technology,which is conducive to subsequent security analysis and research.