Research On APT Detection Method Of New Power System

In recent years,China’s power industry committed to the construction of new power system.But the construction of new power system means a large number of new energy equipment and power electronic equipment access,which will undoubtedly increase the network security risk of the power system.As a kind of hidden,complex and highly harmful network attacks,Advanced Persistent Threat(APT)has become one of the network security risks.Therefore,the research on APT attack detection for new power systems is urgent at this stage.In order to cope with the APT attack risk faced during the construction of new power systems,the paper first analyzes the digital support system of new power systems and describes the possible attack surface and its characteristics of APT attacks against new power systems,based on which two APT attack detection models based on hybrid deep learning,LSTM_SAE and LSTM_CNN,are proposed.Then further mining the global dependencies of attack data sequences,the LSTM_Transformer attack detection model is proposed,and the experimental results show that compared with the mainstream algorithms in the industry,LSTM_Transformer has significant improvement in speed and accuracy.Specific research includes:(1)Analyzing the new power system digital support system and its characteristics,and analyzing the potential attack surface and harm of APT attacks against the new power system according to the characteristics of APT attacks.(2)Combining the characteristics of the new power system and the characteristics of APT attacks,eight common network security datasets in the industry are compared in terms of attack phase coverage,common attack vector coverage,similarity between the attack simulation system and the new power system,etc.The dataset that can best restore the real scenario of APT attacks is selected,and a data pre-processing method that can handle a large amount of traffic in real time is introduced.(3)Combining the above datasets and preprocessing methods,two improvement methods for LSTM detection models are proposed,i.e.,using hybrid deep learning techniques to design attack detection models LSTM_SAE and LSTM_CNN and perform model evaluation and testing,and the advantages and disadvantages of hybrid deep learning for detecting such attack traffic are found.(4)To further explore the global dependencies of attack data sequences,the LSTM_Transformer model with attention mechanism is introduced,and finally the superiority of LSTM_Transformer is demonstrated by multi-dimensional comparison with other attack detection algorithm models commonly used in the industry.