Research On Intelligent Network Security Situation Awareness Technology For Power Monitoring And Control System

At present,various network attacks occur from time to time,such as vulnerability attacks,distributed denial of service attacks,malware attacks and so on,causing serious economic losses and adverse social impact.Although many kinds of network security threat detection and defense technologies,such as malware detection,vulnerability detection,intrusion detection,packet filtering,have been proposed by academic circles and industry circles.Nowadays,the types of network attacks are complex and changeable,and the existing threat detection and defense technologies are not enough to deal with the current situation of network security.The problem of network security is becoming more and more serious,which not only has a great impact on people's daily life and work,but also endangers national security.Network Security Situation Awareness(NSSA)technology evaluates the network security situation by collecting various network security elements,identifying and understanding different types of threats in the network.Network security situation awareness technology can comprehensively understand the real threats in the network system,quantify and evaluate the security risks in the network system,improve the monitoring,prediction and emergency response ability of the network system,and help to improve the current status of network security.It has become one of the hot research fields.However,there are still some deficiencies in the existing network security situation awareness technology,such as the inaccuracy of existing host threat identification technology,poor adaptability of the existing network risk quantitative assessment technology,and difficult to assess potential network security risks.To solve these problems,the text proposes a series of methods to enhance network security situation awareness technology for the power monitoring and control system.Aiming at addressing the problem of inadequate detection accuracy and recall rate of existing malware caused by anti-detection technologies such as code confusion,this paper proposes a Packed malware detection technology based on system kernel call behavior.By collecting the log data of the software calling system core,analyzing the time sequence of the system core call,the system core call binary is constructed to represent the context of the system core call.Based on the information gain theory,sensitive system kernel call instances are extracted to denoise confused malware behavior,and the sub-sequences are represented based on statistical representation.Finally,deep belief network is used to train the detection model of abnormal system kernel call sequence.The theoretical analysis and experimental results show that the Packed detection method proposed in this paper has 92% of accuracy.Aiming at addressing the problem of high false alarm rate of existing alarm information aggregation and association analysis technology,this paper proposes an intrusion detection technology based on alarm information fusion analysis.The intrusion detection technology collects intrusion alarm information of host in real time,extracts IP address,port number and type of alarm,builds 3D model of alarm information,aggregates and correlates alarm information,and uses 3D convolutional neural network adaptive training detection model to detect intrusion accurately,effectively avoids the coverage rate of new attack activities by constructing rule base manually.Theoretical analysis and experimental results show that the proposed network intrusion detection method has 86% of accuracy.Aiming at addressing the problem that traditional industrial control system attack detection methods are difficult to detect complex attack activities,a new method of system attack detection based on security event evidence combination reasoning is proposed.An improved D-S evidence combination method is proposed to identify complex attacks more effectively,and a strategy of evidence classification and synthesis is proposed to discover multiple network attacks that may exist in the same period of time.According to the time series of security incidents,the deviation degree of security incidents is calculated,and the evidence is weighted by the deviation degree to improve the accuracy of attack detection.At the same time,the method uses evidence theory to identify conflict evidence to effectively identify multiple attacks in the same period.Theoretical analysis and experimental results verify that the proposed attack activity identification method achieve more than 90% of accuracy.Aiming at addressing the problem that potential network security risks are difficult to assess,this paper proposes a network security situation Distribution Assessment Technology Based on network risk projection and propagation analysis.Network topology structure is constructed according to the network node communication in DNS data.Threat sources are identified by marking known anomalous network nodes.This paper analyses the impact of threat sources on the accessible network nodes and the characteristics of risk propagation behavior,builds a network risk propagation model,and evaluates the impact of threat sources on other nodes by using belief propagation method based on random walk theory to quantifythe distribution of network security situation and predict the potential risks of network nodes.The theoretical analysis and experimental results show that the method of network security situation Distribution Assessment Based on confidence propagation proposed in this paper can achieve 98% precision and 86% recall.