Research On Active Defense Of Power Distribution Internet Of Things Based On Data-driven

As a key link in the development and construction of power systems,the safe operation of the pwer distribution Internet of Things is crucial to the stability and reliability of power system.With the widespread application of computer networks and communication technologies in the pwer distribution Internet of Things,while improving the construction,operation,maintenance,and management capabilities of pwer distribution Internet of Things,they also face more security risks.In recent years,network attacks against the pwer distribution Internet of Things have frequently erupted,and exhibit characteristics such as strong concealment,long duration,and difficulty in detection,seriously affecting the normal operation of the pwer distribution Internet of Things.Therefore,it is of great significance to study network attack models and defense methods for the pwer distribution Internet of Things.Aiming at the modern complex network attacks of the pwer distribution Internet of Things,the paper adopts a kill chain model based on ATT&CK to model it,and proposes an active threat hunting defense method based on improved Transformer to achieve effective defense against unknown threats.The specific research content is as follows:(1)This paper analyzes the ATT&CK framework that contains rich attack behaviors,and proposes a kill chain model based on ATT&CK.Aiming at the mapping problem of attack technology to the kill chain model,an attack matching method based on the ALBERT-BiLSTM model is proposed,which maps attack technologies commonly used by different organizations to each stage of the kill chain,constructs an attack chain,and achieves an understanding of the intrusion process and attack intent.Finally,experimental results show that the proposed attack matching method has good performance.(2)Aiming at the increasingly advanced network attack methods in pwer distribution Internet of Things,traditional defense methods can only detect known threats and have weak defense capabilities against unknown threats,a threat hunting active defense framework is proposed.As threat identification is an important part of the threat hunting framework,an improved Transformer network model is constructed for threat detection by introducing an additive attention mechanism and residual weight parameters into the Transformer network.Experimental results show that the proposed model can detect attack types with higher accuracy and further shorten detection time compared to other detection methods.This helps to identify threats in the early stages of the kill chain,take appropriate defensive measures,and improve the overall level of security protection for the pwer distribution Internet of Things.(3)Based on the above research,an active defense system based on the pwer distribution Internet of Things is designed and implemented.It not only designs the construction process of the attack model and defense model,but also elaborates the detailed functions of the core modules.Finally,the system is tested from both functional and performance aspects,indicating that the designed system is effective.