基于蚁群算法的电力数据网络APT攻击预警模型

高级持续性威胁(Advanced Persistent Threat,APT)是通过预先对攻击对象的业务流程和目标系统进行多维度、多阶段、多对象的持续信息采集,隐匿地实现网络空间的数据窃取。电力网络具有天然的稳定性需求,其覆盖广、涉及面大、灾后损失大。当前APT攻击预警技术存在网络节点碎片化的有限安全域以及全域特征动态检测问题。本文提出基于蚁群算法的电力数据网络APT攻击预警模型。通过设计电力网络的全域可信系统模型,采用流形进行安全边界扩散,将碎片化节点进行柔性关联,确保全域安全控制。构建APT攻击的时效模型,实现攻击对可信系统的损害分析。将APT攻击特征等效为蚁群信息素,实现对APT攻击的自动跟踪和适应。通过实际测试表明,蚁群APT监测预警算法的预警精度有效提升12.6%。

APT Attack Prediction Model for Power Data Network Based on Ant Colony Algorithm

 Advanced Persistent Threat (ATP) continuously collects business processes and target systems of attack objects in advance by the way of multi-dimension, multi-stage and multi-object, and anonymously implements data theft of network space. The power network has the natural stability demand, it covers a wide range, involves large scale and has great loss after disaster. There exist the problems of the limited security domain of network node fragmentation and the dynamic detection of the whole domain feature in current APT attack predictions. In this paper, an ATP attack prediction model for power data network based on ant colony algorithm is proposed. By designing the global trusted system model of power network, we use manifold to spread the security boundary and link the fragmented nodes to ensure global security control. The time model of APT attack is built to realize the damage analysis of the attack to the trusted system. Attack prediction model is equivalent to ant colony pheromone, which realizes automatic tracking and adaptation of APT attack. The tests and simulations show that the new model improves prediction accuracy by 12.6%.