基于机器学习的电网威胁检测算法模型和大数据平台设计

Threat Detection Algorithm Model and Big Data Platform Design of Electric Power Enterprises Based on Machine Learning

近年来,电力企业高价值数据和重要业务面临的网络攻击风险越来越严重,新型网络攻击技术、APT组织与攻击手段等对电力企业安全生产造成了严重威胁。针对各类型攻击形式,通用的威胁检测模型难以匹配电力生产实际网络和业务环境,存在检出率低、误报率高、难部署使用等不足。本文通过构建网络安全大数据平台,对电力企业生产运行和管理办公环境的网络安全相关数据进行统一采集、处理、分析和存储,进一步使用支持向量机、深度神经网络等机器学习算法对数据进行聚合、关联,生成细粒度攻击链条并匹配各类型攻防维基库,实现攻击行为的准确定位和攻击者画像的描绘。本文提出的基于电力企业网络安全大数据平台和威胁检测算法,构建匹配电力行业业务特点的网络安全威胁分析和处置中心,提升电力企业整体网络安全能力。

In recent years,the risk of network attacks on high-value data and important business of electric power enterprises has become more and more serious.New network attack technologies,APT organizations and attack methods have posed serious threats to the safe and stable production of electric power enterprises.For each type of attack form,the common threat detection model is difficult to match the actual network and business environment of electric power production,and there are deficiencies such as low detection rate,high false alarm rate,and difficult to deploy and use.In this paper,by constructing the network security big data platform,we collect,process,analyze and store the network security related data of electric power enterprise,it further uses machine learning algorithms such as support vector machine and deep neural networks to aggregate and correlate data,generating fine-grained attack chains and matching various attack and defense wikis,to achieve the accurate positioning of the attack and the portrait of the attackers.Based on the cyber security big data platform of electric power enterprises and threat detection algorithms,build a cyber security threat analysis and disposal center matching the business characteristics of electric power industry,and improve the overall cyber security capability of electric power enterprises.