In a modern microservice architecture, the largescale distribution of services and high concurrency access make anomaly monitoring particularly complex. Traditional monitoring methods usually rely on a single data dim...
详细信息
ISBN:
(数字)9798331541729
ISBN:
(纸本)9798331541736
In a modern microservice architecture, the largescale distribution of services and high concurrency access make anomaly monitoring particularly complex. Traditional monitoring methods usually rely on a single data dimension, such as request delay or resource utilization, making capturing complex abnormal patterns challenging. Therefore, this paper proposes a microservice anomaly monitoring method based on multidimensional spatiotemporal feature reconstruction, aiming to reconstruct the complete feature space by integrating different data sources to improve the accuracy and robustness of anomaly detection. This paper’s method first extracts adequate data, such as service response time and service call chain from the tracking dataset, with time and space as the core and constructs it into a multi-dimensional feature matrix, fully considering the spatial and temporal correlation between microservices. Second, this paper introduces a deep learning model combining convolutional neural networks and gated recurrent cells to capture dynamic dependence and feature interactions in spatiotemporal dimensions. The convolutional neural network module extracts the spatial dependence through the convolution operation, while the gating cycle unit module captures the changing trend of the time series. By paralleling two modules and introducing the attention mechanism, the model is optimized with the reconstruction error, and finally, the network abnormality is judged by setting the threshold.
The development of Internet of Things (IoT) technology brings convenience to the development of the electric power business but also brings security risks. Moreover, owing to the massive heterogeneity of IoT terminals...
The development of Internet of Things (IoT) technology brings convenience to the development of the electric power business but also brings security risks. Moreover, owing to the massive heterogeneity of IoT terminals, traditional securityprotection measures are restricted in terms of deployment, adaptation, operation, maintenance, and other aspects. Docker containers take up fewer resources and are easy to transplant; therefore, they are suitable for deploying secure ap-plications in the IoT computing environment with limited resources and power. This study fo-cuses on the container virtualization technology of the security applications on electric power IoT terminals. We propose a general process for application containerization to standardize the work done in each stage of containerization. The union file system is used to build a multilayer container architecture to reduce resource usage and improve deployment speed. Thus, the secu-rity applications can be run in containers to realize their real-time deployment and real-time op-eration in the heterogeneous intelligent electric power IoT terminals to achieve the security ca-pabilities of on-demand orchestration and timely response of electric power IoT terminals.
Advanced persistent threat (APT) attack is one of the most serious threats to power system cybersecurity. ATT&CK framework integrates the known historical and practical APT attack tactics and techniques to form a...
Advanced persistent threat (APT) attack is one of the most serious threats to power system cybersecurity. ATT&CK framework integrates the known historical and practical APT attack tactics and techniques to form a general language for describing hacker behavior and an abstract knowledge base framework for hacker attacks. Combined with the ATT&CK for ICS framework, this paper combed the known attack techniques used by viruses or hacker groups aimed at cyberattacks on infrastructure, especially power systems. Then found the corresponding mitigations for each attack technique, and merged them. Next, we listed the high frequency and important mitigations for reference. At last, we proposed a cybersecurity defense model suitable for ICS to provide a reference for security teams on how to apply ATT&CK and other similar cyberattack frameworks.
The digital twin of distribution network covers models including topology, geography, space, production, operation, control, measurement, marketing, electric field, etc. There is no unified rule framework for multi do...
详细信息
ISBN:
(纸本)9798400707087
The digital twin of distribution network covers models including topology, geography, space, production, operation, control, measurement, marketing, electric field, etc. There is no unified rule framework for multi domain ontology modeling methods, and there is an urgent need for model fusion and comprehensive utilization. This article focuses on the cross domain joint modeling problem of distribution network ontology, conducts research on the fusion method of multi domain ontology models of distribution network digital twins, proposes a multi type model resource fusion and comprehensive utilization method with equipment and facilities as the core, integrates business models and powergrid models, studies multi domain ontology model fusion interoperability technology for digital twins, and realizes the comprehensive utilization of distribution network digital twin model resources.
In this paper, we propose an attack perception capability assessment method based on the specific semantic search for the problem of attack perception capability assessment of securityprotection equipment for power m...
详细信息
ISBN:
(数字)9798350353594
ISBN:
(纸本)9798350353600
In this paper, we propose an attack perception capability assessment method based on the specific semantic search for the problem of attack perception capability assessment of securityprotection equipment for powermonitoring systems. The method aims to improve the recognition and localization accuracy of common attacks by accurately correlating the output products of security equipment with the execution of attack test cases. The research employs an attack-specific semantic generation technique that combines attack attribute values with timestamps to form specific semantics for subsequent matching. Pattern matching algorithm, specifically the BM (Boyer-Moore) algorithm, is further utilized to match the specific semantics with the output products of the security device Snort to achieve attack localization. Experimental results demonstrate that Snort exhibits high accuracy in perceiving the majority of attack types and exhibits an enhanced perception rate compared to certain baseline methods. In summary, the method proposed in this paper effectively improves the sensing ability of security equipment to attacks on the powermonitoring system and provides a new idea for the performance evaluation of securityprotection equipment.
The wireless network physical layer identity authentication technology has received more and more attention due to its strong resistance to camouflage attacks. This work studies a physical layer method that uses radio...
详细信息
The wireless network physical layer identity authentication technology has received more and more attention due to its strong resistance to camouflage attacks. This work studies a physical layer method that uses radio frequency fingerprints to distinguish legitimate devices from illegal devices. This paper proposes the constellation trajectory generated by the fusion of three different length differential intervals of short, medium, and long as the device fingerprint to solve the problem that the traditional single differential interval constellation trajectory can not take into account the frequency offset resolution and the application range of frequency offset. The experimental results show that the fingerprint recognition accuracy of devices using multiple differential interval constellation trajectories is better than traditional methods. On this basis, we propose a radio frequency fingerprint identification method based on the twin neural network. Unlike most previous studies that model the identification problem as a classification problem, the algorithm proposed in this paper detects whether the device under test is a legitimate user device and can authenticate the legal device identity. The results show that the radio frequency fingerprint identification method for wireless devices based on the twin neural network can effectively and accurately identify legal users and illegal users.
The security of fieldbus networks is of utmost importance for industrial control systems. Within fieldbus networks, masquerade attacks and illegal device intrusions are two prevalent forms of attacks. The detection of...
The security of fieldbus networks is of utmost importance for industrial control systems. Within fieldbus networks, masquerade attacks and illegal device intrusions are two prevalent forms of attacks. The detection of these attacks is particularly challenging due to the sophisticated masquerading and deception techniques employed by attackers. To address the challenges of masquerade attacks and illegal device intrusions in fieldbus networks, this paper presents an intrusion detection and localization method based on physical fingerprints. The method involves constructing a physical fingerprint model for each device by collecting voltage signals transmitted in the fieldbus network and extracting relevant time-domain and frequency-domain features from these signals. Additionally, a predictive score detection mechanism is proposed, incorporating a multi-label SVM classification model to accurately identify masquerade attacks and illegal device intrusions within the network. Furthermore, the method utilizes differential delay features to estimate the location of the illegal intrusion device. To validate the effectiveness of the proposed method, it has been implemented on a CAN bus prototype, providing empirical evidence of its validity.
With the widespread use of micro-application-based architecture for power mobility, ensuring secure authentication of users has become one of the challenges that cannot be ignored. Based on this, this paper first anal...
详细信息
The essence of the construction and development of new power systems is to improve the functionality and performance of existing power systems, and the distribution network is the key to the functionality of the power...
详细信息
ISBN:
(纸本)9798400708299
The essence of the construction and development of new power systems is to improve the functionality and performance of existing power systems, and the distribution network is the key to the functionality of the power system. Therefore, the upgrading and optimization of the distribution network is the key to the success of the modern energy revolution, and the development of the distribution network is also faced with management and technical challenges brought by new equipment and resources. This article proposes a distribution network data resource integration and fusion method that takes into account new energy, integrating the constantly emerging new power equipment and facilities as well as their corresponding data resources into existing power information management systems. Using the integrated distribution network data platform as the data base to support the deepening and development of distribution network business applications. Firstly, the data description characteristics of the new power equipment and facilities are sorted out, and the description rule system is extracted using the methods of power equivalence processing and equipment profiling. Due to the lack of standardized description rules for new energy equipment, it is necessary to reorganize and construct a corresponding description rule system. Then map and correspond its description rules with existing power information description rules, find its mapping method, and build a mapping rule library. Finally, based on the mapping rule library, the fusion of new energy data and existing distribution network data resources is achieved, and the accuracy and applicability of data resource fusion are verified by selecting real data from business application scenarios.
The distribution network topology describes the complete architecture of the distribution network from the perspective of the connection relationship between distribution network equipment and facilities, as well as b...
详细信息
ISBN:
(纸本)9798400707087
The distribution network topology describes the complete architecture of the distribution network from the perspective of the connection relationship between distribution network equipment and facilities, as well as business logic. However, the basic data of multimodal distribution networks mostly describes the concrete entities of the distribution network. Only by effectively associating the two can an accurate panoramic topology of the distribution network be constructed. In response to this issue, this article studies the precise mapping method between multimodal data and distribution network topology. Research is device oriented, utilizing methods such as business identification and expert knowledge correction to establish an accurate mapping network between multimodal data and distribution network topology nodes and edges, achieving precise mapping between multimodal data and distribution network topology. This article is based on graph database technology to study the dynamic tracing method of multi temporal topology in distribution networks, achieving dynamic tracing and switching between multi temporal topology versions in distribution networks, and meeting the multi temporal topology version control requirements of multiple business processes. Compared with traditional relational data models, the distribution network panoramic dynamic topology data model is more in line with the physical form of the distribution network, with low complexity and strong scalability. It can quickly query multi temporal topology dynamics, effectively save topology storage space, and improve the efficiency of topology storage and query.
暂无评论