Research on Power Terminal Attack Detection Technology Based on ATT&CK Multi-modal Perception

Research on Power Terminal Attack Detection Technology Based on ATT&CK Multi-modal Perception

연구 분야: Safety

학회: CNSCT '24: Proceedings of the 2024 3rd International Conference on Cryptography, Network Security and Communication Technology

There are a large number of power terminals and complex environments, facing prominent attack risks, which are related to the safe operation of the entire power grid. This paper proposes a power terminal attack detection technology based on the ATT&CK framework, which analyzes and detects attack behaviors through multi-modal perception. Collect attack-related data from various power terminals, combine it with the Bayesian framework to determine the attack technology, map the attack stages and realize the reconstruction of the attack path and the prediction of the attack target. Finally, the technology is applied through the data lake and microservice fusion architecture. This paper proposes a fusion method of attack data in electric power information network, solves the problem of correlation between the ATT&CK framework and the attack process, and expands the attack behavior detection capability of multi-source data fusion.