Data Interaction Security Monitoring Technology Based on Behavior Graph Representation

Data Interaction Security Monitoring Technology Based on Behavior Graph Representation

연구 분야: Infrastructure

학회: CNSCT '24: Proceedings of the 2024 3rd International Conference on Cryptography, Network Security and Communication Technology

During the operation of new power system, attackers may access multiple services at the same time through multiple accounts. In this case, monitoring an account alone will not identify the exception. In addition, malicious accounts sometimes perform abnormal operations, and operate normally most of the time to hide their abnormal behavior, increasing detection difficulty. Therefore, this paper proposes a data interaction security monitoring technology based on behavior graph representation. To be specific, we construct network traffic as a dynamic graph by data security monitoring technique based on DPDK and DPI as well as distributed log parsing and service access feature extraction technique. Then, we map the dynamic graph to a vector representation by extracting and coding regional subgraphs, and realize the anomaly detection of regional data by identifying the variable degree of the graph at different time in the high-latitude space.