Generic placeholder image

Recent Advances in Electrical & Electronic Engineering

Author(s): Jiexuan Yuan and Yuancheng Li*

DOI: 10.2174/2352096516666230428104141

DownloadDownload PDF Flyer Cite As
An APT Attack Detection Method of a New-type Power System Based on STSA-transformer

Page: [19 - 28] Pages: 10

  • * (Excluding Mailing and Handling)

Explore Articles
About Journal
For Authors
For Editors
For Reviewers

Abstract

Background: Complex structures such as a high proportion of power electronic equipment has brought new challenges to the safe and stable operation of new-type power system, increasing the possibility of the system being attacked, especially the more complex Advanced Persistent Threat (APT). This kind of attack has a long duration and strong concealment.

Objective: Traditional detection methods target a relatively single attack mode, and the time span of APT processed is relatively short. None of them can effectively capture the long-term correlation in the attack, and the detection rate is low. These methods can’t meet the safety requirements of the new-type power system. In order to solve this problem, this paper proposes an improved transformer model called STSA-transformer algorithm, and applies it to the detection of APT in new-type power systems.

Methods: In the STSA-transformer model, the network traffic collected from the power system is first converted into a sequence of feature vectors, and the location information and local feature of the sequence, is extracted by combining position encoding with convolutional embedding operations, and then global characteristics of attack sequences is captured using the multi-head selfattention mechanism of the transformer encoder, the higher-frequency features of the attention are extracted through the self-learning threshold operation, combined with the PowerNorm algorithm to standardize the samples, and finally classify the network traffic of the APT.

Results: After multiple rounds of training on the model, the expected effect can be achieved and applied to the APT detection of a new-type power system.

Conclusion: The experimental results show that the proposed STSA-transformer algorithm has better detection accuracy and lower detection false-alarm rate than traditional deep learning algorithms and machine learning algorithms.

Keywords: Network security, new-type power system, advanced persistent threat, self-attention mechanism, STSAtransformer, false-alarm rate.

Graphical Abstract

[1]
"Xi Jinping presided over the ninth meeting of the Central Finance and Economics Committee", People’s Daily, 2021, New York on May 9 2022
[2]
State Grid Corporation of China Enterprise Standard Summary Table (2003.1.1-2020.12)., Beijing: State Grid Corporation of China, 2021.
[3]
N. Master, J. Mounzer, and N. Bambos, "Distributed smart grid architecture for delay and price sensitive power management", IEEE International Conference on Communications, Sydney, Australia, 2014.
[http://dx.doi.org/ 10.1109/ICC.2014.6883892]
[4]
A. Aydeger, K. Akkaya, M.H. Cintuglu, A.S. Uluagac, and O. Mohammed, "Software defined networking for resilient communications in smart grid active distribution networks", IEEE International Conference on Communications, Kuala Lumpur, Malaysia, 2016.
[http://dx.doi.org/ 10.1109/ICC.2016.7511049]
[5]
A.M. Lajevardi, and M. Amini, "A semantic-based correlation approach for detecting hybrid and low-level APTs", Future Gener. Comput. Syst., vol. 96, pp. 64-88, 2019.
[http://dx.doi.org/10.1016/j.future.2019.01.056]
[6]
M. Marchetti, F. Pierazzi, M. Colajanni, and A. Guido, "Analysis of high volumes of network traffic for Advanced Persistent Threat detection", Comput. Netw., vol. 109, pp. 127-141, 2016.
[http://dx.doi.org/10.1016/j.comnet.2016.05.018]
[7]
S. Siddiqui, M.S. Khan, K. Ferens, and W. Kinsner, "Detecting advanced persistent threats using fractal dimension based machine learning classification", In In Sixth ACM Conference on Data and Application Security and Privacy, New York: USA, 2016, pp. 64-69
[8]
T. Bodström, and T. Hämäläinen, A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory., vol. 11280. Berlin: Springer, 2018, pp. 498-509.
[http://dx.doi.org/10.1007/978-3-030-04648-4_42]
[9]
L. Haibo, "Advanced persistent threat detection based on generative adversarial networks and long short-term memory", Comput. Sci., vol. 47, no. 1, pp. 281-286, 2019.
[10]
A. Zimba, H. Chen, and Z. Wang, "Bayesian network based weighted APT attack paths modeling in cloud computing", Future Gener. Comput. Syst., vol. 96, pp. 525-537, 2019.
[http://dx.doi.org/10.1016/j.future.2019.02.045]
[11]
L. He, L. Xin, N. Yin, and L. Chao, "APT attack detection method combining dynamic behavior and static features", Computer Engineering and Application,, pp. 1-13.
[12]
R. Liang, G. Yue, and X. Zhao, "APT attack detection method on traceability graph based on sequence feature extraction", Chinese Science: Information Science, vol. 52, no. 08, pp. 1463-1480, 2022.
[13]
M. Roopak, G.Y. Tian, and J. Chambers, "Multi‐objective‐based feature selection for DDoS attack detection in IoT networks", IET Netw., vol. 9, no. 3, pp. 120-127, 2020.
[http://dx.doi.org/10.1049/iet-net.2018.5206]
[14]
F.B. Saghezchi, G. Mantas, M.A. Violas, A.M. de Oliveira Duarte, and J. Rodriguez, "Machine learning for DDoS attack detection in industry 4.0 CPPSs", Electronics , vol. 11, no. 4, p. 602, 2022.
[http://dx.doi.org/10.3390/electronics11040602]
[15]
M. Alduailij, Q.W. Khan, M. Tahir, M. Sardaraz, M. Alduailij, and F. Malik, "Machine-Learning-Based DDoS attack detection using mutual information and random forest feature importance method", Symmetry , vol. 14, no. 6, p. 1095, 2022.
[http://dx.doi.org/10.3390/sym14061095]
[16]
G. Chuangxin, Z. Liu, F. Bin, B. Jiang, G. Jun, and F. Li, "Research status and prospects of risk assessment of new-type power system", High Voltage Technology, vol. 48, no. 09, pp. 3394-3404, 2022.
[http://dx.doi.org/10.13336/j.1003-6520.hve.20221101]
[17]
A. Vaswani, N. Shazeer, and N. Parmar, "Attention is all you need", ArXiv, 2301.07583v1, pp. 2999-3007,, 2003.
[18]
W. Zaremba, "Recurrent Neural Network Regularization", ArXiv, 1409.2329v5, , 2014.
[19]
Y. Lecun, L. Bottou, Y. Bengio, and P. Haffner, "Gradient-based learning applied to document recognition", Proc. IEEE, vol. 86, no. 11, pp. 2278-2324, 1998.
[http://dx.doi.org/10.1109/5.726791]
[20]
H. Zhou, S. Zhang, and J. Peng, "Informer: Beyond efficient transformer for long sequence time-series forecasting", Proceedings of AAAI, vol. 35, no. 12, pp. 11106-11115, 2021.
[21]
S. Shen, Z. Yao, and A. Gholami, "Powernorm: Rethinking batch normalization in transformers", Proceedings of the 37th International Conference on Machine Learning, pp. 8741-8751, 2020.
[22]
M. Zhao, S. Zhong, X. Fu, B. Tang, and M. Pecht, "Deep residual shrinkage networks for fault diagnosis", IEEE Trans. Industr. Inform., vol. 16, no. 7, pp. 4681-4690, 2020.
[http://dx.doi.org/10.1109/TII.2019.2943898]
[23]
K. He, "Deep Residual Learning for Image Recognition", arXiv, 1512.03385,, 2015.
[24]
S. Myneni, A. Chowdhary, A. Sabur, S. Sengupta, G. Agrawal, D. Huang, and M. Kang, "DAPT 2020-Constructing a benchmark dataset for advanced persistent threats", Communications in Computer and Information Science, vol. 1271, pp. 138-163, 2020.
[http://dx.doi.org/10.1007/978-3-030-59621-7_8]
[25]
P. Zhou, W. Shi, and J. Tian, "Attention-based bidirectional long short-term memory networks for relation classification", Deployable Machine Learning for Security Defense. Communications in Computer and Information Science, vol. 1271. Springer, Cham, 2020.
[26]
J. Chung, C. Gulcehre, and K.H. Cho, "Empirical evaluation of gated recurrent neural networks on sequence modeling", ArXiv, 1412.3555,, 2014.