Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation
In the analysis of coordinated network attacks on electric power cyber-physical system (CPS), it is difficult to restore the complete attack path, and the intent of the attack cannot be identified automatically. A method is therefore proposed for the extracting patterns of coordinated network attack...
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9042337/ |
| id |
doaj-f004e95027ed4cdf9e6c0fcf74f7dc99 |
|---|---|
| record_format |
Article |
| spelling |
doaj-f004e95027ed4cdf9e6c0fcf74f7dc992021-03-30T03:17:36ZengIEEEIEEE Access2169-35362020-01-018572605727210.1109/ACCESS.2020.29820579042337Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological CorrelationLei Wang0https://orcid.org/0000-0003-2907-636XZhaoyang Qu1https://orcid.org/0000-0001-7599-9531Yang Li2https://orcid.org/0000-0002-6515-4567Kewei Hu3https://orcid.org/0000-0002-8978-5152Jian Sun4https://orcid.org/0000-0002-2401-5106Kai Xue5https://orcid.org/0000-0001-5338-3824Mingshi Cui6https://orcid.org/0000-0003-3264-7661School of Electrical Engineering, Northeast Electric Power University, Jilin, ChinaSchool of Electrical Engineering, Northeast Electric Power University, Jilin, ChinaSchool of Electrical Engineering, Northeast Electric Power University, Jilin, ChinaState Grid Jilin Electric Power Co., Ltd., Changchun, ChinaState Grid Jilin Electric Power Co., Ltd., Changchun, ChinaState Grid Jilin Electric Power Co., Ltd., Changchun, ChinaState Grid East Inner Mongolia Electric Power Company, Hohhot, ChinaIn the analysis of coordinated network attacks on electric power cyber-physical system (CPS), it is difficult to restore the complete attack path, and the intent of the attack cannot be identified automatically. A method is therefore proposed for the extracting patterns of coordinated network attacks on electric power CPS based on temporal-topological correlation. First, the attack events are aggregated according to the alarm log of the cyber space, and a temporal-causal Bayesian network-based cyber attack recognition algorithm is proposed to parse out the cyber attack sequences of the same attacker. Then, according to the characteristic curves of different attack measurement data in physical space, a combination of physical attack event criteria algorithm is designed to distinguish the types of physical attack events. Finally, physical attack events and cyber attack sequences are matched via temporal-topological correlation, frequent patterns of attack sequences are extracted, and hidden multi-step attack patterns are found from scattered grid measurement data and information from alarm logs. The effectiveness and efficiency of the proposed method are verified by the testbed at Mississippi State University.https://ieeexplore.ieee.org/document/9042337/Cyber-physical systemattack patterntemporal-topological correlationfuzzy feature analysisfrequent pattern tree |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Lei Wang Zhaoyang Qu Yang Li Kewei Hu Jian Sun Kai Xue Mingshi Cui |
| spellingShingle |
Lei Wang Zhaoyang Qu Yang Li Kewei Hu Jian Sun Kai Xue Mingshi Cui Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation IEEE Access Cyber-physical system attack pattern temporal-topological correlation fuzzy feature analysis frequent pattern tree |
| author_facet |
Lei Wang Zhaoyang Qu Yang Li Kewei Hu Jian Sun Kai Xue Mingshi Cui |
| author_sort |
Lei Wang |
| title |
Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation |
| title_short |
Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation |
| title_full |
Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation |
| title_fullStr |
Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation |
| title_full_unstemmed |
Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation |
| title_sort |
method for extracting patterns of coordinated network attacks on electric power cps based on temporal–topological correlation |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2020-01-01 |
| description |
In the analysis of coordinated network attacks on electric power cyber-physical system (CPS), it is difficult to restore the complete attack path, and the intent of the attack cannot be identified automatically. A method is therefore proposed for the extracting patterns of coordinated network attacks on electric power CPS based on temporal-topological correlation. First, the attack events are aggregated according to the alarm log of the cyber space, and a temporal-causal Bayesian network-based cyber attack recognition algorithm is proposed to parse out the cyber attack sequences of the same attacker. Then, according to the characteristic curves of different attack measurement data in physical space, a combination of physical attack event criteria algorithm is designed to distinguish the types of physical attack events. Finally, physical attack events and cyber attack sequences are matched via temporal-topological correlation, frequent patterns of attack sequences are extracted, and hidden multi-step attack patterns are found from scattered grid measurement data and information from alarm logs. The effectiveness and efficiency of the proposed method are verified by the testbed at Mississippi State University. |
| topic |
Cyber-physical system attack pattern temporal-topological correlation fuzzy feature analysis frequent pattern tree |
| url |
https://ieeexplore.ieee.org/document/9042337/ |
| work_keys_str_mv |
AT leiwang methodforextractingpatternsofcoordinatednetworkattacksonelectricpowercpsbasedontemporalx2013topologicalcorrelation AT zhaoyangqu methodforextractingpatternsofcoordinatednetworkattacksonelectricpowercpsbasedontemporalx2013topologicalcorrelation AT yangli methodforextractingpatternsofcoordinatednetworkattacksonelectricpowercpsbasedontemporalx2013topologicalcorrelation AT keweihu methodforextractingpatternsofcoordinatednetworkattacksonelectricpowercpsbasedontemporalx2013topologicalcorrelation AT jiansun methodforextractingpatternsofcoordinatednetworkattacksonelectricpowercpsbasedontemporalx2013topologicalcorrelation AT kaixue methodforextractingpatternsofcoordinatednetworkattacksonelectricpowercpsbasedontemporalx2013topologicalcorrelation AT mingshicui methodforextractingpatternsofcoordinatednetworkattacksonelectricpowercpsbasedontemporalx2013topologicalcorrelation |
| _version_ |
1724183818648158208 |