CN117040926B - Industrial control network security feature analysis method and system applying knowledge graph - Google Patents
Industrial control network security feature analysis method and system applying knowledge graph Download PDFInfo
- Publication number
- CN117040926B CN117040926B CN202311287557.3A CN202311287557A CN117040926B CN 117040926 B CN117040926 B CN 117040926B CN 202311287557 A CN202311287557 A CN 202311287557A CN 117040926 B CN117040926 B CN 117040926B
- Authority
- CN
- China
- Prior art keywords
- industrial control
- control network
- knowledge graph
- node
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 24
- 238000012545 processing Methods 0.000 claims abstract description 22
- 239000013598 vector Substances 0.000 claims description 14
- 238000000034 method Methods 0.000 claims description 11
- 239000011159 matrix material Substances 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 4
- 238000001228 spectrum Methods 0.000 claims description 4
- 238000012549 training Methods 0.000 claims description 4
- 230000004913 activation Effects 0.000 claims description 3
- 238000010606 normalization Methods 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 2
- 230000006870 function Effects 0.000 description 7
- 241001235534 Graphis <ascomycete fungus> Species 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- ORILYTVJVMAKLC-UHFFFAOYSA-N Adamantane Natural products C1C(C2)CC3CC1CC2C3 ORILYTVJVMAKLC-UHFFFAOYSA-N 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000003595 spectral effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/042—Knowledge-based neural networks; Logical representations of neural networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/044—Recurrent networks, e.g. Hopfield networks
- G06N3/0442—Recurrent networks, e.g. Hopfield networks characterised by memory or gating, e.g. long short-term memory [LSTM] or gated recurrent units [GRU]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
- G06N3/0455—Auto-encoder networks; Encoder-decoder networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/0464—Convolutional networks [CNN, ConvNet]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Evolutionary Computation (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides an industrial control network security feature analysis method and system applying a knowledge graph. The invention can construct the safety feature information of the industrial control network into the structured knowledge graph, further construct a processing model oriented to the safety knowledge graph of the industrial control network, and realize the prediction and classification of the safety feature of the node network, thereby realizing the safety feature analysis of the industrial control network, discovering potential safety threats and driving the safety decision of the industrial control network.
Description
Technical Field
The invention relates to the technical field of industrial control network security, in particular to an industrial control network security feature analysis method and system applying a knowledge graph.
Background
The industrial control network system utilizes a plurality of key infrastructures communicated by a communication network, the network structure is complex, the specificity of the industrial control network is strong, the commonality among different networks is low, the industrial control network is relatively closed, the factors lead to insufficient data support for carrying out security feature analysis towards the industrial control network, the prediction and coping capability for external threat are lacking, the traditional network security feature analysis method has certain limitation, and an analysis conclusion can only predict known attacks and cannot predict unknown attacks.
For industrial control networks, an attacker typically uses vulnerabilities in aspects of industrial software systems, operating systems, industrial control hardware, industrial control communication protocols and the like to invade the industrial control system. Aiming at the situation, the current industrial control security field has a relatively large amount of information source disclosure aiming at the network security features in the aspect, such as security analysis reports, vulnerability libraries, forum attack and the like, and provides enough data resources for the security feature analysis of the industrial control network. The internal data such as logs, flow records, alarm archives and the like generated by the internal operation of the industrial control network are unstructured and lack semantic information, so that the safety characteristic information of the industrial control network is not easy to fuse into an intranet, and the safety defense capacity of the industrial control network is improved.
Therefore, in the prior art, an effective technical means needs to be provided, so that massive and unstructured security feature information of an industrial control network is processed, modeled and fused, more effective analysis can be executed based on the security feature information in the industrial control network, hidden loopholes can be mined, and unknown threats can be predicted.
Disclosure of Invention
The invention provides an industrial control network security feature analysis method and system applying a knowledge graph. The invention can construct the safety characteristic information of the industrial control network into the structured knowledge graph, and further realize the prediction of the safety characteristic of the node network based on the processing model of the knowledge graph, thereby realizing the safety characteristic analysis of the industrial control network, exploring the potential safety threat and driving the safety decision of the industrial control network.
The invention provides an industrial control network security feature analysis method applying a knowledge graph, which is characterized by comprising the following steps:
acquiring security feature information corpus related to an industrial control network, and fusing internal information of the industrial control network based on the security feature information corpus to construct a structured industrial control network security knowledge graph;
constructing a processing model oriented to the industrial control network safety knowledge graph to realize the prediction and classification of the safety features of the node network;
according to the network security feature prediction classification of the nodes, industrial control network facilities conforming to the specific classification can be judged to be potential security threat nodes, and then the security decision of the industrial control network is driven.
Preferably, the method includes the steps of obtaining a corpus of security feature information related to the industrial control network, and fusing internal information of the industrial control network based on the corpus of security feature information to construct a structured knowledge graph, specifically including:
through technical means such as web crawlers, safety characteristic information related to an industrial control network is disclosed from a preset information source of industrial control network safety;
analyzing the safety characteristic information to obtain entity and relation information of the knowledge graph;
acquiring internal information of an industrial control network, wherein the internal information of the industrial control network comprises a facility list, a facility communication protocol and facility network layout information of the industrial control network;
mapping the internal information of the industrial control network to the entity and relation information extracted from the safety characteristic information.
Preferably, the industrial control network security knowledge graph is a graph structure with a plurality of entity types and a plurality of relation types and attributes, and is expressed as follows:
wherein,a set of entity nodes representing a knowledge-graph,is a graphIs a total number of physical nodes; the facilities in the industrial control network are used as entity nodes;is the industrial control safety attribute set on the node, namelyIs a nodeA feature vector on the first and second images;is a set of labels on the nodes of the network,is a nodeOn one-hot label vector on if nodeBelonging to the firstClass, thenOtherwise, the device can be used to determine whether the current,the method comprises the steps of carrying out a first treatment on the surface of the At the same time, recordRepresenting a label set with label nodes on the graph, wherein the label vector indicates the type of network security features divided by the nodes;representing a set of tagged edges representing a network relationship or a facility link relationship between facilities of an industrial control network, whereinTriplet(s)Representing a relationship (labeled edge);representing a set of types for all edges,the number of elements is counted as;Set representing all node typesThe combination of the two components is carried out,the number of elements is counted as;Representing the weight matrix on the edge, the ij element of which isMeasuring edgesNode onAndis a relationship strength of (2); if it isDrawing(s)Is a directed graph; if it isDrawing(s)Is an undirected graph;i.e. with or without some relationship.
Preferably, the constructed processing model is a spectrum encoder, expressed asHere the number of the elements is the number,for the industrial control network safety knowledge graph,is all parameter matrix of the atlas encoderAnd (5) constructing a parameter vector.
Preferably, constructing the process model includes: defining a node network security feature prediction classifier of the processing model; wherein, the atlas encoder is based on the industrial control network security knowledge atlas, and nodes of the atlasCoded firstLayer characteristics represent:
here the number of the elements is the number,is a nodeIs the pattern encoder of (1)The output characteristics of the layer are such that,is the firstThe characteristic dimensions of the layer are such that,representing the maximum activation function from element to element,representation and nodeHas a relation ofIs set of indices for the nodes of (a),representing normalization constants, being learnable parameters or constant parameters given in advance, e.g. taking , Representing a collectionThe number of elements is determined by the number of elements,is the firstThe matrix of unknown weight parameters of the layer, is the number of hidden layers of the spectrum encoder; nodes based on atlasCoded firstLayer features, the atlas encoder performs softmax classification of network security feature predictions for nodes, the output of the softmax layer:
(Vector)is the first of (2)The individual elements are expressed as:。
preferably, constructing the process model includes: defining a loss function of the processing model, and calculating the loss of the network security feature prediction classification:
wherein,is an index set with a label node,is a one-hot tagIs the first of (2)The elements.
Preferably, the model parameters are updated during training by using gradient descent algorithmOptimizing the loss function, and finally outputting a processing model for predicting and classifying the security features of the node network of the knowledge graph。
Preferably, for the industrial control network safety knowledge graph, a classification processing model is predicted based on the trained network safety characteristicsPredicting the network security feature prediction classification of each node of the knowledge graph.
The invention further provides an industrial control network security feature analysis system applying the knowledge graph, which comprises the following steps:
the industrial control network safety knowledge graph construction unit obtains safety feature information corpus related to the industrial control network, and based on the safety feature information corpus, the industrial control network internal information is fused to construct a structured knowledge graph.
And the processing model unit is oriented to the industrial control network safety knowledge graph and realizes the prediction and classification of the safety characteristics of the node network.
And the safety decision driving unit judges industrial control network facilities conforming to the specific classification as potential safety threat nodes according to the network safety characteristic prediction classification of the nodes, and further drives the safety decision of the industrial control network.
Therefore, the invention realizes the processing, modeling and fusion of massive and unstructured safety feature information of the industrial control network based on the data structure of the knowledge graph, and realizes the industrial control safety feature classification of the knowledge graph nodes by constructing and training a processing model in the form of a graph encoder, thereby executing more effective analysis, mining hidden loopholes and predicting unknown threats based on the safety feature information in the industrial control network. The invention is provided with a deep learning mechanism, and improves the accuracy, predictability and high efficiency of industrial control safety feature analysis.
Drawings
The drawings that are needed in the embodiments or prior art description will be briefly described below, and it will be apparent that the drawings in the following description are some embodiments of the present invention and that other drawings may be obtained from these drawings without inventive effort to those of ordinary skill in the art.
FIG. 1 is a flow chart of an industrial control network security feature analysis method using a knowledge graph provided by the invention;
fig. 2 is a structural diagram of an industrial control network security feature analysis system using a knowledge graph provided by the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention become more apparent, the technical solutions in the embodiments of the present invention will be described in more detail below with reference to the accompanying drawings in the embodiments of the present invention.
It should be noted that: in the drawings, the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The described embodiments are some, but not all, embodiments of the invention, and the embodiments and features of the embodiments in this application may be combined with each other without conflict. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The following describes in detail a flowchart of the industrial control network security feature analysis method using a knowledge graph provided by the invention with reference to fig. 1, including:
firstly, acquiring security feature information corpus related to an industrial control network, and fusing internal information of the industrial control network based on the security feature information corpus to construct a structured knowledge graph.
Specifically, the data sources for constructing the knowledge graph are industrial control network related security feature information, such as security analysis reports, vulnerability libraries, forum attacks and the like, disclosed from industrial control network secure preset information sources through technical means such as web crawlers. Common industrial control network security information sources include network security and infrastructure security agency CISA, vulnerability database NVD, common vulnerabilities and exposure library CVE, etc. The security feature information corpus is semi-structured data in the form of JSON data, wherein entity information of knowledge maps such as facility names, facility IDs, operating system names, operating system versions, database names, database versions, vulnerability IDs, vulnerability names, vulnerability scores and the like can be obtained by analyzing the JSON data. And the security feature information also comprises long texts of security feature descriptions such as vulnerability descriptions and the like, and the entity and relation information of the knowledge graph can be identified from the long texts. The extraction of entity information, relationship information, etc. referred to herein may take the form of a dictionary rule-based NER method, a CNN or LSTM neural network-based recognition method, etc.
The information inside the industrial control network comprises a facility list, a facility communication protocol, facility network layout information and the like of the industrial control network. Based on the names, versions and IDs of facilities, operating systems and databases in the list, the protocol and the network layout information, the internal information of the industrial control network can be mapped to the entity and the relation information extracted from the security feature information, so that the two information are fused, and a structured industrial control network security knowledge graph oriented to a specific industrial control network is constructed.
The industrial control network security knowledge graph is a graph structure with various entity types and various relation types and attributes, and can be expressed as follows:
wherein,a set of entity nodes representing a knowledge-graph,is a graphIs a total number of physical nodes; the facilities in the industrial control network are used as entity nodes;is the industrial control safety attribute set on the node, namelyIs a nodeA feature vector on the first and second images;is a set of labels on the nodes of the network,is a nodeThe above one-hot tag vector is: if nodeBelonging to the firstClass, thenOtherwise, the device can be used to determine whether the current,the method comprises the steps of carrying out a first treatment on the surface of the At the same time, recordRepresenting a label set with label nodes on the graph, wherein the label vector indicates the type of network security features divided by the nodes;representing a set of tagged edges representing a network relationship or a facility link relationship between facilities of an industrial control network, whereinTriplet(s)Representing a relationship (labeled edge);representing a set of types for all edges,the number of elements is counted as;Representing a set of all node types,the number of elements is counted as;Representing the weight matrix on the edge, the ij element of which isMeasuring edgesNode onAndis a relationship strength of (2); if it isDrawing(s)Is a directed graph; if it isDrawing(s)Is an undirected graph;i.e. with or without some relationship.
And constructing a processing model oriented to the industrial control network safety knowledge graph to realize the prediction and classification of the safety features of the node network.
Specifically, the processing model constructed is a atlas encoder. The atlas encoder is represented asHere the number of the elements is the number,for the industrial control network safety knowledge graph,is all parameter matrix of the atlas encoderConstructed parameter vectors and initializing a spectral encoderParameters (parameters) 。
Further, a node network security feature prediction classifier and a loss function of the process model are defined. Wherein, the atlas encoder is based on the industrial control network security knowledge atlas, and nodes of the atlasCoded firstLayer characteristics represent:
here the number of the elements is the number,is a nodeIs the pattern encoder of (1)The output characteristics of the layer are such that,is the firstThe characteristic dimensions of the layer are such that,representing the maximum activation function from element to element,representation and nodeHas a relation ofIs set of indices for the nodes of (a),representing normalization constants, being learnable parameters or constant parameters given in advance, e.g. taking , Representing a collectionThe number of elements is determined by the number of elements,is the firstThe matrix of unknown weight parameters of the layer, is the number of hidden layers of the spectrum encoder.
Nodes based on atlasCoded firstLayer features, the atlas encoder performs softmax classification of network security feature predictions for nodes, the output of the softmax layer:
(Vector)is the first of (2)The individual elements are expressed as:
calculating the loss of the network security feature prediction classification of the nodes:
wherein,is an index set with a label node,is a one-hot tagIs the first of (2)The elements.
During training, model parameters are updated by adopting gradient descent (Adam) algorithm(i.e. allAnd) Optimizing the loss function, and finally outputting a processing model for predicting and classifying the security features of the node network of the knowledge graph。
Furthermore, aiming at the industrial control network safety knowledge graph, a classification processing model is predicted based on the trained network safety characteristicsPredicting the network security feature prediction classification of each node of the knowledge graph. As previously described, the entity nodes of the knowledge graph represent facilities in the industrial control network.
According to the network security feature prediction classification of the nodes, industrial control network facilities conforming to the specific classification can be judged to be potential security threat nodes, and then the security decision of the industrial control network is driven.
Referring to fig. 2, the present invention further provides an industrial control network security feature analysis system using a knowledge graph, including:
the industrial control network safety knowledge graph construction unit obtains safety feature information corpus related to the industrial control network, and based on the safety feature information corpus, the industrial control network internal information is fused to construct a structured knowledge graph.
And the processing model unit is oriented to the industrial control network safety knowledge graph and realizes the prediction and classification of the safety characteristics of the node network.
And the safety decision driving unit judges industrial control network facilities conforming to the specific classification as potential safety threat nodes according to the network safety characteristic prediction classification of the nodes, and further drives the safety decision of the industrial control network.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present invention should be included in the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (3)
1. The industrial control network security feature analysis method applying the knowledge graph is characterized by comprising the following steps of:
acquiring security feature information corpus related to an industrial control network, and fusing internal information of the industrial control network based on the security feature information corpus to construct a structured industrial control network security knowledge graph;
constructing a processing model oriented to the industrial control network safety knowledge graph to realize the prediction and classification of the safety features of the node network;
according to the network security feature prediction classification of the nodes, industrial control network facilities conforming to the specific classification are judged to be potential security threat nodes, and then the security decision of the industrial control network is driven;
the industrial control network security knowledge graph is a graph structure with various entity types and various relation types and attributes, and is expressed as follows:wherein (1)>Entity node set representing knowledge graph, ++>Is a picture->Is a total number of physical nodes; the facilities in the industrial control network are used as entity nodes; />Is the set of industrial control security attributes on the node, i.e. +.>Is node->Characteristic vector on;>is a set of labels on nodes,>is node->On one-hot label vector on node +.>Belonging to->Class->Otherwise, go (L)>The method comprises the steps of carrying out a first treatment on the surface of the At the same time, record->Representing a label set with label nodes on the graph, wherein the label vector indicates the type of network security features divided by the nodes; />Representing a set of tagged edges representing a network relationship or a facility link relationship between facilities of an industrial control network, wherein +.>One triplet->Representing a relationship corresponding to the labeled edge; />Representing the set of types of all edges, +.>The number of elements is +.>Representing a set of all node types +.>The number of elements is +.>Representing the weight matrix on the edge whose ij-th element is +.>Measure edge->Node on->And->Is a relationship strength of (2); if->Picture->Is a directed graph; if->Picture->Is an undirected graph; />I.e., with or without some relationship; and the processing model constructed is a atlas encoder, denoted +.>Here, a->For the industrial control network safety knowledge graph, </i >>Is the matrix of all parameters of the atlas encoder +.>A constructed parameter vector; the step of constructing the process model specifically includes: defining a node network security feature prediction classifier of the processing model; wherein, the atlas encoder is based on the industrial control network security knowledge atlas and is used for adding nodes of the atlas ∈10->Coded->Layer characteristics represent: />Here the number of the elements is the number,is node->Map encoder of->Output characteristics of layer->Is->The characteristic dimensions of the layer are such that,represents a maximum activation function element by element, +.>Representation and node->There is a relationship of->Index set of nodes of->Representing normalization constants, being learnable parameters or constant parameters given in advance, taking , />Representation set->Number of elements->Is->Unknown weight parameter matrix of layer, +.>Is the number of hidden layers of the spectrum encoder; map-based node->Coded->Layer features, the atlas encoder performs softmax classification of network security feature predictions for nodes, the output of the softmax layer:
vector->Is>The individual elements are expressed as:
;
defining a loss function of the processing model, and calculating the loss of the network security feature prediction classification:
wherein,is an index set with label nodes, +.>Is a one-hot tag->Is>An element; during training, model parameters are updated by gradient descent algorithm>Optimizing the loss function, and finally outputting a processing model for predicting and classifying the security features of the node network of the knowledge graph>。
2. The method for analyzing the safety features of the industrial control network by using the knowledge graph according to claim 1, wherein the steps of obtaining the corpus of safety feature information related to the industrial control network, and fusing the internal information of the industrial control network based on the corpus of safety feature information, and constructing the structured knowledge graph comprise the following steps:
acquiring the disclosed safety characteristic information related to the industrial control network from a preset information source of industrial control network safety through a web crawler;
analyzing the safety characteristic information to obtain entity and relation information of the knowledge graph;
acquiring internal information of an industrial control network, wherein the internal information of the industrial control network comprises a facility list, a facility communication protocol and facility network layout information of the industrial control network;
mapping the internal information of the industrial control network to the entity and relation information extracted from the safety characteristic information.
3. The industrial control network security feature analysis method using a knowledge graph according to claim 1, wherein, for the industrial control network security knowledge graph, a classification processing model is predicted based on the trained network security featurePredicting the network security feature prediction classification of each node of the knowledge graph.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311287557.3A CN117040926B (en) | 2023-10-08 | 2023-10-08 | Industrial control network security feature analysis method and system applying knowledge graph |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311287557.3A CN117040926B (en) | 2023-10-08 | 2023-10-08 | Industrial control network security feature analysis method and system applying knowledge graph |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117040926A CN117040926A (en) | 2023-11-10 |
| CN117040926B true CN117040926B (en) | 2024-01-26 |
Family
ID=88632144
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311287557.3A Active CN117040926B (en) | 2023-10-08 | 2023-10-08 | Industrial control network security feature analysis method and system applying knowledge graph |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117040926B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108595708A (en) * | 2018-05-10 | 2018-09-28 | 北京航空航天大学 | A kind of exception information file classification method of knowledge based collection of illustrative plates |
| CN108984745A (en) * | 2018-07-16 | 2018-12-11 | 福州大学 | A kind of neural network file classification method merging more knowledge mappings |
| CN109255002A (en) * | 2018-09-11 | 2019-01-22 | 浙江大学 | A method of it is excavated using relation path and solves knowledge mapping alignment task |
| CN114499982A (en) * | 2021-12-29 | 2022-05-13 | 中国人民解放军国防科技大学 | Honey net dynamic configuration strategy generating method, configuration method and storage medium |
| CN115169433A (en) * | 2022-05-30 | 2022-10-11 | 北京邮电大学 | Knowledge graph classification method based on meta-learning and related equipment |
| CN115296924A (en) * | 2022-09-22 | 2022-11-04 | 中国电子科技集团公司第三十研究所 | Network attack prediction method and device based on knowledge graph |
| CN115733646A (en) * | 2021-08-31 | 2023-03-03 | 中国移动通信集团浙江有限公司 | Network security threat assessment method, device, equipment and readable storage medium |
| CN116049427A (en) * | 2022-12-20 | 2023-05-02 | 武汉理工大学 | Breadth-first search-based collaborative editing method for small-sample knowledge graph |
-
2023
- 2023-10-08 CN CN202311287557.3A patent/CN117040926B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108595708A (en) * | 2018-05-10 | 2018-09-28 | 北京航空航天大学 | A kind of exception information file classification method of knowledge based collection of illustrative plates |
| CN108984745A (en) * | 2018-07-16 | 2018-12-11 | 福州大学 | A kind of neural network file classification method merging more knowledge mappings |
| CN109255002A (en) * | 2018-09-11 | 2019-01-22 | 浙江大学 | A method of it is excavated using relation path and solves knowledge mapping alignment task |
| CN115733646A (en) * | 2021-08-31 | 2023-03-03 | 中国移动通信集团浙江有限公司 | Network security threat assessment method, device, equipment and readable storage medium |
| CN114499982A (en) * | 2021-12-29 | 2022-05-13 | 中国人民解放军国防科技大学 | Honey net dynamic configuration strategy generating method, configuration method and storage medium |
| CN115169433A (en) * | 2022-05-30 | 2022-10-11 | 北京邮电大学 | Knowledge graph classification method based on meta-learning and related equipment |
| CN115296924A (en) * | 2022-09-22 | 2022-11-04 | 中国电子科技集团公司第三十研究所 | Network attack prediction method and device based on knowledge graph |
| CN116049427A (en) * | 2022-12-20 | 2023-05-02 | 武汉理工大学 | Breadth-first search-based collaborative editing method for small-sample knowledge graph |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117040926A (en) | 2023-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhou et al. | An ensemble learning approach for XSS attack detection with domain knowledge and threat intelligence | |
| CN112131882B (en) | Multi-source heterogeneous network security knowledge graph construction method and device | |
| Muna et al. | Identification of malicious activities in industrial internet of things based on deep learning models | |
| US10154051B2 (en) | Automatic detection of network threats based on modeling sequential behavior in network traffic | |
| Zhao et al. | Cyber threat intelligence modeling based on heterogeneous graph convolutional network | |
| US20200349430A1 (en) | System and method for predicting domain reputation | |
| Charmet et al. | Explainable artificial intelligence for cybersecurity: a literature survey | |
| CN112019569B (en) | Malicious domain name detection method and device and storage medium | |
| Thirimanne et al. | Deep neural network based real-time intrusion detection system | |
| Ijaz et al. | Vector based genetic algorithm to optimize predictive analysis in network security | |
| Alghuried | A model for anomalies detection in internet of things (IoT) using inverse weight clustering and decision tree | |
| Hairab et al. | Anomaly detection based on CNN and regularization techniques against zero-day attacks in IoT networks | |
| Do Xuan et al. | A new approach for APT malware detection based on deep graph network for endpoint systems | |
| Yang et al. | Automated cyber threat intelligence reports classification for early warning of cyber attacks in next generation SOC | |
| Ahmed et al. | Effective and efficient DDoS attack detection using deep learning algorithm, multi-layer perceptron | |
| Panahnejad et al. | APT-Dt-KC: advanced persistent threat detection based on kill-chain model | |
| Lu et al. | Intrusion detection system based on evolving rules for wireless sensor networks | |
| Kheddar et al. | Deep transfer learning applications in intrusion detection systems: A comprehensive review | |
| Kheddar et al. | Deep transfer learning for intrusion detection in industrial control networks: A comprehensive review | |
| Naz et al. | Ensemble learning-based IDS for sensors telemetry data in IoT networks | |
| Kaiser et al. | Attack hypotheses generation based on threat intelligence knowledge graph | |
| Irshad et al. | Cyber threat attribution using unstructured reports in cyber threat intelligence | |
| Tang et al. | Advanced Persistent Threat intelligent profiling technique: A survey | |
| Odun-Ayo et al. | An implementation of real-time detection of cross-site scripting attacks on cloud-based web applications using deep learning | |
| Smiliotopoulos et al. | On the detection of lateral movement through supervised machine learning and an open-source tool to create turnkey datasets from sysmon logs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |