[go: up one dir, main page]

CN118890213B - A data asset security monitoring method - Google Patents

A data asset security monitoring method Download PDF

Info

Publication number
CN118890213B
CN118890213B CN202411320881.5A CN202411320881A CN118890213B CN 118890213 B CN118890213 B CN 118890213B CN 202411320881 A CN202411320881 A CN 202411320881A CN 118890213 B CN118890213 B CN 118890213B
Authority
CN
China
Prior art keywords
data
attack
tree model
data asset
impact
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411320881.5A
Other languages
Chinese (zh)
Other versions
CN118890213A (en
Inventor
孙宁
邹胜伟
夏庆锋
吴庆干
毛坤
盛振亮
丁苑
毛伟民
夏浩然
陈国涵
孙一平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuxi Jianghong Information Technology Co ltd
Wuxi University
Original Assignee
Wuxi Jianghong Information Technology Co ltd
Wuxi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuxi Jianghong Information Technology Co ltd, Wuxi University filed Critical Wuxi Jianghong Information Technology Co ltd
Priority to CN202411320881.5A priority Critical patent/CN118890213B/en
Publication of CN118890213A publication Critical patent/CN118890213A/en
Application granted granted Critical
Publication of CN118890213B publication Critical patent/CN118890213B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/01Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Artificial Intelligence (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a data asset security monitoring method, which belongs to the technical field of network security and comprises the following steps of detecting data assets, analyzing returned data packets, constructing a data asset information base, constructing an attack tree model based on the data asset information base, calculating risk values of all attack paths in the attack tree model through a decision tree algorithm, and formulating a data asset monitoring strategy according to the risk values. The data asset security monitoring method provided by the invention can realize data risk assessment aiming at the power system, and meanwhile, realize attack path risk assessment of the attack tree model network, and formulate a data asset monitoring strategy according to the risk assessment result, so that the hysteresis of data protection can be effectively solved.

Description

Data asset security monitoring method
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a data asset security monitoring method.
Background
In recent years, due to rapid development of information technology and international environmental change, network security events are endless, and security situation is getting more severe. Network attack on the electric power protection system can form serious threat to people's production and life, economic development, social stability, national security and the like.
Considering the stability of the operation of the electric power protection system, the network security protection upgrading work can not be carried out in the system after the operation of the system, the loopholes existing in the system can not be treated in time, the loopholes library and the virus library in the antivirus software can not be updated in time, the existing boundary protection equipment such as an industrial firewall, an intrusion detection system, an industrial isolation gatekeeper and the like can not completely isolate malicious attacks, once the malicious attacks invade the system, the unprocessed risk points existing in the system for a long time can be easily utilized, and serious consequences are caused.
In order to improve the network security protection level of the electric power protection system and solve the hysteresis problem existing in the existing protection method, it is necessary to perform data asset security monitoring on the electric power protection system so as to timely find out and process risk points in the system when an attack does not occur yet. The traditional network risk assessment method is not fully applicable to the power protection system, and cannot predict an attack path with the largest risk, so that the protection is performed in a targeted manner.
Disclosure of Invention
In order to solve the technical problems, the invention provides a data asset security monitoring method to solve the problems that the existing protection method in the prior art has hysteresis and cannot predict an attack path with the largest risk.
In order to achieve the above object, the present invention provides a data asset security monitoring method, comprising the steps of:
detecting data assets, analyzing returned data packets, and constructing a data asset information base;
Constructing an attack tree model based on the data asset information base, and calculating risk values of all attack paths in the attack tree model through a decision tree algorithm;
and formulating a data asset monitoring strategy according to the risk value.
Preferably, the method for constructing the attack tree model based on the data asset information base comprises the following steps:
Taking the data asset to be protected as a root node of the tree;
collecting a database of data asset information about system architecture, data flows, security measures, and potential vulnerabilities;
Determining an attack path based on the root node and a data asset information base;
and representing the root node, the attack path and the attack means by a graphical method to obtain an attack tree model.
Preferably, the means of attack include, but are not limited to, packet theft, identity theft, and data tampering.
Preferably, the method for calculating the risk value of each attack path in the attack tree model includes:
collecting historical data and extracting data characteristics of the historical data;
constructing a decision tree model based on the data characteristics of the historical data;
calculating the success rate of each attack path based on the decision tree model, and evaluating the influence degree according to the potential influence of the attack path;
and calculating a risk value based on the success rate and the influence degree.
Preferably, the method for constructing the decision tree model comprises the following steps:
taking the success rate and the influence degree of the attack path as target variables;
extracting data features affecting a target variable from the data features of the historical data to obtain a training set;
And training the initial decision tree model through the training set to obtain a trained decision tree model.
Preferably, the method for extracting the data features of the historical data comprises the following steps:
zero-equalizing the historical data to obtain a preprocessed data set;
calculating a covariance matrix of the preprocessed data set, and solving eigenvalues and corresponding eigenvectors from the covariance matrix;
sorting the feature vectors according to the feature values, and selecting the feature vectors corresponding to the first n largest feature values as main components;
The history data is projected into a low-dimensional space composed of principal components, and data features of the history data.
Preferably, the influence degree comprises the influence degree of acquiring sensitive information through intercepting a data packet, the influence degree of attacking through stealing identity information and the influence degree of unauthorized modification data.
Preferably, the calculation expression of the risk value is:
G=S*I
In the formula, G represents a risk value, S represents a success rate, and I represents an influence degree.
Compared with the prior art, the invention has the following advantages and technical effects:
The invention discloses a data asset security monitoring method, which belongs to the technical field of network security and comprises the following steps of detecting data assets, analyzing returned data packets, constructing a data asset information base, constructing an attack tree model based on the data asset information base, calculating risk values of all attack paths in the attack tree model through a decision tree algorithm, and formulating a data asset monitoring strategy according to the risk values. The data asset security monitoring method provided by the invention can realize data risk assessment aiming at the power system, and meanwhile, realize attack path risk assessment of the attack tree model network, and formulate a data asset monitoring strategy according to the risk assessment result, so that the hysteresis of data protection can be effectively solved. And the attack path with the maximum risk can be predicted through calculating the risk value, so that basic conditions are provided for further formulating the protection strategy.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application. In the drawings:
FIG. 1 is a flow chart of a method according to an embodiment of the invention.
Detailed Description
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
Examples
As shown in fig. 1, the method for monitoring the security of the data asset provided in this embodiment includes the following steps:
detecting data assets, analyzing returned data packets, and constructing a data asset information base;
Constructing an attack tree model based on the data asset information base, and calculating risk values of all attack paths in the attack tree model through a decision tree algorithm;
and formulating a data asset monitoring strategy according to the risk value.
Further, the method for constructing the attack tree model based on the data asset information base comprises the following steps:
the data asset to be protected is taken as the root node of the tree, and firstly, the data asset to be protected is required to be identified and defined and taken as the root node of the attack tree. This root node represents the security target of the whole system around which all analyses are deployed.
Collecting a database of data assets regarding system architecture, data flows, security measures, and potential vulnerabilities, at this step, a comprehensive collection and analysis of the architecture of the system, data flows, implemented security measures, and potential vulnerabilities is required. This includes, but is not limited to, network topology, manner of interaction of applications, manner of data storage and transmission, user access rights, and the like.
An attack path is determined based on the root node and the data asset information base by analyzing possible attack vectors and vulnerabilities that an attacker may exploit based on the collected information. An attack path is a series of steps that an attacker must go through in order to reach a target. This requires a thorough understanding of the weaknesses of the system and an accurate prediction of the possible patterns of behavior of the attacker.
Represented by a graphical method, using a graphical tool to represent the attack tree model, obtaining the attack tree model. This includes the root node, individual attack paths, and possible attack means. The graphical representation helps to intuitively expose the structure of the attack tree so that non-professionals can also understand the security risk of the system.
And may further refine the attack means, i.e. on the attack path, the possible attack means. These means may be technical, such as exploiting software vulnerabilities, denial of service attacks, etc., or non-technical, such as socioeconomic attacks. The potential impact and likelihood of each means of attack is evaluated.
Further, the means of attack include, but are not limited to, packet theft, identity theft, and data tampering.
Further, the method for calculating the risk value of each attack path in the attack tree model comprises the following steps:
collecting historical data and extracting data characteristics of the historical data;
constructing a decision tree model based on the data characteristics of the historical data;
calculating the success rate of each attack path based on the decision tree model, and evaluating the influence degree according to the potential influence of the attack path;
and calculating a risk value based on the success rate and the influence degree.
Further, the method for constructing the decision tree model comprises the following steps:
First, the success rate and the influence degree of the attack path are clearly defined as target variables. Success rate refers to the possibility that an attacker successfully implements the attack, and the influence degree refers to the damage degree to the system after the attack is successful. These two variables can be determined by historical data and expert evaluation.
Key data features affecting the target variable are extracted from the historical data. These features may include, but are not limited to, attack type, attack means, system vulnerabilities, effectiveness of security measures, user behavior patterns, and the like. By analyzing these features, the success rate and extent of impact of the attack path can be better understood.
And combining the extracted data characteristics and the target variables into a training set. The training set is a data set for training a decision tree model that contains a large number of instances, each containing features and corresponding target variable values.
The initial decision tree model is trained using a training set. Decision trees are a commonly used machine learning algorithm that predicts the value of a target variable by building a tree structure. During the training process, the model learns how to predict the success rate and the influence degree of the attack path according to the input characteristics.
After training is completed, the model is evaluated and optimized. The evaluation can be performed by a cross-validation method, a confusion matrix method and the like, so that the prediction accuracy and generalization capability of the model are ensured. The optimization can improve the performance of the model by adjusting the model parameters, selecting different decision tree algorithms and the like.
And applying the trained decision tree model to actual security risk assessment. The model can help to predict success rates and influence degrees of different attack paths, so that basis is provided for the establishment of security policies. Meanwhile, the model is continuously adjusted and optimized through feedback in practical application, so that the model is more accurate and effective.
Further, the method for extracting the data characteristics of the historical data comprises the following steps:
1. Data preprocessing, namely zero-averaging historical data, which means that the data is adjusted so that the average value of each dimension is 0. The specific operation is to subtract the mean value of the corresponding dimension from each data point. The purpose of this centering process is to eliminate the average of the data, ensuring that the focus of the PCA analysis is on the degree of data dispersion.
2. Calculating a covariance matrix, namely calculating a covariance matrix of the data set, wherein the covariance matrix measures correlation among different dimensions of the data. Covariance matrices help to understand whether there is a linear relationship between data dimensions and are the basis for finding principal components. Covariance of one dimension with respect to itself is its variance, and covariance that is not between the same dimensions is indicative of their strength of linear relationship.
3. And solving the eigenvalue and the eigenvector, namely solving the eigenvalue and the corresponding eigenvector from the covariance matrix. The eigenvectors define new coordinate axes and the eigenvalues represent the degree of data dispersion on these new coordinate axes. The larger the eigenvalue, the larger the variance of the data in the direction of the corresponding eigenvector, i.e., the more scattered the data in this direction.
4. Selecting principal components and constructing a projection matrix:
And selecting a main component, namely sorting the feature vectors according to the sizes of the feature values, and selecting the feature vectors corresponding to the first n largest feature values as the main component. These principal components can maximally retain information in the dataset.
And constructing a projection matrix according to the selected eigenvectors. This matrix will be used to project the raw data into a low dimensional space.
5. And (3) performing dimension reduction by using a projection matrix, namely projecting the historical data into a low-dimensional space formed by main components to obtain a dimension reduced data expression, namely the data characteristics of the historical data. This step involves transforming the original dataset with a projection matrix, resulting in a mapping of the historical data in a new low-dimensional coordinate system, resulting in data features of the historical data.
Further, the influence degree comprises the influence degree of acquiring sensitive information through intercepting a data packet, the influence degree of attacking through stealing identity information and the influence degree of unauthorized modification data.
Further, the calculation expression of the risk value is:
G=S*I
In the formula, G represents a risk value, S represents a success rate, and I represents an influence degree.
The present application is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present application are intended to be included in the scope of the present application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims (4)

1.一种数据资产安全监控方法,其特征在于,包括以下步骤:1. A data asset security monitoring method, characterized in that it includes the following steps: 进行数据资产探测,解析返回的数据包,构建数据资产信息库;Conduct data asset detection, parse returned data packets, and build a data asset information database; 基于所述数据资产信息库构建攻击树模型,并通过决策树算法计算攻击树模型中各攻击路径的风险值;Building an attack tree model based on the data asset information library, and calculating the risk value of each attack path in the attack tree model through a decision tree algorithm; 基于所述数据资产信息库构建攻击树模型的方法包括:The method for constructing an attack tree model based on the data asset information library includes: 将需要保护的数据资产作为树的根节点;The data assets that need to be protected are taken as the root nodes of the tree; 收集关于系统架构、数据流、安全措施和潜在漏洞的数据资产信息库;Gather a data asset repository of information on system architecture, data flows, security measures, and potential vulnerabilities; 基于所述根节点和数据资产信息库确定攻击路径;Determine an attack path based on the root node and the data asset information library; 通过图形化方法来表示根节点、攻击路径和攻击手段,获得攻击树模型;The root node, attack path and attack means are represented by a graphical method to obtain an attack tree model; 所述计算攻击树模型中各攻击路径的风险值的方法包括:The method for calculating the risk value of each attack path in the attack tree model includes: 采集历史数据,并提取历史数据的数据特征;Collect historical data and extract data features of historical data; 基于所述历史数据的数据特征构建决策树模型;Building a decision tree model based on the data features of the historical data; 基于所述决策树模型计算每个攻击路径的成功率,根据攻击路径的潜在影响评估影响程度;Calculate the success rate of each attack path based on the decision tree model, and evaluate the impact according to the potential impact of the attack path; 基于所述成功率和影响程度计算风险值;Calculating a risk value based on the success rate and impact level; 所述构建决策树模型的方法包括:The method for constructing a decision tree model comprises: 将攻击路径的成功率和影响程度作为目标变量;The success rate and impact of the attack path are used as target variables; 从所述历史数据的数据特征中提取出影响目标变量的数据特征,得到训练集;Extracting data features that affect the target variable from the data features of the historical data to obtain a training set; 通过所述训练集对初始决策树模型进行训练,获得训练好的决策树模型;Training the initial decision tree model using the training set to obtain a trained decision tree model; 提取历史数据的数据特征的方法包括:Methods for extracting data features of historical data include: 对历史数据进行零均值化处理,获得预处理数据集;Perform zero mean processing on historical data to obtain a preprocessed data set; 计算预处理数据集的协方差矩阵,从所述协方差矩阵中求解特征值及对应的特征向量;Calculating the covariance matrix of the preprocessed data set, and solving the eigenvalues and corresponding eigenvectors from the covariance matrix; 按照所述特征值的大小对特征向量进行排序,选择前n个最大的特征值对应的特征向量作为主成分;Sort the eigenvectors according to the size of the eigenvalues, and select the eigenvectors corresponding to the first n largest eigenvalues as the principal components; 将历史数据投影到由主成分构成的低维空间中,得到历史数据的数据特征;Project the historical data into a low-dimensional space composed of principal components to obtain the data features of the historical data; 根据所述风险值制定数据资产监控策略。Develop a data asset monitoring strategy based on the risk value. 2.根据权利要求1所述的数据资产安全监控方法,其特征在于,2. The data asset security monitoring method according to claim 1, characterized in that: 所述攻击手段包括但不限于数据包窃取、身份盗窃和数据篡改。The attack methods include but are not limited to data packet theft, identity theft and data tampering. 3.根据权利要求1所述的数据资产安全监控方法,其特征在于,3. The data asset security monitoring method according to claim 1, characterized in that: 所述影响程度包括:通过截获数据包获取敏感信息的影响程度;通过盗取身份信息进行攻击的影响程度;未经授权修改数据的影响程度。The impact levels include: the impact level of obtaining sensitive information by intercepting data packets; the impact level of attacking by stealing identity information; and the impact level of modifying data without authorization. 4.根据权利要求1所述的数据资产安全监控方法,其特征在于,4. The data asset security monitoring method according to claim 1, characterized in that: 所述风险值的计算表达式为:The calculation expression of the risk value is: G=S*I;式中,G表示风险值,S表示成功率,I表示影响程度。G=S*I; where G represents the risk value, S represents the success rate, and I represents the degree of impact.
CN202411320881.5A 2024-09-23 2024-09-23 A data asset security monitoring method Active CN118890213B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411320881.5A CN118890213B (en) 2024-09-23 2024-09-23 A data asset security monitoring method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411320881.5A CN118890213B (en) 2024-09-23 2024-09-23 A data asset security monitoring method

Publications (2)

Publication Number Publication Date
CN118890213A CN118890213A (en) 2024-11-01
CN118890213B true CN118890213B (en) 2025-01-24

Family

ID=93219563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411320881.5A Active CN118890213B (en) 2024-09-23 2024-09-23 A data asset security monitoring method

Country Status (1)

Country Link
CN (1) CN118890213B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120050120A (en) * 2025-04-24 2025-05-27 中国汽车技术研究中心有限公司 Method and device for establishing automobile information security attack tree model based on artificial intelligence

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117371605A (en) * 2023-10-27 2024-01-09 北京中电普华信息技术有限公司 Electric quantity prediction method based on encryption technology
CN118449768A (en) * 2024-05-30 2024-08-06 长沙汽车创新研究院 Automatic threat modeling method used in threat analysis and risk assessment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8353045B2 (en) * 2009-06-29 2013-01-08 Bugra Karabey Method and tool for information security assessment that integrates enterprise objectives with vulnerabilities
CN111866027B (en) * 2020-08-10 2021-05-25 武汉思普崚技术有限公司 Asset safety assessment method and system based on intelligence analysis
CN117544366A (en) * 2023-11-16 2024-02-09 贵州电网有限责任公司 Information risk assessment method suitable for security defense of power distribution network
CN118012402A (en) * 2024-03-12 2024-05-10 浪潮通用软件有限公司 Low code development method, equipment and medium based on recommendation algorithm
CN118041449B (en) * 2024-03-22 2025-04-04 吴雪清 A method for optimizing the security performance of VLC relay systems
CN118432943B (en) * 2024-07-02 2024-09-24 无锡学院 Electric power Internet of things information security risk assessment method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117371605A (en) * 2023-10-27 2024-01-09 北京中电普华信息技术有限公司 Electric quantity prediction method based on encryption technology
CN118449768A (en) * 2024-05-30 2024-08-06 长沙汽车创新研究院 Automatic threat modeling method used in threat analysis and risk assessment

Also Published As

Publication number Publication date
CN118890213A (en) 2024-11-01

Similar Documents

Publication Publication Date Title
Awotunde et al. Intrusion detection in industrial internet of things network‐based on deep learning model with rule‐based feature selection
Jyothsna et al. Anomaly-Based Intrusion
Saxena et al. Intrusion detection in KDD99 dataset using SVM-PSO and feature reduction with information gain
Sarwar et al. Design of an advance intrusion detection system for IoT networks
Abraham et al. Soft computing models for network intrusion detection systems
Alsajri et al. Intrusion detection system based on machine learning algorithms:(SVM and genetic algorithm)
Dhakar et al. A novel data mining based hybrid intrusion detection framework
Sharma et al. Layered approach for intrusion detection using naïve Bayes classifier
Baich et al. Machine Learning for IoT based networks intrusion detection: a comparative study
CN118890213B (en) A data asset security monitoring method
Findlay et al. Dynamic enclave partitioning for ransomware detection using adaptive behavioral segmentation
CN118413343A (en) Multi-attribute fusion-based APT attack detection method
Chen et al. An effective metaheuristic algorithm for intrusion detection system
CN119324817A (en) Network security threat tracing method and system based on association analysis
CN118138361A (en) Security policy making method and system based on autonomously evolutionary agent
CN118536124B (en) A computer system security model verification method
CN115795330A (en) Medical information anomaly detection method and system based on AI algorithm
CN118018231A (en) Security policy management method, device, equipment and storage medium for isolation area
Mustafa et al. Intrusion detection systems for software-defined networks: a comprehensive study on machine learning-based techniques
Arora Transforming Cybersecurity Threat Detection and Prevention Systems using Artificial Intelligence
Polinati AI-Powered Anomaly Detection in Cybersecurity: Leveraging Deep Learning for Intrusion Prevention
Kumar et al. Enhancing Security in HIL-based Augmented Industrial Control Systems: Insights from Dataset Analysis and Model Development
Saraswathi et al. Intrusion detection system using metaheuristic algorithm
Jayasimhan et al. Anomaly detection using a clustering technique
CN117834169A (en) A new method and system for constructing attack graph of power system based on ATT and CK

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant