Abstract:With the gradual opening of the interaction method between the internal and external network, how to effectively detect the attack for the internal network through the external network becomes more and more important. However, traditional security protection measures cannot well detect unknown attacks and multi-step attacks, which leads to a constant threat. This paper proposes a network security knowledge graph model based on an extended attack-chain, combined with a multi-layer anomaly detection system to detect the threat lurked in the network. Finally, the application of the multi-layer anomaly detection framework in the security protection for internal and external boundary of state grid information network is prospected.

An Anomaly Detection Framework for Internal and External Interaction of Power Grid Information Network based on the Attack-chain Knowledge Graph.