<p>With the application of domestic trusted operating systems in the field of power grid, the security threats it faces are increasingly complex. Aiming at the security protection requirements of power grid edge equipment operating system, a comprehensive framework integrating memory forensics and malicious attack type discrimination is proposed. In memory forensics, a memory mirroring mechanism based on full encryption is designed to ensure the legal validity and non-repudiation of forensic data. According to the memory-side characteristics, an interpretability model is proposed to analyze the core fields such as process behavior patterns and abnormal kernel objects in the attacked memory image of the power grid edge device, and the unknown attack types are classified by using the core characteristics of the attacked memory image and gradient lifting algorithm. Due to the lack of prior knowledge on the analysis of malicious attacks suffered by memory images, training malicious attack identification models can assist in the efficient automated operation of power grid system memory forensics and provide more reference samples for traceability forensics. Experimental results show that when using only a single type of sample for training, the proposed method has a recognition accuracy of 99.9% for memory subjected to malicious attacks, and a specific classification accuracy of 99.99% for unknown malicious attacks, which is significantly better than traditional machine learning. A classification method for memory subjected to malicious attacks.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

An interpretable memory forensics framework for unknown attack identification in power grid edge devices

  • Biao Liang,
  • Yongxing Lai,
  • Yongming Chen,
  • Wanling Zhao,
  • Mingjie Xu,
  • Ge Jin

摘要

With the application of domestic trusted operating systems in the field of power grid, the security threats it faces are increasingly complex. Aiming at the security protection requirements of power grid edge equipment operating system, a comprehensive framework integrating memory forensics and malicious attack type discrimination is proposed. In memory forensics, a memory mirroring mechanism based on full encryption is designed to ensure the legal validity and non-repudiation of forensic data. According to the memory-side characteristics, an interpretability model is proposed to analyze the core fields such as process behavior patterns and abnormal kernel objects in the attacked memory image of the power grid edge device, and the unknown attack types are classified by using the core characteristics of the attacked memory image and gradient lifting algorithm. Due to the lack of prior knowledge on the analysis of malicious attacks suffered by memory images, training malicious attack identification models can assist in the efficient automated operation of power grid system memory forensics and provide more reference samples for traceability forensics. Experimental results show that when using only a single type of sample for training, the proposed method has a recognition accuracy of 99.9% for memory subjected to malicious attacks, and a specific classification accuracy of 99.99% for unknown malicious attacks, which is significantly better than traditional machine learning. A classification method for memory subjected to malicious attacks.