An APT Attack Detection Method of a New-type Power System Based on STSA-transformer

Abstract

Complex structures such as a high proportion of power electronic equipment has brought new challenges to the safe and stable operation of new-type power system, increasing the possibility of the system being attacked, especially the more complex Advanced Persistent Threat (APT). This kind of attack has a long duration and strong concealment. Traditional detection methods target a relatively single attack mode, and the time span of APT processed is relatively short. None of them can effectively capture the long-term correlation in the attack, and the detection rate is low. These methods can’t meet the safety requirements of the new-type power system. In order to solve this problem, this paper proposes an improved transformer model called STSA-transformer algorithm, and applies it to the detection of APT in new-type power systems. In the STSA-transformer model, the network traffic collected from the power system is first converted into a sequence of feature vectors, and the location information and local feature of the sequence, is extracted by combining position encoding with convolutional embedding operations, and then global characteristics of attack sequences is captured using the multi-head self-attention mechanism of the transformer encoder, the higher-frequency features of the attention are extracted through the self-learning threshold operation, combined with the PowerNorm algorithm to standardize the samples, and finally classify the network traffic of the APT. After multiple rounds of training on the model, the expected effect can be achieved and applied to the APT detection of a new-type power system. The experimental results show that the proposed STSA-transformer algorithm has better detection accuracy and lower detection false-alarm rate than traditional deep learning algorithms and machine learning algorithms.