Research on Network Attack Prediction Technology in Industrial Control Systems
Authors:Ding Chaohui, Zhang Wei, Yang Guoyu, Liu TengAffiliations:1.China Datang Corporation Science and Technology Research Institute Co., Ltd., Beijing 100043.Abstract:In the face of complex network security situations, attackers often employ extensive information reconnaissance, vulnerability exploitation, and obfuscation techniques to conduct malicious activities or destructive actions on the network. Although current network security situational awareness platforms strive to discover and monitor the exploitation processes of new vulnerabilities, the accuracy and precision of attack predictions are unsatisfactory. There is a need to research more advanced algorithms based on current prediction technologies to automatically associate security events with corresponding assets and attack types, providing early warning and risk assessment for potential network security attacks, achieving precise predictions of network security incidents.Introduction:To achieve effective security operations, enterprises and organizations have made significant investments, establishing security operation centers, forming security operation teams, and building security operation platforms, gradually developing some security operation processes. As the cybersecurity situation worsens, the importance of network security is increasingly recognized. However, due to the limitations of traditional network security prediction technologies, existing security operations face numerous challenges. Below are some typical difficulties faced in network security prediction:(1) Inaccurate predictions lead security operation personnel to be busy handling trivial threat alerts, leaving them with no time to address truly important warning information. Moreover, it is well-known that there is a shortage of security professionals, and security operation personnel are particularly scarce. In this context, there is an urgent need to improve the accuracy of warnings.(2) Excessive warning information is time-consuming and labor-intensive to process. One of the main tasks in security operations is warning handling. The continuous deployment of security tools has resulted in an increasing number of alerts. Efficiently processing massive amounts of warning information has become a perennial topic in security operations. Each tool strives to reduce alerts, while security information and event management tools and traditional security operation centers spend significant effort on eliminating warnings. Big data analysis technologies, machine learning, and artificial intelligence technologies have been introduced to attempt to reduce warnings from multiple dimensions, but the effectiveness still requires improvement.Source: Journal of Electronic Technology Applications, January IssueClick below toread the original article and download the paper PDF
