山东电力技术2026,Vol.53Issue(4):87-96,10.DOI:10.20097/j.cnki.issn1007-9904.250078
基于博弈的电力工控网络APT攻击溯源图分析方法
A Game Theory-based Approach for APT Attack Provenance Graph Analysis in Electric Power Industrial Control Networks
摘要
Abstract
Advanced persistent threat(APT)attacks electric power industrial control networks exhibit strong concealment and long-term persistence.However,existing APT detection methods relaying on graph neural networks to match and analyze subgraphs within provenance graphs for malicious behavior identification often suffers from suboptimal subgraph recognition window sizes,which degrades detection performance.To address this,a dynamic subgraph recognition window adjustment mechanism based on the Stackelberg game is proposed.This mechanism constructs utility function models for both the defender and the attacker,dynamically optimizing the recognition window size in a game theory approach.In which the defender,as the game leader,optimizes the window size to improve the detection success rate and reduce detection costs.The attacker,on the other hand,adjusts the scale of the APT subgraph according to the defense strategy to evade detection.The game solution yields the optimal window adjustment strategy for the defender and the response strategy for the attacker.Simulation results indicate that,compared to the fixed window method,this mechanism improves detection accuracy by approximately 16%on average,enhances computational resource efficiency by about 25%,and effectively reduces both false negatives and false positives.关键词
APT攻击/溯源图/子图识别/电力工控网络/Stackelberg博弈Key words
APT attack/provenance graph/subgraph recognition/electric power industrial control networks/Stackelberg game分类
信息技术与安全科学引用本文复制引用
刘新,王睿,张朋丰,张昊,刘涵..基于博弈的电力工控网络APT攻击溯源图分析方法[J].山东电力技术,2026,53(4):87-96,10.基金项目
国网山东省电力公司科技项目"跨区跨界隐蔽攻击检测与防护技术研究项目"(520626230019). Science and Technology Project of State Grid Shandong Electric Power Company"Research on Detection and Protection Technologies for Cross-Regional and Cross-Domain Stealth Attacks"(520626230019). (520626230019)
