Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units
Leveraging Data Processing Units (DPUs) deployed at network interfaces, the DPU-accelerated Intrusion Detection System (IDS) enables microsecond-latency initial traffic inspection through hardware offloading. However, while generating high-throughput alerts, this mechanism amplifies the inherent red...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-06-01
|
| Series: | Information |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2078-2489/16/7/547 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849406673207164928 |
|---|---|
| author | Rui Zhang Mingxuan Zhang Yan Liu Zhiyi Li Weiwei Miao Sujie Shao |
| author_facet | Rui Zhang Mingxuan Zhang Yan Liu Zhiyi Li Weiwei Miao Sujie Shao |
| author_sort | Rui Zhang |
| collection | DOAJ |
| description | Leveraging Data Processing Units (DPUs) deployed at network interfaces, the DPU-accelerated Intrusion Detection System (IDS) enables microsecond-latency initial traffic inspection through hardware offloading. However, while generating high-throughput alerts, this mechanism amplifies the inherent redundancy and noise issues of traditional IDS systems. This paper proposes an alert correlation method using multi-similarity factor aggregation and a suffix tree model. First, alerts are preprocessed using LFDIA, employing multiple similarity factors and dynamic thresholding to cluster correlated alerts and reduce redundancy. Next, an attack intensity time series is generated and smoothed with a Kalman filter to eliminate noise and reveal attack trends. Finally, the suffix tree models attack activities, capturing key behavioral paths of high-severity alerts and identifying attacker patterns. Experimental evaluations on the CPTC-2017 and CPTC-2018 datasets validate the proposed method’s effectiveness in reducing alert redundancy, extracting critical attack behaviors, and constructing attack activity sequences. The results demonstrate that the method not only significantly reduces the number of alerts but also accurately reveals core attack characteristics, enhancing the effectiveness of network security defense strategies. |
| format | Article |
| id | doaj-art-faec4edd32564a8fb75d2e50683faf9c |
| institution | Kabale University |
| issn | 2078-2489 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Information |
| spelling | doaj-art-faec4edd32564a8fb75d2e50683faf9c2025-08-20T03:36:18ZengMDPI AGInformation2078-24892025-06-0116754710.3390/info16070547Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing UnitsRui Zhang0Mingxuan Zhang1Yan Liu2Zhiyi Li3Weiwei Miao4Sujie Shao5Information and Communication Branch of State Grid Jiangsu Electric Power Co., Ltd., Nanjing 210024, ChinaInformation and Communication Branch of State Grid Jiangsu Electric Power Co., Ltd., Nanjing 210024, ChinaState Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaState Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaInformation and Communication Branch of State Grid Jiangsu Electric Power Co., Ltd., Nanjing 210024, ChinaState Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaLeveraging Data Processing Units (DPUs) deployed at network interfaces, the DPU-accelerated Intrusion Detection System (IDS) enables microsecond-latency initial traffic inspection through hardware offloading. However, while generating high-throughput alerts, this mechanism amplifies the inherent redundancy and noise issues of traditional IDS systems. This paper proposes an alert correlation method using multi-similarity factor aggregation and a suffix tree model. First, alerts are preprocessed using LFDIA, employing multiple similarity factors and dynamic thresholding to cluster correlated alerts and reduce redundancy. Next, an attack intensity time series is generated and smoothed with a Kalman filter to eliminate noise and reveal attack trends. Finally, the suffix tree models attack activities, capturing key behavioral paths of high-severity alerts and identifying attacker patterns. Experimental evaluations on the CPTC-2017 and CPTC-2018 datasets validate the proposed method’s effectiveness in reducing alert redundancy, extracting critical attack behaviors, and constructing attack activity sequences. The results demonstrate that the method not only significantly reduces the number of alerts but also accurately reveals core attack characteristics, enhancing the effectiveness of network security defense strategies.https://www.mdpi.com/2078-2489/16/7/547Data Processing Unitalert correlationalert processingattack activity extraction |
| spellingShingle | Rui Zhang Mingxuan Zhang Yan Liu Zhiyi Li Weiwei Miao Sujie Shao Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units Information Data Processing Unit alert correlation alert processing attack activity extraction |
| title | Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units |
| title_full | Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units |
| title_fullStr | Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units |
| title_full_unstemmed | Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units |
| title_short | Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units |
| title_sort | intrusion alert analysis method for power information communication networks based on data processing units |
| topic | Data Processing Unit alert correlation alert processing attack activity extraction |
| url | https://www.mdpi.com/2078-2489/16/7/547 |
| work_keys_str_mv | AT ruizhang intrusionalertanalysismethodforpowerinformationcommunicationnetworksbasedondataprocessingunits AT mingxuanzhang intrusionalertanalysismethodforpowerinformationcommunicationnetworksbasedondataprocessingunits AT yanliu intrusionalertanalysismethodforpowerinformationcommunicationnetworksbasedondataprocessingunits AT zhiyili intrusionalertanalysismethodforpowerinformationcommunicationnetworksbasedondataprocessingunits AT weiweimiao intrusionalertanalysismethodforpowerinformationcommunicationnetworksbasedondataprocessingunits AT sujieshao intrusionalertanalysismethodforpowerinformationcommunicationnetworksbasedondataprocessingunits |