Graph Attention Mechanism-Based Method for Tracing APT Attacks in Power Systems

With the rapid development of information technology, Advanced Persistent Threat (APT) attacks have become increasingly common. Detecting and responding to these attacks accurately and quickly is a research issue of great concern in the field of power system security. Currently, existing detection methods based on traceability graphs rely heavily on techniques such as label propagation algorithms and graph matching. These methods often require specialized domain knowledge and manually designed algorithmic rules. However, as deep learning technology continues to advance, reducing the dependence on human intervention becomes more important. In this paper, we propose a power system APT attack traceability method based on the graph attention mechanism. Our method involves preprocessing the original traceability graph using the data-prepare method to construct a dataset suitable for power system APT attack traceability processing. We then vectorize the attributes of nodes and edges of the traceability graph, and introduce the attention mechanism and hierarchical embedding strategy to aggregate the attack features into a graph-level representation. Finally, we train a graph classifier to achieve APT attack traceability for power systems through whole graph classification.