Next Article in Journal
Trustworthy Load Prediction for Cantilever Roadheader Robot Without Imputation
Previous Article in Journal
Improving Survey Data Interpretation: A Novel Approach to Analyze Single-Item Ordinal Responses with Non-Response Categories
Previous Article in Special Issue
Unsupervised Decision Trees for Axis Unimodal Clustering
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Article

Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units

1
Information and Communication Branch of State Grid Jiangsu Electric Power Co., Ltd., Nanjing 210024, China
2
State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
*
Author to whom correspondence should be addressed.
Information 2025, 16(7), 547; https://doi.org/10.3390/info16070547 (registering DOI)
Submission received: 7 May 2025 / Revised: 10 June 2025 / Accepted: 20 June 2025 / Published: 27 June 2025

Abstract

Leveraging Data Processing Units (DPUs) deployed at network interfaces, the DPU-accelerated Intrusion Detection System (IDS) enables microsecond-latency initial traffic inspection through hardware offloading. However, while generating high-throughput alerts, this mechanism amplifies the inherent redundancy and noise issues of traditional IDS systems. This paper proposes an alert correlation method using multi-similarity factor aggregation and a suffix tree model. First, alerts are preprocessed using LFDIA, employing multiple similarity factors and dynamic thresholding to cluster correlated alerts and reduce redundancy. Next, an attack intensity time series is generated and smoothed with a Kalman filter to eliminate noise and reveal attack trends. Finally, the suffix tree models attack activities, capturing key behavioral paths of high-severity alerts and identifying attacker patterns. Experimental evaluations on the CPTC-2017 and CPTC-2018 datasets validate the proposed method’s effectiveness in reducing alert redundancy, extracting critical attack behaviors, and constructing attack activity sequences. The results demonstrate that the method not only significantly reduces the number of alerts but also accurately reveals core attack characteristics, enhancing the effectiveness of network security defense strategies.
Keywords: Data Processing Unit; alert correlation; alert processing; attack activity extraction Data Processing Unit; alert correlation; alert processing; attack activity extraction

Share and Cite

MDPI and ACS Style

Zhang, R.; Zhang, M.; Liu, Y.; Li, Z.; Miao, W.; Shao, S. Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units. Information 2025, 16, 547. https://doi.org/10.3390/info16070547

AMA Style

Zhang R, Zhang M, Liu Y, Li Z, Miao W, Shao S. Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units. Information. 2025; 16(7):547. https://doi.org/10.3390/info16070547

Chicago/Turabian Style

Zhang, Rui, Mingxuan Zhang, Yan Liu, Zhiyi Li, Weiwei Miao, and Sujie Shao. 2025. "Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units" Information 16, no. 7: 547. https://doi.org/10.3390/info16070547

APA Style

Zhang, R., Zhang, M., Liu, Y., Li, Z., Miao, W., & Shao, S. (2025). Intrusion Alert Analysis Method for Power Information Communication Networks Based on Data Processing Units. Information, 16(7), 547. https://doi.org/10.3390/info16070547

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop