ABSTRACT
With the rapid development of computer and network communication, the attack strength is rising quickly [1-5]. Among them, the attacks on industrial control have become a new focus. According to figures released by the national information sharing platform, in recent years, there have been more and more malicious software and codes to steal sensitive information and gather intelligence by APT, which have usually run for many years before they are found. According to CNCERT report, a large number of hosts in the country are infected with the Trojan program with an APT characteristic, involving a number of government institutions, important information systems, and key enterprises. Because of the importance of these servers, repairing its loopholes need to be very cautious, and it takes a long time to make the development of patches and utility processes, whereas the emergence of new vulnerabilities is much faster than the speed of patch development, which results in the accumulation of more and more loopholes. The state grid control system is an important industrial infrastructure. Currently, it applies defense mechanisms of anti-virus software, intrusion detection and other security equipment, which operate in the way of the virus database characteristic value comparison. However, they are helpless for attacks with features of unpredictability, specific targets, and non-reusablity. Such peripheral “blocking” methods cannot prevent man in the middle of attack, tampering, receiving,
reproducing, and other types of network threats in the state grid control system [6-9].
