特定攻击场景下源网荷系统恶意攻击关联分析方法

doi:10.11930/j.issn.1004-9649.201808093

中国电力 ›› 2019, Vol. 52 ›› Issue (10): 1-10.DOI: 10.11930/j.issn.1004-9649.201808093

• 泛在电力物联网——信息与通信安全防护 • 上一篇下一篇

特定攻击场景下源网荷系统恶意攻击关联分析方法

章锐¹, 费稼轩¹, 石聪聪¹, 张小建¹, 黄秀丽¹, 王琦²

1. 全球能源互联网研究院有限公司信息网络安全国网重点实验室, 江苏南京 210003;
2. 东南大学电气工程学院, 江苏南京 210096

收稿日期:2018-08-17 修回日期:2019-04-10 出版日期:2019-10-05 发布日期:2019-10-12
作者简介:章锐(1991-),男,工程师,从事信息驱动的电网安全稳定评估,电力信息安全研究工作,E-mail:anhui zhangrui2015@126.com;费稼轩(1984-),男,高级工程师,从事电力信息安全研究,E-mail:feijiaxuan@geiri.sgcc.com.cn;石聪聪(1982-),男,高级工程师,从事电力信息安全研究,E-mail:shicongcong@geiri.sgcc.com.cn;张小建(1969-),男,高级工程师,从事电力信息安全研究,E-mail:zhangxiaojian@geiri.sgcc.com.cn;黄秀丽(1979-),女,高级工程师,从事电力信息安全研究,E-mail:huangxiuli@geiri.sgcc.com.cn;王琦(1989-),男,讲师,从事电网信息物理研究,E-mail:wangqi@seu.edu.cn
基金资助:
国家电网公司科技项目（大规模源网荷友好互动系统恶意攻击机理及攻击精准监测技术研究，SGRIXTKJ[2017]402）。

Malicious Attack Correlation Analysis Method of Source-Grid-Load System under Specific Attack Scenarios

ZHANG Rui¹, FEI Jiaxuan¹, SHI Congcong¹, ZHANG Xiaojian¹, HUANG Xiuli¹, WANG Qi²

1. State Grid Key Laboratory of Information & Network Security, Global Energy Interconnection Research Institute Co., Ltd., Nanjing 210003, China;
2. School of Electrical Engineering, Southeast University, Nanjing 210096, China

Received:2018-08-17 Revised:2019-04-10 Online:2019-10-05 Published:2019-10-12
Supported by:
This work is supported by the Science and Technology Project of SGCC (Research on Malicious Attack Mechanism and Precise Attack Monitoring Techniques for Large-Scale Interactive System with Source-Grid-Load Friendly Coordination, No. SGRIXTKJ[2017] 402).

摘要/Abstract

摘要： 充分利用网络信息与电气侧信息，提高恶意攻击事件识别的自适应能力和自动化程度是电网应对网络安全威胁的关键。提出了特定攻击场景下源网荷系统恶意攻击关联分析方法，首先，构建基于属性的多源事件融合模型，对信息侧与电气侧异常事件进行多源数据融合处理。其次，基于神经网络模型对融合后的事件进行训练，按照攻击场景分类。再次，结合电气侧异常事件，对遗传算法的初始化方案、选择算子、交叉遗传概率进行改进，基于分类结果，自动生成针对不同攻击场景的关联规则。接下来，通过时序、业务逻辑以及IP分类逐步减少待匹配事件数量，基于向量计算提高事件匹配速度，提出基于时序与业务逻辑的关联匹配算法，实现关联规则的高速匹配。最后，在源网荷仿真实验系统上验证了方法的有效性及适用性。该方法综合利用信息侧与电气侧异常事件，进一步提高对网络攻击的辨识精度，自动完成事件的分类和关联规则的生成，具有较大的工程应用价值。

关键词: 源网荷系统, 恶意攻击, 关联规则, 改进遗传算法, 匹配算法

Abstract: The key for the power grid to deal with cyber security threats is to make full use of cyber and electrical information to improve the self-adaptation ability and automation for identification of malicious attack event. In this paper, a malicious attack correlation analysis method of source-grid-load system under specific attack scenarios is proposed. Firstly, an attribute-based multi-source event fusion model is constructed to perform multi-source data fusion processing on abnormal events of cyber layer and electrical layer. And then, based on the neural network model, the fused events are trained and classified according to the attack scenarios. Thirdly, combined with electrical abnormal events, the genetic algorithm's initialization scheme, the selection operator and cross genetic probability are improved. The correlation rules for different attack scenarios are automatically generated based on the classification results. Fourthly, the number of events to be matched is gradually reduced through timing, business logic and IP classification, and the speed of event matching is improved based on vector calculation. A timing- and business logic-based correlation matching algorithm is proposed to realize the high-speed matching of correlation rules. Finally, the effectiveness and applicability of the proposed method is verified in the source-grid-load simulation experiment system. The proposed method utilizes comprehensively the abnormal events of the cyber layer and electrical layer to further improve the identification accuracy of cyber attacks, and automatically realizes the events classification and correlation rule generation, showing great potential for engineering application.

Key words: source-grid-load system, malicious attack, correlation rules, improved genetic algorithm, matching algorithm

中图分类号:

TM769

章锐, 费稼轩, 石聪聪, 张小建, 黄秀丽, 王琦. 特定攻击场景下源网荷系统恶意攻击关联分析方法[J]. 中国电力, 2019, 52(10): 1-10.

ZHANG Rui, FEI Jiaxuan, SHI Congcong, ZHANG Xiaojian, HUANG Xiuli, WANG Qi. Malicious Attack Correlation Analysis Method of Source-Grid-Load System under Specific Attack Scenarios[J]. Electric Power, 2019, 52(10): 1-10.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.201808093

https://www.electricpower.com.cn/CN/Y2019/V52/I10/1

参考文献

[1] 姚建国, 杨胜春, 王珂, 等. 智能电网"源-网-荷"互动运行控制概念及研究框架[J]. 电力系统自动化, 2012, 36(21):1-6, 12 YAO Jianguo, YANG Shengchun, WANG Ke, et al. Concept and research framework of smart grid "source-grid-load" interactive operation and control[J]. Automation of Electric Power Systems, 2012, 36(21):1-6, 12
[2] 汤奕, 王琦, 倪明, 等. 电力和信息通信系统混合仿真方法综述[J]. 电力系统自动化, 2015, 39(23):33-42 TANG Yi, WANG Qi, NI Ming, et al. Review on the hybrid simulation methods for power and communication system[J]. Automation of Electric Power Systems, 2015, 39(23):33-42
[3] 钟志琛, 尚方, 刘生. 新一代信息安全防护体系架构研究[J]. 中国电力, 2016, 49(增刊1):16-20. ZHONG Zhichen, SHANG Fang, LIU Sheng. Study on architecture of a new generation of intelligent trusted information security system[J]. Electric Power, 2016, 49(S1):16-20.
[4] 王宇飞, 徐志博, 王婧. 层次化电力信息网络威胁态势评估方法[J]. 中国电力, 2013, 46(7):121-125 WANG Yufei, XU Zhibo, WANG Jing. Hierarchical cyber-threat situation evaluation method for electric power information network[J]. Electric Power, 2013, 46(7):121-125
[5] 汤奕, 陈倩, 李梦雅, 等. 电力信息物理融合系统环境中的网络攻击研究综述[J]. 电力系统自动化, 2016, 40(17):59-69 TANG Yi, CHEN Qian, LI Mengya, et al. Overview on cyber-attacks against cyber physical power system[J]. Automation of Electric Power Systems, 2016, 40(17):59-69
[6] 王栋, 陈传鹏, 颜佳, 等. 新一代电力信息网络安全架构的思考[J]. 电力系统自动化, 2016, 40(2):6-11 WANG Dong, CHEN Chuanpeng, YAN Jia, et al. Pondering a new-generation security architecture model for power information network[J]. Automation of Electric Power Systems, 2016, 40(2):6-11
[7] 杨明, 韩学山, 梁军, 等. 计及网络安全约束及用户停电损失的动态经济调度方法[J]. 电力系统自动化, 2009, 33(14):27-31 YANG Ming, HAN Xueshan, LIANG Jun, et al. A method for dynamic economic dispatch considering network security constraints and customer interruption costs[J]. Automation of Electric Power Systems, 2009, 33(14):27-31
[8] 陈竟成, 黄瀚. 印度大停电事故分析与启示[J]. 中国电力, 2012, 45(10):12-16 CHEN Jingcheng, HUANG Han. Analysis and revelation from blackout events in India[J]. Electric Power, 2012, 45(10):12-16
[9] 李保杰, 刘岩, 李洪杰, 等. 从乌克兰停电事故看电力信息系统安全问题[J]. 中国电力, 2017, 50(5):71-77 LI Baojie, LIU Yan, LI Hongjie, et al. Enlightenment on the security of cyber information system under smart grid from ukraine blackout[J]. Electric Power, 2017, 50(5):71-77
[10] 赵翔宇, 王成亮, 姚刚, 等.基于南网事故调规的电网在线事故风险预警系统设计与开发应用[J]. 中国电力, 2016, 49(增刊1):62-66. ZHAO Xiangyu, WANG Chengliang, YAO Gang, et al. Research and application of power system on-line risk early-warning system based on CSG accident investigation procedures[J]. Electric Power, 2016, 49(S1):62-66.
[11] 章锐, 刘道伟, 陈树勇, 等. 信息驱动的大电网全景安全防御系统可视化设计[J]. 电力信息与通信技术, 2016, 14(12):46-51 ZHANG Rui, LIU Daowei, CHEN Shuyong, et al. Design of information-driven panoramic security defense system visualization for large-scale power grid[J]. Electric Power ICT, 2016, 14(12):46-51
[12] 刘道伟, 张东霞, 孙华东, 等. 时空大数据环境下的大电网定态势量化评估与自适应防控体系构建[J]. 中国电机工程学报, 2015, 35(2):268-276 LIU Daowei, ZHANG Dongxia, SUN Huadong, et al. Construction of stability situation quantitative assessment and adaptive control system for large-scale power grid in the spatiotemporal big data environment[J]. Proceedings of the CSEE, 2015, 35(2):268-276
[13] 朱梦影, 徐蕾. 基于攻击图与报警相似性的混合报警关联模型[J]. 计算机应用, 2014, 34(1):108-112 ZHU Mengying, XU Lei. Hybrid model of alert correlation based on attack graph and alert similarity[J]. Journal of Computer Application, 2014, 34(1):108-112
[14] 刘威歆, 郑康锋, 武斌, 等. 基于攻击图的多源告警关联分析方法[J]. 通信学报, 2015, 36(9):135-144 LIU Weixin, ZHENG Kangfeng, WU Bin, et al. Alert processing based on attack graph and multi-source analyzing[J]. Journal on Communications, 2015, 36(9):135-144
[15] 杨楠. 基于关联规则Apriori算法的Web日志挖掘研究与实现[D]. 成都:成都理工大学, 2012. YANG Nan. Research and implementation of Web log mining based on association of rules Apriori algorithm[D]. Chengdu:Chengdu University of Technology, 2012.
[16] 刘敬, 谷利泽, 钮心忻, 等. 基于神经网络和遗传算法的网络安全事件分析方法[J]. 北京邮电大学学报, 2015, 38(2):50-54 LIU Jing, GU Lize, NIU Xinxin, et al. Network security events analyze method based on neural networks and genetic algorithm[J]. Journal of Beijing University of Posts and Telecommunications, 2015, 38(2):50-54
[17] 冯鑫.日志解析系统的设计与实现[D]. 大连:大连理工大学, 2013. FENG Xing. The design and realization of log parsing system[D]. Dalian:Dalian University of Technology, 2013.
[18] 邵熠阳, 薛一波, 李军. 基于并行协议解析的网络流量识别方法[J]. 中国通信, 2014, 11(10):106-116 SHAO Yiyang, XUE Yibo, LI Jun. PPP:Towards parallel protocol parsing[J]. Network Technology and Applications, 2014, 11(10):106-116
[19] 周艳丽. 基于攻击图的网络报警关联及度量选择技术研究[D]. 南昌:江西理工大学, 2016. ZHOU Yanli. Research on network alert correlation and counter measure selection based on attack graph[D]. Nanchang:Jiangxi University of Science and Technology, 2016.
[20] 张淑英. 网络安全事件关联分析与态势评测技术研究[D]. 长春:吉林大学, 2012. ZHANG Shuying. Network security event correlation analysis and situation assessment prediction technology research[D]. Changchun:Jilin University,2012.

特定攻击场景下源网荷系统恶意攻击关联分析方法

Malicious Attack Correlation Analysis Method of Source-Grid-Load System under Specific Attack Scenarios

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics

[1]	王阳, 马伟东, 刘洎溟, 王博石, 姚凯, 韩伟, 余娟. 基于关联规则与重构误差的二次系统故障检测方法[J]. 中国电力, 2024, 57(8): 159-167.
[2]	李培, 俞永军, 马智泉, 蔡重凯. 考虑电压暂降治理设备服役年限的优质供电服务模式[J]. 中国电力, 2022, 55(12): 147-159.
[3]	刘延泉, 牛成林, 程海燕, 刘欣. 330 MW 机组湿法烟气脱硫控制系统目标值优化[J]. 中国电力, 2012, 45(4): 68-72.

模态框（Modal）标题

特定攻击场景下源网荷系统恶意攻击关联分析方法

Malicious Attack Correlation Analysis Method of Source-Grid-Load System under Specific Attack Scenarios

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics