Malicious Attack Correlation Analysis Method of Source-Grid-Load System under Specific Attack Scenarios

doi:10.11930/j.issn.1004-9649.201808093

Abstract

Abstract: The key for the power grid to deal with cyber security threats is to make full use of cyber and electrical information to improve the self-adaptation ability and automation for identification of malicious attack event. In this paper, a malicious attack correlation analysis method of source-grid-load system under specific attack scenarios is proposed. Firstly, an attribute-based multi-source event fusion model is constructed to perform multi-source data fusion processing on abnormal events of cyber layer and electrical layer. And then, based on the neural network model, the fused events are trained and classified according to the attack scenarios. Thirdly, combined with electrical abnormal events, the genetic algorithm's initialization scheme, the selection operator and cross genetic probability are improved. The correlation rules for different attack scenarios are automatically generated based on the classification results. Fourthly, the number of events to be matched is gradually reduced through timing, business logic and IP classification, and the speed of event matching is improved based on vector calculation. A timing- and business logic-based correlation matching algorithm is proposed to realize the high-speed matching of correlation rules. Finally, the effectiveness and applicability of the proposed method is verified in the source-grid-load simulation experiment system. The proposed method utilizes comprehensively the abnormal events of the cyber layer and electrical layer to further improve the identification accuracy of cyber attacks, and automatically realizes the events classification and correlation rule generation, showing great potential for engineering application.

Key words: source-grid-load system, malicious attack, correlation rules, improved genetic algorithm, matching algorithm

CLC Number:

TM769

ZHANG Rui, FEI Jiaxuan, SHI Congcong, ZHANG Xiaojian, HUANG Xiuli, WANG Qi. Malicious Attack Correlation Analysis Method of Source-Grid-Load System under Specific Attack Scenarios[J]. Electric Power, 2019, 52(10): 1-10.

Add to citation manager EndNote|Ris|BibTeX

URL: https://www.electricpower.com.cn/EN/10.11930/j.issn.1004-9649.201808093

https://www.electricpower.com.cn/EN/Y2019/V52/I10/1

References

[1] 姚建国, 杨胜春, 王珂, 等. 智能电网"源-网-荷"互动运行控制概念及研究框架[J]. 电力系统自动化, 2012, 36(21):1-6, 12 YAO Jianguo, YANG Shengchun, WANG Ke, et al. Concept and research framework of smart grid "source-grid-load" interactive operation and control[J]. Automation of Electric Power Systems, 2012, 36(21):1-6, 12
[2] 汤奕, 王琦, 倪明, 等. 电力和信息通信系统混合仿真方法综述[J]. 电力系统自动化, 2015, 39(23):33-42 TANG Yi, WANG Qi, NI Ming, et al. Review on the hybrid simulation methods for power and communication system[J]. Automation of Electric Power Systems, 2015, 39(23):33-42
[3] 钟志琛, 尚方, 刘生. 新一代信息安全防护体系架构研究[J]. 中国电力, 2016, 49(增刊1):16-20. ZHONG Zhichen, SHANG Fang, LIU Sheng. Study on architecture of a new generation of intelligent trusted information security system[J]. Electric Power, 2016, 49(S1):16-20.
[4] 王宇飞, 徐志博, 王婧. 层次化电力信息网络威胁态势评估方法[J]. 中国电力, 2013, 46(7):121-125 WANG Yufei, XU Zhibo, WANG Jing. Hierarchical cyber-threat situation evaluation method for electric power information network[J]. Electric Power, 2013, 46(7):121-125
[5] 汤奕, 陈倩, 李梦雅, 等. 电力信息物理融合系统环境中的网络攻击研究综述[J]. 电力系统自动化, 2016, 40(17):59-69 TANG Yi, CHEN Qian, LI Mengya, et al. Overview on cyber-attacks against cyber physical power system[J]. Automation of Electric Power Systems, 2016, 40(17):59-69
[6] 王栋, 陈传鹏, 颜佳, 等. 新一代电力信息网络安全架构的思考[J]. 电力系统自动化, 2016, 40(2):6-11 WANG Dong, CHEN Chuanpeng, YAN Jia, et al. Pondering a new-generation security architecture model for power information network[J]. Automation of Electric Power Systems, 2016, 40(2):6-11
[7] 杨明, 韩学山, 梁军, 等. 计及网络安全约束及用户停电损失的动态经济调度方法[J]. 电力系统自动化, 2009, 33(14):27-31 YANG Ming, HAN Xueshan, LIANG Jun, et al. A method for dynamic economic dispatch considering network security constraints and customer interruption costs[J]. Automation of Electric Power Systems, 2009, 33(14):27-31
[8] 陈竟成, 黄瀚. 印度大停电事故分析与启示[J]. 中国电力, 2012, 45(10):12-16 CHEN Jingcheng, HUANG Han. Analysis and revelation from blackout events in India[J]. Electric Power, 2012, 45(10):12-16
[9] 李保杰, 刘岩, 李洪杰, 等. 从乌克兰停电事故看电力信息系统安全问题[J]. 中国电力, 2017, 50(5):71-77 LI Baojie, LIU Yan, LI Hongjie, et al. Enlightenment on the security of cyber information system under smart grid from ukraine blackout[J]. Electric Power, 2017, 50(5):71-77
[10] 赵翔宇, 王成亮, 姚刚, 等.基于南网事故调规的电网在线事故风险预警系统设计与开发应用[J]. 中国电力, 2016, 49(增刊1):62-66. ZHAO Xiangyu, WANG Chengliang, YAO Gang, et al. Research and application of power system on-line risk early-warning system based on CSG accident investigation procedures[J]. Electric Power, 2016, 49(S1):62-66.
[11] 章锐, 刘道伟, 陈树勇, 等. 信息驱动的大电网全景安全防御系统可视化设计[J]. 电力信息与通信技术, 2016, 14(12):46-51 ZHANG Rui, LIU Daowei, CHEN Shuyong, et al. Design of information-driven panoramic security defense system visualization for large-scale power grid[J]. Electric Power ICT, 2016, 14(12):46-51
[12] 刘道伟, 张东霞, 孙华东, 等. 时空大数据环境下的大电网定态势量化评估与自适应防控体系构建[J]. 中国电机工程学报, 2015, 35(2):268-276 LIU Daowei, ZHANG Dongxia, SUN Huadong, et al. Construction of stability situation quantitative assessment and adaptive control system for large-scale power grid in the spatiotemporal big data environment[J]. Proceedings of the CSEE, 2015, 35(2):268-276
[13] 朱梦影, 徐蕾. 基于攻击图与报警相似性的混合报警关联模型[J]. 计算机应用, 2014, 34(1):108-112 ZHU Mengying, XU Lei. Hybrid model of alert correlation based on attack graph and alert similarity[J]. Journal of Computer Application, 2014, 34(1):108-112
[14] 刘威歆, 郑康锋, 武斌, 等. 基于攻击图的多源告警关联分析方法[J]. 通信学报, 2015, 36(9):135-144 LIU Weixin, ZHENG Kangfeng, WU Bin, et al. Alert processing based on attack graph and multi-source analyzing[J]. Journal on Communications, 2015, 36(9):135-144
[15] 杨楠. 基于关联规则Apriori算法的Web日志挖掘研究与实现[D]. 成都:成都理工大学, 2012. YANG Nan. Research and implementation of Web log mining based on association of rules Apriori algorithm[D]. Chengdu:Chengdu University of Technology, 2012.
[16] 刘敬, 谷利泽, 钮心忻, 等. 基于神经网络和遗传算法的网络安全事件分析方法[J]. 北京邮电大学学报, 2015, 38(2):50-54 LIU Jing, GU Lize, NIU Xinxin, et al. Network security events analyze method based on neural networks and genetic algorithm[J]. Journal of Beijing University of Posts and Telecommunications, 2015, 38(2):50-54
[17] 冯鑫.日志解析系统的设计与实现[D]. 大连:大连理工大学, 2013. FENG Xing. The design and realization of log parsing system[D]. Dalian:Dalian University of Technology, 2013.
[18] 邵熠阳, 薛一波, 李军. 基于并行协议解析的网络流量识别方法[J]. 中国通信, 2014, 11(10):106-116 SHAO Yiyang, XUE Yibo, LI Jun. PPP:Towards parallel protocol parsing[J]. Network Technology and Applications, 2014, 11(10):106-116
[19] 周艳丽. 基于攻击图的网络报警关联及度量选择技术研究[D]. 南昌:江西理工大学, 2016. ZHOU Yanli. Research on network alert correlation and counter measure selection based on attack graph[D]. Nanchang:Jiangxi University of Science and Technology, 2016.
[20] 张淑英. 网络安全事件关联分析与态势评测技术研究[D]. 长春:吉林大学, 2012. ZHANG Shuying. Network security event correlation analysis and situation assessment prediction technology research[D]. Changchun:Jilin University,2012.