-
摘要:
针对智能电网嵌入式设备由于计算、存储资源有限而造成的对网络攻击行为应对不足,安全评估手段薄弱等问题,提出了面向智能电网嵌入式设备的网络攻击行为动态评估方法。使用安全控制模块对实际嵌入式设备通信数据流进行解析与判别,利用组件动态可信度量分析方法在嵌入式系统模拟机中对攻击行为安全影响进行安全检测评估,通过对平台配置属性、平台运行属性及用户认证属性3个方面属性进行全过程动态综合度量,得出最终网络攻击行为安全评估结果。通过在配电自动化及用电信息采集系统真实环境下进行测试,针对嵌入式设备常见的攻击行为,检测方法的准确率能够达到90%以上,具备较好的安全评估精度,与此同时实现了自身安全性的有效提升。
Abstract:Due to the limited computing and storage resources, the smart grid embedded devices cannot deal with the network attacks effectively and the security assessment method is weak. In order to solve these problems, a dynamic network attack behavior evaluation method for smart grid embedded devices is proposed. This method uses the security control module to analyze the communication data stream of the actual embedded device, and conduct security detection evaluation of the impact of the attack behavior in the embedded system simulator by using the component dynamic trust measurement. The final security evaluation result of the network attacks is obtained based on the whole process dynamic comprehensive measurement of the platform configuration property, the platform operation attribute and the user authentication attribute. The method is tested in the actual environment of the power distribution automation system and the power utilization information collection system. The results show that, aimed at the common attacks against the embedded devices, accuracy rate of the proposed detection method can reach more than 90%. This method provides good safety assessment accuracy, and meanwhile achieves effective upgrade of its own security.
-
表 1 攻击防御测试
Table 1. Attack protection test
攻击类型 攻击样本数量 成功次数 命令执行 1 103 0 畸形数据 476 0 内存溢出 234 0 内核提权 16 0 拒绝服务 18 920 0 -
[1] 何金栋, 王宇, 赵志超, 等. 智能变电站嵌入式终端的网络攻击类型研究及验证[J]. 中国电力, 2020, 53(1): 81-91. https://www.cnki.com.cn/Article/CJFDTOTAL-ZGDL202001011.htmHE J D, WANG Y, ZHAO Z C, et al. Type and verification of network attacks on embedded terminals of intelligent substation[J]. Electric Power, 2020, 53(1): 81-91(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-ZGDL202001011.htm [2] 梅文明, 李美成, 孙炜, 等. 一种面向分布式新能源网络的终端安全接入技术[J]. 电网技术, 2020, 44(3): 953-961. https://www.cnki.com.cn/Article/CJFDTOTAL-DWJS202003018.htmMEI W M, LI M C, SUN W, et al. Terminal security access technology for distributed new energy networks[J]. Power System Technology, 2020, 44(3): 953-961(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-DWJS202003018.htm [3] 王宇, 李俊娥, 周亮, 等. 针对嵌入式终端安全威胁的电力工控系统自愈体系[J]. 电网技术, 2020, 44(9): 3582-3594. https://www.cnki.com.cn/Article/CJFDTOTAL-DWJS202009048.htmWANG Y, LI J E, ZHOU L, et al. A self-healing architecture for power industrial control systems against security threats to embedded terminals[J]. Power System Technology, 2020, 44(9): 3582-3594(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-DWJS202009048.htm [4] 李田, 苏盛, 杨洪明, 等. 电力信息物理系统的攻击行为与安全防护[J]. 电力系统自动化, 2017, 41(22): 162-167. https://www.cnki.com.cn/Article/CJFDTOTAL-DLXT201722022.htmLI T, SU S, YANG H M, et al. Attacks and cyber security defense in cyber-physical power system[J]. Automation of Electric Power Systems, 2017, 41(22): 162-167(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-DLXT201722022.htm [5] 周敦凯. 基于可信计算的嵌入式系统安全设计[J]. 自动化与仪器仪表, 2020(10): 81-84. https://www.cnki.com.cn/Article/CJFDTOTAL-ZDYY202010019.htmZHOU D K. Security design of embedded system based on trusted computing[J]. Automation & Instrumentation, 2020(10): 81-84(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-ZDYY202010019.htm [6] FRAGOULI C, PRABHAKARAN V M, CZAP L, et al. Wireless network security: Building on erasures[J]. Proceedings of the IEEE, 2015, 103(10): 1826-1840. doi: 10.1109/JPROC.2015.2438312 [7] 章锐, 费稼轩, 石聪聪, 等. 特定攻击场景下源网荷系统恶意攻击关联分析方法[J]. 中国电力, 2019, 52(10): 1-10. https://www.cnki.com.cn/Article/CJFDTOTAL-ZGDL201910001.htmZHANG R, FEI J X, SHI C C, et al. Malicious attack correlation analysis method of source-grid-load system under specific attack scenarios[J]. Electric Power, 2019, 52(10): 1-10(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-ZGDL201910001.htm [8] 陈晋音, 徐轩桁, 苏蒙蒙. 基于自适应免疫计算的网络攻击检测研究[J]. 计算机科学, 2018, 45(S1): 364-370. https://www.cnki.com.cn/Article/CJFDTOTAL-JSJA2018S1080.htmCHEN J Y, XU X Y, SU M M. Research on network attack detection based on self-adaptive immune computing[J]. Computer Science, 2018, 45(S1): 364-370(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-JSJA2018S1080.htm [9] 李小雨, 王怀彬. 基于Renyi交叉熵与CVSS的网络安全态势评估模型[J]. 天津理工大学学报, 2019, 35(5): 12-17. https://www.cnki.com.cn/Article/CJFDTOTAL-TEAR201905003.htmLI X Y, WANG H B. Thenetwork security situation assessment model based on Renyi cross entropy and CVSS[J]. Journal of Tianjin University of Technology, 2019, 35(5): 12-17(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-TEAR201905003.htm [10] 曾颖明, 谢小权, 吴明杰, 等. 一种面向网络系统安全度量的攻击检测方法: CN109167794B[P]. 2021-05-14.ZENG Y M, XIE X Q, WU M J, et al. An attack detection method for network system security measurement: CN109167794B[P]. 2021-05-14(in Chinese). [11] 莫坚松, 张之刚, 牛霜霞, 等. 智能电网嵌入式设备网络检测评估系统与检测评估方法: CN103905450B[P]. 2017-05-31.MO J S, ZHANG Z G, NIU S X, et al. Smart grid embedded equipment network detection and evaluation system and detection and evaluation method: CN103905450B[P]. 2017-05-31(in Chinese). [12] WANG W, LIU J Q, PITSILIS G, et al. Abstracting massive data for lightweight intrusion detection in computer networks[J]. Information Sciences, 2018, 433-434: 417-430. [13] WANG W, SHANG Y Y, HE Y Z, et al. BotMark: Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors[J]. Information Sciences, 2020, 511: 284-296. [14] LI Y D, ZHANG L, LV Z, et al. Detecting anomalies in intelligent vehicle charging and station power supply systems with multi-head attention models[J]. IEEE Transactions on Intelligent Transportation Systems, 2021, 22(1): 555-564. [15] WANG W, WANG X, FENG D W, et al. Exploring permission-induced risk in Android applications for malicious application detection[J]. IEEE Transactions on Information Forensics and Security, 2014, 9(11): 1869-1882. [16] WANG W, LI Y Y, WANG X, et al. Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers[J]. Future Generation Computer Systems, 2018, 78: 987-994. [17] WANG X, WANG W, HE Y Z, et al. Characterizing Android apps' behavior for effective detection of malapps at large scale[J]. Future Generation Computer Systems, 2017, 75: 30-45. [18] WANG W, ZHAO M C, GAO Z Z, et al. Constructing features for detecting android malicious applications: Issues, taxonomy and directions[J]. IEEE Access, 2019, 7: 67602-67631. [19] 常朝稳, 徐江科. 终端行为可信评估及其访问控制方法研究[J]. 小型微型计算机系统, 2014, 35(3): 493-499. https://www.cnki.com.cn/Article/CJFDTOTAL-XXWX201403014.htmCHANG C W, XU J K. Research on behavior assessment and access control for terminal[J]. Journal of Chinese Computer Systems, 2014, 35(3): 493-499(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-XXWX201403014.htm [20] 徐江科. 信息系统终端用户行为可信评估研究[D]. 郑州: 解放军信息工程大学, 2012.XU J K. Research on trusted assessment of user behavior on information system terminal[D]. Zhengzhou: PLA Information Engineering University, 2012(in Chinese).