留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

面向智能电网嵌入式设备的网络威胁动态评估方法

吕卓 郭志民 陈岑 莫坚松 常朝稳

吕卓, 郭志民, 陈岑, 等 . 面向智能电网嵌入式设备的网络威胁动态评估方法[J]. 北京航空航天大学学报, 2022, 48(2): 324-330. doi: 10.13700/j.bh.1001-5965.2020.0398
引用本文: 吕卓, 郭志民, 陈岑, 等 . 面向智能电网嵌入式设备的网络威胁动态评估方法[J]. 北京航空航天大学学报, 2022, 48(2): 324-330. doi: 10.13700/j.bh.1001-5965.2020.0398
LYU Zhuo, GUO Zhimin, CHEN Cen, et al. A dynamic network threat evaluation method for smart grid embedded devices[J]. Journal of Beijing University of Aeronautics and Astronautics, 2022, 48(2): 324-330. doi: 10.13700/j.bh.1001-5965.2020.0398(in Chinese)
Citation: LYU Zhuo, GUO Zhimin, CHEN Cen, et al. A dynamic network threat evaluation method for smart grid embedded devices[J]. Journal of Beijing University of Aeronautics and Astronautics, 2022, 48(2): 324-330. doi: 10.13700/j.bh.1001-5965.2020.0398(in Chinese)

面向智能电网嵌入式设备的网络威胁动态评估方法

doi: 10.13700/j.bh.1001-5965.2020.0398
基金项目: 

国网公司科技项目 5700-202024193A-0-0-00

国家自然科学基金 U1736114

详细信息
    通讯作者:

    吕卓, E-mail: zhuanzhuan2325@sina.com

  • 中图分类号: TP391

A dynamic network threat evaluation method for smart grid embedded devices

Funds: 

State Grid Technology Project 5700-202024193A-0-0-00

National Natural Science Foundation of China U1736114

More Information
  • 摘要:

    针对智能电网嵌入式设备由于计算、存储资源有限而造成的对网络攻击行为应对不足,安全评估手段薄弱等问题,提出了面向智能电网嵌入式设备的网络攻击行为动态评估方法。使用安全控制模块对实际嵌入式设备通信数据流进行解析与判别,利用组件动态可信度量分析方法在嵌入式系统模拟机中对攻击行为安全影响进行安全检测评估,通过对平台配置属性、平台运行属性及用户认证属性3个方面属性进行全过程动态综合度量,得出最终网络攻击行为安全评估结果。通过在配电自动化及用电信息采集系统真实环境下进行测试,针对嵌入式设备常见的攻击行为,检测方法的准确率能够达到90%以上,具备较好的安全评估精度,与此同时实现了自身安全性的有效提升。

     

  • 图 1  面向智能电网嵌入式设备的网络威胁动态评估方法架构

    Figure 1.  Framework of dynamic network threat evaluation method for smart grid embedded devices

    图 2  多维度属性综合度量方法

    Figure 2.  Multi-dimensional attribute comprehensive measurement method

    图 3  实验网络结构

    Figure 3.  Experimental network structure

    图 4  攻击行为检测模型检测效果(高攻击频率)

    Figure 4.  Detection result of attack behavior detection model (high attack frequency)

    图 5  攻击行为检测模型检测效果(低攻击频率)

    Figure 5.  Detection result of attack behavior detection model (low attack frequency)

    表  1  攻击防御测试

    Table  1.   Attack protection test

    攻击类型 攻击样本数量 成功次数
    命令执行 1 103 0
    畸形数据 476 0
    内存溢出 234 0
    内核提权 16 0
    拒绝服务 18 920 0
    下载: 导出CSV
  • [1] 何金栋, 王宇, 赵志超, 等. 智能变电站嵌入式终端的网络攻击类型研究及验证[J]. 中国电力, 2020, 53(1): 81-91. https://www.cnki.com.cn/Article/CJFDTOTAL-ZGDL202001011.htm

    HE J D, WANG Y, ZHAO Z C, et al. Type and verification of network attacks on embedded terminals of intelligent substation[J]. Electric Power, 2020, 53(1): 81-91(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-ZGDL202001011.htm
    [2] 梅文明, 李美成, 孙炜, 等. 一种面向分布式新能源网络的终端安全接入技术[J]. 电网技术, 2020, 44(3): 953-961. https://www.cnki.com.cn/Article/CJFDTOTAL-DWJS202003018.htm

    MEI W M, LI M C, SUN W, et al. Terminal security access technology for distributed new energy networks[J]. Power System Technology, 2020, 44(3): 953-961(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-DWJS202003018.htm
    [3] 王宇, 李俊娥, 周亮, 等. 针对嵌入式终端安全威胁的电力工控系统自愈体系[J]. 电网技术, 2020, 44(9): 3582-3594. https://www.cnki.com.cn/Article/CJFDTOTAL-DWJS202009048.htm

    WANG Y, LI J E, ZHOU L, et al. A self-healing architecture for power industrial control systems against security threats to embedded terminals[J]. Power System Technology, 2020, 44(9): 3582-3594(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-DWJS202009048.htm
    [4] 李田, 苏盛, 杨洪明, 等. 电力信息物理系统的攻击行为与安全防护[J]. 电力系统自动化, 2017, 41(22): 162-167. https://www.cnki.com.cn/Article/CJFDTOTAL-DLXT201722022.htm

    LI T, SU S, YANG H M, et al. Attacks and cyber security defense in cyber-physical power system[J]. Automation of Electric Power Systems, 2017, 41(22): 162-167(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-DLXT201722022.htm
    [5] 周敦凯. 基于可信计算的嵌入式系统安全设计[J]. 自动化与仪器仪表, 2020(10): 81-84. https://www.cnki.com.cn/Article/CJFDTOTAL-ZDYY202010019.htm

    ZHOU D K. Security design of embedded system based on trusted computing[J]. Automation & Instrumentation, 2020(10): 81-84(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-ZDYY202010019.htm
    [6] FRAGOULI C, PRABHAKARAN V M, CZAP L, et al. Wireless network security: Building on erasures[J]. Proceedings of the IEEE, 2015, 103(10): 1826-1840. doi: 10.1109/JPROC.2015.2438312
    [7] 章锐, 费稼轩, 石聪聪, 等. 特定攻击场景下源网荷系统恶意攻击关联分析方法[J]. 中国电力, 2019, 52(10): 1-10. https://www.cnki.com.cn/Article/CJFDTOTAL-ZGDL201910001.htm

    ZHANG R, FEI J X, SHI C C, et al. Malicious attack correlation analysis method of source-grid-load system under specific attack scenarios[J]. Electric Power, 2019, 52(10): 1-10(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-ZGDL201910001.htm
    [8] 陈晋音, 徐轩桁, 苏蒙蒙. 基于自适应免疫计算的网络攻击检测研究[J]. 计算机科学, 2018, 45(S1): 364-370. https://www.cnki.com.cn/Article/CJFDTOTAL-JSJA2018S1080.htm

    CHEN J Y, XU X Y, SU M M. Research on network attack detection based on self-adaptive immune computing[J]. Computer Science, 2018, 45(S1): 364-370(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-JSJA2018S1080.htm
    [9] 李小雨, 王怀彬. 基于Renyi交叉熵与CVSS的网络安全态势评估模型[J]. 天津理工大学学报, 2019, 35(5): 12-17. https://www.cnki.com.cn/Article/CJFDTOTAL-TEAR201905003.htm

    LI X Y, WANG H B. Thenetwork security situation assessment model based on Renyi cross entropy and CVSS[J]. Journal of Tianjin University of Technology, 2019, 35(5): 12-17(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-TEAR201905003.htm
    [10] 曾颖明, 谢小权, 吴明杰, 等. 一种面向网络系统安全度量的攻击检测方法: CN109167794B[P]. 2021-05-14.

    ZENG Y M, XIE X Q, WU M J, et al. An attack detection method for network system security measurement: CN109167794B[P]. 2021-05-14(in Chinese).
    [11] 莫坚松, 张之刚, 牛霜霞, 等. 智能电网嵌入式设备网络检测评估系统与检测评估方法: CN103905450B[P]. 2017-05-31.

    MO J S, ZHANG Z G, NIU S X, et al. Smart grid embedded equipment network detection and evaluation system and detection and evaluation method: CN103905450B[P]. 2017-05-31(in Chinese).
    [12] WANG W, LIU J Q, PITSILIS G, et al. Abstracting massive data for lightweight intrusion detection in computer networks[J]. Information Sciences, 2018, 433-434: 417-430.
    [13] WANG W, SHANG Y Y, HE Y Z, et al. BotMark: Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors[J]. Information Sciences, 2020, 511: 284-296.
    [14] LI Y D, ZHANG L, LV Z, et al. Detecting anomalies in intelligent vehicle charging and station power supply systems with multi-head attention models[J]. IEEE Transactions on Intelligent Transportation Systems, 2021, 22(1): 555-564.
    [15] WANG W, WANG X, FENG D W, et al. Exploring permission-induced risk in Android applications for malicious application detection[J]. IEEE Transactions on Information Forensics and Security, 2014, 9(11): 1869-1882.
    [16] WANG W, LI Y Y, WANG X, et al. Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers[J]. Future Generation Computer Systems, 2018, 78: 987-994.
    [17] WANG X, WANG W, HE Y Z, et al. Characterizing Android apps' behavior for effective detection of malapps at large scale[J]. Future Generation Computer Systems, 2017, 75: 30-45.
    [18] WANG W, ZHAO M C, GAO Z Z, et al. Constructing features for detecting android malicious applications: Issues, taxonomy and directions[J]. IEEE Access, 2019, 7: 67602-67631.
    [19] 常朝稳, 徐江科. 终端行为可信评估及其访问控制方法研究[J]. 小型微型计算机系统, 2014, 35(3): 493-499. https://www.cnki.com.cn/Article/CJFDTOTAL-XXWX201403014.htm

    CHANG C W, XU J K. Research on behavior assessment and access control for terminal[J]. Journal of Chinese Computer Systems, 2014, 35(3): 493-499(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-XXWX201403014.htm
    [20] 徐江科. 信息系统终端用户行为可信评估研究[D]. 郑州: 解放军信息工程大学, 2012.

    XU J K. Research on trusted assessment of user behavior on information system terminal[D]. Zhengzhou: PLA Information Engineering University, 2012(in Chinese).
  • 加载中
图(5) / 表(1)
计量
  • 文章访问数:  416
  • HTML全文浏览量:  193
  • PDF下载量:  44
  • 被引次数: 0
出版历程
  • 收稿日期:  2020-08-09
  • 录用日期:  2020-12-18
  • 网络出版日期:  2022-02-20

目录

    /

    返回文章
    返回
    常见问答