变电监控系统网络安全威胁指标研究综述与展望
CSTR:
作者:
作者单位:

(1.国网河南省电力公司调度控制中心,河南 郑州 450052;2.长沙理工大学电气与信息工程学院,湖南 长沙 410114;3.国网河南省电力公司电力科学研究院,河南 郑州 450052)

通讯作者:

畅广辉(1976—),男,教授级高级工程师,主要从事电力系统自动化研究;E?mail:sw612@126.com

中图分类号:

TM863

基金项目:

国网河南省电力公司科研项目(SGHADK00DWJS2200211)


Review and prospect on cyber threat indicators of substation monitoring system
Author:
Affiliation:

(1.Dispatching Control Center,State Grid Henan Electric Power Company, Zhengzhou 450052, China; 2. School of Electrical & Information Engineering, Changsha University of Science & Technology, Changsha 410114, China; 3.Electric Power Research Institute,State Grid Henan Electric Power Company, Zhengzhou 450052, China)

  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [48]
  • | | | |
  • 文章评论
    摘要:

    网络安全威胁指标(cyber threat indicators,CTIs)是描述或识别网络空间安全威胁所必需的信息,有效表征和刻画攻击行为的CTIs是保障网络安全的基础。与通用信息系统相比,变电监控系统所需应对攻击的强度和能力水平有显著差异,掌握有专业知识的有组织攻击可以通过供应链攻击等方式潜入生产控制区,因为能够突破身份权限管理限制,并不一定会引起安全告警。因此,沿用通用信息系统的CTIs难以准确检测针对变电监控系统定向设计的高隐蔽性网络攻击。为此,首先综述通用信息系统的传统CTIs;然后分析既有结合变电监控系统特点设计的CTIs。在此基础上,针对高隐蔽性安全威胁检测难题,利用变电监控系统的各业务系统按确定流程规则执行业务、一次系统状态以及二次系统通信与告警间具有强耦合性的特点,对基于合规性的变电站CTIs提取设计进行展望,有望准确刻画不触发告警但违反业务规则的高隐蔽性安全威胁,为进一步提高安全防护能力奠定基础。

    Abstract:

    Cyber threat indicators (CTIs) refer to the information necessary to describe or identify cybersecurity threats in cyberspace. Effective CTIs that represent and depict attack behaviors are the foundation for ensuring cybersecurity. Compared with general information systems, the intensity and capability level of attacks that substation monitoring and control systems need to address exhibit significant differences. Organized attacks carried out by individuals with professional knowledge can infiltrate production control areas through supply chain attacks, bypass identity and access management restrictions, and may not necessarily trigger security alerts. Therefore, using CTIs designed for general information systems is inadequate for accurately detecting highly concealed cyber attacks specifically targeted at substation monitoring and control systems. To address this, the traditional CTIs of general information systems are first summarized, and then the existing CTIs designed in conjunction with the characteristics of substation monitoring and control systems are analyzed. Based on this, in response to the challenge of detecting highly concealed security threats, the design and extraction of substation-based CTIs focusing on compliance are anticipated, considering aspects such as the execution of tasks by various business systems in the substation monitoring and control system according to established process rules, and the strong coupling between the primary system status and the communication and alerting of the secondary system. This approach is expected to accurately characterize highly concealed security threats that do not trigger alerts but violate business rules, laying the groundwork for further enhancing security protection capabilities.

    参考文献
    [1] UMARA N,ZAHID A,TEHMINA A,et al.A machine learning-based FinTech cyber threat attribution framework using high-level indicators of compromise[J].Future Generation Computer Systems,2019,96:227-242.
    [2] 崔琳,杨黎斌,何清林,等.基于开源信息平台的威胁情报挖掘综述[J].信息安全学报,2022,7(1):1-26. CUI Lin,YANG Libin,HE Qinglin,et al.Survey of cyber threat intelligence mining based on open source information platform[J].Journal of Cyber Security,2022,7(1):1-26.
    [3] 杨安,孙利民,王小山,等.工业控制系统入侵检测技术综述[J].计算机研究与发展,2016,53(9):2039-2054. YANG An,SUN Limin,WANG Xiaoshan,et al.Intrusion detection techniques for industrial control systems[J].Journal of Computer Research and Development,2016,53(9):2039-2054.
    [4] 李田,苏盛,杨洪明,等.电力信息物理系统的攻击行为与安全防护[J].电力系统自动化,2017,41(22):162-167. LI Tian,SU Sheng,YANG Hongming,et al.Attacks and cyber security defense in cyber-physical power system[J].Automation of Electric Power Systems,2017,41(22):162-167.
    [5] 童晓阳.基于可信计算的广域保护与变电站通信安全防御策略[J].电力系统自动化,2011,35(20):53-58. TONG Xiaoyang.Proactive defense strategies for wide-area protection and substation communication based on trusted computing[J].Automation of Electric Power Systems,2011,35(20):53-58.
    [6] 于杨,姚浩,习伟,等.具有主动免疫能力的电力终端内嵌入式组件解决方案[J].南方电网技术,2020,14(1):65-73. YU Yang,YAO Hao,XI Wei,et al.Solution scheme of embedded component with active immunity for electric power terminals[J].Southern Power System Technology,2020,14(1):65-73.
    [7] 叶夏明,文福拴,尚金成,等.电力系统中信息物理安全风险传播机制[J].电网技术,2015,39(11):3072-3079. YE Xiaming,WEN Fushuan,SHANG Jincheng,et al.Propagation mechanism of cyber physical security risks in power systems[J].Power System Technology,2015,39(11):3072-3079.
    [8] 彭勇,江常青,向憧,等.关键基础设施信息物理攻击建模和影响评价[J].清华大学学报(自然科学版),2013,53(12):1653-1663. PENG Yong,JIANG Changqing,XIANG Chong,et al.Cyber-physical attack modeling and impact on critical infrastructure.Journal of Tsinghua University(Science and Technology),2013,53(12):1653-1663.
    [9] 彭勇,江常青,谢丰,等.工业控制系统信息安全研究进展[J].清华大学学报(自然科学版),2012,52(10):1396-1408. PENG Yong,JIANG Changqing,XIE Feng,et al.Industrial control system cybersecurity research[J].Journal of Tsinghua University(Science and Technology),2012,52(10):1396-1408.
    [10] 单瑞卿,盛阳,苏盛,等.考虑攻击方身份的电力监控系统网络安全风险分析[J].电力科学与技术学报,2022,37(5):3-16. SHAN Ruiqing,SHENG Yang,SU Sheng,et al.Risk analysis of power system cyber security considering identity of malicious adversaries.Journal of Electric Power Science and Technology,2022,37(5):3-16.
    [11] 郎平.从俄乌冲突看网络空间武器化及其影响[EB/OL].http://iwep.cssn.cn/xscg/xscg_sp/202208/t20220802_ 5445851.shtml,2022-08-02.
    [12] 苏盛,吴长江,马钧,等.基于攻击方视角的电力CPS网络攻击模式分析[J].电网技术,2014,38(11):3115-3120. SU Sheng,WU Changjiang,MA Jun,et al.Analysis of power CPS network attack mode based on the attacker's perspective[J].Power System Technology,2014,38(11):3115-3120.
    [13] 肖鹏,王柯强,黄振林.基于IABC和聚类优化RBF神经网络的电力信息网络安全态势评估[J].智慧电力,2022,50(6):100-106. XIAO Peng,WANG Keqiang,HUANG Zhenlin.Security situation assessment of power information network based on IABC & clustering optimized RBF neural network[J].Smart Power,2022,50(6):100-106.
    [14] 杨杰,郭逸豪,郭创新,等.考虑模型与数据双重驱动的电力信息物理系统动态安全防护研究综述[J].电力系统保护与控制,2022,50(7):176-187. YANG Jie, GUO Yihao, GUO Xinhua, et al.A review of dynamic security protection on a cyber physical power system considering model and data driving[J].Power System Protection and Control,2022,50(7):176-187.
    [15] 王宇飞,赵婷,李韶瑜,等.采用改进最小闭包球向量机的电力信息网络入侵检测方法[J].电网技术,2013,37(9):2675-2680. WANG Yufei,ZHAO Ting,Ll Shaoyu,et al.An intrusion detection method for electric power information network based on improved minimum enclosing ball vector machine[J].Power System Technology,2013,37(9):2675-2680.
    [16] 刘权莹,李俊娥,倪明,等.电网信息物理系统态势感知:现状与研究构想[J].电力系统自动化,2019,43(19):9-21. LIU Quanying,LI Jun'e,NI Ming,et al.Situation awareness of grid cyber-physical system:current situation and research ideas[J].Automation of Electric Power Systems,2019,43(19):9-21.
    [17] 于群,李浩,屈玉清.基于深度神经网络和内外部因素的大电网安全态势感知研究[J].电测与仪表,2022,59(2):16-23. YU Qun,LI Hao,QU Yuqing.Research on security situation awareness of large power grid based on deep neural network and internal and external factors[J].Electrical Measurement & Instrumentation,2022,59(2):16-23.
    [18] 龚俭,臧小东,苏琪,等.网络安全态势感知综述[J].软件学报,2017,28(4):1010-1026. GONG Jian,ZANG Xiaodong,SU Qi,et al.Survey of network security situation awareness[J].Journal of Software,2017,28(4):1010-1026.
    [19] 刘效武,王慧强,吕宏武,等.网络安全态势认知融合感控模型[J].软件学报,2016,27(8):2099-2114. LIU Xiaowu,WANG Huiqiang,Lü Hongwu,et al.Fusion-based cognitive awareness-control model for network security situation[J].Journal of Software,2016,27(8):2099-2114.
    [20] 钱斌,蔡梓文,肖勇,等.基于模糊推理的计量自动化系统网络安全态势感知[J].南方电网技术,2019,13(2):51-58. QIAN Bin,CAI Ziwen,XIAO Yong,et al.Fuzzy Inference based cyber security situation awareness of advanced metering system[J].Southern Power System Technology,2019,13(2):51-58.
    [21] BASU C,PADMANABAN M,GUILLON S,et al.Situational awareness for the electrical power grid[J].IBM Journal of Research & Development,2016,60(1):1-10.
    [22] 陶士全,王自成,李广华,等.基于IEC 62351的安全通信对站控层通信性能的影响[J].电力系统自动化,2018,42(23):155-158. TAO Shiquan,WANG Zicheng,LI Guanghua,et al.Effect of IEC 62351 based security communication on communication performance of station level[J].Automation of Electric Power Systems,2018,42(23):155-158.
    [23] 胡国,梅德冬.智能变电站采样值报文安全分析与实现[J].中国电机工程学报,2017,37(8):2215-2222. HU Guo,MEI Dedong.Research and application on network security of SMV in smart substation[J].Proceeding of CSEE,2017,37(8):2215-2222.
    [24] 席禹,邹俊雄,蔡泽祥,等.基于报文识别与流量管控的智能变电站保护控制信息安全防护方法[J].电网技术,2017,41(2):624-629. XI Yu,ZOU Junxiong,CAI Zexiang,et al.Information security protection method for smart substation communication network based on message identification and flow control.Power System Technology,2017,41(2):624-629.
    [25] 王文博,刘绚,张博,等.基于协议特征的电力工控网络流量异常行为检测方法[J].电力系统自动化,2023,47(2):137-145. WANG Wenbo,LIU Xuan,ZHANG Bo,et al. Protocol characteristics based detection method for abnormal flow behavior in electric power industrial control network[J]. Automation of Electric Power Systems,2023,47(2):137-145.
    [26] 王文博,刘绚,张博,等.基于协议特征的电力工控网络流量异常行为检测方法[J].电力系统自动化,2023,47(2):137-145. WANG Wenbo,LIU Xuan,ZHANG Bo,et al.Protocol characteristics based detection method for abnormal flow behavior in electric power industrial control network[J].Automation of Electric Power Systems,2023,47(2):137-145.
    [27] 王坤,苏盛,左剑,等.变电站自动化系统扰动同步协同攻击及防护分析[J].电网技术,2021,45(11):4452-4461. WANG Kun,SU Sheng,ZUO Jian,et al.Synchronous disturbance coordinated attack and analysis of defense for substation automation system.Power System technology,2021,45(11):4452-4461.
    [28] 郝唯杰,杨强,李炜.基于FARIMA模型的智能变电站通信流量异常分析[J].电力系统自动化,2019,43(1):158-167. HAO Weijie,YANG Qiang,LI Wei.FARIMA model based analysis of communication traffic anomaly in smart substation[J].Automation of Electric Power Systems,2019,43(1):158-167.
    [29] 杨挺,侯昱丞,赵黎媛,等.基于时—频域混合特征的变电站通信网异常流量检测方法[J].电力系统自动化,2020,44(16):79-86. YANG Ting,HOU Yucheng,ZHAO Liyuan,et al.Abnormal traffic detection method of substation communication network based on time-frequency domain mixed features[J].Automation of Electric Power Systems,2020,44(16):79-86.
    [30] Defense Advanced Research Projects Agency.Reimaging the future of artificial intelligence for national security[EB/OL].https://www.darpa.mil/work-with-us/ai-forward,2024-07-07.
    [31] 李伟,霍雪松,张明,等.基于残差全连接神经网络的电力监控系统异常行为检测方法[J].东南大学学报(自然科学版),2020,50(6):1062-1068. LI Wei,HUO Xuesong,ZHANG Ming,et al.Abnormal behavior detection method for power monitoring system based on fully connected residual neural network[J].Journal of Southease University (Natural Science Edition),2020,50(6):1062-1068.
    [32] 王蓓,韩俊飞,李勇,等.基于智能监控平台的电网安全预警技术研究[J].电网与清洁能源,2023,39(6):33-38. WANG Bei,HAN Junfei,LI Yong,et al. Research on power grid security early warning technology based on intelligent monitoring platform[J].Power System and Clean Energy,2023,39(6):33-38.
    [33] TEN C,HONG J,LIU C.Anomaly detection for cybersecurity of the substations[J].IEEE Transations Smart Grid,2011,2(4):865-873.
    [34] 王坤,苏盛,赵奕,等.变电站自动化系统时间同步协同攻击的检测与防护方法[J].电力系统自动化,2021,45(6):231-239. WANG Kun,SU Sheng,ZHAO Yi et al.Detection and protection method for time-synchronized coordinated cyber-attack on substation automation system[J].Automation of Electric Power Systems,2021,45(6):231-239.
    [35] 夏云舒,王勇,周林,等.基于改进生成对抗网络的虚假数据注入攻击检测方法[J].电力建设,2022,43(3):58-65. XIA Yunshu,WANG Yong,ZHOU Lin,et al. False data injection attack detection method based on improved generative adversarial network[J]. Electric Power Construction,2022,43(3):58-65.
    [36] 高昆仑,王宇飞,赵婷.电网信息物理系统运行中信息—物理交互机理探索[J].电网技术,2018,42(10):3101-3109. GAO Kunlun,WANG Yufei,ZHAO Ting.Exploration of cyber-physical interaction mechanism in power grid cyber-physical systems operation[J].Power System Technology,2018,42(10):3101-3109.
    [37] 刘权莹.考虑网络攻击的有源配电网运行态势感知研究[D].武汉:武汉大学,2019. LIU Quanying.Situation awareness of active distribution network considering cyber-attack[D].Wuhan:Wuhan University,2019.
    [38] 周睿.网络攻击下电力CPS态势分析和网络异常辨识[D].南京:南京邮电大学,2021. ZHOU Rui.Power CPS situation analysis and network anomaly identification under cyber attack[D].Nanjing:Nanjing University of Posts and Telecommunications,2021.
    [39] GHAFOURI M,AU M,KASSOUF M,et al.Detection and mitigation of cyber attacks on voltage stability monitoring of smart grids[J].IEEE Transactions on Smart Grid,2020,11(6):5227-5238.
    [40] GANJKHANI M,GILANIFAR M,GIRALDO J,et al.Integrated cyber and physical anomaly location and classification in power distribution systems[J].IEEE Transactions on Industrial Informatics,2021,17(10):7040-7049.
    [41] ROY P,BHATTACHARJEE S,ABEDZADEH S,et al.Noise resilient learning for attack detection in smart grid PMU infrastructure[J].IEEE Transactions on Dependable and Secure Computing,2024,21(2):618-635.
    [42] 陈清清,苏盛,畅广辉,等.电力信息物理系统内部威胁研究综述[J].南方电网技术,2022,16(6):1-13. CHEN Qingqing,SU Sheng,CHANG Guanghui,et al.Review on the research of insider threat of cyber physical power system[J].Southern Power System Technology,2022,16(6):1-13.
    [43] 赖英旭,刘增辉,蔡晓田,等.工业控制系统入侵检测研究综述[J].通信学报,2017,38(2):143-156. LAI Yingxu,LIU Zenghui,CAI Xiaotian,et al.Research on intrusion detection of industrial control system[J].Journal on Communications,2017,38(2):143-156.
    [44] 杨安,胡堰,周亮,等.基于信息流和状态流融合的工控系统异常检测算法[J].计算机研究与发展,2018,55(11):2532-2542. YANG An,HU Yan,ZHOU Liang,et al.An industrial control system anomaly detection algorithm fusion by information flow and state flow[J].Journal of Computer Research and Development,2018,55(11):2532-2542.
    [45] 孙国强,沈培锋,赵扬,等.融合知识库和深度学习的电网监控告警事件智能识别[J].电力自动化设备,2020,40(4):40-47. SUN Guoqiang,SHEN Peifeng,ZHAO Yang,et al.Intelligent recognition of power grid monitoring alarm event combining knowledge base and deep learning[J].Electric Power Automation Equipment,2020,40(4):40-47.
    [46] 文福拴,韩祯祥.基于模拟进化理论的电力系统的故障诊断[J].电工技术学报,1994,9(2):57-63. WEN Fushuan,HAN Zhenxiang.Fault section estimation in power systems using simulated evolution[J].Transactions of China Electrotechnical Society,1994,9(2):57-63.
    [47] 刘绚,严康,于宗超.电力调度操作指令安全校验方法及系统[P].中国专利:CN202011590065.8,2020-12-29. LIU Xun,YAN Kang,YU Zongchao.Safety check method and system of power dispatching operation instruction[P].Chinese Patent:CN202011590065.8,2020-12-29.
    [48] 王海翔,朱朝阳,王宇,等.基于业务逻辑的电力业务报文攻击识别方法[J].电力自动化设备,2020,40(8):217-226. WANG Haixiang,ZHU Chaoyang,WANG Yu,et al.Identification method of power service packet attacks based on service logic[J].Electric Power Automation Equipment,2020,40(8):217-226.
    相似文献
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

李翔硕,畅广辉,苏 盛,等.变电监控系统网络安全威胁指标研究综述与展望[J].电力科学与技术学报,2024,39(4):1-10.
LI Xiangshuo, CHANG Guanghui, SU Sheng, et al. Review and prospect on cyber threat indicators of substation monitoring system[J]. Journal of Electric Power Science and Technology,2024,39(4):1-10.

复制
分享
文章指标
  • 点击次数:228
  • 下载次数: 921
  • HTML阅读次数: 0
  • 引用次数: 0
历史
  • 在线发布日期: 2024-09-10
文章二维码