«Previous Article|Table of Contents|Next Article»

《南京理工大学学报》（自然科学版）[ISSN:1005-9830/CN:32-1397/N]

Issue:

2020年02期

Page:

185-193

Research Field:

Publishing date:

Info

Title:

Analytical method on power industrial control network command abnormality

Author(s):

Zhang Ming¹; Huang Xiuli²; Miao Weiwei¹; Pei Pei¹; Sun Jiawei¹

1.State Grid Jiangsu Electric Power Co Ltd,Nanjing 210000,China; 2.State Grid Key Laboratory of Information & Network Security,Global Energy Interconnection Research Institute Co Ltd,Nanjing 210003,China

Keywords:

protocol parsing;  source-network-load system;  command abnormality recognition

PACS:

TM721

DOI:

10.14177/j.cnki.32-1397n.2020.44.02.009

Abstract:

At present,the global energy internet construction,the ultra high voltage(UHV)power grid and distributed energy are booming. At the same time,new types of electric vehicles,such as electric vehicles and controllable users with the characteristics of“source”and“load”are constantly emerging. In the background of network-load interaction,the power industrial control network has many characteristics such as multiple levels,multiple types,frequent monitoring and control information,and frequent information exchange for monitoring and control.Therefore,various types of operational information and control commands are subject to the risks of eavesdropping,tampering and interruption during collection,transmission and triggering.This paper proposes a method to identify the abnormality of power industrial control network command.It analyzes the protocol for the specification format and business instruction characteristics of the 104 protocol,and realizes the mining of instruction-level anomaly features of the industrial control network through the isolated forest. Experiments demonstrate the effectiveness of the proposed method.

References:

[1] Ting K M,Zhu Y,Carman M,et al. Overcoming key weaknesses of distance-based neighbourhood methods using a data dependent dissimilarity measure[C]//Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. San Francisco,US:ACM,2016:1205-1214
[2]Liu J,Xiao Y,Li S,et al. Cyber security and privacy issues in smart grids[J]. IEEE Communications Surveys & Tutorials,2012,14(4):981-997.
[3]Schoitsch E,Schmittner C,Ma Z,et al. Advanced microsystems for automotive applications 2015[M]. Cham,Switzerland:Springer,2016:251-261.
[4]Taeihagh A,Lim H S M. Governing autonomous vehicles:Emerging responses for safety,liability,privacy,cybersecurity,and industry risks[J]. Transport Reviews,2018:1-26.
[5]Haque M S,Chowdhury M U. A new cyber security framework towards secure data communication for unmanned aerial vehicle(UAV)[C]//Security and Privacy in Communication Networks:SecureComm 2017 International Workshops,ATCS and SePrIoT. Ontario,Canada:Springer International Publishing,2018:113-122.
[6]Li Q M,Hou J,Qi Y. A classification matching and conflict resolution method on meteorological disaster monitoring information[J]. Disaster Advances,2013,6(2):415-421.
[7]Li Q M. Multiple QoS constraints finding paths algorithm in TMN[J]. Information,2011,14(3):731-737.
[8]Li Q M,Zhang H. Information security risk assessment technology of cyberspace:A review[J]. Information,2012,15(11):677-683.
[9]Liu Feitony,Kai Mingting,Zhou Zhihua. Isolation forest[C]//Proceedings of the 8th IEEE International Conference on Data Mining(ICDM 2008). Pisa,Italy:IEEE,2008:413-422.
[10]Liu Feitony,Kai Mingting,Zhou Zhihua. Isolation-based anomaly detection[J]. ACM Transactions on Knowledge Discovery from Data(TKDD),2012,6(1):31-39.
[11]Li Q M,Li J. Rough outlier detection based security risk analysis methodology[J]. China Communications,2012,9(7):14-21.
[12]孙新程,孔建寿,刘钊. 基于核主成分分析与改进神经网络的电力负荷中期预测模型[J]. 南京理工大学学报,2018,42(3):5-11.
Sun Xincheng,Kong Jianshou,Liu Zhao.Middle-term power load forecasting model based on kernel principal component analysis and improved neural network[J]. Journal of Nanjing University of Science and Technology,2018,42(3):5-11.

Memo

Memo:

-

Common functions

Last Update: 2020-04-20