|Table of Contents|

Hierarchical association analysis method in industrialcontrol cyber attack scenario of power grid(PDF)

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

Issue:
2020年06期
Page:
715-723
Research Field:
Publishing date:

Info

Title:
Hierarchical association analysis method in industrialcontrol cyber attack scenario of power grid
Author(s):
Fei Jiaxuan1Pei Pei2Zhang Ming2Sun Jiawei2
1.State Grid Key Laboratory of Information and Network Security,Global Energy Interconnection ResearchInstitute Co.,Ltd.,Nanjing 210003,China; 2.State Grid Jiangsu Electric Power Co.,Ltd.,Nanjing 210003,China
Keywords:
power grid industrial control attack scenarios hierarchical correlation spatial-temporal correlation Bayesian classification attribute similarity source grid load
PACS:
TM721
DOI:
10.14177/j.cnki.32-1397n.2020.44.06.011
Abstract:
To improve the accuracy and efficiency of malicious attack event identification,a hierarchical correlation analysis method is proposed for industrial control cyber attack scenarios of power grids. Firstly,the typical attack scenarios in power grids are analyzed,and the abnormal information collected from all levels of power grids and the abnormal events generated are sorted out. Secondly,a hierarchical association analysis process of power grids is constructed,and a hierarchical association analysis model based on Apriori is proposed. Frequent itemsets at all levels of power grids are refined,and the association rules under each attack scenario of power grids are generated based on spatio-temporal association. Thirdly,the Bayesian model is improved,and a weighted Bayesian classification model is proposed to realize fast classification of online events according to attack scenarios. Fourthly,an association matching method based on attribute similarity is proposed to achieve high-speed matching of association rules. Finally,the effectiveness of the proposed method is verified on the source grid load simulation experiment system. This method fully excavates the frequent itemsets of abnormal events at all levels of power grids,and correlates the frequent items in time and space,which further improves the identification accuracy of cyber attacks.

References:

[1] 俞海国,马先,徐有蕊,等. 电网工业控制系统安全威胁监测系统设计及应用[J]. 电力信息与通信技术,2016,14(7):76-80.
Yu Haiguo,Ma Xian,Xu Yourui,et al. Design and application of security threat monitoring system for power grid industrial control system[J]. Electric Power Information and Communication Technology,2016,14(7):76-80.
[2]倪震,李千目,郭雅娟. 面向电力大数据日志分析平台的异常监测集成预测算法[J]. 南京理工大学学报,2017,41(5):634-645.
Ni Zhen,Li Qianmu,Guo Yajuan. Ensemble forecasting algorithm for anomaly detection on electric-power big data log analysis platform[J]. Journal of Nanjing University of Science and Technology,2017,41(5):634-645.
[3]赵晨,关联规则挖掘算法的研究及应用[D]. 西安:西安电子科技大学计算机学院,2011.
[4]朱秋艳. 基于关联规则挖掘的网络告警关联[D]. 北京:北京邮电大学信息与通信工程学院,2008.
[5]李元林,文跃秀,王子力. 基于博弈论与灰色关联分析法的城市配电网安全综合评价[J]. 陕西电力,2013,41(10):5-9.
Li Yuanlin,Wen Yuexiu,Wang Zili. City level power grid security comprehensive evaluation based on game theory and grey relational analysis[J]. Shaanxi Electric Power,2013,41(10):5-9.
[6]崔明建,孙元章,杨军,等. 一种基于灰色面积关联分析的电网安全综合评价模型[J]. 电网技术,2013,37(12):3453-3460.
Cui Mingjian,Sun Yuanzhang,Yang Jun,et al. Power grid security comprehensive assessment based on multi-level grey area relational analysis[J]. Power System Technology,2013,37(12):3453-3460.
[7]Gao Wei,Morris T,Reaves B,et al. On SCADA control system command and response injection and intrusion detection[EB/OL]. https://ieeexplore. ieee. org/document/5706699,2020-11-06.
[8]罗毅,周创立,刘向杰. 多层次灰色关联分析法在火电机组运行评价中的应用[J]. 中国电机工程学报,2012,32(17):97-103.
Luo Yi,Zhou Chuangli,Liu Xiangjie. Application of the multi-level grey relational analysis method in operation assessment of thermal power units[J]. Proceedings of the CSEE,2012,32(17):97-103.
[9]杨楠. 基于关联规则Apriori算法的Web日志挖掘研究与实现[D]. 成都:成都理工大学信息工程学院,2012.
[10]程继华,施鹏飞. 多层次关联规则的有效挖掘算法[J]. 软件学报,1998,9(12):937-941.
Cheng Jihua,Shi Pengfei. Efficient mining algorithm for multiple-level association rules[J]. Journal of Software,1998,9(12):937-941.
[11]Borgelt C,Kruse R. Induction of association rules:Apriori implementation[EB/OL]. https://doi. org/10. 1007/978-3-642-57489-4_59,2020-11-06.
[12]陆丽娜,陈亚萍. 挖掘关联规则中Apriori算法的研究[J]. 小型微型计算机系统,2000,21(9):940-943.
Lu Lina,Chen Yaping. Research on the algorithm Apriori of mining association rules[J]. Mini-Micro Systems,2000,21(9):940-943.
[13]Spiegelhalter D,Rice K. Bayesian statistics[J]. Scholarpedia,2009,4(8):5230.
[14]王英英,罗毅,涂光瑜. 基于贝叶斯公式的似然比形式的配电网故障定位方法[J]. 电力系统自动化,2005,29(19):54-57.
Wang Yingying,Luo Yi,Tu Guangyu. Fault location based on Bayes probability likelihood ratio for distribution networks[J]. Automation of Electric Power Systems,2005,29(19):54-57.
[15]秦锋,任诗流,程泽凯,等. 基于属性加权的朴素贝叶斯分类算法[J]. 计算机工程与应用,2008,44(6):107-109.
Qin Feng,Ren Shiliu,Cheng Zekai. Attribute weighted naive Bayes classification[J]. Computer Engineering and Applications. 2008,44(6):107-109.

Memo

Memo:
-
Last Update: 2020-12-30