[1]费稼轩,裴 培,张 明,等.电网工控网络攻击场景中的层次关联分析方法[J].南京理工大学学报(自然科学版),2020,44(06):715-723.[doi:10.14177/j.cnki.32-1397n.2020.44.06.011]
 Fei Jiaxuan,Pei Pei,Zhang Ming,et al.Hierarchical association analysis method in industrialcontrol cyber attack scenario of power grid[J].Journal of Nanjing University of Science and Technology,2020,44(06):715-723.[doi:10.14177/j.cnki.32-1397n.2020.44.06.011]
点击复制

电网工控网络攻击场景中的层次关联分析方法()
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
44卷
期数:
2020年06期
页码:
715-723
栏目:
出版日期:
2020-12-31

文章信息/Info

Title:
Hierarchical association analysis method in industrialcontrol cyber attack scenario of power grid
文章编号:
1005-9830(2020)06-0715-09
作者:
费稼轩1裴 培2张 明2孙佳炜2
1.全球能源互联网研究院有限公司 信息网络安全国网重点实验室,江苏 南京 210003; 2.国网江苏省电力有限公司,江苏 南京 210003
Author(s):
Fei Jiaxuan1Pei Pei2Zhang Ming2Sun Jiawei2
1.State Grid Key Laboratory of Information and Network Security,Global Energy Interconnection ResearchInstitute Co.,Ltd.,Nanjing 210003,China; 2.State Grid Jiangsu Electric Power Co.,Ltd.,Nanjing 210003,China
关键词:
电网 工控网络 攻击场景 层次关联 时空关联 贝叶斯分类 属性相似度 源网荷
Keywords:
power grid industrial control attack scenarios hierarchical correlation spatial-temporal correlation Bayesian classification attribute similarity source grid load
分类号:
TM721
DOI:
10.14177/j.cnki.32-1397n.2020.44.06.011
摘要:
为提高对恶意攻击事件识别的精度和效率,该文提出了电网工控网络攻击场景中的层次化关联分析方法。首先,对电网中可能遭受的典型攻击场景进行分析,并对电网各层次采集的异常信息及产生的异常事件进行梳理。构建了电网层次化关联分析流程,提出了基于Apriori算法的层次化关联分析模型,精细化挖掘电网各层次频繁项集,并基于时空关联生成了电网各攻击场景下的关联规则。对贝叶斯模型进行了改进,提出了加权贝叶斯分类模型,实现在线事件按攻击场景的快速分类。提出了属性相似度的关联匹配方法,实现关联规则的高速匹配。最后,在源网荷仿真实验系统上验证了该文方法的有效性。该文方法充分挖掘电网各层次异常事件的频繁项集,并对频繁项进行时空关联,进一步提高了对网络攻击的辨识精度。
Abstract:
To improve the accuracy and efficiency of malicious attack event identification,a hierarchical correlation analysis method is proposed for industrial control cyber attack scenarios of power grids. Firstly,the typical attack scenarios in power grids are analyzed,and the abnormal information collected from all levels of power grids and the abnormal events generated are sorted out. Secondly,a hierarchical association analysis process of power grids is constructed,and a hierarchical association analysis model based on Apriori is proposed. Frequent itemsets at all levels of power grids are refined,and the association rules under each attack scenario of power grids are generated based on spatio-temporal association. Thirdly,the Bayesian model is improved,and a weighted Bayesian classification model is proposed to realize fast classification of online events according to attack scenarios. Fourthly,an association matching method based on attribute similarity is proposed to achieve high-speed matching of association rules. Finally,the effectiveness of the proposed method is verified on the source grid load simulation experiment system. This method fully excavates the frequent itemsets of abnormal events at all levels of power grids,and correlates the frequent items in time and space,which further improves the identification accuracy of cyber attacks.

参考文献/References:

[1] 俞海国,马先,徐有蕊,等. 电网工业控制系统安全威胁监测系统设计及应用[J]. 电力信息与通信技术,2016,14(7):76-80.
Yu Haiguo,Ma Xian,Xu Yourui,et al. Design and application of security threat monitoring system for power grid industrial control system[J]. Electric Power Information and Communication Technology,2016,14(7):76-80.
[2]倪震,李千目,郭雅娟. 面向电力大数据日志分析平台的异常监测集成预测算法[J]. 南京理工大学学报,2017,41(5):634-645.
Ni Zhen,Li Qianmu,Guo Yajuan. Ensemble forecasting algorithm for anomaly detection on electric-power big data log analysis platform[J]. Journal of Nanjing University of Science and Technology,2017,41(5):634-645.
[3]赵晨,关联规则挖掘算法的研究及应用[D]. 西安:西安电子科技大学计算机学院,2011.
[4]朱秋艳. 基于关联规则挖掘的网络告警关联[D]. 北京:北京邮电大学信息与通信工程学院,2008.
[5]李元林,文跃秀,王子力. 基于博弈论与灰色关联分析法的城市配电网安全综合评价[J]. 陕西电力,2013,41(10):5-9.
Li Yuanlin,Wen Yuexiu,Wang Zili. City level power grid security comprehensive evaluation based on game theory and grey relational analysis[J]. Shaanxi Electric Power,2013,41(10):5-9.
[6]崔明建,孙元章,杨军,等. 一种基于灰色面积关联分析的电网安全综合评价模型[J]. 电网技术,2013,37(12):3453-3460.
Cui Mingjian,Sun Yuanzhang,Yang Jun,et al. Power grid security comprehensive assessment based on multi-level grey area relational analysis[J]. Power System Technology,2013,37(12):3453-3460.
[7]Gao Wei,Morris T,Reaves B,et al. On SCADA control system command and response injection and intrusion detection[EB/OL]. https://ieeexplore. ieee. org/document/5706699,2020-11-06.
[8]罗毅,周创立,刘向杰. 多层次灰色关联分析法在火电机组运行评价中的应用[J]. 中国电机工程学报,2012,32(17):97-103.
Luo Yi,Zhou Chuangli,Liu Xiangjie. Application of the multi-level grey relational analysis method in operation assessment of thermal power units[J]. Proceedings of the CSEE,2012,32(17):97-103.
[9]杨楠. 基于关联规则Apriori算法的Web日志挖掘研究与实现[D]. 成都:成都理工大学信息工程学院,2012.
[10]程继华,施鹏飞. 多层次关联规则的有效挖掘算法[J]. 软件学报,1998,9(12):937-941.
Cheng Jihua,Shi Pengfei. Efficient mining algorithm for multiple-level association rules[J]. Journal of Software,1998,9(12):937-941.
[11]Borgelt C,Kruse R. Induction of association rules:Apriori implementation[EB/OL]. https://doi. org/10. 1007/978-3-642-57489-4_59,2020-11-06.
[12]陆丽娜,陈亚萍. 挖掘关联规则中Apriori算法的研究[J]. 小型微型计算机系统,2000,21(9):940-943.
Lu Lina,Chen Yaping. Research on the algorithm Apriori of mining association rules[J]. Mini-Micro Systems,2000,21(9):940-943.
[13]Spiegelhalter D,Rice K. Bayesian statistics[J]. Scholarpedia,2009,4(8):5230.
[14]王英英,罗毅,涂光瑜. 基于贝叶斯公式的似然比形式的配电网故障定位方法[J]. 电力系统自动化,2005,29(19):54-57.
Wang Yingying,Luo Yi,Tu Guangyu. Fault location based on Bayes probability likelihood ratio for distribution networks[J]. Automation of Electric Power Systems,2005,29(19):54-57.
[15]秦锋,任诗流,程泽凯,等. 基于属性加权的朴素贝叶斯分类算法[J]. 计算机工程与应用,2008,44(6):107-109.
Qin Feng,Ren Shiliu,Cheng Zekai. Attribute weighted naive Bayes classification[J]. Computer Engineering and Applications. 2008,44(6):107-109.

备注/Memo

备注/Memo:
收稿日期:2019-03-09 修回日期:2020-08-07
基金项目:国家电网有限公司科技项目(SGGR0000XTJS1800089)
作者简介:费稼轩(1984-),男,硕士,高级工程师,主要研究方向:电力信息安全,E-mail:feijiaxuan@geiri.sgcc.com.cn。
引文格式:费稼轩,裴培,张明,等. 电网工控网络攻击场景中的层次关联分析方法[J]. 南京理工大学学报,2020,44(6):715-723.
投稿网址:http://zrxuebao.njust.edu.cn
更新日期/Last Update: 2020-12-30