[1]张 明,黄秀丽,缪巍巍,等.一种电力工控网络指令异常分析方法[J].南京理工大学学报(自然科学版),2020,44(02):185-193.[doi:10.14177/j.cnki.32-1397n.2020.44.02.009]
 Zhang Ming,Huang Xiuli,Miao Weiwei,et al.Analytical method on power industrial control network command abnormality[J].Journal of Nanjing University of Science and Technology,2020,44(02):185-193.[doi:10.14177/j.cnki.32-1397n.2020.44.02.009]
点击复制

一种电力工控网络指令异常分析方法
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
44卷
期数:
2020年02期
页码:
185-193
栏目:
出版日期:
2020-04-30

文章信息/Info

Title:
Analytical method on power industrial control network command abnormality
文章编号:
1005-9830(2020)02-0185-09
作者:
张 明1黄秀丽2缪巍巍1裴 培1孙佳炜1
1.江苏省电力有限公司,江苏 南京210000; 2.全球能源互联网研究院有限公司 信息网络安全国网重点实验室,江苏 南京 210003
Author(s):
Zhang Ming1Huang Xiuli2Miao Weiwei1Pei Pei1Sun Jiawei1
1.State Grid Jiangsu Electric Power Co Ltd,Nanjing 210000,China; 2.State Grid Key Laboratory of Information & Network Security,Global Energy Interconnection Research Institute Co Ltd,Nanjing 210003,China
关键词:
协议解析 源网荷系统 指令异常识别
Keywords:
protocol parsing source-network-load system command abnormality recognition
分类号:
TM721
DOI:
10.14177/j.cnki.32-1397n.2020.44.02.009
摘要:
随着全球能源互联网建设、特高压电网及分布式能源的蓬勃发展,电动汽车、可控用户等带“源”、“荷”双重特征的新型负荷不断涌现,在网-荷互动背景下,电力工控网络存在层级多、种类多、监视控制的信息交互频繁等特点,各类运行信息和控制指令在采集、传输、触发过程中存在被窃听、篡改、中断等风险。该文提出一种电力工控网络指令异常的分析方法,针对104规约的规范格式和业务指令特征对协议进行解析,通过孤立森林算法实现对工控网络指令级异常特征的挖掘。实验证明了该文方法的有效性。
Abstract:
At present,the global energy internet construction,the ultra high voltage(UHV)power grid and distributed energy are booming. At the same time,new types of electric vehicles,such as electric vehicles and controllable users with the characteristics of“source”and“load”are constantly emerging. In the background of network-load interaction,the power industrial control network has many characteristics such as multiple levels,multiple types,frequent monitoring and control information,and frequent information exchange for monitoring and control.Therefore,various types of operational information and control commands are subject to the risks of eavesdropping,tampering and interruption during collection,transmission and triggering.This paper proposes a method to identify the abnormality of power industrial control network command.It analyzes the protocol for the specification format and business instruction characteristics of the 104 protocol,and realizes the mining of instruction-level anomaly features of the industrial control network through the isolated forest. Experiments demonstrate the effectiveness of the proposed method.

参考文献/References:

[1] Ting K M,Zhu Y,Carman M,et al. Overcoming key weaknesses of distance-based neighbourhood methods using a data dependent dissimilarity measure[C]//Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. San Francisco,US:ACM,2016:1205-1214
[2]Liu J,Xiao Y,Li S,et al. Cyber security and privacy issues in smart grids[J]. IEEE Communications Surveys & Tutorials,2012,14(4):981-997.
[3]Schoitsch E,Schmittner C,Ma Z,et al. Advanced microsystems for automotive applications 2015[M]. Cham,Switzerland:Springer,2016:251-261.
[4]Taeihagh A,Lim H S M. Governing autonomous vehicles:Emerging responses for safety,liability,privacy,cybersecurity,and industry risks[J]. Transport Reviews,2018:1-26.
[5]Haque M S,Chowdhury M U. A new cyber security framework towards secure data communication for unmanned aerial vehicle(UAV)[C]//Security and Privacy in Communication Networks:SecureComm 2017 International Workshops,ATCS and SePrIoT. Ontario,Canada:Springer International Publishing,2018:113-122.
[6]Li Q M,Hou J,Qi Y. A classification matching and conflict resolution method on meteorological disaster monitoring information[J]. Disaster Advances,2013,6(2):415-421.
[7]Li Q M. Multiple QoS constraints finding paths algorithm in TMN[J]. Information,2011,14(3):731-737.
[8]Li Q M,Zhang H. Information security risk assessment technology of cyberspace:A review[J]. Information,2012,15(11):677-683.
[9]Liu Feitony,Kai Mingting,Zhou Zhihua. Isolation forest[C]//Proceedings of the 8th IEEE International Conference on Data Mining(ICDM 2008). Pisa,Italy:IEEE,2008:413-422.
[10]Liu Feitony,Kai Mingting,Zhou Zhihua. Isolation-based anomaly detection[J]. ACM Transactions on Knowledge Discovery from Data(TKDD),2012,6(1):31-39.
[11]Li Q M,Li J. Rough outlier detection based security risk analysis methodology[J]. China Communications,2012,9(7):14-21.
[12]孙新程,孔建寿,刘钊. 基于核主成分分析与改进神经网络的电力负荷中期预测模型[J]. 南京理工大学学报,2018,42(3):5-11.
Sun Xincheng,Kong Jianshou,Liu Zhao.Middle-term power load forecasting model based on kernel principal component analysis and improved neural network[J]. Journal of Nanjing University of Science and Technology,2018,42(3):5-11.

备注/Memo

备注/Memo:
收稿日期:2019-03-04 修回日期:2019-05-23
基金项目:2018年国家电网有限公司总部科技项目(SGGR0000XTJS1800089)
作者简介:张明(1976-),男,硕士,高级工程师,主要研究方向:电力系统调度自动化技术,E-mail:13851456677@139.com; 通讯作者:黄秀丽(1979-),女,硕士,高级工程师,主要研究方向:电力信息安全,E-mail:huangxiuli@geiri.sgcc.com.cn。
引文格式:张明,黄秀丽,缪巍巍,等. 一种电力工控网络指令异常分析方法[J]. 南京理工大学学报,2020,44(2):185-193.
投稿网址:http://zrxuebao.njust.edu.cn
更新日期/Last Update: 2020-04-20