WANG Haixiang,ZHU Chaoyang,WANG Yu,ZHANG Ruiwen,LI Jun'e,LI Jiyuan,YING Huan.Identification method of power service packet attacks based on service logic[J].Electric Power Automation Equipment,2020,40(8):
王海翔1, 朱朝阳1, 王宇2, 张锐文2, 李俊娥2, 李霁远3, 应欢1
1.中国电力科学研究院有限公司 信息通信研究所,北京 100192;2.武汉大学 国家网络安全学院 空天信息安全与可信计算教育部重点实验室,湖北 武汉 430072;3.国网浙江省电力有限公司电力科学研究院,浙江 杭州 310014
关键词:  电力业务报文攻击  攻击识别方法  业务逻辑  状态链  电网测控终端
Identification method of power service packet attacks based on service logic
WANG Haixiang1, ZHU Chaoyang1, WANG Yu2, ZHANG Ruiwen2, LI Jun'e2, LI Jiyuan3, YING Huan1
1.Information & Communication Department, China Electric Power Research Institute, Beijing 100192, China;2.Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China;3.State Grid Zhejiang Electric Power Research Institute, Hangzhou 310014, China
The PSPAs(Power Service Packet Attacks) of power grid measurement and control terminals are easy to cause misoperation of primary electric equipment, thus causing electric power accidents. PSPAs usually achieve the attack purpose by interfering the normal service logic. Existing attack identification methods do not take service logic into account and have poor effectiveness. Therefore, an identification method of PSPAs based on service logic is proposed. The state chain of power service logic, blacklist and whitelist are defined. The misuse detection method and anomaly detection method are combined to evaluate the threat degree of power service based on the service logic blacklist and whitelist. Considering the time risk and service importance of power grid, the threat degree is corrected, and the effective and accurate identification of PSPAs is realized by comparing the service threat degree and the security threshold. The architecture of an attack identification system based on the proposed method is presented, and the system is tested to verify the effectiveness of the proposed method.
Key words:  power service packet attacks  identification method of attacks  service logic  state chain  power grid measurement and control terminals

