《电力自动化设备》

引用本文:	王海翔,朱朝阳,王宇,张锐文,李俊娥,李霁远,应欢.基于业务逻辑的电力业务报文攻击识别方法[J].电力自动化设备,2020,40(8):
	WANG Haixiang,ZHU Chaoyang,WANG Yu,ZHANG Ruiwen,LI Jun'e,LI Jiyuan,YING Huan.Identification method of power service packet attacks based on service logic[J].Electric Power Automation Equipment,2020,40(8):

【打印本页】【HTML】【下载PDF全文】【查看/发表评论】【EndNote】【RefMan】【BibTex】

←前一篇|后一篇→

过刊浏览高级检索

本文已被：浏览 12132次下载 1650次
字体:加大+\|默认\|缩小-
基于业务逻辑的电力业务报文攻击识别方法
王海翔¹, 朱朝阳¹, 王宇², 张锐文², 李俊娥², 李霁远³, 应欢¹
1.中国电力科学研究院有限公司信息通信研究所，北京 100192;2.武汉大学国家网络安全学院空天信息安全与可信计算教育部重点实验室，湖北武汉 430072;3.国网浙江省电力有限公司电力科学研究院，浙江杭州 310014

摘要:

针对电网测控终端的电力业务报文攻击极易造成电力一次设备误动，从而引发电力事故。电力业务报文攻击通常通过干扰正常业务逻辑达到攻击目的，已有攻击识别方法没有考虑业务逻辑，有效性比较差。因此，提出一种基于业务逻辑的电力业务报文攻击识别方法，该方法定义了电力业务逻辑状态链和黑白名单，将误用检测与异常检测方法相结合，基于业务逻辑黑白名单对业务的威胁度进行评估，并考虑电网时间风险与业务重要性，对威胁度进行修正，通过比较业务威胁度与安全阈值，实现对电力业务报文攻击的高效准确识别。给出了应用所提方法实现的一个攻击识别系统架构，并对实现后的系统进行了测试，验证了所提方法的有效性。

关键词: 电力业务报文攻击攻击识别方法业务逻辑状态链电网测控终端

DOI：10.16081/j.epae.202007023

分类号:TM73

基金项目:国家电网有限公司总部科技项目(电网嵌入式终端漏洞挖掘与攻击检测关键技术研究)(52110418001K)

Identification method of power service packet attacks based on service logic

WANG Haixiang¹, ZHU Chaoyang¹, WANG Yu², ZHANG Ruiwen², LI Jun'e², LI Jiyuan³, YING Huan¹

1.Information & Communication Department, China Electric Power Research Institute, Beijing 100192, China;2.Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China;3.State Grid Zhejiang Electric Power Research Institute, Hangzhou 310014, China

Abstract:

The PSPAs(Power Service Packet Attacks) of power grid measurement and control terminals are easy to cause misoperation of primary electric equipment, thus causing electric power accidents. PSPAs usually achieve the attack purpose by interfering the normal service logic. Existing attack identification methods do not take service logic into account and have poor effectiveness. Therefore, an identification method of PSPAs based on service logic is proposed. The state chain of power service logic, blacklist and whitelist are defined. The misuse detection method and anomaly detection method are combined to evaluate the threat degree of power service based on the service logic blacklist and whitelist. Considering the time risk and service importance of power grid, the threat degree is corrected, and the effective and accurate identification of PSPAs is realized by comparing the service threat degree and the security threshold. The architecture of an attack identification system based on the proposed method is presented, and the system is tested to verify the effectiveness of the proposed method.

Key words: power service packet attacks identification method of attacks service logic state chain power grid measurement and control terminals

用微信扫一扫