基于信息物理融合的智能变电站过程层网络异常流量检测
|
摘要
智能变电站过程层网络中存在的随机报文与突发报文,伴随可能的信息设备物理故障以及入侵病毒拒绝服务攻击等导致的异常流量,使得基于简单阈值的检测方法无法适用。基于信息物理融合的广义信源及基于网络演算法的通信网络流量计算模型,提出了一种基于信息物理融合和差分序列方差的新型智能变电站过程层网络异常流量检测方法。首先,基于差分序列方差的异常检测方法和流程,提出了变电站过程层流量异常隶属函数以及基于信息物理融合的参数确定方法。其次,为增加异常检测的可靠性,提出了考虑智能变电站过程层报文特点的一种攻击条件阈值以及阈值计算方法。最后,对T1-1型变电站网络进行仿真,验证了所提方法不仅能够对过程层中存在的随机和突发通用面向对象变电站事件报文进行识别,也可识别拒绝服务攻击。
For the process layer network of smart substation,it has the property of random and burst message in normal communication,abnormal traffic caused by possible physical failure of information equipment and denial of service(DoS)attack of invading virus,etc.,the simple threshold-based detection method cannot be suitable to use.Therefore,a novel abnormal traffic detection based on cyber physical fusion and variance of difference sequence approach is proposed based on cyber physical fusion oriented generic message source model and network calculus-oriented communication network message flow calculation model.Firstly,according to abnormal message traffic detection method and flow chart of the variance of difference sequence,a new substation traffic anomaly membership function and its parameter estimation method of cyber physical fusion are proposed.Then,thresholds of attack conditions and calculation method including message characteristic of smart substation are worked out to improve the reliability of fault detection.Finally,the simulation of the T1-1 type substation network is carried out,which proves that the random and burst messages of generic object-oriented substation event as well as DoS attacks in the process layer can be identified by proposed method.
For the process layer network of smart substation,it has the property of random and burst message in normal communication,abnormal traffic caused by possible physical failure of information equipment and denial of service(DoS)attack of invading virus,etc.,the simple threshold-based detection method cannot be suitable to use.Therefore,a novel abnormal traffic detection based on cyber physical fusion and variance of difference sequence approach is proposed based on cyber physical fusion oriented generic message source model and network calculus-oriented communication network message flow calculation model.Firstly,according to abnormal message traffic detection method and flow chart of the variance of difference sequence,a new substation traffic anomaly membership function and its parameter estimation method of cyber physical fusion are proposed.Then,thresholds of attack conditions and calculation method including message characteristic of smart substation are worked out to improve the reliability of fault detection.Finally,the simulation of the T1-1 type substation network is carried out,which proves that the random and burst messages of generic object-oriented substation event as well as DoS attacks in the process layer can be identified by proposed method.
引文
[1] 金乃正,张亮,章坚民,等.面向信息安全的广义继电保护远方操作闭环管控关键设计[J].电力系统自动化,2016,40(21):117-122.JIN Naizheng,ZHANG Liang,ZHANG Jianmin,et al.The key issue designs of closed-loop business control for generalized remote operation of substation protective relays against cyber attack[J].Automation of Electric Power Systems,2016,40(2):117-122.
[2] YU W,XUE Y,LUO J,et al.An UHV grid security and stability defense system:considering the risk of power system communication[J].IEEE Transactions on Smart Grid,2015,7(1):491-500.
[3] 丁修玲,张延旭,蔡泽祥,等.基于报文解析的变电站过程层网络信息流异常保护方法[J].电力系统保护与控制,2013,41(13):58-63.DING Xiuling,ZHANG Yanxu,CAI Zexiang,et al.A protection method of abnormal information flow in process layer network based on packet analysis[J].Power System Protection and Control,2013,41(13):58-63.
[4] ZHANG J,CHEN Y,JIN N,et al.OPNET based simulation modeling and analysis of DoS attack for digital substation[C]// IEEE PES General Meeting,July 16-20,2017,Chicago,USA.
[5] 侯连全,章坚民,金乃正,等.变电站过程层与SMV安全传输的网络攻击检测与取证设计[J].电力系统自动化,2016,40(17):87-92.HOU Lianquan,ZHANG Jianmin,JIN Naizheng,et al.The design of cyber attack detection and evidence taking of substation process layer and SMV secure transmission[J].Automation of Electric Power Systems,2016,40(17):87-92.
[6] 章坚民,张嘉誉,倪明,等.智能变电站通信网络的广义信源和流量计算模型[J].电力系统自动化,2019,43(13):147-155.DOI:10.7500/AEPS20180912008.ZHANG Jianmin,ZHANG Jiayu,NI Ming,et al.Generic message source and flow calculation model for communication network in smart substation[J].Automation of Electric Power Systems,2019,43(13):147-155.DOI:10.7500/AEPS20180912008.
[7] 杨安,孙利民,王小山,等.工业控制系统入侵检测技术综述[J].计算机研究与发展,2016,53(9):2039-2054.YANG An,SUN Limin,WANG Xiaoshan,et al.Intrusion detection techniques for industrial control systems[J].Journal of Computer Research and Development,2016,53(9):2039-2054.
[8] SPEROTTO A,SCHAFFRATH G,SADRE R,et al.An overview of IP flow-based intrusion detection[J].IEEE Communications Surveys & Tutorials,2010,12(3):343-356.
[9] HADELIH H,SCHIERHOLZ R,BRAENDLE M,et al.Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration[C]// IEEE Conference on Emerging Technologies & Factory Automation,Piscataway,September 22-25,2009,Mallorca,Spain.
[10] CABERERA J B D,RAVICHANDRAN B,MEHRA R K.Statistical traffic modeling for network intrusion detection[C]// International Symposium on Modeling,Analysis and Simulation of Computer and Telecommunication Systems,August 29-September 1,2000,San Francisco,USA:466-473.
[11] NEVAT I,DIVAKARAN D M,NAGARAJAN S G,et al.Anomaly detection and attribution in networks with temporally correlated traffic[J].IEEE/ACM Transactions on Networking,2018,26(1):131-145.
[12] THATTE G,MITRA U,HEIDEMANN J.Parametric methods for anomaly detection in aggregate traffic[J].IEEE/ACM Transactions on Networking,2011,19(2):512-525.
[13] WANG J.A process level network traffic prediction algorithm based on ARIMA model in smart substation[C]// IEEE International Conference on Signal Processing,Communication and Computing (ICSPCC 2013),August 5-8,2013,Kunming,China.
[14] 伍永豪,李聪,王晋.一种新的智能变电站网络流量预测方法研究[J].计算机与数字工程,2014,42(3):440-445.WU Yonghao,LI Cong,WANG Jin.New method of smart substation network traffic prediction[J].Computer & Digital Engineering,2014,42(3):440-445.
[15] 杨可心,桑永胜.基于BP神经网络的DDoS攻击检测研究[J].四川大学学报(自然科学版),2017,54(1):71-75.YANG Kexin,SANG Yongsheng.Research on DDoS detection based on BP neural network[J].Journal of Sichuan University (Natural Science Edition),2017,54(1):71-75.
[16] 田中大,高宪文,李树江,等.遗传算法优化回声状态网络的网络流量预测[J].计算机研究与发展,2015,52(5):1137-1145.TIAN Zhongda,GAO Xianwen,LI Shujiang,et al.Prediction method for network traffic based on genetic algorithm optimized echo state network[J].Journal of Computer Research & Development,2015,52(5):1137-1145.
[17] ARAVIND I,SILPA K S,RAHUL G.SCD based IEC 61850 traffic estimation for substation automation networks[C]// IEEE International Conference on Emerging Technologies & Factory Automation,September 12-15,Limassol,Cyprus.
[18] 王海柱,张延旭,蔡泽祥,等.智能变电站过程层网络信息流潮流模型与计算方法[J].电网技术,2013,37(9):2602-2607.WANG Haizhu,ZHANG Yanxu,CAI Zexiang,et al.Information flow calculation model and method for process bus network in smart substation[J].Power System Technology,2013,37(9):2602-2607.
[19] ZHANG Y,CAI Z,LI X,et al.Analytical modeling of traffic flow in the substation communication network[J].IEEE Transactions on Power Delivery,2015,30(5):2119-2127.
[20] 何瑞文,汪东,张延旭,等.智能电网信息流的建模和静态计算方法研究[J].中国电机工程学报,2016,36(6):1527-1535.HE Ruiwen,WANG Dong,ZHANG Yanxu,et al.Modeling and static calculation method of the information flow on smart grid[J].Proceedings of the CSEE,2016,36(6):1527-1535.
[21] 薛禹胜,李满礼,罗剑波,等.基于关联特性矩阵的电网信息物理系统耦合建模方法[J].电力系统自动化,2018,42(2):11-19.DOI:10.7500/AEPS20170705006.XUE Yusheng,LI Manli,LUO Jianbo,et al.Coupling modeling method for cyber physical power systems based on correlation characteristic matrix[J].Automation of Electric Power Systems,2018,42(2):11-19.DOI:10.7500/AEPS20170705006.
[22] LIU T,SUN Y,LIU Y,et al.Abnormal traffic-indexed state estimation:a cyber physical fusion approach for smart grid attack detection[J].Future Generation Computer Systems,2015,49(48):94-103.
[23] 吕良福,张加万,张丹.基于改进小波分析的DDoS攻击检测方法[J].计算机工程,2010,36(6):29-31.LV Liangfu,ZHANG Jiawan,ZHANG Dan.DDoS attack detection method based on improved wavelet analysis[J].Computer Engineering,2010,36(6):29-31.
[24] 李金明,王汝传.基于VTP方法的DDoS攻击实时检测技术研究[J].电子学报,2007,35(4):791-796.LI Jinming,WANG Ruchuan.Real-time detection of DDoS attack based on VTP[J].Acta Electronica Sinica,2007,35(4):791-796.
[25] 张永铮,肖军,云晓春,等.DDoS攻击检测和控制方法[J].软件学报,2016,23(18):2058-2072.ZHANG Yongzheng,XIAO Jun,YUN Xiaochun,et al.DDoS attacks detection and control mechanisms[J].Journal of Software,2012,23(8):2058-2072.
[26] 杨新宇,杨树森,李娟.基于非线性预处理网络流量预测方法的泛洪型DDoS攻击检测算法[J].计算机学报,2011,34(2):395-405.YANG Xinyu,YANG Shusen,LI Juan.A flooding-based DDoS detection algorithm based on non-linear preprocessing network traffic predicted method[J].Chinese Journal of Computers,2011,34(2):395-405.
[27] 张志丹,黄小庆,曹一家,等.基于虚拟局域网的变电站综合数据流分析与通信网络仿真[J].电网技术,2011,35(5):204-209.ZHANG Zhidan,HUANG Xiaoqing,CAO Yijia,et al.Comprehensive data flow analysis and communication network simulation for virtual local area network-based substation[J].Power System Technology,2011,35(5):204-209.
[2] YU W,XUE Y,LUO J,et al.An UHV grid security and stability defense system:considering the risk of power system communication[J].IEEE Transactions on Smart Grid,2015,7(1):491-500.
[3] 丁修玲,张延旭,蔡泽祥,等.基于报文解析的变电站过程层网络信息流异常保护方法[J].电力系统保护与控制,2013,41(13):58-63.DING Xiuling,ZHANG Yanxu,CAI Zexiang,et al.A protection method of abnormal information flow in process layer network based on packet analysis[J].Power System Protection and Control,2013,41(13):58-63.
[4] ZHANG J,CHEN Y,JIN N,et al.OPNET based simulation modeling and analysis of DoS attack for digital substation[C]// IEEE PES General Meeting,July 16-20,2017,Chicago,USA.
[5] 侯连全,章坚民,金乃正,等.变电站过程层与SMV安全传输的网络攻击检测与取证设计[J].电力系统自动化,2016,40(17):87-92.HOU Lianquan,ZHANG Jianmin,JIN Naizheng,et al.The design of cyber attack detection and evidence taking of substation process layer and SMV secure transmission[J].Automation of Electric Power Systems,2016,40(17):87-92.
[6] 章坚民,张嘉誉,倪明,等.智能变电站通信网络的广义信源和流量计算模型[J].电力系统自动化,2019,43(13):147-155.DOI:10.7500/AEPS20180912008.ZHANG Jianmin,ZHANG Jiayu,NI Ming,et al.Generic message source and flow calculation model for communication network in smart substation[J].Automation of Electric Power Systems,2019,43(13):147-155.DOI:10.7500/AEPS20180912008.
[7] 杨安,孙利民,王小山,等.工业控制系统入侵检测技术综述[J].计算机研究与发展,2016,53(9):2039-2054.YANG An,SUN Limin,WANG Xiaoshan,et al.Intrusion detection techniques for industrial control systems[J].Journal of Computer Research and Development,2016,53(9):2039-2054.
[8] SPEROTTO A,SCHAFFRATH G,SADRE R,et al.An overview of IP flow-based intrusion detection[J].IEEE Communications Surveys & Tutorials,2010,12(3):343-356.
[9] HADELIH H,SCHIERHOLZ R,BRAENDLE M,et al.Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration[C]// IEEE Conference on Emerging Technologies & Factory Automation,Piscataway,September 22-25,2009,Mallorca,Spain.
[10] CABERERA J B D,RAVICHANDRAN B,MEHRA R K.Statistical traffic modeling for network intrusion detection[C]// International Symposium on Modeling,Analysis and Simulation of Computer and Telecommunication Systems,August 29-September 1,2000,San Francisco,USA:466-473.
[11] NEVAT I,DIVAKARAN D M,NAGARAJAN S G,et al.Anomaly detection and attribution in networks with temporally correlated traffic[J].IEEE/ACM Transactions on Networking,2018,26(1):131-145.
[12] THATTE G,MITRA U,HEIDEMANN J.Parametric methods for anomaly detection in aggregate traffic[J].IEEE/ACM Transactions on Networking,2011,19(2):512-525.
[13] WANG J.A process level network traffic prediction algorithm based on ARIMA model in smart substation[C]// IEEE International Conference on Signal Processing,Communication and Computing (ICSPCC 2013),August 5-8,2013,Kunming,China.
[14] 伍永豪,李聪,王晋.一种新的智能变电站网络流量预测方法研究[J].计算机与数字工程,2014,42(3):440-445.WU Yonghao,LI Cong,WANG Jin.New method of smart substation network traffic prediction[J].Computer & Digital Engineering,2014,42(3):440-445.
[15] 杨可心,桑永胜.基于BP神经网络的DDoS攻击检测研究[J].四川大学学报(自然科学版),2017,54(1):71-75.YANG Kexin,SANG Yongsheng.Research on DDoS detection based on BP neural network[J].Journal of Sichuan University (Natural Science Edition),2017,54(1):71-75.
[16] 田中大,高宪文,李树江,等.遗传算法优化回声状态网络的网络流量预测[J].计算机研究与发展,2015,52(5):1137-1145.TIAN Zhongda,GAO Xianwen,LI Shujiang,et al.Prediction method for network traffic based on genetic algorithm optimized echo state network[J].Journal of Computer Research & Development,2015,52(5):1137-1145.
[17] ARAVIND I,SILPA K S,RAHUL G.SCD based IEC 61850 traffic estimation for substation automation networks[C]// IEEE International Conference on Emerging Technologies & Factory Automation,September 12-15,Limassol,Cyprus.
[18] 王海柱,张延旭,蔡泽祥,等.智能变电站过程层网络信息流潮流模型与计算方法[J].电网技术,2013,37(9):2602-2607.WANG Haizhu,ZHANG Yanxu,CAI Zexiang,et al.Information flow calculation model and method for process bus network in smart substation[J].Power System Technology,2013,37(9):2602-2607.
[19] ZHANG Y,CAI Z,LI X,et al.Analytical modeling of traffic flow in the substation communication network[J].IEEE Transactions on Power Delivery,2015,30(5):2119-2127.
[20] 何瑞文,汪东,张延旭,等.智能电网信息流的建模和静态计算方法研究[J].中国电机工程学报,2016,36(6):1527-1535.HE Ruiwen,WANG Dong,ZHANG Yanxu,et al.Modeling and static calculation method of the information flow on smart grid[J].Proceedings of the CSEE,2016,36(6):1527-1535.
[21] 薛禹胜,李满礼,罗剑波,等.基于关联特性矩阵的电网信息物理系统耦合建模方法[J].电力系统自动化,2018,42(2):11-19.DOI:10.7500/AEPS20170705006.XUE Yusheng,LI Manli,LUO Jianbo,et al.Coupling modeling method for cyber physical power systems based on correlation characteristic matrix[J].Automation of Electric Power Systems,2018,42(2):11-19.DOI:10.7500/AEPS20170705006.
[22] LIU T,SUN Y,LIU Y,et al.Abnormal traffic-indexed state estimation:a cyber physical fusion approach for smart grid attack detection[J].Future Generation Computer Systems,2015,49(48):94-103.
[23] 吕良福,张加万,张丹.基于改进小波分析的DDoS攻击检测方法[J].计算机工程,2010,36(6):29-31.LV Liangfu,ZHANG Jiawan,ZHANG Dan.DDoS attack detection method based on improved wavelet analysis[J].Computer Engineering,2010,36(6):29-31.
[24] 李金明,王汝传.基于VTP方法的DDoS攻击实时检测技术研究[J].电子学报,2007,35(4):791-796.LI Jinming,WANG Ruchuan.Real-time detection of DDoS attack based on VTP[J].Acta Electronica Sinica,2007,35(4):791-796.
[25] 张永铮,肖军,云晓春,等.DDoS攻击检测和控制方法[J].软件学报,2016,23(18):2058-2072.ZHANG Yongzheng,XIAO Jun,YUN Xiaochun,et al.DDoS attacks detection and control mechanisms[J].Journal of Software,2012,23(8):2058-2072.
[26] 杨新宇,杨树森,李娟.基于非线性预处理网络流量预测方法的泛洪型DDoS攻击检测算法[J].计算机学报,2011,34(2):395-405.YANG Xinyu,YANG Shusen,LI Juan.A flooding-based DDoS detection algorithm based on non-linear preprocessing network traffic predicted method[J].Chinese Journal of Computers,2011,34(2):395-405.
[27] 张志丹,黄小庆,曹一家,等.基于虚拟局域网的变电站综合数据流分析与通信网络仿真[J].电网技术,2011,35(5):204-209.ZHANG Zhidan,HUANG Xiaoqing,CAO Yijia,et al.Comprehensive data flow analysis and communication network simulation for virtual local area network-based substation[J].Power System Technology,2011,35(5):204-209.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |