基于Dempster-Shafer证据理论的网络安全推断方法

doi:10.16183/j.cnki.jsjtu.2021.S2.012

上海交通大学学报 ›› 2021, Vol. 55 ›› Issue (S2): 77-81.doi: 10.16183/j.cnki.jsjtu.2021.S2.012

基于Dempster-Shafer证据理论的网络安全推断方法

吴楠¹, 程哲韬¹, 杜亮², 沈颖平³()

1.中核核电运行管理有限公司,浙江海盐 314300
2.上海交通大学自动化系; 系统控制与信息处理教育部重点实验室,上海 200240
3.上海云欣电子信息技术有限公司,上海 200233

收稿日期:2021-08-20 出版日期:2021-12-28 发布日期:2022-01-24
通讯作者: 沈颖平 E-mail:withnet@126.com
作者简介:吴楠(1985-),男,浙江省嘉兴市人,工程师,主要研究方向为网络安全管理.

Network Security Inference Method Based on Dempster-Shafer Theory

WU Nan¹, CHENG Zhetao¹, DU Liang², SHEN Yingping³()

1. CNNP Nuclear Power Operation Management Co., Ltd., Haiyan 314300, Zhejiang, China
2. Department of Automation; Key Laboratory of System Control and Information Processing of the Ministry of Education, Shanghai Jiao Tong University, Shanghai 200240, China
3. Shanghai Yunxin Electronic Information Technology Co., Ltd., Shanghai 200233, China

Received:2021-08-20 Online:2021-12-28 Published:2022-01-24
Contact: SHEN Yingping E-mail:withnet@126.com

摘要/Abstract

摘要：

电力物联网边缘层的网络环境复杂,处于开放环境中,安全威胁多样且动态变化.传统的基于防火墙的网络安全体系难以有效应对电力物联网层出不穷的安全问题.本文使用了数据驱动的思想对边缘设备的网络行为进行动态地判断.基于电力物联网的特点,采用网络日志、域名生成算法以及网络流量三个维度作为判据,给出了基于混淆矩阵的基本概率指派方法.通过Dempster-Shafer证据理论进行多源信息融合,对电力物联网的网络安全进行判别.

关键词: 电力物联网, Dempster-Shafer证据理论, 网络安全, 证据融合

Abstract:

The network environment of the edge layer of the Internet of Things in power systems (IOTIPS) is complex in an open environment, and the security threats are diverse and dynamic. It is difficult for the traditional network security system based on firewall to effectively deal with the emerging security problems of the IOTIPS. This paper uses the data-driven idea to dynamically judge the network behavior of edge devices. Based on the characteristics of the IOTIPS, by using the three dimensions of network log, domain name generated by domain generation algorithm, and network traffic as criteria, a basic probability assignment method based on confusion matrix is proposed. Multi-source information fusion is performed by using the Dempster-Shafer theory, and the network security of IOTIPS is distinguished.

Key words: Internet of Things in power systems (IOTIPS), Dempster-Shafer theory, network security, evidence fusion

中图分类号:

TM76

吴楠, 程哲韬, 杜亮, 沈颖平. 基于Dempster-Shafer证据理论的网络安全推断方法[J]. 上海交通大学学报, 2021, 55(S2): 77-81.

WU Nan, CHENG Zhetao, DU Liang, SHEN Yingping. Network Security Inference Method Based on Dempster-Shafer Theory[J]. Journal of Shanghai Jiao Tong University, 2021, 55(S2): 77-81.

图/表 7

表1

表2

表3

图1

表4

表5

表6

参考文献 10

[1]	周峰, 周晖, 刁赢龙. 泛在电力物联网智能感知关键技术发展思路[J]. 中国电机工程学报, 2020, 40(1): 70-82.
	ZHOU Feng, ZHOU Hui, DIAO Yinglong. Development of intelligent perception key technology in the ubiquitous Internet of Things in electricity[J]. Proceedings of the CSEE, 2020, 40(1): 70-82.
[2]	吕志宁, 胡子珩, 宁柏锋, 等. 针对电力系统的物联网需求攻击研究进展与发展趋势[J]. 南方电网技术, 2020, 14(1): 24-30.
	LÜ Zhining, HU Ziheng, NING Baifeng, et al. Review of research progress and development trend of Internet of Things demand attack on power system[J]. Southern Power System Technology, 2020, 14(1): 24-30.
[3]	化存卿. 物联网安全检测与防护机制综述[J]. 上海交通大学学报, 2018, 52(10): 1307-1313.
	HUA Cunqing. A survey of security detection and protection for Internet of Things[J]. Journal of Shanghai Jiao Tong University, 2018, 52(10): 1307-1313.
[4]	文志诚, 陈志刚, 唐军. 基于聚类分析的网络安全态势评估方法[J]. 上海交通大学学报, 2016, 50(9): 1407-1414.
	WEN Zhicheng, CHEN Zhigang, TANG Jun. Network security assessment method based on cluster analysis[J]. Journal of Shanghai Jiao Tong University, 2016, 50(9): 1407-1414.
[5]	KIM Y, KOLESNIKOV V, KIM H, et al. SSTP: A scalable and secure transport protocol for smart grid data collection[C]// 2011 IEEE International Conference on Smart Grid Communications. Brussels, Belgium: IEEE, 2011: 161-166.
[6]	DE RANGO F, POTRINO G, TROPEA M, et al. Energy-aware dynamic Internet of Things security system based on elliptic curve cryptography and message queue telemetry transport protocol for mitigating replay attacks[J]. Pervasive and Mobile Computing, 2020, 61:101105. doi: 10.1016/j.pmcj.2019.101105 URL
[7]	SHAFER G. A mathematical theory of evidence[M]. Princeton: Princeton University Press, 1976: 23-29.
[8]	蒋雯, 邓鑫洋. D-S证据理论: 信息建模与应用[M]. 北京: 科学出版社, 2018: 8-17.
	JIANG Wen, DENG Xinyang. Dempster-Shafer evidence theory: Information modeling and application[M]. Beijing: Science Press, 2018: 8-17.
[9]	MUKKAMALA S, SUNG A, ABRAHAM A. Cyber security challenges: Designing efficient intrusion detection systems and antivirus tools[J]. Enhancing Computer Security with Smart Technology, 2005, 3(2): 125-163.
[10]	王洪勉, 孙慧, 郑利斌, 等. 泛在电力物联网智联单元设计与实现[J]. 供用电, 2019, 36(6): 5-9.
	WANG Hongmian, SUN Hui, ZHENG Libin, et al. Design and implementation of wisdom unit in the ubiquitous Internet of Things in electricity[J]. Distribution & Utilization, 2019, 36(6): 5-9.

方向	协议类型	接口物理形态
北向接口	以太网	RJ45
	无线公网	SMA同轴
	电力无线专网	SMA同轴
	NB-IoT	SMA同轴
	eMTC	SMA同轴
南向接口	Modbus(IP)	RJ45
	Modbus(RS232)	RJ45/凤凰端子
	Modbus(RS485)	RJ45/凤凰端子
	LoRa	SMA同轴
	ZigBee	SMA同轴
	电力线载波	凤凰端子
	微功率无线	SMA同轴

实际分类	预测分类
实际分类	Backdoor	Injection	Normal	Password	Scanning	XSS
Backdoor	0.9948	0	0.0052	0	0	0
Injection	0	0.9996	0.0004	0	0	0
Normal	0	0	1	0	0	0
Password	0	0	0.0008	0.9992	0	0
Scanning	0	0	0.0302	0	0.9698	0
XSS	0	0	0.0069	0	0	0.9931

编号	分类器输出的威胁类别	PC_α(ω_i)
1	Backdoor	0.9948
2	Injection	0.9996
3	Normal	1
4	Password	0.9992
5	Scanning	0.9698
6	XSS	0.9931

信息源	信度函数值			判别结果
信息源	Normal	Scanning	Backdoor	判别结果
网络日志	0.8103	0.1707	0.0205	Normal
访问域名	1	0	0	Normal
网络流量	0.9	0.05	0.05	Normal
融合	0.9516	0.0475	0.0109	Normal

信息源	信度函数值			判别结果
信息源	Normal	Scanning	Backdoor	判别结果
网络日志	0.6404	0.2221	0.1371	Normal
访问域名	0	0.9281	0.072	Scanning
网络流量	0.7	0.15	0.15	Normal
融合	0.3102	0.5908	0.109	Scanning

基于Dempster-Shafer证据理论的网络安全推断方法

Network Security Inference Method Based on Dempster-Shafer Theory

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 10

相关文章 6

编辑推荐

Metrics

本文评价

[1]	张亮, 屈刚, 李慧星, 金皓纯. 智能电网电力监控系统网络安全态势感知平台关键技术研究及应用[J]. 上海交通大学学报, 2021, 55(S2): 103-109.
[2]	倪阳旦, 卢东祁, 喻谦, 徐一洲, 谢妮娜. 基于ESP-Mesh网络的变电站物联信息汇聚[J]. 上海交通大学学报, 2021, 55(S2): 60-63.
[3]	卢东祁, 张乾, 徐一洲, 鲍杰利, 罗芬. 面向电力物联网的终端设备适配接入研究[J]. 上海交通大学学报, 2021, 55(S2): 72-76.
[4]	张柯丽1,李忠献1,2,杨义先1. 一种识别和追踪恶意匿名评价者的信任模型[J]. 上海交通大学学报（自然版）, 2014, 48(07): 899-906.
[5]	张磊，曹珍富. 一个适合分布式网络的属性基加密方案 [J]. 上海交通大学学报（自然版）, 2010, 44(11): 1507-1512.
[6]	张保稳,罗铮,薛质,银鹰. 基于全局权限图的网络风险评估模型 [J]. 上海交通大学学报（自然版）, 2010, 44(09): 1197-1200.