智能电网电力监控系统网络安全态势感知平台关键技术研究及应用

doi:10.16183/j.cnki.jsjtu.2021.S2.017

上海交通大学学报 ›› 2021, Vol. 55 ›› Issue (S2): 103-109.doi: 10.16183/j.cnki.jsjtu.2021.S2.017

智能电网电力监控系统网络安全态势感知平台关键技术研究及应用

张亮(), 屈刚, 李慧星, 金皓纯

国家电网有限公司华东分部,上海 200120

收稿日期:2021-10-20 出版日期:2021-12-28 发布日期:2022-01-24
作者简介:张亮(1974-),男,河南省安阳市人,教授级高级工程师,研究方向为电力监控系统网络安全和电力调度自动化. 电话(Tel):13761649085;E-mail: zhang_liang@ec.sgcc.com.cn.

Research and Application of Key Technologies of Network Security Situation Awareness for Smart Grid Power Control Systems

ZHANG Liang(), QU Gang, LI Huixing, JIN Haochun

East Branch of State Grid Corporation of China, Shanghai 200120, China

Received:2021-10-20 Online:2021-12-28 Published:2022-01-24

摘要/Abstract

摘要：

网络安全态势感知能全局、动态地感知潜在的网络安全风险,受到越来越多的关注.电力监控系统网络安全态势感知借助机器学习、人工智能、大数据等技术,从长期、海量网络安全态势数据处理过程中学习,洞察数据隐含的内在逻辑关系,对电力业务网络中各种活动实现异常行为辨识、攻击意图理解和行为影响评估,以达到对安全态势的推理性判断和知识性把控.本文首先简述了网络安全态势感知的基本概念和系统框架,然后介绍了电力监控系统网络安全防护的现状和存在的风险.针对这些风险和不足,从实践角度系统阐述了电力监控系统网络安全态势感知平台所涉及的多维度安全事件关联分析模型、基于“基线学习”的异常流量和异常行为检测方法、基于攻击场景的攻击链识别模型和基于“地址自校验”的电力遥控安全技术等关键技术.最后,对电力监控系统态势感知解决方案及其应用进行了总结和展望.

关键词: 网络安全, 态势感知, 态势认知, 态势预测, 电力监控系统

Abstract:

The network security situational awareness (NSSA) technology, which can perceive the potential network security risks globally and dynamically, is receiving more and more attention.With the help of machine learning, artificial intelligence, big data, and the other technologies, the network security situation awareness solution of power control system can learn from the process of the long-term and massive network security situation data, gain insight into the internal logical relationship implied in the data, and realize the abnormal behavior identification, intrusion intention understanding, and impact assessment of various activities in the power business network. First, the basic concept and the logical block diagram of NSSA are introduced. Then, the current situation and the risk of network security of power control system are summarized. Next, aimed at these risks and deficiencies, the key technologies involved in the network security situation awareness platform from the perspective of practice are expounded, which include the multidimensional security event correlation analysis model,the abnormal traffic and abnormal behavior detection method based on “baseline learning”,the attack chain recognition model based on attack scenario,and the power remote control security technology based on “address self verification”. Finally, the situation awareness solution and its application in power monitoring systems are stated and prospected.

Key words: network security, situation awareness, situation cognition, situation prediction, power control system

中图分类号:

TP393.08

张亮, 屈刚, 李慧星, 金皓纯. 智能电网电力监控系统网络安全态势感知平台关键技术研究及应用[J]. 上海交通大学学报, 2021, 55(S2): 103-109.

ZHANG Liang, QU Gang, LI Huixing, JIN Haochun. Research and Application of Key Technologies of Network Security Situation Awareness for Smart Grid Power Control Systems[J]. Journal of Shanghai Jiao Tong University, 2021, 55(S2): 103-109.

图/表 4

参考文献 7

[1]	柯宗贵, 杨育斌, 麦思文. 基于大数据的网络安全态势感知解决方案[J]. 信息技术与标准化, 2019(9): 21-22.
	KE Zonggui, YANG Yubin, MAI Siwen. Network security situational awareness solution based on big data[J]. Information Technology & Standardization, 2019(9): 21-22.
[2]	龚正虎, 卓莹. 网络态势感知研究[J]. 软件学报, 2010, 21(7): 1605-1619.
	GONG Zhenghu, ZHUO Ying. Research on cyberspace situational awareness[J]. Journal of Software, 2010, 21(7): 1605-1619.
[3]	BRADSHAW J M, CARVALHO M, BUNCH L, et al. Sol: An agent-based framework for cyber situation awareness[J]. KI-Künstliche Intelligenz, 2012, 26(2): 127-140. doi: 10.1007/s13218-012-0179-2 URL
[4]	LIU N, WANG D G, HUANG X M, et al. Research on network security situation awareness technology based on artificial immunity system[C]// 2009 International Forum on Information Technology and Applications. Chengdu, China: IEEE, 2009: 472-475.
[5]	ZOU F T, LI L S, WU Y, et al. Detecting domain-flux malware using DNS failure traffic[J]. International Journal of Software Engineering and Knowledge Engineering, 2018, 28(2): 151-173. doi: 10.1142/S0218194018400016 URL
[6]	ZOU F T, ZHANG S Y, LI L S, et al. Detecting malware based on expired command-and-control traffic[J]. International Journal of Distributed Sensor Networks, 2017, 13(7): 155014771772079.
[7]	ZOU F T, ZHANG S Y, RAO W X, et al. Detecting malware based on DNS graph mining[J]. International Journal of Distributed Sensor Networks, 2015, 2015:1-12.

智能电网电力监控系统网络安全态势感知平台关键技术研究及应用

Research and Application of Key Technologies of Network Security Situation Awareness for Smart Grid Power Control Systems

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 7

相关文章 5

编辑推荐

Metrics

本文评价

[1]	吴楠, 程哲韬, 杜亮, 沈颖平. 基于Dempster-Shafer证据理论的网络安全推断方法[J]. 上海交通大学学报, 2021, 55(S2): 77-81.
[2]	文志诚1,2，陈志刚1，邓晓衡1，刘安丰1. 基于多源多层次信息融合的网络安全态势感知方法[J]. 上海交通大学学报（自然版）, 2015, 49(08): 1144-1152.
[3]	张柯丽1,李忠献1,2,杨义先1. 一种识别和追踪恶意匿名评价者的信任模型[J]. 上海交通大学学报（自然版）, 2014, 48(07): 899-906.
[4]	张磊，曹珍富. 一个适合分布式网络的属性基加密方案 [J]. 上海交通大学学报（自然版）, 2010, 44(11): 1507-1512.
[5]	张保稳,罗铮,薛质,银鹰. 基于全局权限图的网络风险评估模型 [J]. 上海交通大学学报（自然版）, 2010, 44(09): 1197-1200.