针对电力高级量测体系的分布式拒绝服务攻击动态建模与最优防御策略

doi:10.16183/j.cnki.jsjtu.2024.006

上海交通大学学报 ›› 2025, Vol. 59 ›› Issue (11): 1660-1674.doi: 10.16183/j.cnki.jsjtu.2024.006

• 新型电力系统与综合能源 • 上一篇下一篇

针对电力高级量测体系的分布式拒绝服务攻击动态建模与最优防御策略

梁皓澜¹^,²^,³, 刘东奇¹^,²(), 曾祥君¹^,², 张琼¹^,², 张涛⁴, 王锐⁴

¹ 长沙理工大学电网防灾减灾全国重点实验室, 长沙 410114
² 长沙理工大学电网安全监控技术教育部工程研究中心, 长沙 410114
³ 湖南工程学院电气与信息工程学院, 湖南湘潭 411104
⁴ 国防科技大学系统工程学院, 长沙 410073

收稿日期:2024-01-05 修回日期:2024-03-14 接受日期:2024-03-27 出版日期:2025-11-28 发布日期:2025-12-02
通讯作者: 刘东奇 E-mail:liudongqi@csust.edu.cn
作者简介:梁皓澜(1993—),博士生,从事电力系统信息安全与控制研究.
基金资助:
国家自然科学基金联合基金重点支持项目(U22B20113);国家自然科学基金项目(52177068);湖南省自然科学基金项目(2023JJ30028)

Dynamic Modeling and Optimal Defense Strategy Against DdoS Attacks on Power Advanced Metering Infrastructure

LIANG Haolan¹^,²^,³, LIU Dongqi¹^,²(), ZENG Xiangjun¹^,², ZHANG Qiong¹^,², ZHANG Tao⁴, WANG Rui⁴

¹ National Key Laboratory of Disaster Prevention and Reduction for Power Grid, Changsha University of Science and Technology, Changsha 410114, China
² Engineering Research Center for Power System Security and Supervisory Control Technology of the Ministry of Education, Changsha University of Science and Technology, Changsha 410114, China
³ School of Electrical and Information Engineering, Hunan Institute of Engineering, Xiangtan 411104, Hunan, China
⁴ College of Systems Engineering, National University of Defense Technology, Changsha 410073, China

Received:2024-01-05 Revised:2024-03-14 Accepted:2024-03-27 Online:2025-11-28 Published:2025-12-02
Contact: LIU Dongqi E-mail:liudongqi@csust.edu.cn

摘要/Abstract

摘要：

高级量测体系(AMI)是新型电力系统的关键组成部分,异构通信网络和智能终端的广泛应用导致其易受到网络攻击威胁.本文研究分布式拒绝服务(DDoS)攻击下AMI网络的动态建模与最优防御策略.首先,分析DDoS攻击在AMI网络中的传播路径,并结合复杂网络理论与SEIR传染病模型,建立一个刻画AMI网络中节点遭受DDoS攻击后的状态演化模型,分析DDoS攻击在AMI网络中的传播机理和攻击容忍水平.然后,以最小化防御损失和成本为目标提出一种在AMI网络中灵活优化部署防御资源的防御策略.最后,在两种不同的AMI网络结构下进行大量数值仿真,验证了所提策略的有效性.

关键词: 高级量测体系, 分布式拒绝服务攻击, 动态SEIR传染病模型, 复杂网络理论, 最优控制

Abstract:

Advanced metering infrastructure (AMI) is a key component of new power systems. However, the wide application of heterogeneous communication networks and intelligent terminals makes it vulnerable to cyber-attacks. Therefore, this paper studies the dynamic modeling and optimal defending strategy of AMI network under distributed denial-of-service (DDoS) attacks. First, the propagation path of DDoS attack in AMI network is analyzed. Combined with the complex network theory and the SEIR epidemic model, a state evolution model is established to describe the state evolution of nodes after DDoS attack and the propagation mechanism and attack tolerance level of DDoS attack in AMI network are analyzed. Then, a defending strategy is proposed with the goal of minimizing defense losses and costs to flexibly optimize the deployment of defense resources. Finally, the effectiveness of the proposed strategy is verified by using a large number of numerical simulations in two different AMI network structures.

Key words: advanced metering infrastructure (AMI), distributed denial-of-service (DDoS) attacks, dynamic SEIR epidemic model, complex network theory, optimal control

中图分类号:

TM734

梁皓澜, 刘东奇, 曾祥君, 张琼, 张涛, 王锐. 针对电力高级量测体系的分布式拒绝服务攻击动态建模与最优防御策略[J]. 上海交通大学学报, 2025, 59(11): 1660-1674.

LIANG Haolan, LIU Dongqi, ZENG Xiangjun, ZHANG Qiong, ZHANG Tao, WANG Rui. Dynamic Modeling and Optimal Defense Strategy Against DdoS Attacks on Power Advanced Metering Infrastructure[J]. Journal of Shanghai Jiao Tong University, 2025, 59(11): 1660-1674.

图/表 12

图1

图2

图3

图4

表1

图5

图6

图7

图8

图9

图10

图11

参考文献 32

[1]	任大伟, 肖晋宇, 侯金鸣, 等. 双碳目标下我国新型电力系统的构建与演变研究[J]. 电网技术, 2022, 46(10): 3831-3839.
	REN Dawei, XIAO Jinyu, HOU Jinming, et al. Construction and evolution of China’s new power system under dual carbon goal[J]. Power System Technology, 2022, 46(10): 3831-3839.
[2]	金志刚, 刘凯, 武晓栋. 智能电网AMI领域IDS研究综述[J]. 信息网络安全, 2023, 23(1): 1-8.
	JIN Zhigang, LIU Kai, WU Xiaodong. A review of IDS research in smart grid AMI field[J]. Netinfo Security, 2023, 23(1): 1-8.
[3]	SMITH M. FBI warns smart meter hacking may cost utility companies 400 million a year[DB/OL].(2012-04-10)[2024-02-28]. https://www.csoonline.com/article/545590/microsoft-subnet-fbi-warns-smart-meter-hacking-may-cost-utility-companies-400-million-a-year.html.
[4]	林峰, 梅勇, 朱益华, 等. 网络攻击对电力系统典型场景全过程影响综述[J]. 南方电网技术, 2023, 17(11): 61-75.
	LIN Feng, MEI Yong, ZHU Yihua, et al. Overview of the entire process influence of cyber attack on typical scenarios of power systems[J]. Southern Power System Technology, 2023, 17(11): 61-75.
[5]	ZHANG H, QI Y F, WU J F, et al. DoS attack energy management against remote state estimation[J]. IEEE Transactions on Control of Network Systems, 2018, 5(1): 383-394. doi: 10.1109/TCNS.6509490 URL
[6]	ASRI S, PRANGGONO B. Impact of distributed denial-of-service attack on advanced metering infrastructure[J]. Wireless Personal Communications, 2015, 83(3): 2211-2223. doi: 10.1007/s11277-015-2510-3 URL
[7]	ABOU EL HOUDA Z, HAFID A, KHOUKHI L. Blockchain meets AMI: Towards secure advanced metering infrastructures[C]// ICC 2020-2020 IEEE International Conference on Communications. Dublin, Ireland: IEEE, 2020: 1-6.
[8]	SGOURAS K I, BIRDA A D, LABRIDIS D P. Cyber attack impact on critical Smart Grid infrastructures[C]// ISGT 2014. Washington, D.C.USA: IEEE, 2014: 1-5.
[9]	BHATT T, KOTWAL C, CHAUBEY N. Implementing and examination of EIGRP OSPF RIP routing protocol in AMI network for DDoS attack using opnet[J]. International Journal of Recent Technology & Engineering, 2019, 8(2S11): 3776-3783.
[10]	GUO Y H, TEN C W, HU S Y, et al. Modeling distributed denial of service attack in advanced metering infrastructure[C]// 2015 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference. Washington, D.C.USA: IEEE, 2015: 1-5.
[11]	SGOURAS K I, KYRIAKIDIS A N, LABRIDIS D P. Short-term risk assessment of botnet attacks on advanced metering infrastructure[J]. IET Cyber-Physical Systems: Theory & Applications, 2017, 2(3): 143-151.
[12]	DIOVU R C, AGEE J T. A cloud-based openflow firewall for mitigation against DDoS attacks in smart grid AMI networks[C]// 2017 IEEE PES PowerAfrica. Accra, Ghana: IEEE, 2017: 28-33.
[13]	苏盛, 李志强, 谷科, 等. 基于云安全的高级计量体系恶意软件检测方法[J]. 电力系统自动化, 2017, 41(5): 134-138.
	SU Sheng, LI Zhiqiang, GU Ke, et al. Cloud security based malware detection in advanced metering infrastructure[J]. Automation of Electric Power Systems, 2017, 41(5): 134-138.
[14]	TORRES G, SHRESTHA S, MISRA S. iCAD: Information-centric network architecture for DDoS protection in the smart grid[C]// 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids. Singapore, Singapore: IEEE, 2022: 154-159.
[15]	CAI T Y, JIA T, ADEPU S, et al. ADAM: An adaptive DDoS attack mitigation scheme in software-defined cyber-physical system[J]. IEEE Transactions on Industrial Informatics, 2023, 19(6): 7802-7813. doi: 10.1109/TII.2023.3240586 URL
[16]	ISMAIL Z, LENEUTRE J, BATEMAN D, et al. A game theoretical analysis of data confidentiality attacks on smart-grid AMI[J]. IEEE Journal on Selected Areas in Communications, 2014, 32(7): 1486-1499. doi: 10.1109/JSAC.2014.2332095 URL
[17]	WANG K, DU M, MAHARJAN S, et al. Strategic honeypot game model for distributed denial of service attacks in the smart grid[J]. IEEE Transactions on Smart Grid, 2017, 8(5): 2474-2482. doi: 10.1109/TSG.2017.2670144 URL
[18]	曹康华, 王勇, 周林, 等. 基于AMI网络分布式拒绝服务攻击的蜜罐博弈模型[J]. 计算机应用与软件, 2021, 38(3): 298-302.
	CAO Kanghua, WANG Yong, ZHOU Lin, et al. Honeypot game model based on distributed denial of service attack in ami network[J]. Computer Applications & Software, 2021, 38(3): 298-302.
[19]	LIU S Z, SHAO C W, LI Y F, et al. Game attack-defense graph approach for modeling and analysis of cyberattacks and defenses in local metering system[J]. IEEE Transactions on Automation Science & Engineering, 2022, 19(3): 2607-2619.
[20]	胡佳新, 郭乐欣, 刘子俊, 等. 基于网络功能虚拟化蜜网的智能配电终端主动防御策略优化模型[J]. 江苏科技大学学报(自然科学版), 2023, 37(6): 66-71.
	HU Jiaxin, GUO Lexin, LIU Zijun, et al. Optimization model of active defense strategy for intelligent distribution terminal based on virtual honeynet of network functions[J]. Journal of Jiangsu University of Science & Technology (Natural Science Edition), 2023, 37(6): 66-71.
[21]	LIANG H L, LIU D Q, ZENG X J, et al. An intrusion detection method for advanced metering infrastructure system based on federated learning[J]. Journal of Modern Power Systems & Clean Energy, 2023, 11(3): 927-937.
[22]	化存卿. 物联网安全检测与防护机制综述[J]. 上海交通大学学报, 2018, 52(10): 1307-1313. doi: 10.16183/j.cnki.jsjtu.2018.10.020
	HUA Cunqing. A survey of security detection and protection for Internet of Things[J]. Journal of Shanghai Jiao Tong University, 2018, 52(10): 1307-1313.
[23]	YI P, ZHU T, ZHANG Q Q, et al. A denial of service attack in advanced metering infrastructure network[C]// 2014 IEEE International Conference on Communications. Sydney, Australia: IEEE, 2014: 1029-1034.
[24]	BARABASI A L, ALBERT R. Emergence of scaling in random networks[J]. Science, 1999, 286(5439): 509-512. doi: 10.1126/science.286.5439.509 pmid: 10521342
[25]	孙玺菁, 司守奎. 复杂网络算法与应用[M]. 北京: 国防工业出版社, 2015.
	SUN Xijing, SI Shoukui. Complex network algorithms and applications[M]. Beijing: National Defense Industry Press, 2015.
[26]	GUPTA N K, RINK R E. Optimum control of epidemics[J]. Mathematical Biosciences, 1973, 18(3/4): 383-396. doi: 10.1016/0025-5564(73)90012-6 URL
[27]	ROBINSON R C. An introduction to dynamical systems: Continuous and discrete[M]. 2nd ed. Providence, Rhode Island, USA: American Mathematical Society, 2012.
[28]	FLEMING W, RISHEL R. Deterministic and stochastic optimal control[M]. New York, USA: Springer New York, 1975.
[29]	PONTRYAGIN L S, BOLTYANSKII V G, GAMKRELIDZE RV, et al. The mathematical theory of optimum processes[M]. New York, USA: Wiley, 1962.
[30]	WATTS D J, STROGATZ S H. Collective dynamics of ‘small-world’ networks[J]. Nature, 1998, 393(6684): 440-442. doi: 10.1038/30918
[31]	ALAM M R, ST-HILAIRE M, KUNZ T. An optimal P2P energy trading model for smart homes in the smart grid[J]. Energy Efficiency, 2017, 10(6): 1475-1493. doi: 10.1007/s12053-017-9532-5 URL
[32]	LIU G D, JIANG T, OLLIS T B, et al. Distributed energy management for community microgrids considering network operational constraints and building thermal dynamics[J]. Applied Energy, 2019, 239: 83-95. doi: 10.1016/j.apenergy.2019.01.210 URL

图号	β	ε	μ	γ	μ^max	γ^max	A_k	B_k	n
图5,6,7	0.05	0.2	0.35	0.5	0.5	0.6	0.2	0.2	100
图8	0.02	0.1	0	0	0.5	0.6	0.2	0.2	100
	0.02	0.1	0.5	0.6	0.5	0.6	0.2	0.2	100
	0.02	0.1	μ_k(t)	γ_k(t)	0.5	0.6	0.2	0.2	100
	0.02	0.1	${\stackrel{-}{\mu }}_{k}^{fixed}$(t)	${\stackrel{-}{\gamma }}_{k}^{fixed}$(t)	0.5	0.6	0.2	0.2	100
图9(a)	0.01:0.1	0.2	0.5	0.6	0.5	0.6	0.2	0.2	100
图9(b)	0.02	0.02:0.2	0.5	0.6	0.5	0.6	0.2	0.2	100
图10 (a)	0.05	0.2	0.05:0.5	0.6	0.5	0.6	0.2	0.2	100
图10 (b)	0.05	0.2	0.5	0.06:0.6	0.5	0.6	0.2	0.2	100
图11	0.02	0.1	0.5	0.6	0.5	0.6	0.2	0.2	50~300

针对电力高级量测体系的分布式拒绝服务攻击动态建模与最优防御策略

Dynamic Modeling and Optimal Defense Strategy Against DdoS Attacks on Power Advanced Metering Infrastructure

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 32

相关文章 9

编辑推荐

Metrics

本文评价

[1]	张辰微, 王颖, 李亚平, 张凯锋. 基于带权重介数的综合能源系统脆弱环节防护优化模型[J]. 上海交通大学学报, 2025, 59(7): 923-937.
[2]	苏山, 谢永杰, 白瑜亮, 刘印田, 单永志. 微分对策协同对抗制导律方法研究[J]. 空天防御, 2022, 5(2): 58-64.
[3]	何林坤, 张冉, 龚庆海. 基于强化学习的可回收运载火箭着陆制导[J]. 空天防御, 2021, 4(3): 33-40.
[4]	李征, 陈建伟, 彭博. 基于伪谱法的无人机集群飞行路径规划[J]. 空天防御, 2021, 4(1): 52-59.
[5]	柴本本1，巫少方1，张建武1，林连华2，徐海港2. 电驱动双速自动变速器换挡过程的最优控制[J]. 上海交通大学学报, 2018, 52(6): 658-665.
[6]	周培杰, 刘进峰, 刘苏, 冯毅萍, 荣冈. 基于优先级策略的模型预测控制性能评估[J]. 上海交通大学学报, 2015, 49(11): 1641-1646.
[7]	张礼学1，王中伟1，杨希祥1，宋庆雷2. 基于Gauss伪谱法的平流层飞艇上升段航迹规划[J]. 上海交通大学学报（自然版）, 2013, 47(08): 1205-1209.
[8]	谢强德a, 杨明a, 王冰a, 王春香b. 一种基于最优控制的车队协作算法[J]. 上海交通大学学报（自然版）, 2011, 45(07): 949-953.
[9]	袁德虎,金惠良，孟国香，冯正进. 机器人yoyo轨迹规划与控制[J]. 上海交通大学学报（自然版）, 2010, 44(07): 940-0945.