上海交通大学学报

上海交通大学学报 >

2025 , Vol. 59 >Issue 11: 1660 - 1674

DOI: https://doi.org/10.16183/j.cnki.jsjtu.2024.006

新型电力系统与综合能源

针对电力高级量测体系的分布式拒绝服务攻击动态建模与最优防御策略

  • 梁皓澜 ,
  • 刘东奇 ,
  • 曾祥君 ,
  • 张琼 ,
  • 张涛 ,
  • 王锐
展开
  • 1 长沙理工大学 电网防灾减灾全国重点实验室, 长沙 410114
    2 长沙理工大学 电网安全监控技术教育部工程研究中心, 长沙 410114
    3 湖南工程学院 电气与信息工程学院, 湖南 湘潭 411104
    4 国防科技大学 系统工程学院, 长沙 410073
梁皓澜(1993—),博士生,从事电力系统信息安全与控制研究.
刘东奇,副教授,电话(Tel.):0731-85258306;E-mail:liudongqi@csust.edu.cn.

收稿日期: 2024-01-05

  修回日期: 2024-03-14

  录用日期: 2024-03-27

  网络出版日期: 2024-04-10

基金资助

国家自然科学基金联合基金重点支持项目(U22B20113);国家自然科学基金项目(52177068);湖南省自然科学基金项目(2023JJ30028)

收起

Dynamic Modeling and Optimal Defense Strategy Against DdoS Attacks on Power Advanced Metering Infrastructure

  • LIANG Haolan ,
  • LIU Dongqi ,
  • ZENG Xiangjun ,
  • ZHANG Qiong ,
  • ZHANG Tao ,
  • WANG Rui
Expand
  • 1 National Key Laboratory of Disaster Prevention and Reduction for Power Grid, Changsha University of Science and Technology, Changsha 410114, China
    2 Engineering Research Center for Power System Security and Supervisory Control Technology of the Ministry of Education, Changsha University of Science and Technology, Changsha 410114, China
    3 School of Electrical and Information Engineering, Hunan Institute of Engineering, Xiangtan 411104, Hunan, China
    4 College of Systems Engineering, National University of Defense Technology, Changsha 410073, China

Received date: 2024-01-05

  Revised date: 2024-03-14

  Accepted date: 2024-03-27

  Online published: 2024-04-10

Fold

摘要

高级量测体系(AMI)是新型电力系统的关键组成部分,异构通信网络和智能终端的广泛应用导致其易受到网络攻击威胁.本文研究分布式拒绝服务(DDoS)攻击下AMI网络的动态建模与最优防御策略.首先,分析DDoS攻击在AMI网络中的传播路径,并结合复杂网络理论与SEIR传染病模型,建立一个刻画AMI网络中节点遭受DDoS攻击后的状态演化模型,分析DDoS攻击在AMI网络中的传播机理和攻击容忍水平.然后,以最小化防御损失和成本为目标提出一种在AMI网络中灵活优化部署防御资源的防御策略.最后,在两种不同的AMI网络结构下进行大量数值仿真,验证了所提策略的有效性.

关键词: 高级量测体系; 分布式拒绝服务攻击; 动态SEIR传染病模型; 复杂网络理论; 最优控制

本文引用格式

梁皓澜 , 刘东奇 , 曾祥君 , 张琼 , 张涛 , 王锐 . 针对电力高级量测体系的分布式拒绝服务攻击动态建模与最优防御策略[J]. 上海交通大学学报, 2025 , 59(11) : 1660 -1674 . DOI: 10.16183/j.cnki.jsjtu.2024.006

Abstract

Advanced metering infrastructure (AMI) is a key component of new power systems. However, the wide application of heterogeneous communication networks and intelligent terminals makes it vulnerable to cyber-attacks. Therefore, this paper studies the dynamic modeling and optimal defending strategy of AMI network under distributed denial-of-service (DDoS) attacks. First, the propagation path of DDoS attack in AMI network is analyzed. Combined with the complex network theory and the SEIR epidemic model, a state evolution model is established to describe the state evolution of nodes after DDoS attack and the propagation mechanism and attack tolerance level of DDoS attack in AMI network are analyzed. Then, a defending strategy is proposed with the goal of minimizing defense losses and costs to flexibly optimize the deployment of defense resources. Finally, the effectiveness of the proposed strategy is verified by using a large number of numerical simulations in two different AMI network structures.

Key words: advanced metering infrastructure (AMI); distributed denial-of-service (DDoS) attacks; dynamic SEIR epidemic model; complex network theory; optimal control

参考文献

[1] 任大伟, 肖晋宇, 侯金鸣, 等. 双碳目标下我国新型电力系统的构建与演变研究[J]. 电网技术, 2022, 46(10): 3831-3839.
  REN Dawei, XIAO Jinyu, HOU Jinming, et al. Construction and evolution of China’s new power system under dual carbon goal[J]. Power System Technology, 2022, 46(10): 3831-3839.
[2] 金志刚, 刘凯, 武晓栋. 智能电网AMI领域IDS研究综述[J]. 信息网络安全, 2023, 23(1): 1-8.
  JIN Zhigang, LIU Kai, WU Xiaodong. A review of IDS research in smart grid AMI field[J]. Netinfo Security, 2023, 23(1): 1-8.
[3] SMITH M. FBI warns smart meter hacking may cost utility companies 400 million a year[DB/OL].(2012-04-10)[2024-02-28]. https://www.csoonline.com/article/545590/microsoft-subnet-fbi-warns-smart-meter-hacking-may-cost-utility-companies-400-million-a-year.html.
[4] 林峰, 梅勇, 朱益华, 等. 网络攻击对电力系统典型场景全过程影响综述[J]. 南方电网技术, 2023, 17(11): 61-75.
  LIN Feng, MEI Yong, ZHU Yihua, et al. Overview of the entire process influence of cyber attack on typical scenarios of power systems[J]. Southern Power System Technology, 2023, 17(11): 61-75.
[5] ZHANG H, QI Y F, WU J F, et al. DoS attack energy management against remote state estimation[J]. IEEE Transactions on Control of Network Systems, 2018, 5(1): 383-394.
[6] ASRI S, PRANGGONO B. Impact of distributed denial-of-service attack on advanced metering infrastructure[J]. Wireless Personal Communications, 2015, 83(3): 2211-2223.
[7] ABOU EL HOUDA Z, HAFID A, KHOUKHI L. Blockchain meets AMI: Towards secure advanced metering infrastructures[C]// ICC 2020-2020 IEEE International Conference on Communications. Dublin, Ireland: IEEE, 2020: 1-6.
[8] SGOURAS K I, BIRDA A D, LABRIDIS D P. Cyber attack impact on critical Smart Grid infrastructures[C]// ISGT 2014. Washington, D.C.USA: IEEE, 2014: 1-5.
[9] BHATT T, KOTWAL C, CHAUBEY N. Implementing and examination of EIGRP OSPF RIP routing protocol in AMI network for DDoS attack using opnet[J]. International Journal of Recent Technology & Engineering, 2019, 8(2S11): 3776-3783.
[10] GUO Y H, TEN C W, HU S Y, et al. Modeling distributed denial of service attack in advanced metering infrastructure[C]// 2015 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference. Washington, D.C.USA: IEEE, 2015: 1-5.
[11] SGOURAS K I, KYRIAKIDIS A N, LABRIDIS D P. Short-term risk assessment of botnet attacks on advanced metering infrastructure[J]. IET Cyber-Physical Systems: Theory & Applications, 2017, 2(3): 143-151.
[12] DIOVU R C, AGEE J T. A cloud-based openflow firewall for mitigation against DDoS attacks in smart grid AMI networks[C]// 2017 IEEE PES PowerAfrica. Accra, Ghana: IEEE, 2017: 28-33.
[13] 苏盛, 李志强, 谷科, 等. 基于云安全的高级计量体系恶意软件检测方法[J]. 电力系统自动化, 2017, 41(5): 134-138.
  SU Sheng, LI Zhiqiang, GU Ke, et al. Cloud security based malware detection in advanced metering infrastructure[J]. Automation of Electric Power Systems, 2017, 41(5): 134-138.
[14] TORRES G, SHRESTHA S, MISRA S. iCAD: Information-centric network architecture for DDoS protection in the smart grid[C]// 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids. Singapore, Singapore: IEEE, 2022: 154-159.
[15] CAI T Y, JIA T, ADEPU S, et al. ADAM: An adaptive DDoS attack mitigation scheme in software-defined cyber-physical system[J]. IEEE Transactions on Industrial Informatics, 2023, 19(6): 7802-7813.
[16] ISMAIL Z, LENEUTRE J, BATEMAN D, et al. A game theoretical analysis of data confidentiality attacks on smart-grid AMI[J]. IEEE Journal on Selected Areas in Communications, 2014, 32(7): 1486-1499.
[17] WANG K, DU M, MAHARJAN S, et al. Strategic honeypot game model for distributed denial of service attacks in the smart grid[J]. IEEE Transactions on Smart Grid, 2017, 8(5): 2474-2482.
[18] 曹康华, 王勇, 周林, 等. 基于AMI网络分布式拒绝服务攻击的蜜罐博弈模型[J]. 计算机应用与软件, 2021, 38(3): 298-302.
  CAO Kanghua, WANG Yong, ZHOU Lin, et al. Honeypot game model based on distributed denial of service attack in ami network[J]. Computer Applications & Software, 2021, 38(3): 298-302.
[19] LIU S Z, SHAO C W, LI Y F, et al. Game attack-defense graph approach for modeling and analysis of cyberattacks and defenses in local metering system[J]. IEEE Transactions on Automation Science & Engineering, 2022, 19(3): 2607-2619.
[20] 胡佳新, 郭乐欣, 刘子俊, 等. 基于网络功能虚拟化蜜网的智能配电终端主动防御策略优化模型[J]. 江苏科技大学学报(自然科学版), 2023, 37(6): 66-71.
  HU Jiaxin, GUO Lexin, LIU Zijun, et al. Optimization model of active defense strategy for intelligent distribution terminal based on virtual honeynet of network functions[J]. Journal of Jiangsu University of Science & Technology (Natural Science Edition), 2023, 37(6): 66-71.
[21] LIANG H L, LIU D Q, ZENG X J, et al. An intrusion detection method for advanced metering infrastructure system based on federated learning[J]. Journal of Modern Power Systems & Clean Energy, 2023, 11(3): 927-937.
[22] 化存卿. 物联网安全检测与防护机制综述[J]. 上海交通大学学报, 2018, 52(10): 1307-1313.
  HUA Cunqing. A survey of security detection and protection for Internet of Things[J]. Journal of Shanghai Jiao Tong University, 2018, 52(10): 1307-1313.
[23] YI P, ZHU T, ZHANG Q Q, et al. A denial of service attack in advanced metering infrastructure network[C]// 2014 IEEE International Conference on Communications. Sydney, Australia: IEEE, 2014: 1029-1034.
[24] BARABASI A L, ALBERT R. Emergence of scaling in random networks[J]. Science, 1999, 286(5439): 509-512.
[25] 孙玺菁, 司守奎. 复杂网络算法与应用[M]. 北京: 国防工业出版社, 2015.
  SUN Xijing, SI Shoukui. Complex network algorithms and applications[M]. Beijing: National Defense Industry Press, 2015.
[26] GUPTA N K, RINK R E. Optimum control of epidemics[J]. Mathematical Biosciences, 1973, 18(3/4): 383-396.
[27] ROBINSON R C. An introduction to dynamical systems: Continuous and discrete[M]. 2nd ed. Providence, Rhode Island, USA: American Mathematical Society, 2012.
[28] FLEMING W, RISHEL R. Deterministic and stochastic optimal control[M]. New York, USA: Springer New York, 1975.
[29] PONTRYAGIN L S, BOLTYANSKII V G, GAMKRELIDZE RV, et al. The mathematical theory of optimum processes[M]. New York, USA: Wiley, 1962.
[30] WATTS D J, STROGATZ S H. Collective dynamics of ‘small-world’ networks[J]. Nature, 1998, 393(6684): 440-442.
[31] ALAM M R, ST-HILAIRE M, KUNZ T. An optimal P2P energy trading model for smart homes in the smart grid[J]. Energy Efficiency, 2017, 10(6): 1475-1493.
[32] LIU G D, JIANG T, OLLIS T B, et al. Distributed energy management for community microgrids considering network operational constraints and building thermal dynamics[J]. Applied Energy, 2019, 239: 83-95.
Options
文章导航

/