基于证据推理的风电场SCADA系统安全脆弱性定量评估方法  被引量：10

作　　者：罗新宇 段斌[1] 吴俊锋 赖俊 LUO Xinyu;DUAN Bin;WU Junfeng;LAI Jun(School of Automation and Electronic Information,Xiangtan University,Xiangtan 411105,China;NSFOCUS Technologies Group Co.,Ltd.,Beijing 100000,China)

机构地区：[1]湘潭大学自动化与电子信息学院,湖南省湘潭市411105 [2]北京神州绿盟信息安全科技股份有限公司,北京市100000

出　　处：《电力系统自动化》2020年第11期25-31,共7页Automation of Electric Power Systems

基　　金：国家自然科学基金资助项目(61379063)。

摘　　要：针对风电场数据采集与监控(SCADA)系统的信息安全脆弱性,文中提出了一种基于证据推理的定量评估方法。该方法以系统发现的某个异常作为根节点,将可能导致异常发生的若干假设事件或因假设事件引发的事件作为假设点,构建系统安全脆弱性的可解释性假设链,推理出所有的攻击路径;然后对每条攻击路径进行计算,寻找系统脆弱性的关键路径,将与假设相关的证据作为证据点,采用链接函数连接证据点和假设点,并搭建每条路径的脆弱性贝叶斯网络,进而应用等级反应模型计算贝叶斯网络节点间的条件概率;接着将关键路径作为依据对系统脆弱性进行测评,以假设发生的概率作为安全脆弱性的评判标准,量化证据点的可信度,经贝叶斯网络推理出SCADA系统脆弱性。最后,通过一个实例说明所提方法的具体应用,应用结果表明该方法能够对风电场SCADA系统安全脆弱性进行有效分析,并可找出系统信息安全的薄弱环节,以及可量化信息安全脆弱性评估值,具有较高的测评准确性。In accordance with the information security of supervisory control and data acquisition(SCADA) system, a quantitative evaluation method based on evidence reasoning is proposed. In this method, a certain abnormality found by the system is taken as a root node, and a certain number of hypothesis events that result in abnormality or events caused by hypothesis events are used as hypothesis points to construct an interpretable hypothesis chain of system security vulnerability and to reason all attack paths.Then, each attack path is calculated to find the critical path of the system vulnerability. The evidence related to the hypothesis is regarded as evidence point and the link function is used to connect the evidence and hypothesis point to build the vulnerability Bayesian network of each path. The conditional probability of nodes in Bayesian network is calculated by applying the graded response model. The critical path is utilized as a basis for measuring the system vulnerability, and the probability of hypothesis is utilized as the criterion of security vulnerability evaluation, so the credibility of each evidence point is quantified, and the vulnerability of SCADA system is deduced through Bayesian network. Finally, an example is given to illustrate the specific application. It is proven that the method can effectively analyze the security vulnerability of SCADA systems in wind farms, and can find the weak components of system information security. The method can also quantify the evaluation value of information security vulnerability, and has high evaluation accuracy.

关 键 词：风电场 数据采集与监控系统 脆弱性评估 证据推理 等级反应模型 贝叶斯网络 

分 类 号：TP277[自动化与计算机技术—检测技术与自动化装置] TM614[自动化与计算机技术—控制科学与工程] TP274.2[电气工程—电力系统及自动化]