电网工控网络攻击场景中的层次关联分析方法  被引量：8

作　　者：费稼轩 裴培 张明 孙佳炜 Fei Jiaxuan;Pei Pei;Zhang Ming;Sun Jiawei(State Grid Key Laboratory of Information and Network Security,Global Energy Interconnection Research Institute Co.,Ltd.,Nanjing 210003,China;State Grid Jiangsu Electric Power Co.,Ltd.,Nanjing 210003,China)

机构地区：[1]全球能源互联网研究院有限公司,信息网络安全国网重点实验室,江苏南京210003 [2]国网江苏省电力有限公司,江苏南京210003

出　　处：《南京理工大学学报》2020年第6期715-723,共9页Journal of Nanjing University of Science and Technology

基　　金：国家电网有限公司科技项目(SGGR0000XTJS1800089)。

摘　　要：为提高对恶意攻击事件识别的精度和效率,该文提出了电网工控网络攻击场景中的层次化关联分析方法。首先,对电网中可能遭受的典型攻击场景进行分析,并对电网各层次采集的异常信息及产生的异常事件进行梳理。构建了电网层次化关联分析流程,提出了基于Apriori算法的层次化关联分析模型,精细化挖掘电网各层次频繁项集,并基于时空关联生成了电网各攻击场景下的关联规则。对贝叶斯模型进行了改进,提出了加权贝叶斯分类模型,实现在线事件按攻击场景的快速分类。提出了属性相似度的关联匹配方法,实现关联规则的高速匹配。最后,在源网荷仿真实验系统上验证了该文方法的有效性。该文方法充分挖掘电网各层次异常事件的频繁项集,并对频繁项进行时空关联,进一步提高了对网络攻击的辨识精度。To improve the accuracy and efficiency of malicious attack event identification,a hierarchical correlation analysis method is proposed for industrial control cyber attack scenarios of power grids.Firstly,the typical attack scenarios in power grids are analyzed,and the abnormal information collected from all levels of power grids and the abnormal events generated are sorted out.Secondly,a hierarchical association analysis process of power grids is constructed,and a hierarchical association analysis model based on Apriori is proposed.Frequent itemsets at all levels of power grids are refined,and the association rules under each attack scenario of power grids are generated based on spatio-temporal association.Thirdly,the Bayesian model is improved,and a weighted Bayesian classification model is proposed to realize fast classification of online events according to attack scenarios.Fourthly,an association matching method based on attribute similarity is proposed to achieve high-speed matching of association rules.Finally,the effectiveness of the proposed method is verified on the source grid load simulation experiment system.This method fully excavates the frequent itemsets of abnormal events at all levels of power grids,and correlates the frequent items in time and space,which further improves the identification accuracy of cyber attacks.

关 键 词：电网 工控网络 攻击场景 层次关联 时空关联 贝叶斯分类 属性相似度 源网荷 

分 类 号：TM721[电气工程—电力系统及自动化]