雾化零信任组件的5G电力失陷终端威胁检测  被引量：3

作　　者：顾智敏 王梓莹 郭静 郭雅娟 冯景瑜[2] GU Zhimin;WANG Ziying;GUO Jing;GUO Yajuan;FENG Jingyu(Electric Power Research Institute,State Grid Jiangsu Electric Power Co.,Ltd.,Nanjing 211103,China;National Engineering Laboratory for Wireless Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China)

机构地区：[1]国网江苏省电力有限公司电力科学研究院,南京211103 [2]西安邮电大学无线网络安全技术国家工程实验室,西安710121

出　　处：《计算机工程》2023年第2期161-168,共8页Computer Engineering

基　　金：国网江苏省电力有限公司科技项目“能源互联网5G网络检测关键技术研究”(J2021206)。

摘　　要：5G技术在电力行业的普及推进了海量电力终端接入网络,但众多电力终端暴露在互联网中,攻击者可以先入侵脆弱的电力终端进行远程控制,然后以失陷终端作为跳板,纵向渗透到5G电力物联网内部从而窃取敏感数据。零信任的出现为失陷终端威胁检测提供了可能,然而电力终端分布具有广泛性,致使中心化零信任安全架构无法直接应用于5G电力物联网。提出一种雾化零信任组件的失陷终端威胁检测方案。采用分布式多点方式将零信任组件雾化部署到电力终端周围,并设计一套宕机组件应急响应流程用于及时发现单点失效的零信任组件。建立一种突发信任评估模型,充分利用安装在电力终端的零信任代理持续性地收集终端行为因素,从中提取突发因子并量化反映到信任值,以快速发现和阻断具有突发异常行为的失陷终端。仿真结果表明,该方案能有效缓解零信任组件部署于5G电力物联网时的检测压力,在失陷终端比例为20%的条件下对突变异常失陷终端的检测率高达92.3%,具有较好的非法访问抑制效果。The widespread application of 5G technology in the power industry has promoted access by many power terminals to the network.However,many power terminals are exposed to the Internet,attackers can first invade vulnerable power terminals for remote control and then use the lost terminals as a springboard to vertically penetrate the 5G-power Internet of Things(IoT) to steal sensitive data.The emergence of zero-trust makes it possible to detect the threat of collapsed terminals.However,because of the wide distribution of power terminals,the centralized zero-trust security architecture cannot be directly applied to 5G-power IoT.This paper presents a threat detection scheme for a failed terminal with atomized zero-trust components.Zero-trust components are atomized and deployed around power terminals in a distributed multipoint manner.A set of emergency response processes for downtime components is designed to promptly determine zero-trust components with single-point failure.A sudden trust evaluation model is established to fully use the zero-trust agent installed in the power terminal to continuously collect the terminal behavior factors,extract the sudden factors from them,and quantify them into the trust value to rapidly determine and block the failed terminal with sudden abnormal behavior.The simulation results show that the scheme can effectively alleviate the detection pressure of zerotrust components deployed in 5G-power IoT.When the proportion of failed terminals is 20%,the detection rate of sudden abnormal failed terminals is as high as 92.3%,reasonably suppressing illegal access.

关 键 词：5G电力物联网 零信任组件 雾化部署 信任评估 失陷终端 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]