电力CPS网络攻击模式分析与智能电表入侵检测方法研究

发布时间：2018-06-15 02:04

本文选题：信息安全 + 电力CPS系统　；参考：《长沙理工大学》2015年硕士论文

【摘要】：电力系统是现代社会的关键性基础设施。近年来,发展智能电网已在世界范围内形成共识。在智能化过程中,电力网与信息网不断融合而构成CPS(Cyber-Physical System)系统。信息化是实现智能电网的基础,一方面可以挖掘和实现新功能,另一方面又会带来新的安全风险。信息系统的异常乃至于通过网络发起的攻击都可能穿透信息系统和物理系统的边界,影响电网安全。因此,电力物理信息系统(Cyber-Physical System,CPS)系统的信息安全问题已发展为当前亟待解决的难题。鉴于攻击模式和对象因目的不同而有明显差异,论文从攻击方视角出发,根据攻击目的将针对电力物理信息系统的攻击分为无特定目标、以经济利益目的和以破坏电网稳定为目的三类。首先结合北美电网信息系统异常导致的大停电数据分析了无特定目的网络攻击对电网的影响;在谋取经济利益为目的的攻击模式分析中,作者概述了当前防窃电检测中的两种主要思路;在以破坏电网稳定为目的的攻击模式分析中,作者根据可选攻击对象不同而分别进行了阐述,可为电力系统信息安全分析和防护方法研究提供新的视角。传统上,电力系统以网络隔离、访问控制为基础进行网络安全防护。震网病毒的出现证明关键性设施是没有保护措施的。有特定目标的类似震网病毒可以根据SCADA数据表结构获取电网各线路及对应控制端口信息;再辅以线路拓扑连接等信息进行结构脆弱性分析,诱使关键线路跳闸,甚至诱发连锁故障大停电。作者运用复杂网络相关理论,构造连锁故障模型,并结合IEEE39节点系统仿真分析在不同信息透明度下攻击方可能选择的攻击策略,为研究针对性防御手段提供依据。为满足智能电网双向互动的需求,电力公司构建了高级量测体系(Advanced Metering Infrastructure,AMI)。智能电表作为高级量测体系的基础,其大范围部署的同时也引进了安全风险。根据AMI结构及数据信息传输路径,分析了智能电表安全威胁来源。网络病毒作为威胁源之一,很多时候防不胜防,论文最后设计了基于CPU负荷率的智能电表入侵检测方法,并结合地理信息系统(Geographic Information System,GIS)以及时检测出已感染智能电表并处理之。
[Abstract]:Power system is the key infrastructure of modern society. In recent years, the development of smart grids in the world has formed a consensus. In the process of intelligentization, the power network and information network merges continuously to form the CPS Cyber-Physical system. Informatization is the basis of smart grid. On the one hand, it can mine and realize new functions, on the other hand, it will bring new security risks. The anomaly of information system and even the attack through network can penetrate the boundary of information system and physical system and affect the security of power grid. Therefore, the problem of information security in the Cyber-physical system (CPS) system has developed into a difficult problem to be solved. In view of the obvious difference between the attack mode and the object according to the purpose, this paper divides the attack against the electric power physical information system into no specific targets according to the attack purpose from the perspective of the attacking party. There are three kinds of purposes: economic benefit and stability of power grid. Firstly, combined with the outage data caused by the abnormal information system of North American power grid, the impact of non-specific network attack on the power grid is analyzed, and the attack mode of seeking economic benefits is analyzed. In this paper, the author summarizes the two main ideas in the detection of electricity theft, and in the analysis of the attack mode aimed at destroying the stability of the power grid, according to the different targets of the attack, the author expounds respectively, It can provide a new perspective for information security analysis and protection methods of power system. Traditionally, network security protection is based on network isolation and access control. The emergence of the earthquake net virus proves that the key facilities are not protected. Similar seismic network viruses with specific targets can obtain the information of each line and corresponding control ports according to SCADA data table structure, and then carry out structural vulnerability analysis with information such as line topology connection to induce key lines to trip. Even induced cascading failure blackouts. Based on the theory of complex network, the author constructs a cascading fault model, and analyzes the possible attack strategies chosen by the attacker under different information transparency, combining with the simulation of IEEE39-bus system, which provides the basis for the study of targeted defense methods. To meet the demand for two-way interaction in the smart grid, power companies have built an advanced measurement system, Advanced Metering Infrastructure Ammig. As the basis of the advanced measurement system, intelligent ammeter is deployed in a wide range and also introduces security risks. According to the structure of AMI and the path of data transmission, the source of security threat of intelligent ammeter is analyzed. As one of the threat sources, the network virus is often prevented from being prevented. In the end, an intelligent meter intrusion detection method based on CPU load rate is designed, which is combined with Geographic Information system (GIS) to detect and deal with the infected intelligent meter in time.
【学位授予单位】：长沙理工大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP309;TM73;TM933.4

【参考文献】