面向智慧园区系统的网络攻击关联分析与防护策略研究

doi:10.3969/j.issn.2097-0706.2022.07.001

摘要/Abstract

摘要：

智慧园区系统内各层次时刻遭受网络攻击的威胁,为提高智慧园区系统面向网络攻击威胁的应对能力与恶意攻击事件识别的精度和效率,提出面向智慧园区系统的网络攻击关联分析方法,其是采用频繁模式增长（FP-Growth）算法的网络攻击异常事件关联规则分析技术。首先利用FP-Growth算法快速挖掘异常事件频繁项集,训练关联规则;其次利用灰色关联分析算法生成实时异常事件对于网络攻击异常表现形式的元素集合;接着结合关联规则实现网络攻击场景的在线识别;同时针对匹配的攻击场景所对应的环节提出网络攻击防护策略,进行网络攻击防御,消除攻击影响;最后在不同数据量下验证所提方法在关联规则训练方面效率的优越性,并以智慧园区系统负荷频率控制（LFC）业务为场景验证所提网络攻击防护策略的可行性和有效性。

关键词: 智慧园区, 综合能源系统, 微电网, 网络攻击, 关联规则分析与匹配, 灰色关联分析, 攻击防护策略, 负荷频率控制

Abstract:

Control system of smart parks at all levels are vulnerable to network attacks. In order to improve the system's coping capacities to network attacks and the identification accuracy and efficiency of malicious attack events,a network attack association analysis method for smart park systems is proposed. The method takes Frequent Pattern-Growth（FP-Growth） algorithm to detect the association rules of abnormal network attack events. FP-Growth algorithm can quickly mine the frequent item sets of abnormal events and train the association rules. Grey correlation analysis algorithm generates the abnormal manifestation set of real-time abnormal network attack events. Then, following the association rules,the network attack scenarios can be recognized on-line. Network attack protection strategy is made according to the links corresponding to the different attack scenarios to eliminate the impact of the attack. Finally,the efficiency of the proposed method in training association rules is verified by data of different volumes,and the feasibility of the network attack protection strategy is verified by the Load Frequency Control module of the smart park system.

Key words: smart park, integrated energy system, micro-grid, network attack, association rule analysis and matching, grey correlation analysis, attack protection strategy, control on load and frequency

中图分类号:

TK01：TM73：TP393.08

李惠军, 陆建强, 周霞, 解相朋, 万磊. 面向智慧园区系统的网络攻击关联分析与防护策略研究[J]. 综合智慧能源, 2022, 44(7): 1-9.

LI Huijun, LU Jianqiang, ZHOU Xia, XIE Xiangpeng, WAN Lei. Network attack association analysis and attack protection strategy for smart park systems[J]. Integrated Intelligent Energy, 2022, 44(7): 1-9.

图/表 14

图1

表1

图2

图3

图4

图5

图6

图7

图8

图9

表2

图10

图11

图12

参考文献 24

[1]	王奖, 邓丰强, 张勇军, 等. 园区能源互联网的规划与运行研究综述[J]. 电力自动化设备, 2021, 41(2):24-32,55.
	WANG Jiang, DENG Fenqiang, ZHANG Yongjun, et al. Review on planning and operation research of park energy internet[J]. Electric Power Automation Equipment, 2021, 41(2):24-32,55.
[2]	COLAK I, SAGIROGLU S, FULLI G, et al. A survey on the critical issues in smart grid technologies[J]. Renewable and Sustainable Energy Reviews, 2016, 54(2):396-405. doi: 10.1016/j.rser.2015.10.036
[3]	秦羽飞, 葛磊蛟, 王波. 能源互联网群体智能协同控制与优化技术[J]. 华电技术, 2021, 43(9): 1-13.
	QIN Yufei, GE Leijiao, WANG Bo. Swarm intelligence collaborative control and optimization technology of Energy Internet[J]. Huadian Technology, 2021, 43(9): 1-13.
[4]	钱峰, 皮杰, 刘俊磊, 等. 微电网建模与控制理论综述[J]. 武汉大学学报(工学版), 2020, 53(12):1044-1054.
	QIAN Feng, PI Jie, LIU Junlei, et al. Review of microgrid modeling and control theory[J]. Engineering Journal of Wuhan University, 2020, 53(12):1044-1054.
[5]	KOTOWICZ J, UCHMAN W. Analysis of the integrated energy system in residential scale:Photovoltaics,micro-cogeneration and electrical energy storage[J]. Energy, 2021, 227:120469. doi: 10.1016/j.energy.2021.120469
[6]	陈郁林, 齐冬莲, 李真鸣, 等. 虚假数据注入攻击下的微电网分布式协同控制[J]. 电力系统自动化, 2021, 45(5):97-103.
	CHEN Yulin, QI Donglian, LI Zhenming, et al. Distributed cooperative control of microgrid under false data injection attacks[J]. Automation of Electric Power Systems, 2021, 45(5):97-103.
[7]	黄博南, 詹凤楠, 张天闻, 等. 一种针对电-热综合能源系统经济调度的DoS最优攻击策略[J]. 中国电机工程学报, 2020, 40(21):6839-6854.
	HUANG Bonan, ZHAN Fengnan, ZHANG Tianwen, et al. An optimal DoS attack strategy against the economic dispatch for electric-thermal integrated energy system[J]. Proceedings of the CSEE, 2020, 40(21):6839-6854.
[8]	余鹏, 王勇. DTU与主站通信系统的DoS攻击研究[J]. 华电技术, 2021, 43(2): 34-39.
	YU Peng, WANG Yong. Research on DoS attack to the communication system between DTU and master station[J]. Huadian Technology, 2021, 43(2): 34-39.
[9]	张晓娟, 曹靖怡, 缪思薇, 等. 电力工控系统攻击渗透技术综述[J]. 电力信息与通信技术, 2021, 19(3):49-59.
	ZHANG Xiaojuan, CAO Jingyi, MIAO Siwei, et al. Overview of power industry control system penetration attack technology[J]. Electric Power Information and Communication Technology, 2021, 19(3):49-59.
[10]	何金栋, 王宇, 赵志超, 等. 智能变电站嵌入式终端的网络攻击类型研究及验证[J]. 中国电力, 2020, 53(1):81-91.
	HE Jindong, WANG Yu, ZHAO Zhichao, et al. Type and verification of network attacks on embedded terminals of intelligent substation[J]. Electric Power, 2020, 53(1):81-91.
[11]	叶万余, 苏超, 罗敏辉, 等. 基于关联规则挖掘的输电线路缺陷状态预测[J]. 电力系统保护与控制, 2021, 49(20):104-111.
	YE Wanyu, SU Chao, LUO Minhui, et al. Transmission line defect state prediction based on association rule mining[J]. Power System Protection and Control, 2021, 49(20):104-111.
[12]	陈勇, 李胜男, 张丽, 等. 基于改进Apriori算法的智能变电站二次设备缺陷关联性分析[J]. 电力系统保护与控制, 2019, 47(20):135-141.
	CHEN Yong, LI Shengnan, ZHANG Li, et al. Association analysis for defect data of secondary device in smart substations based on improved Apriori algorithm[J]. Power System Protection and Control, 2019, 47(20):135-141.
[13]	高泽芳, 王岱辉, 王昀, 等. 基于告警事件特征的网络攻击行为实时预警研究[J]. 电信工程技术与标准化, 2018, 31(12):33-37.
	GAO Zefang, WANG Daihui, WANG Jun, et al. Research on real-time warning of network attack behavior based on characteristics of alarm events[J]. Telecom Engineering Technics and Standardization, 2018, 31(12):33-37.
[14]	黄悦华, 邹子豪, 张赟宁, 等. 基于FP-Growth算法的配电网薄弱点分析研究[J]. 电测与仪表, 2020, 57(17):79-84,135.
	HUANG Yuehua, ZOU Zihao, ZHANG Yunning, et al. Research on weak point analysis of distribution network based on FP-Growth algorithm[J]. Electrical Measurement & Instrumentation, 2020, 57(17):79-84,135.
[15]	费稼轩, 裴培, 张明, 等. 电网工控网络攻击场景中的层次关联分析方法[J]. 南京理工大学学报, 2020, 44(6):715-723.
	FEI Jiaxuan, PEI Pei, ZHANG Ming, et al. Hierarchical association analysis method in industrial control cyber attack scenario of power grid[J]. Journal of Nanjing University of Science and Technology, 2020, 44(6):715-723.
[16]	余锐, 郑亮, 熊俊, 等. 基于改进Apriori算法的电力通信设备缺陷关联性分析[J]. 中国安全生产科学技术, 2021, 17(12):176-181.
	YU Rui, ZHENG Liang, XIONG Jun, et al. Defect correlation analysis of power communication equipment base on improved Apriori algorithm[J]. Journal of Safety Science and Technology, 2021, 17(12):176-181.
[17]	孙学波, 石飞达. 基于Hadoop的Apriori算法研究与优化[J]. 计算机工程与设计, 2018, 39(1):126-133,145.
	SUN Xuebo, SHI Feida. Research and optimization of Apriori algorithm based on Hadoop[J]. Computer Engineering and Design, 2018, 39(1):126-133,145.
[18]	章锐, 费稼轩, 石聪聪, 等. 特定攻击场景下源网荷系统恶意攻击关联分析方法[J]. 中国电力, 2019, 52(10):1-10.
	ZHANG Rui, FEI Jiaxuan, SHI Congcong, et al. Malicious attack correlation analysis method of source-grid-load system under specific attack scenarios[J]. Electric Power, 2019, 52(10):1-10.
[19]	胡倩. 基于多步攻击场景的攻击预测方法[J]. 计算机科学, 2019, 46(S1):365-369.
	HU Qian. Attack prediction method based on multi-step attack scenario[J]. Computer Science, 2019, 46(S1): 365-369.
[20]	吕政权, 李朝阳, 王海峰, 等. 基于GRU-CNN的综合能源网络安全攻击检测方法[J]. 华电技术, 2021, 43(2): 9-14.
	LYU Zhengquan, LI Zhaoyang, WANG Haifeng, et al. An intrusion detection method for integrated energy network based on GRU-CNN[J]. Huadian Technology, 2021, 43(2): 9-14.
[21]	王海峰, 李朝阳, 吕政权, 等. 泛在电力物联网环境下网络安全攻击研究[J]. 浙江电力, 2019, 38(12):76-81.
	WANG Haifeng, LI Zhaoyang, LV Zhengquan, et al. Survey on cyber attack in the context of ubiquitous power internet of things[J]. Zhejiang Electric Power, 2019, 38(12):76-81.
[22]	汤奕, 李梦雅, 王琦, 等. 电力信息物理系统网络攻击与防御研究综述(二)检测与保护[J]. 电力系统自动化, 2019, 43(10):1-9,18.
	TANG Yi, LI Mengya, WANG Qi, et al. A review on research of cyber-attacks and defense in cyber physical power systems part two detection and protection[J]. Automation of Electric Power Systems, 2019, 43(10):1-9,18.
[23]	张涛, 赵东艳, 薛峰, 等. 电力系统智能终端信息安全防护技术研究框架[J]. 电力系统自动化, 2019, 43(19):1-8,67.
	ZHANG Tao, ZHAO Dongyan, XUE Feng, et al. Research framework of cyber-security protection technologies for smart terminals in power system[J]. Automation of Electric Power Systems, 2019, 43(19):1-8,67.
[24]	张徐亮, 万里冰, 钱伟中, 等. 基于区块链的电力大数据安全保障体系[J]. 华电技术, 2020, 42(8): 68-74.
	ZHANG Xuliang, WAN Libing, QIAN Weizhong, et al. Security assurance system for electric power big data based on blockchain technology[J]. Huadian Technology, 2020, 42(8): 68-74.

攻击环节	攻击场景	异常表现形式
主站侧	修改配置参数	电压异常、电流异常、切负荷量异常、设备拒动/误动、电价异常
	会话劫持
	伪造控制指令
终端侧	篡改量测数据
	设备重启动
	设备锁控制	网络流量异常、终端违规外联、业务应用拒绝服务、用户数据泄露
通信侧	非法监听报文
	恶意控制通信
	拒绝服务攻击

区域	T_g_i	T_SL_i	T_ch_i	T_E_i	K_E	D_i	H_i	β_i	R_i	T_ij
1	0.10	1.30	0.30	0.30	5.00	1.00	10.00	21.00	0.05	0.50
2	0.08	1.30	0.32	0.30	5.00	1.00	11.00	18.00	0.05	0.50