DTU与主站通信系统的DoS攻击研究

doi:10.3969/j.issn.1674-1951.2021.02.006

摘要/Abstract

摘要：

配电自动化系统主要由配电主站、配电子站以及配电终端设备组成。终端设备与主站的工作状态关系到配电自动化系统能否正常运行。为了研究配电自动化系统的通信安全,搭建了基于传输控制协议（TCP）进行数据传输的站所终端单元（DTU）与主站的通信系统,运用拒绝服务（DoS）攻击手段对该系统进行攻击,验证了系统存在的安全威胁,为增强该通信系统的防DoS攻击能力,提出了基于白名单的防护策略。

关键词: DTU, 配电自动化, DoS攻击, 白名单, 智能电网, 智能终端

Abstract:

A distribution automation system is mainly composed of a distribution master station,distribution substations and distribution terminals.The working status of the terminals and the master station will influence the stable operation of the whole system.In order to keep the communication security of the system,a communication system was built between the DTU （Data Transfer Unit） and the master station based on TCP protocol.DoS attacks were made to the system to verifies the existence of security threats.In order to enhance the anti-DoS attack capability of the communication system,a whitelist-based protection strategy is proposed.

Key words: DTU, distribution automation, DoS attack, whitelist, smart grid, intelligent terminal

中图分类号:

TM711：TP393

余鹏, 王勇. DTU与主站通信系统的DoS攻击研究[J]. 华电技术, 2021, 43(2): 34-39.

YU Peng, WANG Yong. Research on DoS attack to the communication system between DTU and master station[J]. Huadian Technology, 2021, 43(2): 34-39.

图/表 9

图1

图2

图3

图4

图5

图6

图7

图8

图9

参考文献 22

[1]	易思瑶. 配电自动化终端安全防护方案的研究与实现[D]. 北京:华北电力大学, 2018.
[2]	张徐亮, 万里冰, 钱伟中, 等. 基于区块链的电力大数据安全保障体系[J]. 华电技术, 2020,42(8):68-74.
	ZHANG Xuliang, WAN Libing, QIAN Weizhong, et al. Security assurance system for electric power big data based on blockchain technology[J]. Huadian Technology, 2020,42(8):68-74.
[3]	孙跃, 杨晟, 龚钢军, 等. 基于可信计算和区块链的配电物联网内生安全研究[J]. 华电技术, 2020,42(8):61-67.
	SUN Yue, YANG Sheng, GONG Gangjun, et al. Research on endogenous security of distribution Internet of Things based on trusted computing and blockchain technology[J]. Huadian Technology, 2020,42(8):61-67.
[4]	喻小宝, 郑丹丹. 区块链技术在能源电力领域的应用及展望[J]. 华电技术, 2020,42(8):17-23.
	YU Xiaobao, ZHENG Dandan. Application and exploration of blockchain technology in energy and electricity[J]. Huadian Technology, 2020,42(8):17-23.
[5]	王胜飞, 王兴念, 张全忠, 等. 基于UDP配电自动化双向认证设计与实践[J]. 电工技术, 2020(11):56-59.
	WANG Shengfei, WANG Xingnian, ZHANG Quanzhong, et al. Design and practice of bidirectional authentication for DAS based on UDP[J]. Electric Engineering, 2020(11):56-59.
[6]	李中伟, 佟为明, 金显吉. 智能电网信息安全防御体系与信息安全测试系统构建乌克兰和以色列国家电网遭受网络攻击事件的思考与启示[J]. 电力系统自动化, 2016,40(8):147-151.
	LI Zhongwei, TONG Weiming, JIN Xianji. Construction of cyber security defense hierarchy and cyber security testing system of smart grid:Thinking and enlightenment for network attack events to national power grid of Ukraine and Israel[J]. Automation of Electric Power Systems, 2016,40(8):147-151.
[7]	卢昕. 配电网信息物理系统通信安全加固策略设计与研究[D]. 浙江:浙江大学, 2018.
[8]	SCHUBA C L, KRSUL I V, KUHN M G, et al. Analysis of a denial of service attack on TCP[C]// Proceedings of the 1997 IEEE Symposium on Security and Privacy.California, 1997:208-223.
[9]	张旭. 基于PCA-RBF神经网络的DoS攻击分类检测研究[J]. 计算机应用与软件, 2014,31(3):325-327.
	ZHANG Xu. Research on DoS attack classification and detection based on PCA-RBF neural network[J]. Computer Applications and Software, 2014,31(3):325-327.
[10]	王轶楠, 林彦君, 李焕, 等. DoS攻击下电力网络控制系统脆弱性分析及防御[J]. 控制与决策, 2017,32(3):411-418.
	WANG Yinan, LIN Yanjun, LI Huan, et al. Vulnerability analysis and countermeasures of electrical network control systems under DoS attacks[J]. Control and Decision, 2017,32(3):411-418.
[11]	张嘉誉, 章坚民, 杨才明, 等. 基于信息物理融合的智能变电站过程层网络异常流量检测[J]. 电力系统自动化, 2019,43(14):173-184.
	ZHANG Jiayu, ZHANG Jianmin, YANG Caiming, et al. Abnormal traffic detection on process layer network of smart substation based on cyber physical fusion[J]. Automation of Electric Power Systems, 2019,43(14):173-184.
[12]	ZHANG J M, CHEN Y, JIN N Z, et al. OPNET based simulation modeling and analysis of DoS attack for digital substation[C]// 2017 IEEE Power & Energy Society General Meeting,Chicago, 2017:1-5.
[13]	薛景. 针对分布式电力SCADA系统SYN Flood攻击的安全防御方法[D]. 南京:南京师范大学, 2018.
[14]	汤奕, 陈倩, 李梦雅, 等. 电力信息物理融合系统环境中的网络攻击研究综述[J]. 电力系统自动化, 2016,40(17):59-69.
	TANG Yi, CHEN Qian, LI Mengya, et al. Overview on cyber-attacks against cyber physical power system[J]. Automation of Electric Power Systems, 2016,40(17):59-69.
[15]	邓力. 风电场SCADA系统信息安全防护技术研究[D]. 成都:电子科技大学, 2017.
[16]	董剑安, 王永刚, 吴秋峰. iptables防火墙的研究与实现[J]. 计算机工程与应用, 2003(17):161-163,176.
	DONG Jianan, WANG Yonggang, WU Qiufeng. Research and implementation of iptables firewall[J]. Computer Engineering and Applications, 2003(17):161-163,176.
[17]	汪锋, 周大水. 白名单主动防御系统的设计与实现[J]. 计算机工程与设计, 2011,32(7):2241-2244.
	WANG Feng, ZHOU Dashui. Design and implementation of active defense system based on white list[J]. Computer Engineering and Design, 2011,32(7):2241-2244.
[18]	陈树勇, 宋书芳, 李兰欣, 等. 智能电网技术综述[J]. 电网技术, 2009,33(8):1-7.
	CHEN Shuyong, SONG Shufang, LI Lanxin, et al. Survey on smart grid technology[J]. Power System Technology, 2009,33(8):1-7.
[19]	曹康华, 董伟伟, 汪锦量, 等. 基于虚拟蜜网的用电信息采集系统攻击检测方法[J]. 计算机科学, 2019,46(S2):455-459.
	CAO Kanghua, DONG Weiwei, WANG Jinliang, et al. An attack detection method for electricity consumption information collection system based on virtual honeynet[J]. Computer Science, 2019,46(S2):455-459.
[20]	王丹, 赵平, 臧宁宁, 等. 基于安全博弈的综合能源系统安全性分析及防御策略[J]. 电力自动化设备, 2019,39(10):10-16.
	WANG Dan, ZHAO Ping, ZANG Ningning, et al. Security analysis and defense strategy of integrated energy system based on security game[J]. Electric Power Automation Equipment, 2019,39(10):10-16.
[21]	鄢晶, 高天露, 张俊, 等. 边云链协同技术在能源互联网数据管理中的应用及展望[J]. 华电技术, 2020,42(8):41-47.
	YAN Jing, GAO Tianlu, ZHANG Jun, et al. Application and prospect of edge-cloud-chain collaboration technologies for energy internet data management[J]. Huadian Technology, 2020,42(8):41-47.
[22]	王云泽, 王秋瑾, 马欣欣. 基于区块链技术的能源互联网交易方案设计[J]. 华电技术, 2020,42(8):83-89.
	WANG Yunze, WANG Qiujin, MA Xinxin. Design of energy internet trading system based on blockchain technology[J]. Huadian Technology, 2020,42(8):83-89.