基于虚拟蜜网的用电信息采集系统攻击检测方法

计算机科学 ›› 2019, Vol. 46 ›› Issue (11A): 455-459.

基于虚拟蜜网的用电信息采集系统攻击检测方法

曹康华, 董伟伟, 汪锦量, 周林, 王勇

(上海电力大学计算机科学与技术学院上海200000)

出版日期:2019-11-10 发布日期:2019-11-20
作者简介:曹康华(1994-),女,硕士生,主要研究方向为用电信息采集系统安全防护,E-mail:akckh780823@163.com。董伟伟(1994-),女,硕士生,主要研究方向为智能电表通信安全。基于虚拟蜜网的用电信息采集系统攻击检测方法。
基金资助:
本文受国家自然科学基金资助项目(61772327),上海自然科学基金资助项目(16ZR14366300),浙江大学工业控制技术国家重点实验室开放式基金资助项目(ICT1800380),上海电力学院智能电网产学研开发中心基金资助项目(A-0009-17-002-05),上海市科委地方能力建设基金资助项目(15110500700)资助。

Attack Detection Method for Electricity Information Collection System Based on Virtual Honeynet

CAO Kang-hua, DONG Wei-wei, WANG Jin-liang, ZHOU Lin, WANG Yong

(Shanghai University of Electric Power,College of Information and Technology,Shanghai 200000,China)

Online:2019-11-10 Published:2019-11-20

摘要/Abstract

摘要： 高级量测体系(AMI)是智能电网系统测量、接收、存储、分析和操作用户消耗数据的基础。消费者(智能电表)和公用事业之间的通信和数据传输需求使AMI的安全性显著下降。并且,随着大量新型智能采集终端的接入,以及多种通信方式、通信协议的应用,用电信息采集系统面临的网络攻击越来越频繁。系统目前侧重于采集终端的上线率和通信信道的连通性,缺乏相应的安全防护措施。针对以上问题,设计并实现了虚拟蜜网在用电信息采集系统上的部署方案,解决了传统蜜网硬件资源浪费的问题。同时设计数据控制算法对数据包进行检测,有效解决了攻击流量的控制问题。最后,进行了渗透攻击测试,并结合蜜网的三大核心功能对实验结果进行了分析,结果表明本方案可以有效检测到攻击。

关键词: 安全防护, 通信协议, 网络攻击, 虚拟蜜网, 用电信息采集系统

Abstract: The Advanced Measurement System (AMI) is the basis for smart grid systems to measure,collect,store,analyze and manipulate user-consumed data.The communication and data transfer requirements between consumers (smart meters) and utilities significantly reduce the security of AMI.The electricity information collection system uses a variety of communication methods,communication protocols and new intelligent collection terminals.Therefore,the network attacks faced by the electricity information collection system are extremely frequent.Since the system currently focuses on the uplink rate of the acquisition terminal and the connectivity of the communication channel,there is a lack of corresponding security protection measures.Aiming at the above problems,the deployment scheme of the virtual honeynet on the power information collection system was designed and implemented,which solves the problem of waste of traditional honeynet hardware resources.At the same time,the data control algorithm is designed to detect the data packet,which effectively solves the control problem of attack traffic.Finally,the penetration attack test was carried out,and the experimental results are analyzed by combining the three core functions of the honeynet,which show that the scheme can effectively detect the attack.

Key words: Communication protocol, Electricity information collection system, Network attacks, Security protection, Virtual honeynet

中图分类号:

TP393.08

曹康华, 董伟伟, 汪锦量, 周林, 王勇. 基于虚拟蜜网的用电信息采集系统攻击检测方法[J]. 计算机科学, 2019, 46(11A): 455-459. https://doi.org/

CAO Kang-hua, DONG Wei-wei, WANG Jin-liang, ZHOU Lin, WANG Yong. Attack Detection Method for Electricity Information Collection System Based on Virtual Honeynet[J]. Computer Science, 2019, 46(11A): 455-459. https://doi.org/

参考文献

[1]赵兵,翟峰,李涛永,等.适用于智能电表双向互动系统的安全通信协议[J].电力系统自动化,2016,40(17):93-98.
[2]李敏,王刚,石磊,等.智能电网信息安全风险分析[J].华北电力技术,2017(1):62-65.
[3]李中伟,佟为明,金显吉.智能电网信息安全防御体系与信息安全测试系统构建乌克兰和以色列国家电网遭受网络攻击事件的思考与启示[J].电力系统自动化,2016,40(8):147-151.
[4]任天成.电力信息网络主动式风险预警系统开发研究[D].北京:华北电力大学,2015.
[5]FAISAL M A,AUNG Z,WILLIAMS J R,et al.Data-stream-based intrusion detection system for advanced metering infrastructure in smart grid:A feasibility study[J].IEEESystems Journal,2015,9(1):31-44.
[6]WANG K,OUYANG Z,KRISHNAN R,et al.A game theory-based energy management system using price elasticity for smart grids[J].IEEE Transactions on Industrial Informatics,2015,11(6):1607-1616.
[7]YE F,QIAN Y,HU R Q.A security protocol for advanced metering infrastructure in smart grid[C]∥2014 IEEE Global Communications Conference.Austin,TX,USA:IEEE,2014:649-654.
[8]LIU N,ZHU C L,ZHANG J,et al.A key management scheme for secure communications of advanced metering infrastructure in smart grid[J].IEEE Transactions on Instrumentationand Measurement,2013,60(10):4746-4756.
[9]张恩超.智能电网信息安全防御体系架构与关键技术研究[D].北京:华北电力大学,2016.
[10]周晟,赵君翊,葛元鹏.主被动防御结合的智能电网信息安全防护体系[J].电子科技,2015,28(6):213-215.
[11]陈飞.智能电网信息安全交互模型及关键技术研究[D].北京华北电力大学,2014.
[12]诸葛建伟,唐勇,韩心慧,等.蜜罐技术研究与应用进展[J].软件学报,2013,24(4):825-842.
[13]CONPOT ICS/SCADA honeypot[EB/OL].https://www.conpot.org.
[14]KOLTYS K,GAJEWSKI R.Shape:A honeypot for electric power substation[J].Journal of Telecommunications and Information Technology,2015(4):37-43.
[15]FAN W,FERNÁNDEZ D,DU Z.Versatile virtual honeynetmanagement framework[J].IET Information Security,2017,11(1):38-45.
[16]REN J,XU Y.A compartmental model to explore the interplay between virus epidemics and honeynet potency[J].Applied Mathematical Modelling,2018,59:86-99.
[17]SOKOL P,GAJDOŠ A.Prediction of Attacks Against Honeynet Based on Time Series Modeling[J].Applied Computational Intelligence and Mathematical Methods,2018,662:360-371.
[18]易秀双,马世伟,王卫东.虚拟蜜网核心功能剖析与实例部署[J].计算机科学,2012,39(3):101-103,109.
[19]胡江溢,祝恩国,杜新纲,等.用电信息采集系统应用现状及发展趋势[J].电力系统自动化,2014,38(2):131-135.
[20]祝恩国,刘宣,葛磊蛟.用电信息采集系统非结构化数据管理设计[J].电力系统及其自动化学报,2016,28(10):123-128.
[21]翟峰,冯云,李保丰.电力采集系统安全防护和密码管理体系[J].网络空间安全,2018,9(2):79-84,89.

相关文章 15

[1]	宋涛, 李秀华, 李辉, 文俊浩, 熊庆宇, 陈杰. 大数据时代下车联网安全加密认证技术研究综述 Overview of Research on Security Encryption Authentication Technology of IoV in Big Data Era 计算机科学, 2022, 49(4): 340-353. https://doi.org/10.11896/jsjkx.210400112
[2]	孙轩, 王焕骁. 政务大数据安全防护能力建设:基于技术和管理视角的探讨 Capability Building for Government Big Data Safety Protection:Discussions from Technologicaland Management Perspectives 计算机科学, 2022, 49(4): 67-73. https://doi.org/10.11896/jsjkx.211000010
[3]	王金恒, 单志龙, 谭汉松, 王煜林. 基于遗传优化PNN神经网络的网络安全态势评估 Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network 计算机科学, 2021, 48(6): 338-342. https://doi.org/10.11896/jsjkx.201200239
[4]	石琳姗, 马创, 杨云, 靳敏. 基于SSC-BP神经网络的异常检测算法 Anomaly Detection Algorithm Based on SSC-BP Neural Network 计算机科学, 2021, 48(12): 357-363. https://doi.org/10.11896/jsjkx.201000086
[5]	马琳, 王云霄, 赵丽娜, 韩兴旺, 倪金超, 张婕. 基于多模型判别的网络入侵检测系统 Network Intrusion Detection System Based on Multi-model Ensemble 计算机科学, 2021, 48(11A): 592-596. https://doi.org/10.11896/jsjkx.201100170
[6]	程庆丰, 李钰汀, 李兴华, 姜奇. 面向边缘计算环境的密码技术研究综述 Research on Application of Cryptography Technology for Edge Computing Environment 计算机科学, 2020, 47(11): 10-18. https://doi.org/10.11896/jsjkx.200500003
[7]	方皓, 吴礼发, 吴志勇. 基于符号执行的Return-to-dl-resolve利用代码自动生成方法 Automatic Return-to-dl-resolve Exploit Generation Method Based on Symbolic Execution 计算机科学, 2019, 46(2): 127-132. https://doi.org/10.11896/j.issn.1002-137X.2019.02.020
[8]	陈晋音,徐轩桁,苏蒙蒙. 基于自适应免疫计算的网络攻击检测研究 Research on Network Attack Detection Based on Self-adaptive Immune Computing 计算机科学, 2018, 45(6A): 364-370.
[9]	唐赞玉,刘宏. 多阶段大规模网络攻击下的网络安全态势评估方法研究 Study on Evaluation Method of Network Security Situation under Multi-stage Large-scale Network Attack 计算机科学, 2018, 45(1): 245-248. https://doi.org/10.11896/j.issn.1002-137X.2018.01.043
[10]	廖勇,樊卓宸,赵明. 空间信息网络安全协议综述 Survey on Security Protocol of Space Information Networks 计算机科学, 2017, 44(4): 202-206. https://doi.org/10.11896/j.issn.1002-137X.2017.04.044
[11]	申普兵,赵占东,宫强兵. 网络作战能力评估指标体系构建问题的研究 Research on Evaluation of Computer Network Operation Based on Capacity Factor 计算机科学, 2016, 43(Z6): 505-507. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.119
[12]	周强,彭辉. 基于自回归滑动平均的网络数据流量预测模型 Research on Network Traffic Prediction Scheme Based on Autoregressive Moving Average 计算机科学, 2014, 41(4): 75-79.
[13]	李文雄,武东英,刘胜利,肖达. 基于本体的网络攻击案例库模型研究 Research on Cyber Attack Case Base Model Based on Ontology 计算机科学, 2014, 41(10): 173-176. https://doi.org/10.11896/j.issn.1002-137X.2014.10.039
[14]	戴宏斌. 关于自动化应用中通信协议软件独立性的研究 Research on the Independence of the Communication Protocol Software in Automation 计算机科学, 2013, 40(Z11): 68-72.
[15]	房友园,齐漩,战茅. 面向通信协议故障的分布式软件可靠性测试技术研究 Research on Communication Protocol Fault-oriented Reliability Testing of Distributed Software 计算机科学, 2012, 39(7): 132-134.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed