计算机科学 ›› 2024, Vol. 51 ›› Issue (2): 359-370.doi: 10.11896/jsjkx.221100187
王毓贞, 宗国笑, 魏强
WNAG Yuzhen, ZONG Guoxiao, WEI Qiang
摘要: 随着工业4.0的快速推进,与之互联的电力数据采集与监视控制(Supervisory Control and Data Acquisition,SCADA)系统逐渐趋于信息化和智能化。由于这些系统本身具有脆弱性以及受到攻击和防御能力的不对等性,使得系统存在各种安全隐患。近年来,针对电力攻击事件频发,亟需提出针对智能电网的攻击缓解方法。蜜罐作为一种高效的欺骗防御方法,能够有效地收集智能电网中的攻击行为。针对现有的智能电网蜜罐中存在的交互深度不足、物理工业过程仿真缺失、扩展性差的问题,设计并实现了一种基于强化学习的智能电网蜜罐框架——SGPot,它能够基于电力行业真实设备中的系统不变量模拟智能变电站控制端,通过电力业务流程的仿真来提升蜜罐欺骗性,诱使攻击者与蜜罐深度交互。为了评估蜜罐框架的性能,搭建了小型智能变电站实验验证环境,同时将SGPot和现有的GridPot以及SHaPe蜜罐同时部署在公网环境中,收集了30天的交互数据。实验结果表明,SGPot收集到的请求数据比GridPot多20%,比SHaPe多75%。SGPot能够诱骗攻击者与蜜罐进行更深度的交互,获取到的交互会话长度大于6的会话数量多于GridPot和SHaPe。
中图分类号:
[1]CASE D U.Analysis of the cyber attack on the Ukrainian power grid[J].Electricity Information Sharing and Analysis Center(E-ISAC),2016,388:1-29. [2]AN T.Comprehensive Analysis Report on Attacks on Ukraine’sPower System [R].2016,2016. [3]KAZI R,KUMAR N.Thinking the Unthinkable:Cyber Attacks on India’s Nuclear Assets[J].Liberal Stud.,2019,4:107. [4]LI F,YAN X,XIE Y,et al.A review of cyber-attack methods in cyber-physical power system[C]//2019 IEEE 8th International Conference on Advanced Power System Automation and Protection(APAP).IEEE,2019:1335-1339. [5]PIETROSEMOLI L,RODRÍGUEZ-MONROY C.The Venezuelan energy crisis:Renewable energies in the transition towards sustainability[J].Renewable and Sustainable Energy Reviews,2019,105:415-426. [6]BUZA D I,JUHÁSZ F,MIRU G,et al.CryPLH:Protectingsmart energy systems from targeted attacks with a PLC honeypot[C]//International Workshop on Smart Grid Security.Cham:Springer,2014:181-192. [7]KOŁTYŚ K,GAJEWSKI R.Shape:A honeypot for electricpower substation[J].Journal of Telecommunications and Information Technology,2015(4):37-43. [8]REDWOOD O,LAWRENCE J,BURMESTER M.A symbolic honeynet framework for scada system threat intelligence[C]//International Conference on Critical Infrastructure Protection.Cham:Springer,2015:103-118. [9]MASHIMA D,CHEN B,GUNATHILAKA P,et al.Towards a grid-wide,high-fidelity electrical substation honeynet[C]//2017 IEEE International Conference on Smart Grid Communications(SmartGridComm).IEEE,2017:89-95. [10]MASHIMA D,LI Y,CHEN B.Who’s Scanning Our SmartGrid? Empirical Study on Honeypot Data[C]//2019 IEEE Global Communications Conference(GLOBECOM).IEEE,2019:1-6. [11]MASHIMA D,KOK D,LIN W,et al.On design and enhancement of smart grid honeypot system for practical collection of threat intelligence[C]//13th USENIX Workshop on Cyber Security Experimentation and Test(CSET 20).2020. [12]GUNATHILAKA P,MASHIMA D,CHEN B.Softgrid:A software-based smart grid testbed for evaluating substation cybersecurity solutions[C]//Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy.2016:113-124. [13]LIN H,ZHUANG J,HU Y C,et al.DefRec:Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures[C]//Proceedings of 2020 Network and Distributed System Security Symposium(NDSS).2020. [14]TC57 I E C.IEC 61850-90-2 TR:Communication networks and systems for power utility automation-part 90-2:Using iec 61850 for the communication between substations and control centres[S].International Electro technical Commission Std,2015. [15]“CONPOT ICS/SCADA honeypot,” [EB/OL].https://www.conpot.org. [16]WAGENER G.Self-adaptive honeypots coercing and assessing attacker behaviour[D].Institut National Polytechnique de Lorraine-INPL,2011. [17]LUO T,XU Z,JIN X,et al.Iotcandyjar:Towards an intelligent-interaction honeypot for iot devices[J].Black Hat,2017,1:1-11. [18]PAUNA A,BICA I.RASSH-Reinforced adaptive SSH honeypot[C]//2014 10th International Conference on Communications(COMM).IEEE,2014:1-6. [19]PAUNA A,IACOB A C,BICA I.Qrassh-a self-adaptive ssh honeypot driven by q-learning[C]//2018 International Conference on Communications(COMM).IEEE,2018:441-446. [20]PAUNA A,BICA I,POP F,et al.On the rewards of self-adaptive IoT honeypots[J].Annals of Telecommunications,2019,74(7):501-515. [21]YAMAMOTO M,KAKEI S,SAITO S.FirmPot:A Framework for Intelligent-Interaction Honeypots Using Firmware of IoT Devices[C]//2021 Ninth International Symposium on Computing and Networking Workshops(CANDARW).IEEE,2021:405-411. [22]ANTONIOLI D,TIPPENHAUER N O.MiniCPS:A toolkit for security research on CPS networks[C]//Proceedings of the First ACM Workshop on Cyber-physical Systems-security and/or Privacy.2015:91-100. [23]KAUR K,SINGH J,GHUMMAN N S.Mininet as software defined networking testing platform[C]//International Conference on Communication,Computing & Systems(ICCCS).2014:139-142. |
|