计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (2): 359-370.doi: 10.11896/jsjkx.221100187

• 信息安全 • 上一篇    下一篇

SGPot:一种基于强化学习的智能电网蜜罐框架

王毓贞, 宗国笑, 魏强   

  1. 信息工程大学网络空间安全学院 郑州450001
  • 收稿日期:2022-11-22 修回日期:2023-02-20 出版日期:2024-02-15 发布日期:2024-02-22
  • 通讯作者: 魏强(prof_weiqiang@163.com)
  • 作者简介:(wangyuzhen@mail.nwpu.edu.cn)
  • 基金资助:
    国家重点研发计划(2020YFB2010900);中原科技创新领军人才(224200510002)

SGPot:A Reinforcement Learning-based Honeypot Framework for Smart Grid

WNAG Yuzhen, ZONG Guoxiao, WEI Qiang   

  1. School of Cyberspace Security,Information Engineering University,Zhengzhou 450001,China
  • Received:2022-11-22 Revised:2023-02-20 Online:2024-02-15 Published:2024-02-22
  • About author:WANG Yuzhen,born in 1998,postgra-duate.His main research interests include smart grid security and deception defense technologies.WEI Qiang,born in 1979,Ph.D,professor,doctoral supervisor.His main research interests include software vulnerability analysis and vulnerability mining,industrial Internet security,etc.
  • Supported by:
    National Key R & D Program of China(2020YFB2010900) and Program for Innovation Leading Scientists and Technicians of Zhongyuan(224200510002).

PDF (PC)

1533

摘要: 随着工业4.0的快速推进,与之互联的电力数据采集与监视控制(Supervisory Control and Data Acquisition,SCADA)系统逐渐趋于信息化和智能化。由于这些系统本身具有脆弱性以及受到攻击和防御能力的不对等性,使得系统存在各种安全隐患。近年来,针对电力攻击事件频发,亟需提出针对智能电网的攻击缓解方法。蜜罐作为一种高效的欺骗防御方法,能够有效地收集智能电网中的攻击行为。针对现有的智能电网蜜罐中存在的交互深度不足、物理工业过程仿真缺失、扩展性差的问题,设计并实现了一种基于强化学习的智能电网蜜罐框架——SGPot,它能够基于电力行业真实设备中的系统不变量模拟智能变电站控制端,通过电力业务流程的仿真来提升蜜罐欺骗性,诱使攻击者与蜜罐深度交互。为了评估蜜罐框架的性能,搭建了小型智能变电站实验验证环境,同时将SGPot和现有的GridPot以及SHaPe蜜罐同时部署在公网环境中,收集了30天的交互数据。实验结果表明,SGPot收集到的请求数据比GridPot多20%,比SHaPe多75%。SGPot能够诱骗攻击者与蜜罐进行更深度的交互,获取到的交互会话长度大于6的会话数量多于GridPot和SHaPe。

关键词: 智能电网, 强化学习, 智能交互, 主动防御, 蜜罐

Abstract: With the rapid advancement of Industry 4.0,the supervisory control and data acquisition(SCADA) system,which is interconnected with Industry 4.0,is gradually becoming more informationized and intelligent.There are various security hazards in the SCADA system caused by the vulnerability of the system and the disparity in attack and defense capability.Due to the frequency of power attacks in recent years,there has been an urgency to propound attack mitigation measures for smart grid.Honeypots,as an efficient deception defense method,can effectively collect attacks in smart grids.To address the issues of insufficient interaction depth,deficiency of physical industrial process simulation,and poor scalability in existing smart grid honeypots,this paper designs and implements a reinforcement learning-based smart grid honeypot framework—SGPot.It can simulate control side of a smart substation based on the system invariants in real devices of the power industry.Through the simulation of the power business process,the SGPot can enhance the deception of the honeypot and induce attackers to interact deeply with the honeypot.In order to evaluate the performance of the honeypot framework,this paper builds a small smart substation experimental validation environment.Meanwhile,SGPot,the existing GridPot and SHaPe honeypots are simultaneously deployed in the public network environment,and 30 days of interaction data are collected.According to the experimental results of this paper,the request data collected by SGPot is 20% more than GridPot and 75% more than SHaPe.SGPot can induce attackers to interact with the honeypot in greater depth than GridPot and SHaPe,and it obtains more sessions with interaction lengths greater than 6.

Key words: Smart grid, Reinforcement learning, Intelligent interaction, Active defense, Honeypot

中图分类号: 

  • TP393
[1]CASE D U.Analysis of the cyber attack on the Ukrainian power grid[J].Electricity Information Sharing and Analysis Center(E-ISAC),2016,388:1-29.
[2]AN T.Comprehensive Analysis Report on Attacks on Ukraine’sPower System [R].2016,2016.
[3]KAZI R,KUMAR N.Thinking the Unthinkable:Cyber Attacks on India’s Nuclear Assets[J].Liberal Stud.,2019,4:107.
[4]LI F,YAN X,XIE Y,et al.A review of cyber-attack methods in cyber-physical power system[C]//2019 IEEE 8th International Conference on Advanced Power System Automation and Protection(APAP).IEEE,2019:1335-1339.
[5]PIETROSEMOLI L,RODRÍGUEZ-MONROY C.The Venezuelan energy crisis:Renewable energies in the transition towards sustainability[J].Renewable and Sustainable Energy Reviews,2019,105:415-426.
[6]BUZA D I,JUHÁSZ F,MIRU G,et al.CryPLH:Protectingsmart energy systems from targeted attacks with a PLC honeypot[C]//International Workshop on Smart Grid Security.Cham:Springer,2014:181-192.
[7]KOŁTYŚ K,GAJEWSKI R.Shape:A honeypot for electricpower substation[J].Journal of Telecommunications and Information Technology,2015(4):37-43.
[8]REDWOOD O,LAWRENCE J,BURMESTER M.A symbolic honeynet framework for scada system threat intelligence[C]//International Conference on Critical Infrastructure Protection.Cham:Springer,2015:103-118.
[9]MASHIMA D,CHEN B,GUNATHILAKA P,et al.Towards a grid-wide,high-fidelity electrical substation honeynet[C]//2017 IEEE International Conference on Smart Grid Communications(SmartGridComm).IEEE,2017:89-95.
[10]MASHIMA D,LI Y,CHEN B.Who’s Scanning Our SmartGrid? Empirical Study on Honeypot Data[C]//2019 IEEE Global Communications Conference(GLOBECOM).IEEE,2019:1-6.
[11]MASHIMA D,KOK D,LIN W,et al.On design and enhancement of smart grid honeypot system for practical collection of threat intelligence[C]//13th USENIX Workshop on Cyber Security Experimentation and Test(CSET 20).2020.
[12]GUNATHILAKA P,MASHIMA D,CHEN B.Softgrid:A software-based smart grid testbed for evaluating substation cybersecurity solutions[C]//Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy.2016:113-124.
[13]LIN H,ZHUANG J,HU Y C,et al.DefRec:Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures[C]//Proceedings of 2020 Network and Distributed System Security Symposium(NDSS).2020.
[14]TC57 I E C.IEC 61850-90-2 TR:Communication networks and systems for power utility automation-part 90-2:Using iec 61850 for the communication between substations and control centres[S].International Electro technical Commission Std,2015.
[15]“CONPOT ICS/SCADA honeypot,” [EB/OL].https://www.conpot.org.
[16]WAGENER G.Self-adaptive honeypots coercing and assessing attacker behaviour[D].Institut National Polytechnique de Lorraine-INPL,2011.
[17]LUO T,XU Z,JIN X,et al.Iotcandyjar:Towards an intelligent-interaction honeypot for iot devices[J].Black Hat,2017,1:1-11.
[18]PAUNA A,BICA I.RASSH-Reinforced adaptive SSH honeypot[C]//2014 10th International Conference on Communications(COMM).IEEE,2014:1-6.
[19]PAUNA A,IACOB A C,BICA I.Qrassh-a self-adaptive ssh honeypot driven by q-learning[C]//2018 International Conference on Communications(COMM).IEEE,2018:441-446.
[20]PAUNA A,BICA I,POP F,et al.On the rewards of self-adaptive IoT honeypots[J].Annals of Telecommunications,2019,74(7):501-515.
[21]YAMAMOTO M,KAKEI S,SAITO S.FirmPot:A Framework for Intelligent-Interaction Honeypots Using Firmware of IoT Devices[C]//2021 Ninth International Symposium on Computing and Networking Workshops(CANDARW).IEEE,2021:405-411.
[22]ANTONIOLI D,TIPPENHAUER N O.MiniCPS:A toolkit for security research on CPS networks[C]//Proceedings of the First ACM Workshop on Cyber-physical Systems-security and/or Privacy.2015:91-100.
[23]KAUR K,SINGH J,GHUMMAN N S.Mininet as software defined networking testing platform[C]//International Conference on Communication,Computing & Systems(ICCCS).2014:139-142.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发