Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (2): 359-370.doi: 10.11896/jsjkx.221100187

• Information Security • Previous Articles     Next Articles

SGPot:A Reinforcement Learning-based Honeypot Framework for Smart Grid

WNAG Yuzhen, ZONG Guoxiao, WEI Qiang   

  1. School of Cyberspace Security,Information Engineering University,Zhengzhou 450001,China
  • Received:2022-11-22 Revised:2023-02-20 Online:2024-02-15 Published:2024-02-22
  • About author:WANG Yuzhen,born in 1998,postgra-duate.His main research interests include smart grid security and deception defense technologies.WEI Qiang,born in 1979,Ph.D,professor,doctoral supervisor.His main research interests include software vulnerability analysis and vulnerability mining,industrial Internet security,etc.
  • Supported by:
    National Key R & D Program of China(2020YFB2010900) and Program for Innovation Leading Scientists and Technicians of Zhongyuan(224200510002).

PDF (PC)

1550

Abstract: With the rapid advancement of Industry 4.0,the supervisory control and data acquisition(SCADA) system,which is interconnected with Industry 4.0,is gradually becoming more informationized and intelligent.There are various security hazards in the SCADA system caused by the vulnerability of the system and the disparity in attack and defense capability.Due to the frequency of power attacks in recent years,there has been an urgency to propound attack mitigation measures for smart grid.Honeypots,as an efficient deception defense method,can effectively collect attacks in smart grids.To address the issues of insufficient interaction depth,deficiency of physical industrial process simulation,and poor scalability in existing smart grid honeypots,this paper designs and implements a reinforcement learning-based smart grid honeypot framework—SGPot.It can simulate control side of a smart substation based on the system invariants in real devices of the power industry.Through the simulation of the power business process,the SGPot can enhance the deception of the honeypot and induce attackers to interact deeply with the honeypot.In order to evaluate the performance of the honeypot framework,this paper builds a small smart substation experimental validation environment.Meanwhile,SGPot,the existing GridPot and SHaPe honeypots are simultaneously deployed in the public network environment,and 30 days of interaction data are collected.According to the experimental results of this paper,the request data collected by SGPot is 20% more than GridPot and 75% more than SHaPe.SGPot can induce attackers to interact with the honeypot in greater depth than GridPot and SHaPe,and it obtains more sessions with interaction lengths greater than 6.

Key words: Smart grid, Reinforcement learning, Intelligent interaction, Active defense, Honeypot

CLC Number: 

  • TP393
[1]CASE D U.Analysis of the cyber attack on the Ukrainian power grid[J].Electricity Information Sharing and Analysis Center(E-ISAC),2016,388:1-29.
[2]AN T.Comprehensive Analysis Report on Attacks on Ukraine’sPower System [R].2016,2016.
[3]KAZI R,KUMAR N.Thinking the Unthinkable:Cyber Attacks on India’s Nuclear Assets[J].Liberal Stud.,2019,4:107.
[4]LI F,YAN X,XIE Y,et al.A review of cyber-attack methods in cyber-physical power system[C]//2019 IEEE 8th International Conference on Advanced Power System Automation and Protection(APAP).IEEE,2019:1335-1339.
[5]PIETROSEMOLI L,RODRÍGUEZ-MONROY C.The Venezuelan energy crisis:Renewable energies in the transition towards sustainability[J].Renewable and Sustainable Energy Reviews,2019,105:415-426.
[6]BUZA D I,JUHÁSZ F,MIRU G,et al.CryPLH:Protectingsmart energy systems from targeted attacks with a PLC honeypot[C]//International Workshop on Smart Grid Security.Cham:Springer,2014:181-192.
[7]KOŁTYŚ K,GAJEWSKI R.Shape:A honeypot for electricpower substation[J].Journal of Telecommunications and Information Technology,2015(4):37-43.
[8]REDWOOD O,LAWRENCE J,BURMESTER M.A symbolic honeynet framework for scada system threat intelligence[C]//International Conference on Critical Infrastructure Protection.Cham:Springer,2015:103-118.
[9]MASHIMA D,CHEN B,GUNATHILAKA P,et al.Towards a grid-wide,high-fidelity electrical substation honeynet[C]//2017 IEEE International Conference on Smart Grid Communications(SmartGridComm).IEEE,2017:89-95.
[10]MASHIMA D,LI Y,CHEN B.Who’s Scanning Our SmartGrid? Empirical Study on Honeypot Data[C]//2019 IEEE Global Communications Conference(GLOBECOM).IEEE,2019:1-6.
[11]MASHIMA D,KOK D,LIN W,et al.On design and enhancement of smart grid honeypot system for practical collection of threat intelligence[C]//13th USENIX Workshop on Cyber Security Experimentation and Test(CSET 20).2020.
[12]GUNATHILAKA P,MASHIMA D,CHEN B.Softgrid:A software-based smart grid testbed for evaluating substation cybersecurity solutions[C]//Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy.2016:113-124.
[13]LIN H,ZHUANG J,HU Y C,et al.DefRec:Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures[C]//Proceedings of 2020 Network and Distributed System Security Symposium(NDSS).2020.
[14]TC57 I E C.IEC 61850-90-2 TR:Communication networks and systems for power utility automation-part 90-2:Using iec 61850 for the communication between substations and control centres[S].International Electro technical Commission Std,2015.
[15]“CONPOT ICS/SCADA honeypot,” [EB/OL].https://www.conpot.org.
[16]WAGENER G.Self-adaptive honeypots coercing and assessing attacker behaviour[D].Institut National Polytechnique de Lorraine-INPL,2011.
[17]LUO T,XU Z,JIN X,et al.Iotcandyjar:Towards an intelligent-interaction honeypot for iot devices[J].Black Hat,2017,1:1-11.
[18]PAUNA A,BICA I.RASSH-Reinforced adaptive SSH honeypot[C]//2014 10th International Conference on Communications(COMM).IEEE,2014:1-6.
[19]PAUNA A,IACOB A C,BICA I.Qrassh-a self-adaptive ssh honeypot driven by q-learning[C]//2018 International Conference on Communications(COMM).IEEE,2018:441-446.
[20]PAUNA A,BICA I,POP F,et al.On the rewards of self-adaptive IoT honeypots[J].Annals of Telecommunications,2019,74(7):501-515.
[21]YAMAMOTO M,KAKEI S,SAITO S.FirmPot:A Framework for Intelligent-Interaction Honeypots Using Firmware of IoT Devices[C]//2021 Ninth International Symposium on Computing and Networking Workshops(CANDARW).IEEE,2021:405-411.
[22]ANTONIOLI D,TIPPENHAUER N O.MiniCPS:A toolkit for security research on CPS networks[C]//Proceedings of the First ACM Workshop on Cyber-physical Systems-security and/or Privacy.2015:91-100.
[23]KAUR K,SINGH J,GHUMMAN N S.Mininet as software defined networking testing platform[C]//International Conference on Communication,Computing & Systems(ICCCS).2014:139-142.
[1] SHI Dianxi, HU Haomeng, SONG Linna, YANG Huanhuan, OUYANG Qianying, TAN Jiefu , CHEN Ying. Multi-agent Reinforcement Learning Method Based on Observation Reconstruction [J]. Computer Science, 2024, 51(4): 280-290.
[2] ZHAO Miao, XIE Liang, LIN Wenjing, XU Haijiao. Deep Reinforcement Learning Portfolio Model Based on Dynamic Selectors [J]. Computer Science, 2024, 51(4): 344-352.
[3] WANG Yan, WANG Tianjing, SHEN Hang, BAI Guangwei. Optimal Penetration Path Generation Based on Maximum Entropy Reinforcement Learning [J]. Computer Science, 2024, 51(3): 360-367.
[4] WANG Yao, LUO Junren, ZHOU Yanzhong, GU Xueqiang, ZHANG Wanpeng. Review of Reinforcement Learning and Evolutionary Computation Methods for StrategyExploration [J]. Computer Science, 2024, 51(3): 183-197.
[5] LI Junwei, LIU Quan, XU Yapeng. Option-Critic Algorithm Based on Mutual Information Optimization [J]. Computer Science, 2024, 51(2): 252-258.
[6] SHI Dianxi, PENG Yingxuan, YANG Huanhuan, OUYANG Qianying, ZHANG Yuhui, HAO Feng. DQN-based Multi-agent Motion Planning Method with Deep Reinforcement Learning [J]. Computer Science, 2024, 51(2): 268-277.
[7] WANG Yangmin, HU Chengyu, YAN Xuesong, ZENG Deze. Study on Deep Reinforcement Learning for Energy-aware Virtual Machine Scheduling [J]. Computer Science, 2024, 51(2): 293-299.
[8] ZHAO Xiaoyan, ZHAO Bin, ZHANG Junna, YUAN Peiyan. Study on Cache-oriented Dynamic Collaborative Task Migration Technology [J]. Computer Science, 2024, 51(2): 300-310.
[9] LUO Ruiqing, ZENG Kun, ZHANG Xinjing. Curriculum Learning Framework Based on Reinforcement Learning in Sparse HeterogeneousMulti-agent Environments [J]. Computer Science, 2024, 51(1): 301-309.
[10] LIU Xingguang, ZHOU Li, ZHANG Xiaoying, CHEN Haitao, ZHAO Haitao, WEI Jibo. Edge Intelligent Sensing Based UAV Space Trajectory Planning Method [J]. Computer Science, 2023, 50(9): 311-317.
[11] LIN Xinyu, YAO Zewei, HU Shengxi, CHEN Zheyi, CHEN Xing. Task Offloading Algorithm Based on Federated Deep Reinforcement Learning for Internet of Vehicles [J]. Computer Science, 2023, 50(9): 347-356.
[12] JIN Tiancheng, DOU Liang, ZHANG Wei, XIAO Chunyun, LIU Feng, ZHOU Aimin. OJ Exercise Recommendation Model Based on Deep Reinforcement Learning and Program Analysis [J]. Computer Science, 2023, 50(8): 58-67.
[13] XIONG Liqin, CAO Lei, CHEN Xiliang, LAI Jun. Value Factorization Method Based on State Estimation [J]. Computer Science, 2023, 50(8): 202-208.
[14] ZHANG Naixin, CHEN Xiaorui, LI An, YANG Leyao, WU Huaming. Edge Offloading Framework for D2D-MEC Networks Based on Deep Reinforcement Learningand Wireless Charging Technology [J]. Computer Science, 2023, 50(8): 233-242.
[15] XING Linquan, XIAO Yingmin, YANG Zhibin, WEI Zhengmin, ZHOU Yong, GAO Saijun. Spacecraft Rendezvous Guidance Method Based on Safe Reinforcement Learning [J]. Computer Science, 2023, 50(8): 271-279.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.