摘要
可自愈性是任何系统是否具有生存能力的一个重要指标,对智能电网尤其重要。然而,电力工控系统主要考虑通信链路和硬件故障的自愈性,而在应对网络攻击方面缺乏相关研究。电力工控系统智能终端以嵌入式系统为主,因此,文章将网络攻击与物理性故障统一考虑,提出了针对嵌入式终端安全威胁的电力工控系统自愈体系。首先,分析重要电网嵌入式终端通信网络环境、自身系统和其承载业务的特点及其脆弱性,并考虑检测所需要的数据源和检测方法,总结电网嵌入式终端可能遭受的网络攻击和故障类型;然后,提出一种检测、隔离与自愈一体化实时联动的主动防御体系,作为电力工控系统自愈体系,并阐述各部分的架构与技术,给出终端和网络协同的隔离策略与自愈策略的制定流程,以报文攻击、泛洪攻击和恶意代码3类主要攻击为例说明了隔离策略与自愈策略的基本思路;最后,预想一种电力工控系统可能遭受的网络攻击场景,给出所提自愈体系在该场景下的工作流程。
Self-healing is an important evaluation metric of the survivability of any system,especially for smart grid.However,in the area of power industrial control system,existing works mainly consider the self-healing of physical failures of communication links and computing components,and almost no consideration was given to self-healing about cyber attacks.The intelligent terminals in power industrial control system are mainly embedded systems.Therefore,in this paper,a self-healing architecture against the security threats to embedded terminals is proposed for power industrial control systems,which considers both of cyber attacks and physical faults.Firstly,the characteristics and vulnerabilities of the communication environment,operating systems and services of the most important embedded terminals in smart grid are analyzed.Then the cyber attacks and physical faults that the embedded terminals may suffer are classified according to the data source and methods for their detection.On the basis of the above work,an active defense architecture of integrating detection,isolation and self-healing,serving as the self-healing architecture,is proposed for power industrial control system against security threats to embedded terminals.The architecture and technologies of each part are described in details,how to make the strategies of collaborative isolation and self-healing between terminal and network are discussed,and the strategies are illustrated for three attacks:packet attack,flood attack and malicious code.Finally,a cyber attack scenario that power industrial control systems may suffer is designed,and the overall workflow of the proposed self-healing architecture in this scenario is presented.
作者
王宇
李俊娥
周亮
王海翔
余文豪
卢新岱
WANG Yu;LI June;ZHOU Liang;WANG Haixiang;YU Wenhao;LU Xindai(Key Laboratory of Aerospace Information Security and Trusted Computing(Wuhan University),Ministry of Education,Wuhan 430072,Hubei Province,China;China Electric Power Research Institute,Haidian District,Beijing 100192,China;State Grid Zhejiang Electric Power Research Institute,Hangzhou 310014,Zhejiang Province,China)
出处
《电网技术》
EI
CSCD
北大核心
2020年第9期3582-3594,共13页
Power System Technology
基金
国家电网有限公司总部科技项目(电网嵌入式终端漏洞挖掘与攻击检测关键技术研究)(52110418001K)。
关键词
电力工控系统
嵌入式终端
安全威胁
隔离
自愈
power industrial control system
embedded terminal
security threat
isolation
self-healing
