CN102354357B - Lattice Implication Reasoning Algorithm for Vulnerabilities in Smart Grid Partition Protection System - Google Patents

Abstract

The invention relates to a lattice implication reasoning algorithm of a bug in a partitioning protection system of a smart grid, comprising the steps of: building a lattice implication algebraic system model according to the experimental environment of the partitioning protection system of the smart grid; describing the bug in the model by a method of a concept lattice; building an automatic reasoning system of the lattice implication on the basis; reasoning and inspecting the bug of the system; and inspecting the reasoning efficiency by the experiment environment of the system. The automatic reasoning system of the boundary bug is built in the partitioning protection system of the smart grid by adopting a method that lattice implication is combined with concept lattice, so that the bug detection efficiency of the smart grid is improved.

Description

Lattice Implication Reasoning Algorithm for Vulnerabilities in Smart Grid Partition Protection System

technical field

The invention relates to electric power detection, in particular to a lattice implication reasoning algorithm for loopholes in a partition protection system of a smart grid.

Background technique

The partition protection system includes subsystems with different security levels. The boundary vulnerabilities in this system come from a variety of different types of equipment, and the characteristics of the vulnerabilities cannot be measured by a unified standard. sex. Vulnerability detection methods in information systems cannot be fully applied to detection in this environment.

Vulnerability detection methods mainly include static detection and dynamic detection. Static detection is oriented to the program source code. In the past 10 years, the C language buffer vulnerability CSSV method, the automatic vulnerability finding EXE method and the automatic sensitive code KLEE vulnerability testing method have emerged. But these vulnerability detection methods are aimed at the source codes of C, JAVA and other languages under the computer system, and cannot be applied to the vulnerability detection of CISCO hardware equipment.

In order to improve the efficiency of static detection, the information system adopts vulnerability detection tools, representatively Lexical analysis analysis tool RATS; Symbolic execution tools Mjolnir, STLlint and ChecknCrash; Model detection tools MOPS, SLAM, optimization model detection tool BLAST, race condition vulnerability detection tool RacerX; Rule checking tools MC and Splint; Theorem proving tools Cogent, CodeSonar, Saturn, mygcc, Eau Claire. Detection tools have gone through the development process of lexical analysis, symbolic execution, model checking, rule checking and theorem proving.

From the development of static detection tools, we can see that rule detection and theorem proving are the current development trend of vulnerability detection, and this method can realize static analysis with more powerful functions and better performance.

In order to detect executable program vulnerabilities, dynamic detection methods are needed, mainly including the C language dynamic testing method and dynamic vulnerability mining comparison method published by Haugh and Wilanderf at the top international DNSS conference on computer security, and Brumley's runtime integer detection RICH method. Zou Wei's research group at Peking University mainly uses the graph theory method and the IntScope method of symbolic execution to detect program vulnerabilities, and the research results were released at the top international conference NDSS in 2009.

Compared with static detection, dynamic detection has obvious advantages. This method is not limited to C, JAVA and other program source codes, but is oriented to specific executable programs. A variety of source codes, the boundary loopholes on such a complex system, the dynamic detection method is also not fully applicable.

To sum up, in order to adapt to the detection of boundary protection vulnerabilities in the partition protection system, on the theoretical basis of information vulnerability mining research, we can try to use the "lattice" non-classical logical reasoning detection method.

Lattice is an important class of algebraic structures, and lattice-valued logic is an important non-classical logic, which is a generalization of classical logic and fuzzy logic. Lattice-valued logic extends the chain-type truth domain of multi-valued logic to more general lattices, which can not only deal with total order information, but also deal with incomparable information, so that it can more effectively describe the difference between reasoning, judgment and decision-making. Certainty, especially the study of imperfect comparability of truth values.

The concept lattice was proposed by Wille R in 1982. Each node extension instance and connotation concept of concept lattice is a formal description. Since 2000, Professor Shi Chunyi of Tsinghua University has started the research on the classification of concept lattices and association rules. Based on the algorithm for extracting association rules and classification rules, the mining of association rules and classification rules is unified under the framework of concept lattice.

In 2002, Xu Yang from Southwest Jiaotong University guided Dr. Li Haiming to carry out the research on "lattice implication" algebra. Lattice implication is an algebraic structure combining lattice and implication algebra, and it is an important way to study lattice-valued logic systems and their properties. In 2007, Professor Ruan Da and Professor Xu Yang of the International Atomic Energy Agency Center jointly carried out the research on lattice implication theory. Professor Xu Yang has studied the automatic reasoning of linguistic truth-value resolution of lattice-valued logic, uncertainty reasoning, and automatic reasoning of linguistic truth-value α-generalized resolution in this field.

The achievements of Professor Shi Chunyi's "Concept Lattice" theory and Professor Xu Yang's "Lattice Implication" theory paved the way for theoretical research on vulnerability detection of partition protection systems. On the basis of their theoretical research results, the applicant and Professor Li Haiming, a Ph.D. of Professor Xu Yang, used the method of combining "conceptual lattice" and "lattice implication" to find the application object of lattice in partition protection system, in information security and mathematics In the field of non-classical logic intersection, the problem of boundary vulnerability detection is studied, and the reliability and completeness of the reasoning method are to be verified in the smart grid partition protection system.

The width and effective depth of the "information flow" of the smart grid under construction have broken through the security protection boundary of my country's existing power system, and the information has increased a lot of uncertainty. The power SCADA control system still has the loopholes of overflow back to zero and overflow full code, and attackers can attack the substation system through this loophole. In 2009, Mike Davis demonstrated the behavior of viruses attacking the power grid through vulnerabilities at the world-renowned Black Hat Conference. On September 25, 2009, the National Institute of Standards and Technology (NIST) confirmed that "the vulnerabilities in the information infrastructure of the smart grid may allow attackers to infiltrate the network, obtain control software or change configuration conditions, and damage in unpredictable ways." In 2010, Zerbst proposed the partition principle of the smart grid network security protection structure at the IEEE Electric Energy Association. IEEE Transactions also pays attention to the security technology and reliability technology of the smart grid, but in the smart grid partition system under construction, the research on boundary vulnerability detection Not so much.

The "information flow" of my country's existing power secondary system adopts the strategy of "safe partition, network dedicated, horizontal isolation, and vertical authentication" to ensure the security of the power monitoring system and power dispatching data network. However, there are great differences between the power system and the information network in partition protection, which are mainly shown in Table 1 below:

Table 1

difference category information network Smart grid partition protection system Protection object Computer hardware and software resources on different operating systems Transmission and transformation distribution, scheduling, all voltage level equipment security partition Network Segmentation, VPN virtual private network Production control area and management information area border protection Antivirus, Firewall Horizontal gatekeeper isolation, vertical dial-up authentication Transfer Protocol TCP/IP, HTTP, UDP, FTP protocol IEC 101, 102, 103, 104 protocol data transmission two way pass one-way pass Vulnerability object systems, databases, application software Software and Power Security Hardware Devices Vulnerability characteristics Comparability of vulnerability characteristics Incomparability of Vulnerability Characteristics of Different Devices

The main difference in the table is that the vulnerability characteristics are not comparable. Risks come from power intelligent terminals, wireless communications, power databases and power-specific software.

Contents of the invention

The present invention is aimed at the problem that the characteristics of loopholes in the power system are not comparable, which leads to the increase of risk, and proposes a lattice implication reasoning algorithm for loopholes in the partition protection system of the smart grid. Grid" combined method to establish an automatic reasoning system for boundary loopholes.

The technical solution of the present invention is: a lattice implication reasoning algorithm for loopholes in a smart grid partition protection system, which specifically includes the following steps:

1) First construct a lattice implication algebraic system model based on the experimental environment of the smart grid partition protection system. The smart grid is partitioned according to the protection level. The parallel connection points in each area are legal points, and the others are border loophole points. External attacks can invade the partition system through loopholes. Define Partition protection system It is a partially ordered set, assuming S={a,b,c}, where any two elements have the smallest upper bound and the largest lower bound, then it is called is the partition protection system lattice, P(S) is the power set of S of the partition protection system, <P(S), ⊆> is a partial order set, <P(S), ⊆> is the partition protection system lattice, define a Vulnerability set {v}, rebuild the partial order set of V={a,b,c,v}, and say For the boundary vulnerability lattice in the partition protection system, construct a Hasse graph on the <P(V), ⊆> poset set, and the algebraic system induced by the partition protection system lattice <P(S), ⊆> is <P( S), ⊆, ∨, ∧>, where ∨ is the union of sets, and ∧ is the intersection of sets, if the partition protection system lattice, on the algebraic system <P(S), ⊆, ∨, ∧>, assuming V⊆ S and V ≠ Φ, and ∨, ∧ are closed with respect to V, then The boundary hole is subgrid;

2) Then use the concept lattice method to describe the loopholes in the model, extract the rules on the lattice, find the smallest concept contained, and perform breadth-first traversal on the sub-lattice of the node, generate all non-redundant rules for each node, and generate all non-redundant rules for each node. Nodes first generate implication rules, then generate low-confidence rules, and finally generate implication rules based on facts;

3) Define the lattice implication operator, and build an automatic reasoning system for lattice implication on this basis;

4) Reasoning test system loopholes, and finally test the reasoning efficiency through the experimental system environment.

The specific steps of building an automatic reasoning system in the step 3) to build an automatic reasoning system are as follows:

The first step: define the lattice implication operator, so that it can fully describe the characteristics of the "boundary loophole lattice";

The second step: put forward the conditions for the implication operator, and comment on the conditions;

Step 3: Construct three-valued logic system L ₃ , six-valued logic system L ₆ , and multi-valued logic system L _n according to system characteristics;

The fourth step: define the truth table of the multi-valued system, define the connection sub-direct relationship, and use symbols to represent the modal words;

Step 5: In the reasoning system, the classic composite reasoning CRI method in Zadeh's Fuzzy reasoning can be used. The basic idea is to use the Fuzzy set to represent the Fuzzy proposition, convert the implication into a Fuzzy relationship, and then synthesize the output with the input and the Fuzzy relationship, or Then the automatic reasoning method based on path search is adopted in the multi-valued reasoning system L _n ;

Step 6: Prove the reliability and completeness, and improve the automatic reasoning algorithm according to the proof results.

The beneficial effect of the present invention is that: the lattice implication reasoning algorithm for the loopholes of the smart grid partition protection system of the present invention intends to adopt the method of combining "lattice implication" and "concept lattice" in the smart grid partition protection system to establish an automatic reasoning system for boundary loopholes, The vulnerability detection efficiency of the smart grid is improved.

Description of drawings

Fig. 1 is a structural model diagram of the partition protection system in the lattice implication reasoning algorithm of the vulnerability of the smart grid partition protection system of the present invention;

Fig. 2 is a grid diagram of the boundary loopholes of the partition protection system in the lattice implication reasoning algorithm of the loopholes of the smart grid partition protection system of the present invention;

Fig. 3 is a Hasse schematic diagram of the concept lattice in the lattice implication reasoning algorithm of the vulnerability of the smart grid partition protection system of the present invention.

Detailed ways

Since the data of the security partition protection structure of the power system is one-way transmission, and the security partition is from low to high, it can be used as a partial order set, and any two elements have the smallest upper bound and the largest lower bound. The characteristics of the system are defined by the lattice match.

In the partition protection system, there are situations where classical logical reasoning cannot express the truth of propositions, for example:

Proposition 1: There will still be security loopholes in the smart grid partition protection system in the future. The proposition is a judgment about the future, and it is impossible to use true or false to express the degree of truth of the proposition.

Proposition 2: If there are loopholes in the defense system, then the risk faced by the system must be great. This is a conditional proposition. When the conditions are met, the conclusion is true, but the risk in the conclusion must be too high to be expressed by classical logic. In order to solve such a problem. Approximate reasoning is performed using lattice implication non-classical mathematical logic.

(1) Construct the algebraic system of "boundary loophole lattice":

The smart grid partition protection system includes four partitions, safety area I (real-time control area), safety area II (non-controlled production area), safety area III (production management area) and safety area IV (management information area), the structure is shown in the figure As shown in Figure 1: the parallel connection point in Figure 1 is the legal point, and the other points are boundary loopholes, through which external attacks can invade the partition system. The partial order relationship of the security level of the partition protection system from high to low, Each element of the entire partition protection system has the smallest upper bound and the largest lower bound.

The constructed grid is shown in Figure 2, and the partition protection system is defined in Figure 2 It is a partially ordered set, assuming S={a,b,c}, where any two elements have the smallest upper bound and the largest lower bound, then it is called Grid for the partition protection system. P(S) is the power set of S of the partition protection system, <P(S), ⊆> is a partially ordered set, and <P(S), ⊆> is the lattice of the partition protection system. Add a vulnerability set {v} to the Hasse graph, reconstruct the partial order set of V={a,b,c,v}, and say is the border hole grid in the partition protection system. On the <P(V), ⊆> poset, construct a Hasse graph. If the partition system grid cannot construct a boundary loophole grid from {v}, it is speculated that there may be loopholes in the system.

The power set of P(S) P(S)={Φ,{a},{b},{c},{a,b},{a,c},{b,c},{a,b, c}};

Partition S1={Φ,{a},{b},{c}}

Partition S2={Φ, {b},{c},{b,c}}

Partition S3={{a},{a,b},{a,c},{a,b,c}}

Partition S4={{a,b},{a,c},{b,c},{a,b,c}}

are all subgrid.

Examples of algebraic systems induced on lattices:

Example 1: By partition protection system lattice <P(S), The algebraic system induced by ⊆> is <P(S), ⊆, ∨, ∧>, where ∨ is the union of sets, and ∧ is the intersection of sets.

Example 2: If the partition protection system lattice, on the algebraic system <P(S), ⊆, ∨, ∧>, assuming V⊆ S and V ≠ Φ, and ∨, ∧ are closed with respect to V, then The boundary hole is subgrid.

(2) Construct a Hasse diagram based on the "concept lattice"

The first step: construct a lattice, and use the method of concept lattice to describe the vulnerability. Use tuples to describe the case set, attribute set, and the relationship between the case set and attribute set of boundary vulnerabilities. A partially ordered set is established in this set, each element has a minimum upper bound and a maximum lower bound, and a description of the boundary hole lattice is constructed. Each node in the lattice is a concept pair, the power set of the case set is the extension of the concept, and the set of common descriptors of the cases is the connotation of the concept. According to the generalization relationship and specialization relationship between the concept connotation and extension revealed by the Hasse diagram, the formal background is constructed. For example, suppose O={1,2,3,4},

D={a1,a2,a3,b1,b2,b3,c1,c2,d1,d2,d3,d4}, R describes the attribute value set in D owned by the elements in O, and the Hasse of the corresponding concept lattice The figure is shown below in Figure 3.

The second step: rule extraction on the lattice, find the smallest concept included, perform breadth-first traversal on the sub-lattice of the node, and generate all non-redundant rules for each node. First generate implication rules for each node, then generate low-confidence rules, and finally generate implication rules based on facts.

Part Three: Reliability Proof: Prove the reliability of the vulnerability concept lattice description of the partition protection system.

(3) Define the lattice implication operator and build an automatic reasoning system

Example 3: Set is a co-lattice with a universal O and I, if the mapping : Satisfied: for any

(I1)x (y z)=y (x z)

(I2)x x=I

(I4) if x y=y x=I, then x=y

(I5) (x y) y=(y x) x

then called is a lattice implication algebra.

In non-classical logic, it is possible to construct an automatic reasoning algorithm in the algebraic system of lattices, apply it to binary logic, intermediate lattice logic and six-element lattice logic system, and prove the reliability and completeness of this algorithm . The main steps of building an automatic reasoning system are as follows:

The first step: define the lattice implication operator, so that it can fully describe the characteristics of the "boundary loophole lattice";

The second step: put forward the conditions for the implication operator, and comment on the conditions;

Step 3: Construct three-valued logic system L ₃ , six-valued logic system L ₆ , and multi-valued logic system L _n according to system characteristics

Step 4: Define the truth table of the multi-valued system, define the connection sub-direct relationship, and use symbols to represent the modal words.

Step 5: In the reasoning system, the classic composite reasoning CRI method in Zadeh's Fuzzy reasoning can be used. The basic idea is to use the Fuzzy set to represent the Fuzzy proposition, convert the implication into a Fuzzy relation, and then synthesize the output with the input and the Fuzzy relation. Or use the automatic reasoning method based on path search in the multi-valued reasoning system L _n .

Step 6: Prove the reliability and completeness, and improve the automatic reasoning algorithm according to the proof results.

(4) Experimental verification: On the smart grid partition protection system, construct a boundary loophole lattice, define lattice implication operators, construct rules and methods, establish an automatic reasoning system, and test the reliability and completeness of the lattice implication algebraic system model; The feature attribute library is used to test whether there is redundant information in the formal description of the vulnerability; write a program to realize the lattice-based multi-valued logic reasoning system, and test the efficiency of the reasoning system vulnerability detection.

Application examples of smart grid partition protection system:

1. The application environment of the example: According to the Electricity Regulatory Commission No. 5 "Power Secondary System Protection Regulations", the partition protection system of the smart grid is constructed, and the partition protection equipment in the power system is used, such as the forward and reverse network security of the power isolation system Isolate SysKeeper-2000 equipment, forward and reverse single-bit file transfer ST3000 file transfer system , sysKeeper-2000 system, SMC-2000 encrypted network management device management system in the power encryption system, DialKeeper-2000 secure dial-up authentication network management system, etc.

2. The purpose of the application example: use the lattice implication reasoning method to detect the boundary loopholes in the partition protection system of the smart grid.

3. Example application process: first construct a lattice implication algebraic system model according to the experimental environment of the smart grid partition protection system, and then use the concept lattice method to describe the loopholes in the model, and then build an automatic reasoning system for lattice implication on this basis to reason and test system loopholes , and finally test the reasoning efficiency through the experimental system environment.

4. Example application results: According to the difference between the experimental result analysis and the experimental hypothesis, analyze the possible problems in the reasoning process, and test the deviation in the experimental process.

Application examples of complex system security protection:

1) Example application environment: complex system modeling.

2) Example application process: This algorithm adopts a systematic and scientific method. It puts the partition protection structure of the smart grid in the form of a complex system, and analyzes its structural characteristics in line with the "partition protection, horizontal isolation, "Vertical authentication, one-way transmission" features, build a lattice-based algebraic model; then analyze and study the relationship between the system and boundary protection, boundary protection and loopholes, loopholes and loopholes, and loopholes and the external environment. Vulnerabilities are described in the form of concept lattices. Finally, on the basis of the well-built system model and vulnerability description, a reasoning system is established to prove the reliability and completeness of the vulnerability reasoning system, and the vulnerability detection efficiency is tested by experiments.

3) Application principles of examples: comprehensively consider the integrity of the complex system, the integration of the system and vulnerabilities, the dynamics of the relationship between vulnerabilities, the modeling of the system, and the optimization of vulnerability detection.

Claims (1)

1. A lattice implication reasoning method of a smart grid partition protection system loophole, characterized in that, specifically comprising the following steps: 1) First construct a lattice implication algebraic system model according to the experimental environment of the smart grid partition protection system. The smart grid is partitioned according to the protection level. The parallel connection points of each area are legal points, and the others are boundary loophole points. External attacks can invade the partition protection system through loopholes. Define the partition guard system It is a partially ordered set, assuming S={a,b,c}, where any two elements have the smallest upper bound and the largest lower bound, then it is called is the lattice of the partition protection system, P(S) is the power set of S of the partition protection system, <P(S), ⊆> is a partially ordered set, is the partition protection system lattice, define a {v}, reconstruct the poset set of V={a,b,c,v}, and say is the boundary vulnerability lattice in the partition protection system, P(V) is the power set of {V}, on the <P(V), ⊆> partial order set, construct a Hasse graph, and the partition protection system lattice <P(S) , ⊆> induced algebraic system is <P(S), ⊆, ∨, ∧>, where ∨ is the union of sets, ∧ is the intersection of sets, if the partition guard system lattice , there is an algebraic system <P(S), ⊆, ∨, ∧>, and assuming V⊆ S and V ≠ Φ, and ∨, ∧ are closed with respect to V, then The boundary hole is subgrid; 2) Then use the concept lattice method to describe the loopholes in the model, extract the rules on the lattice, find the smallest concept contained, and perform breadth-first traversal on the sub-lattices of the concept lattice Hasse nodes, generate all non-redundant rules for each node, and Each node first generates implication rules, then generates low-confidence rules, and finally generates implication rules based on facts; 3) Define the lattice implication operator, and build an automatic reasoning system for lattice implication on this basis; 4) Reasoning test system loopholes, and finally test the reasoning efficiency through the experimental system environment; The specific steps for building an automatic reasoning system in step 3) are as follows: Step 1: Define the lattice implication operator so that it can fully describe the characteristics of the boundary hole lattice; The second step: put forward the conditions for the implication operator, and comment on the conditions; Step 3: Construct three-valued logic system L ₃ , six-valued logic system L ₆ , and multi-valued logic system L _n according to system characteristics; Step 4: Define the truth table of the multi-valued system, define the direct relationship between connective words, and use symbols to represent modal words; Step 5: Use the classic synthetic reasoning CRI method in Zadeh's Fuzzy reasoning in the reasoning system, The basic idea is to use Fuzzy sets to represent Fuzzy propositions, transform implication into Fuzzy relations, and synthesize outputs from inputs and Fuzzy relations, or use automatic reasoning methods based on path search in the multi-valued reasoning system L _n ; Step 6: Prove the reliability and completeness, and improve the automatic reasoning algorithm according to the proof results.