CN105552886A - Smart Grid based intelligent trapping system - Google Patents
Smart Grid based intelligent trapping system Download PDFInfo
- Publication number
- CN105552886A CN105552886A CN201510953656.XA CN201510953656A CN105552886A CN 105552886 A CN105552886 A CN 105552886A CN 201510953656 A CN201510953656 A CN 201510953656A CN 105552886 A CN105552886 A CN 105552886A
- Authority
- CN
- China
- Prior art keywords
- node
- electric network
- data
- state
- electric
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J3/00—Circuit arrangements for ac mains or ac distribution networks
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J3/00—Circuit arrangements for ac mains or ac distribution networks
- H02J3/04—Circuit arrangements for ac mains or ac distribution networks for connecting networks of the same frequency but supplied from different sources
- H02J3/06—Controlling transfer of power between connected networks; Controlling sharing of load between connected networks
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J2203/00—Indexing scheme relating to details of circuit arrangements for AC mains or AC distribution networks
- H02J2203/20—Simulating, e g planning, reliability check, modelling or computer assisted design [CAD]
Abstract
A Smart Grid based intelligent trapping system is disclosed. The Smart Grid based intelligent trapping system comprises a power grid load flow calculation center, an SCADA sub system and a Web display sub system, wherein the power grid load flow calculation center comprises a power grid model and an operation program and used for simulating operation of a real power grid; the SCADA sub system is used for simulating a smart meter and an actuator in the real power grid; and the Web display sub system is used for displaying states and control information of each node of the simulation power grid. According to the Smart Grid based intelligent trapping system, the smart grid and a network security technology are fused; the intelligent trapping system has the identical frameworks, parts and network interactive interfaces to the real power grid, so that the power grid state can be calculated in real time; correct response can be made when the power grid data is changed; when the power grid is invaded by an aggressor, same response as the real power grid can be made automatically to accord with expectation of the aggressor and to trick the aggressor to perform a next aggression step, so that the real aggression target and complete aggression tricks of the aggressor can be exposed; and finally, all behaviors of the aggressor can be captured by matching with an audit and capture sub system and a monitoring system.
Description
Technical field
The invention belongs to smart grid security technical field, particularly a kind of intelligent deception system based on SmartGrid.
Background technology
Intelligent grid (SmartGrid) system is important industrial control system, be also the emphasis of country " two change " strategy, but intelligent grid exists many security breaches, at any time may victim invasion.
The malicious code that the primary threat that industrial control system faces carrys out automatic network is attacked.Industrial control system adopts puppy parc, common hardware and common software in a large number, uses ICP/IP protocol to be connected with the Internet, and this provides sufficient convenience to the diffusion of malicious code, makes the safety problem of industrial control system increasingly serious.Why " shake net " (Stuxnet) event can cause the heavy losses of Iranian nuclear power station, is exactly because the current understanding for this kind of attack is not enough, can not Timeliness coverage malicious code.Once malicious code long-play in systems in which, just likely whole system victim can be caused to control, will serious consequence be caused.As the just once victim invasion of certain power station, NORTHWEST CHINA area in 2009, manager has no to discover to this attack, to such an extent as to assailant obtains Systematical control power completely, and long-range closedown generating set, causes heavy economic losses.
The artificial altered data that industrial control system is also faced with law-breaker is attacked.Now confirm, assailant can attack SmartMeter (intelligent electric meter), obtain the authority of intelligent electric meter, distort the data in its register, grid dispatching center is made to obtain false power consumption data from intelligent electric meter, cause dispatching patcher to produce the estimation of mistake to electric network state, affect follow-up power scheduling strategy, destroy the normal operation of electrical network.
In order to tackle network attack, improve the fail safe of China's smart electric grid system, protection people life property safety and national strategy safety, be badly in need of a set of effective protection scheme.The software and hardware in network system is changed in traditional guard method, leak in minimizing system, but this guard method is with obvious drawback, i.e. hysteresis quality and fragility, only have after electrical network is attacked and caused loss, manager could find the existence of network attack, so can only more exchange device passively, but the attack path of assailant can not be grasped, attacking ways, attack tool and the leak utilized, cannot suit the remedy to the case, cannot assailant be thoroughly avoided again to invade, thus be trapped in the vicious circle of " being attacked---more exchange device---to be attacked ".Place hope on merely and make up the leak of system by more exchange device, thus the invasion stoping assailant is unpractical, more rationally effective Preservation tactics is Timeliness coverage assailant, especially understands attack path and the attacking ways of assailant.How effectively simulated intelligence electrical network, and inveigle assailant to attack simulating grid, be technical problem urgently to be resolved hurrily.
Summary of the invention
In order to overcome the shortcoming of above-mentioned prior art, the object of the present invention is to provide a kind of intelligent deception system based on SmartGrid, merge intelligent grid and network security technology, industrial safety is combined with information security, this system is compared with real intelligence electrical network, possesses identical framework, identical parts and identical network interaction interface, electric network state can be calculated in real time, work as generating, transmission of electricity, distribution, electricity consumption data produce when changing and automatically make correct response, when assailant invades, the attack data that native system can input according to assailant, according to electric network model, carry out intelligent computation, automatically the response identical with true electrical network is made, to meet the expection of assailant, inveigle assailant constantly to carry out next step to attack, expose its real attack object and complete attacking ways, final cooperation is audited and is caught subsystem, monitor and catch all behaviors of assailant.
To achieve these goals, the technical solution used in the present invention is:
Based on the intelligent deception system of SmartGrid, comprising:
Electric network swim computer center, comprise electric network model and operation program, the physical parameter used in the control system of reference or the directly true electrical network of employing, electric network model comprises some electrical nodes and generating node, do not input based on power consumption data in the same time within certain electrical network a period of time with electrical nodes, user's electric quantity consumption of Reality simulation electrical network; Generating node changes its energy output according to control command, the power plant of Reality simulation electrical network;
SCADA subsystem, comprise control centre and distribution analog sensor (Sensor) on each node and simulation executing (Actuator), intelligent electric meter in analog sensor Reality simulation electrical network, obtain the physical parametric data of node and deposit in a register, when control centre needs the data of certain node, analog sensor to respective nodes sends order, and corresponding data replied by this analog sensor; Performer in simulation executing Reality simulation electrical network, when control centre sends order to simulated intelligence, this simulated intelligence completes assigned operation; Described electric network swim computer center and SCADA subsystem form simulating grid;
Web shows subsystem, for showing state and the control information of each node of simulating grid, mutual with the control centre of SCADA subsystem, obtains the electric network state of current time from control centre; When system is under attack, according to the result of calculation of electric network swim computer center, in real time display by the electric network state after attacking, to meet the re-set target of assailant.
The physical parameter used in the control system of the reference of described electric network swim computer center or the directly true electrical network of employing at least comprises: electric pressure, phase angle, active power and reactive power.
In described electric network model, with electrical nodes 64, generating node 54, totally 118 nodes, by these 118 nodes according to ieee standard model generation electric network composition topological diagram, as the major architectural of electric network model.
Particularly, the method can directly called in the Open-Source Tools case Matpower of Matlab carries out Load flow calculation, and Real-time Obtaining also upgrades the state of all nodes and circuit, the dynamic equilibrium of electricity between guarantee electrical nodes and generating node, guarantee power grid operation, wherein:
Node comprises with electrical nodes and generating node, comprise by the state of electrical nodes whether run, meritorious input, idle input, voltage phase angle and voltage magnitude; The state of generating node comprise whether run, meritorious output, idle output, voltage phase angle and voltage magnitude; Line status comprises the idle input of the meritorious input of branch road head end, the idle input of branch road head end, the meritorious input of branch road end and branch road end.
Particularly, the runpf () method in Open-Source Tools case Matpower can be used to carry out Load flow calculation, the input of the method is a .m file, .m the form of file and casex.m file in Matpower and the information that comprises identical, for runpf () method provides the essential information of simulating grid as input, information spinner in casex.m file will comprise the demand power with electrical nodes, electric pressure, the rated power of generating node, minimax power output, the electric pressure of circuit, impedance, wherein x is the nodes of simulating grid, the Output rusults of the method is the power of each electricity consumption peer distribution, voltage on the generating power output of node and circuit.Can according to self-demand change concrete data wherein.
Electric network swim computer center is calculating simulation electrical network current state periodically, the state of described simulating grid comprise the state with electrical nodes, the node that generates electricity state and connect the line status of each node.
Described electric network swim computer center adopts Matpower to calculate the power flow equation of electric network model, and electric network swim computer center comprises following four modules:
Node processes module, be TCP/Modbus protocol server, each peer distribution independence IP, monitor 502 ports, by constantly updating the electric power data of node, simulating the behavior in electricity consumption end and power station in true electrical network, when node receives visit data, first determining whether satisfactory request (ASK), all requests all adopt Modbus agreement, and the parameter of node processes module is obtained by calculation procedure module;
Sensor Process module, by the data upload of node to calculation procedure module;
Actuator scheduler module, performs the order of calculation procedure module;
Calculation procedure module, the data uploaded by Sensor Process module with node, for parameter, are calculated electric network swim with Matpower and result of calculation are issued as electrical network subsequent time state.Its computational methods are: first the Data Collection of each node is recorded as casex.m file, then the runpf () method called in Matpower calculates the power flow equation of electrical network, finally result is handed down to each node, node automatic updating data, thus simulate the course of work of true electrical network, computer center can re-start calculation procedure operation every 3 seconds, to reach the effect of real-time update.
Described Web shows in subsystem, by the node deployment of electric network model on map, main interface shows, and manager observes the state of simulating grid at Web interface, or holds the operation of control simulation electrical network at Web; The instruction of user sends to the control centre of SCADA subsystem by Web end, and obtains the electric network state of current time from control centre, thus goes out the real-time status of electrical network in Web interface display.
When system is under attack, the parameter of some node changes because of attack, there is obviously sudden change in the numerical value that the result of calculation of electric network swim computer center is reflected as node or circuit, thus judge that now whether electric network state is abnormal, and result is sent to Web interface, Web interface shows in real time by the electric network state after attacking.
The present invention can coordinate audit and catch subsystem, all of the port used by surveillance, catches all internet access data bags of these ports.Audit with catch subsystem and record every single stepping that assailant carries out system, comprise control command and the Telnet Sensor of Web end, judge which approach searching system leak assailant is from and attacks with this.
Compared with prior art, the invention has the beneficial effects as follows:
1, UNE safe practice and industrial control system, realizes giving warning in advance of industrial control system attack.
The application is applied to network security technology in the safeguard protection of industrial control system, and breaching traditional industry control system can only the unfavorable situation of Passive Defence.Industrial control system rear reaction under attack is slower, often can only after suffering a loss, passively to update the equipment or refitting system, the leak being difficult to thoroughly to grasp completely the attack path of assailant, attacking ways, attack tool and utilizing, cannot suit the remedy to the case, cannot thoroughly avoid assailant again to invade, thus be trapped in the vicious circle of " being attacked---more exchange device---to be attacked ".Under the help of native system, manager can the invasion strategy of active obtaining assailant, and obtain and attack early warning, the leak grasped assailant's attack path and utilize, carries out safeguard measure in advance, avoid the attack that may be subjected to.
2, simulation and camouflage intelligent grid, the trick of the person that realizes network attack and catching.
Native system has carried out degree of depth fusion intelligent grid characteristic and Internet characteristics, excavates the operation logic of intelligent grid, adopts computer technology simulate intelligent grid and emulate, has especially carried out deep camouflage to the network characteristic of intelligent grid.A notable feature of intelligent grid is " employ and possess network function transducer and actuator in a large number ", as long as therefore simulate network interaction instruction and the UI interface of these equipment, for the people of access native system, be just difficult to find this system of access and the difference of accessing real smart electric grid system.For network attack person, due to native system and the performance of real intelligent grid on latticed form completely the same, assailant cannot from the network interaction behavior of native system identify the true and false of native system.In addition, native system runs in strict accordance with the operation logic of intelligent grid, can make the response the same with real intelligence electrical network, meet the re-set target of assailant to the operation of assailant, inveigles assailant to implement attack further.On this basis, native system coordinates audit and catches subsystem, catch assailant in real time and enter all subsequent manipulations in system after certain node, the change of real time record registration table, file system, data are attacked by audit, analytical attack path, completes the final goal of inveigling and catching assailant's malicious act.
3, play the advantage of computer technology, the rapid deployment and the upgrading that realize system are expanded.
Native system has given full play to the advantage of computer technology, without the need to electric equipments such as a large amount of intelligent electric meter of actual deployment, generators, only rely on server, just can realize the dry run to a provincial area power grid, inveigle assailant to launch a offensive, thus catch the true attack for intelligent grid.By IP and the partial parameters of change intelligent electric meter, SCADA system, the scale of native system can expand arbitrarily, even can imitate the behavior of other industrial control systems, is built into the trick for other industrial control systems and capture systems.Therefore, by means of the advantage of computer technology, native system can realize rapid deployment and upgrading is expanded.
Accompanying drawing explanation
Fig. 1 is present system overall structure figure.
Fig. 2 is Load flow calculation center calculation process flow chart of the present invention.
Fig. 3 is Load flow calculation Centroid process flow chart of the present invention.
Fig. 4 is Load flow calculation central sensor process flow chart of the present invention.
Fig. 5 is Load flow calculation center of the present invention actuator process flow chart.
Fig. 6 is data acquisition of the present invention and supervisor control structure chart.
Fig. 7 is intelligent electric meter of the present invention (Sensor) function diagram.
Embodiment
Embodiments of the present invention are described in detail below in conjunction with drawings and Examples.
As shown in Figure 1, native system is made up of three subsystems, is SCADA subsystem respectively, and electric network swim computer center and Web show subsystem.
First need Reality simulation electrical network, mainly comprise two parts: electric network swim computer center and SCADA subsystem.Electric network swim computer center comprises electric network model and operation program, the physical parameter used in the control system with reference to true electrical network, comprises electric pressure, phase angle, active power, reactive power etc.Electric network model comprises 118 nodes, is divided into 64 with electrical nodes and 54 generating nodes, does not wherein input based on power consumption data in the same time within certain electrical network a period of time with electrical nodes, user's electric quantity consumption of Reality simulation electrical network; The control command that generating node accepts Load flow calculation center changes its energy output, the power plant of Reality simulation electrical network; By these 118 nodes according to ieee standard model generation electric network composition topological diagram.Operation program adopts Matpower instrument, calculates the power flow equation of electric network model.SCADA subsystem comprises control centre and distribution analog sensor (Sensor) on each node and simulation executing (Actuator), by reception data and the transmission data function of each analog machine of codes implement.The control centre of SCADA subsystem mainly completes data and transferring order work; Sensor is intelligent electric meter in intelligent grid, and effect is the physical parametric data of acquisition node and deposits in a register, and can send order to the Sensor of respective nodes when control centre needs the data of certain node, the latter replys corresponding data; Actuator is the performer in electrical network, and when control centre sends order to Actuator, the latter completes assigned operation.
Secondly, Web shows that subsystem is for showing state and the control information of each node of electrical network.Node deployment in electrical network, on map, main interface shows, and manager can observe electric network state at Web interface, or controls operation of power networks at Web end.The instruction of user can be sent to SCADA control centre by Web end, instruction is transmitted to Actuator or Sensor by the control centre of SCADA subsystem, Web end obtains the electric network state of current time from control centre afterwards, and such Web interface display goes out the real-time status of electrical network.If system is invaded, assailant may change the parameter of some node, by the theory state (i.e. the result of Load flow calculation) calculating electrical network, native system can judge that now whether electric network state is abnormal in time, result is sent to Web interface, Web interface shows in real time by the electric network state after attacking, and meets the re-set target of assailant.
Certainly, realizing inveigling attack utilizing said system after, in order to record the attack of assailant, catching the malicious code that assailant uses, analyzing the attack strategies of assailant, also need audit and catch subsystem.Audit and all of the port of catching used by subsystem monitors native system, catch all internet access data bags of these ports.Audit with catch subsystem and can record every single stepping that assailant carries out native system, comprise the control command, Telnet Sensor etc. of Web end, judge which approach searching system leak assailant is from and attacks with this.The attack strategies of assailant can be drawn by analyzing these data captured, sending early warning, in a planned way formulating Preservation tactics.
Being described in detail as follows of subsystems in the present invention:
1, electric network swim calculates
Mainly realize electrical network analog functuion, this function is the basis of native system.Need to allow the electrical network of simulation have the behavior similar to true electrical network, as cut-offfing of node, change of electric network swim etc., to reach the object of luring hacker.
The present invention selects Matpower to calculate electric network swim, to simulate the behavior of whole electrical network.
Electric network swim computer center is specifically divided into 4 modules:
Table 1: electric network swim computer center function introduction
Should be noted that: in Load flow calculation, Sensor Process in the heart and actuator process are different from the Sensor transducer in SCADA subsystem and Actuator actuator.Because each node procedure in the heart in Load flow calculation is independently, therefore calculation procedure must complete transfer of data work by the Sensor Process on node and actuator process, and they all only communicate in system; And Sensor transducer in SCADA subsystem and Actuator actuator are Internets, and have the User Interface of simulation, disguise oneself as real grid equipment.For avoiding confusion, use English Sensor and Actuator when the transducer described in SCADA subsystem and actuator herein.
Matpower is electric power system tide based on Matlab and optimal load flow calculated data bag, and this packet can go out optimal load flow according to circuit parameter calculation.Electric network model is exactly change circuit parameter according to electricity consumption rule, then changes generating node parameter according to the optimal load flow calculated, thus reaches the object emulating whole electric network model.
Calculation procedure operational process as shown in Figure 2.First calculation procedure is sent request (ASK) by the Sensor Process of TCP/Modbus agreement to each node; Collector node data, are recorded as casex.m file by the Data Collection of each node; Then computer center's runpf () method called in Matpower draws the Real-time Power Flow of electrical network; By TCP/Modbus agreement, result is handed down to the actuator process of each node, node automatic updating data.This flow process re-started every 3 seconds.
As shown in Figure 3, because need simulated intelligence network system, therefore all requests all adopt Modbus agreement conventional in industrial control system to node processes operational process, therefore node processes is equivalent to TCP/Modbus protocol server.Node processes can accept the order of Sensor in SCADA subsystem, uploading nodes data, or the order accepting Actuator, the data of concept transfer and state.Each node processes distributes independent IP, monitors 502 ports.First node determines whether satisfactory request (ASK) when receiving visit data.Legitimate request is responded, amendment node data.
Two processes are similar to node processes principle below, but only perform transmission data or fill order wherein a kind of function.
The Sensor Process at Load flow calculation center, operational process is as Fig. 4.When order is sent to Sensor Process by computer center, specific data can be returned to computer center according to order by Sensor Process.
The actuator process at Load flow calculation center, operational process is as Fig. 5.When order is sent to actuator process by computer center, actuator process can complete assigned operation according to order.
2, data acquisition and Monitor and Control
Major function is the state that the attack undertaken by timely attack response person changes electrical network, to inveigle assailant to continue deep attack, obtains more attacks and malicious code.By simulated intelligence ammeter, the carrying out to grid equipment node data gathers Sensor transducer, and Actuator actuator controls grid equipment.SCADA data acquisition and supervisor control collect the data collected from Sensor, monitor, and control electrical network by sending order to Actuator actuator.
Intelligent electric meter is the basic framework of the control desk of all appts, instrument, realizes control desk, command process, Long-distance Control, analogue system.In the present invention, intelligent electric meter needs the function reached as Fig. 7.
Actuator part (control physical node) is sent request by control centre or the control of Telnet mechanism realization to physical node, can carry out switching on and shutting down, restarts and revise the operations such as partial parameters.
Sensor section obtains data from physical node, and transmits data to control centre, checks data by Telnet.
SCADA subsystem obtains data from Sensor, and data stored in database, the data push received to web terminal, assigns control command to reach the effect controlling electrical network to physical node.
43, Web shows
Native system is that keeper provides one and checks the interface with control operation, and map shows electric network state, parameter and attack information in real time.Keeper directly carries out the control of break-make to the node in electrical network or circuit by interface.When assailant's invasion and altered data time, Web interface energy sends warning, map is shown and attacks the impact that causes, allow keeper get information about system description.
When there being assailant to operate electrical network, such as enter SCADA control centre by Telnet and Web end, assign closed node instruction, SCADA control centre can send shutdown command to the actuator of this node, electric network swim computer center recalculates electrical network current state, make abnormal judgement, abnormal nodes is marked out, new status data is sent to SCADA control centre by transducer by each node, Web holds real-time refresh data, and on map, show current electric network state, make assailant see desired electric network state.It is inveigled to continue to launch a offensive.
4, audit and catch
Audit is of the present inventionly effectively to supplement with catching subsystem, after realization is inveigled, utilizes audit and catches subsystem and examine in real time by the electric network state after attacking, catch behavior and the malicious code of assailant.By the particular port of open grid equipment, reach industrial equipment and allow outside visible object, guide hacker attacks to attack grid equipment.When system is invaded, this subsystem can Timeliness coverage intrusion behavior, to catch from assailant certain node in access system in real time to start and the follow-up all operations carried out, the change of real time record registration table, file system, guarantee catching in time of attack and malicious code.
Audit and catch subsystem and real-time auditing is carried out to these assailant's network operation data and SCADA control centre service data, the intrusion behavior of extracting attack person and closed node behavior, and report keeper.
When assailant is found after native system by the Internet, his all behaviors are all under audit with the supervision of catching subsystem.Assailant can directly access Web display interface, also can Telnet Sensor and Actuator (if assailant successfully invades).If assailant changes the data of electrical network interior joint by Web interface, Web interface can send control command to SCADA control centre, SCADA control centre changes the data of respective nodes by Actuator, and Load flow calculation center calculates up-to-date electric network state in real time, and is issued to each node.When Web interface is refreshed, can send the request of query node data to SCADA control centre, SCADA control centre reads node data by Sensor afterwards, sends it to Web interface, and Web interface shows in real time by the electric network state after attacking.Now no matter assailant checks Web interface or logs in Sensor, all acquisition is affected and mutagenic electric network state by its attack, allows it take for and oneself successfully invaded an intelligent grid, lure that it carries out more deep attack into.If assailant's directtissima Actuator or Sensor, then skip the step being sent control command by SCADA control centre to Actuator, Load flow calculation center calculates electric network state in real time according to by the data after attacking, and can show up-to-date electric network state when Web interface is refreshed.
Native system not only can detect the network attack for industrial control system, can also catch behavior and the malicious code of assailant, obtains the information of assailant.These information can help relevant departments to adopt an effective measure to stop the network attack that may arrive, public security department also can be helped to find the assailant attempting to carry out attacking in advance.
To sum up, the present invention is according to the technical thought of " catch attack, inveigle response, audit is extracted ", namely to catch for the attack of intelligent grid and malicious code as core objective, inveigle assailant to launch a offensive, according to the attack pattern of assailant, respond in time, it is impelled constantly to attack, represent it and attack object, the attack data of real-time auditing assailant, its attack of rapid extraction.This system is according to the structure identical with intelligent grid, identical parts and identical network interaction interface, complete electric network state to calculate, electric network data transmission and electric grid operating response function, the traffic control process that an intelligent grid is complete can be simulated, assailant is thought by mistake, and this is a real intelligent grid, constantly attacks to inveigle assailant.
The present invention adopts the electric network composition topological diagram of ieee standard model generation 118 nodes, within China's electrical network a period of time not based on actual power consumption data in the same time, select 64 nodes as the user's electric quantity consumption with electrical nodes Reality simulation electrical network, select 54 nodes as the power plant of generating node Reality simulation electrical network, Matpower instrument is adopted to calculate in real time and upgrade the state of all nodes, between guarantee electrical nodes and generating node, the dynamic equilibrium of electricity, guarantees power grid operation.Each generating node and be furnished with transducer and actuator with electrical nodes, the effect of transducer is the information (as power, voltage etc.) of this node of acquisition or circuit and is uploaded to SCADA (data acquisition analysis system) control centre, the map that the data received are held by Web is presented to user by SCADA control centre, accept the instruction issuing of user to actuator simultaneously, actuator completes the operations such as unlatching, closed node, and node state changes thereupon.Electric network swim computer center periodically (being spaced apart 3 seconds) calculates electrical network current state.Because the demand power consumption of each node and energy output take from established data file, the electrical network theory state that computer center is obtained by Matpower is also determined, therefore no matter assailant revises which parameter in electrical network, and native system can judge that whether electric network state is abnormal in time.SCADA control centre obtains new electric network state data by transducer, Web end sends request to SCADA control centre by certain hour interval, upgrade the data of grid nodes and circuit, meet the re-set target of assailant, inveigle it to proceed deep attack.Audit and all operations behavior of catching subsystem real time record assailant, catch the flow bag mutual with the Internet and stored in database, audit, extract its attack to the attack data of user.
The present invention inveigles specially and catches the assailant for intelligent grid; and utilize audit and catch attack and the malicious code that subsystem obtains assailant; excavate its intrusion path; by the method for its system vulnerability utilized of the information analysis that gets and control system; implement Preservation tactics with strong points based on this; before real system is invaded, sends early warning, reminds relevant departments to properly protect measure.This scheme is the information of active obtaining assailant, and the characteristic for assailant makes Preservation tactics, than more exchange device is more reliable merely; more easy care; more rapid, more thoroughly can solve the vicious circle problem of " being attacked---more exchange device---to be attacked ", available protecting system safety.
Claims (9)
1., based on the intelligent deception system of SmartGrid, it is characterized in that, comprising:
Electric network swim computer center, comprise electric network model and operation program, the physical parameter used in the control system of reference or the directly true electrical network of employing, electric network model comprises some electrical nodes and generating node, do not input based on power consumption data in the same time within certain electrical network a period of time with electrical nodes, user's electric quantity consumption of Reality simulation electrical network; Generating node changes its energy output according to control command, the power plant of Reality simulation electrical network;
SCADA subsystem, comprise control centre and distribution analog sensor (Sensor) on each node and simulation executing (Actuator), intelligent electric meter in analog sensor Reality simulation electrical network, obtain the physical parametric data of node and deposit in a register, when control centre needs the data of certain node, analog sensor to respective nodes sends order, and corresponding data replied by this analog sensor; Performer in simulation executing Reality simulation electrical network, when control centre sends order to simulated intelligence, this simulated intelligence completes assigned operation; Described electric network swim computer center and SCADA subsystem form simulating grid;
Web shows subsystem, for showing state and the control information of each node of simulating grid, mutual with the control centre of SCADA subsystem, obtains the electric network state of current time from control centre; When system is under attack, according to the result of calculation of electric network swim computer center, in real time display by the electric network state after attacking, to meet the re-set target of assailant.
2. according to claim 1 based on the intelligent deception system of SmartGrid, it is characterized in that, the physical parameter used in the control system of the reference of described electric network swim computer center or the directly true electrical network of employing at least comprises: electric pressure, phase angle, active power and reactive power.
3. according to claim 1 based on the intelligent deception system of SmartGrid, it is characterized in that, in described electric network model, with electrical nodes 64, generating node 54, totally 118 nodes, by these 118 nodes according to ieee standard model generation electric network composition topological diagram, as the major architectural of electric network model.
4. according to claim 1 based on the intelligent deception system of SmartGrid, it is characterized in that, the method directly called in the Open-Source Tools case Matpower of Matlab carries out Load flow calculation, Real-time Obtaining also upgrades the state of all nodes and circuit, the dynamic equilibrium of electricity between guarantee electrical nodes and generating node, guarantee power grid operation, wherein:
Node comprises with electrical nodes and generating node, comprise by the state of electrical nodes whether run, meritorious input, idle input, voltage phase angle and voltage magnitude; The state of generating node comprise whether run, meritorious output, idle output, voltage phase angle and voltage magnitude; Line status comprises the idle input of the meritorious input of branch road head end, the idle input of branch road head end, the meritorious input of branch road end and branch road end.
5. according to claim 4 based on the intelligent deception system of SmartGrid, it is characterized in that, the runpf () method in Open-Source Tools case Matpower is used to carry out Load flow calculation, the input of the method is a .m file, .m the form of file and casex.m file in Matpower and the information that comprises identical, for runpf () method provides the essential information of simulating grid as input, information spinner in casex.m file will comprise the demand power with electrical nodes, electric pressure, the rated power of generating node, minimax power output, the electric pressure of circuit, impedance, wherein x is the nodes of simulating grid, the Output rusults of the method is the power of each electricity consumption peer distribution, voltage on the generating power output of node and circuit.
6. according to claim 1 based on the intelligent deception system of SmartGrid, it is characterized in that, electric network swim computer center is calculating simulation electrical network current state periodically, the state of described simulating grid comprise the state with electrical nodes, the node that generates electricity state and connect the line status of each node.
7. according to claim 1 based on the intelligent deception system of SmartGrid, it is characterized in that, described electric network swim computer center adopts Matpower to calculate the power flow equation of electric network model, and electric network swim computer center comprises following four modules:
Node processes module, be TCP/Modbus protocol server, each peer distribution independence IP, monitor 502 ports, by constantly updating the electric power data of node, simulating the behavior in electricity consumption end and power station in true electrical network, when node receives visit data, first determining whether satisfactory request (ASK), all requests all adopt Modbus agreement, and the parameter of node processes module is obtained by calculation procedure module;
Sensor Process module, by the data upload of node to calculation procedure module;
Actuator scheduler module, performs the order of calculation procedure module;
Calculation procedure module, the data uploaded by Sensor Process module with node, for parameter, are calculated electric network swim with Matpower and result of calculation are issued as electrical network subsequent time state.Its computational methods are: first the Data Collection of each node is recorded as casex.m file, then the runpf () method called in Matpower calculates the power flow equation of electrical network, finally result is handed down to each node, node automatic updating data, thus simulate the course of work of true electrical network, computer center can re-start calculation procedure operation every 3 seconds, to reach the effect of real-time update.
8. according to claim 1 based on the intelligent deception system of SmartGrid, it is characterized in that, described Web shows in subsystem, by the node deployment of electric network model on map, main interface shows, manager observes the state of simulating grid at Web interface, or holds the operation of control simulation electrical network at Web; The instruction of user sends to the control centre of SCADA subsystem by Web end, and obtains the electric network state of current time from control centre, thus goes out the real-time status of electrical network in Web interface display.
9. according to claim 1 based on the intelligent deception system of SmartGrid, it is characterized in that, when system is under attack, the parameter of some node changes because of attack, there is obviously sudden change in the numerical value that the result of calculation of electric network swim computer center is reflected as node or circuit, thus judge that now electric network state is whether abnormal, and result is sent to Web interface, Web interface shows in real time by the electric network state after attacking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510953656.XA CN105552886B (en) | 2015-12-17 | 2015-12-17 | Intelligent deception system based on Smart Grid |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510953656.XA CN105552886B (en) | 2015-12-17 | 2015-12-17 | Intelligent deception system based on Smart Grid |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105552886A true CN105552886A (en) | 2016-05-04 |
| CN105552886B CN105552886B (en) | 2016-11-23 |
Family
ID=55831900
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510953656.XA Active CN105552886B (en) | 2015-12-17 | 2015-12-17 | Intelligent deception system based on Smart Grid |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105552886B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102761122A (en) * | 2012-07-06 | 2012-10-31 | 华北电力大学 | Defense method of false data injection attack of power state estimation system |
| CN103905451A (en) * | 2014-04-03 | 2014-07-02 | 国家电网公司 | System and method for trapping network attack of embedded device of smart power grid |
| US20150033336A1 (en) * | 2013-07-24 | 2015-01-29 | Fortinet, Inc. | Logging attack context data |
-
2015
- 2015-12-17 CN CN201510953656.XA patent/CN105552886B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102761122A (en) * | 2012-07-06 | 2012-10-31 | 华北电力大学 | Defense method of false data injection attack of power state estimation system |
| US20150033336A1 (en) * | 2013-07-24 | 2015-01-29 | Fortinet, Inc. | Logging attack context data |
| CN103905451A (en) * | 2014-04-03 | 2014-07-02 | 国家电网公司 | System and method for trapping network attack of embedded device of smart power grid |
Non-Patent Citations (1)
| Title |
|---|
| 程渤 等: "基于主动诱骗的电力网络安全提升策略设计与实现", 《电力系统自动化》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105552886B (en) | 2016-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Du et al. | ADMM-based distributed state estimation of smart grid under data deception and denial of service attacks | |
| Shi et al. | Cyber–physical interactions in power systems: A review of models, methods, and applications | |
| CN107817756A (en) | Networking DNC system target range design method | |
| CN110098951A (en) | A kind of network-combination yarn virtual emulation based on virtualization technology and safety evaluation method and system | |
| Liu et al. | Intruders in the grid | |
| CN107770199A (en) | It is a kind of towards industry internet with the industry control agreement honey jar of self-learning function and application | |
| CN107659543A (en) | The means of defence of facing cloud platform APT attacks | |
| CN109818985A (en) | A kind of industrial control system loophole trend analysis and method for early warning and system | |
| CN103561004A (en) | Cooperative type active defense system based on honey nets | |
| CN108111482A (en) | A kind of intelligent grid industrial control network safety test system and test method | |
| CN105391066A (en) | Smart power grid stimulation operation system | |
| CN110401661A (en) | A kind of network security target range system of electric power monitoring system | |
| Ghaleb et al. | Scada-sst: a scada security testbed | |
| Cai et al. | Review of cyber-attacks and defense research on cyber physical power system | |
| CN112578761A (en) | Industrial control honey pot safety protection device and method | |
| CN108011894A (en) | Botnet detecting system and method under a kind of software defined network | |
| Fan et al. | A method for identifying critical elements of a cyber-physical system under data attack | |
| CN110350664A (en) | A kind of electric power monitoring system main station simulation system | |
| Wang et al. | Deducing cascading failures caused by cyberattacks based on attack gains and cost principle in cyber-physical power systems | |
| An et al. | Toward data integrity attacks against distributed dynamic state estimation in smart grid | |
| Chen et al. | BotGuard: Lightweight real-time botnet detection in software defined networks | |
| CN105516159A (en) | Smart Grid based intelligent attack capture system | |
| CN110300099A (en) | A kind of electric power industrial control system static state and dynamic leak analysis and digging technology | |
| Chukwuka et al. | Bad data injection attack propagation in cyber-physical power delivery systems | |
| CN105552886A (en) | Smart Grid based intelligent trapping system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |