CN109636224A - A kind of intelligent substation relay protection vulnerability assessment method - Google Patents
A kind of intelligent substation relay protection vulnerability assessment method Download PDFInfo
- Publication number
- CN109636224A CN109636224A CN201811566591.3A CN201811566591A CN109636224A CN 109636224 A CN109636224 A CN 109636224A CN 201811566591 A CN201811566591 A CN 201811566591A CN 109636224 A CN109636224 A CN 109636224A
- Authority
- CN
- China
- Prior art keywords
- attack
- fragility
- intelligent substation
- host
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000011156 evaluation Methods 0.000 claims abstract description 7
- 238000005516 engineering process Methods 0.000 claims description 6
- 239000013256 coordination polymer Substances 0.000 claims description 5
- 238000013139 quantization Methods 0.000 claims description 4
- 238000013461 design Methods 0.000 abstract description 3
- 230000001681 protective effect Effects 0.000 description 10
- 238000004891 communication Methods 0.000 description 8
- 230000003993 interaction Effects 0.000 description 8
- 238000012544 monitoring process Methods 0.000 description 7
- 238000012502 risk assessment Methods 0.000 description 6
- 238000012360 testing method Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000007257 malfunction Effects 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000011158 quantitative evaluation Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 230000007704 transition Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000008595 infiltration Effects 0.000 description 1
- 238000001764 infiltration Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000009738 saturating Methods 0.000 description 1
- 238000005204 segregation Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
- G06Q10/06393—Score-carding, benchmarking or key performance indicator [KPI] analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
Landscapes
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Engineering & Computer Science (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- Theoretical Computer Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Educational Administration (AREA)
- Marketing (AREA)
- Development Economics (AREA)
- Health & Medical Sciences (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Public Health (AREA)
- Primary Health Care (AREA)
- Water Supply & Treatment (AREA)
- General Health & Medical Sciences (AREA)
- Game Theory and Decision Science (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Supply And Distribution Of Alternating Current (AREA)
Abstract
本发明公开了一种智能变电站继电保护脆弱性评估方法,获取各终端主机的实时漏洞及其对应的计算机权限,结合智能变电站二次系统网络连接关系利用攻击图生成脆弱性评估模型,采用CVSS3.0体系对相关指标进行评分量化;分别计算各状态节点的被攻击成功概率,分别计算各状态节点的漏洞被攻击后造成的影响函数,分别计算各状态节点的脆弱性,分别计算每个状态攻击序列的脆弱性,分别计算智能变电站中信息网络对于保护拒动/误动的总体脆弱性;具有较高的评估准确性,对智能变电站二次系统的设计有重要的指导性作用,实用性强、创新性强。
The invention discloses a vulnerability assessment method for relay protection of an intelligent substation, which obtains the real-time vulnerabilities of each terminal host and the corresponding computer authority, and uses an attack graph to generate a vulnerability assessment model in combination with the network connection relationship of the secondary system of the intelligent substation, and adopts CVSS3 The .0 system scores and quantifies the relevant indicators; calculates the success probability of being attacked for each state node, respectively calculates the impact function caused by the vulnerability of each state node after being attacked, calculates the vulnerability of each state node separately, and calculates each state separately. The vulnerability of the attack sequence is calculated separately to calculate the overall vulnerability of the information network in the smart substation to protection refusal/misoperation; it has a high evaluation accuracy, and has an important guiding role in the design of the secondary system of the smart substation. Strong and innovative.
Description
Technical field
The present invention relates to power station technology field more particularly to a kind of intelligent substation relay protection vulnerability assessment methods.
Background technique
With the development of smart grid, the protection of intelligent substation, the realization for controling and monitoring function are increasingly dependent on
Information network.And information network is since the already present security breaches that do not repair are more, and it quickly grows, bring is leaked safely
Hole also will increase, and that there is no power network itself is so high for safety.As interdependency of the intelligent substation to information network is got over
Come higher, network security problem is also more and more prominent in the power system.
The correct realization of relay protection function is the guarantee of power network security reliability service.Relay under intelligent substation
Defencive function all realized by the interaction of information flow, therefore network security problem is to the relay protection function of intelligent substation
Influence can not be ignored, so the relay protection progress vulnerability assessment to intelligent substation is necessary, mainly have at present following
Several method:
1, the WAMS communication system vulnerability assessment model based on Attack Tree Model just proposes one based on Attack Tree Model
A communication system vulnerability assessment model, using port fragility and password fragility calculated as quantizating index its leaf node,
Attack the fragility of view and system.But this method for the quantizating index of node only considered the loophole number of port with
And demand permission size, do not go consider vulnerability exploit after caused by consequence.And the subjectivity of Attack Tree Model is strong, is for complexity
It is difficult to accurately remove to confirm various attack views for system.
2, vulnerability state graph (VSG, Vulnerability State Graph) is used to build substation's fragility
Mould calculates the value-at-risk of goal systems in combination with parameter quantization and fragility function etc..But the foundation of VSG is based only on and sets
The factor of standby position, consideration is inadequate, furthermore only simply describes the connection type of equipment room, connects without making a concrete analysis of
The different influences for system vulnerability quantitative evaluation of type, which results in this method to lack practicality, may not apply to true
In real site environment.
3, Complex Networks Theory.The link that the side betweenness theory of complex network is more suitable between analysis large scale electric network is crisp
Weak property.It is improper in intelligent substation.
4, Petri network, it is by two kinds of nodes: library institute and transition, the elements such as directed arc and token composition.In the institute of library
There is token, token is dynamic object, another library institute can be moved to from the undergone transition in a library.Petri network can be preferable
Indicate attack state in which, the progress of concrete behavior and attack, but its model is easy to become huge, and Petri network mould
Type does not account for topological structure, and the fragility of analysis whole system is not gone from global angle.
To sum up, it needs one kind and is suitable for substation field, and it is crisp to assess the higher intelligent substation relay protection of accuracy
Weak property appraisal procedure.
Summary of the invention
The purpose of the present invention is to provide a kind of intelligent substation relay protection vulnerability assessment methods, to solve above ask
Topic.
To achieve this purpose, the present invention adopts the following technical scheme:
A kind of intelligent substation relay protection vulnerability assessment method, comprising the following steps:
Obtain the real-time loophole of each end host;
According to NVD, the computer authorizing that corresponding each real-time loophole can obtain is found out;
According to secondary system of intelligent substation network connection relation, vulnerability assessment model is generated using attack graph;It is described
Vulnerability assessment model includes several single status attack sequences, and the single status attack sequence includes several state nodes;
According to the computer authorizing, using CVSS3.0 system to attack vector AV, attack complexity AC, jurisdictions mandate
PR, human-computer interaction UI, tender spots confidentiality influence CI, tender spots availability impact AI and the tender spots integrality influence II amount of progress
Change scoring;
Calculate separately each state node is P by success attack probabilityi=AVi×ACi×PRi×UIi;
Calculating separately influence function caused by after each state node is attacked is
Wherein: CP indicates that the expert estimation of host confidentiality, AP indicate that the expert estimation of host integrity, IP indicate host availability
Expert estimation;
The fragility for calculating separately each state node is Vuli=Pi×Valuei;
The fragility for calculating separately each single status attack sequence is
The fragility of each state attack sequence is assessed according to the numerical values recited of the fragility Vuls of each state attack sequence
Property, numerical value is bigger, then has higher fragility, conversely, numerical value is smaller, then has lower fragility.
Optionally, the step: the fragility for calculating separately each single status attack sequence isLater,
Further include:
Calculating relay fail value-at-risk is
According to information network in relay fail value-at-risk assessment intelligent substation for the overall fragility of relay fail;Number
Value is bigger, then relay fail has higher overall fragility, conversely, numerical value is smaller, then relay fail has lower totality
Fragility.
Optionally, the step: the fragility for calculating separately each single status attack sequence isLater,
Further include:
Calculating false protection value-at-risk is
According to information network in false protection value-at-risk assessment intelligent substation for the overall fragility of false protection;Number
Value is bigger, then false protection has higher overall fragility, conversely, numerical value is smaller, then false protection has lower totality
Fragility.
Optionally, the step: calculating separately influence function caused by after each state node is attacked isBefore, further includes:
According to standard GB/T 20984-2007 " the information security technology information security risk evaluation rule of publication in 2007
Model ", the assignment of CP, AP and IP are assessed.
Optionally, it the step: according to secondary system of intelligent substation network connection relation, is generated using attack graph fragile
Property assessment models, further includes:
When same host obtains identical computer authorizing after different attack paths, in the attack path
Centre introduces an intermediate state node, and different attack paths is after the intermediate state node, then by the intermediate shape
State node is transferred to different state nodes.
Optionally, the step: the real-time loophole of each end host is obtained, is specifically included:
Vulnerability scanning is carried out using all end hosts of the hole scanner to intelligent substation energy, obtains each terminal master
The real-time loophole of machine.
Compared with prior art, the embodiment of the present invention has the advantages that
Comprehensively consider the various factors in intelligent substation secondary network, finds out the intelligent power transformation in existing and planning
It stands the fragility of relay fail and false protection, assessment accuracy with higher, the design to secondary system of intelligent substation
There are important directiveness effect, practical, strong innovation.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of flow chart of intelligent substation relay protection vulnerability assessment method provided in an embodiment of the present invention;
Fig. 2 is that network attack map provided in an embodiment of the present invention and hourglass attack graph compare;
Fig. 3 is the local power CPS model provided in an embodiment of the present invention based on 110kV intelligent substation simulated environment;
Fig. 4 is that intelligent substation provided in an embodiment of the present invention simplifies network topology model;
Fig. 5 is attack graph model provided in an embodiment of the present invention.
Specific embodiment
In order to make the invention's purpose, features and advantages of the invention more obvious and easy to understand, below in conjunction with the present invention
Attached drawing in embodiment, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that disclosed below
Embodiment be only a part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this field
Those of ordinary skill's all other embodiment obtained without making creative work, belongs to protection of the present invention
Range.
In the description of the present invention, it is to be understood that, term " on ", "lower", "top", "bottom", "inner", "outside" etc. indicate
Orientation or positional relationship be based on the orientation or positional relationship shown in the drawings, be merely for convenience of description the present invention and simplification retouch
It states, rather than the device or element of indication or suggestion meaning must have a particular orientation, be constructed and operated in a specific orientation,
Therefore it is not considered as limiting the invention.
It should be noted that it can be directly to separately when a component is considered as " connection " another component
One component may be simultaneously present the component being centrally located.When a component is considered as " setting exists " another component,
It, which can be, is set up directly on another component or may be simultaneously present the component being centrally located.
To further illustrate the technical scheme of the present invention below with reference to the accompanying drawings and specific embodiments.
Referring to FIG. 1, a kind of intelligent substation relay protection vulnerability assessment method, includes the following steps:
Step S101: vulnerability scanning is carried out using all end hosts of the hole scanner to intelligent substation energy, is obtained
Take the real-time loophole of each end host.
Step S102: according to NVD (National Institute of Standards and Technology, country
Vulnerability scan), find out the computer authorizing that corresponding each real-time loophole obtains respectively.
Step S103: according to secondary system of intelligent substation network connection relation, vulnerability assessment is generated using attack graph
Model;The vulnerability assessment model includes several single status attack sequences, and the single status attack sequence includes several
State node.
Specifically, the tool of vulnerability assessment model modeling is hourglass attack graph, it is the basis based on network attack map
Upper innovation.
With continued reference to FIG. 2, unified possible attack state of each state node system of representatives in network attack map, is attacked
The state of hitting includes some security attributes of system at that time, is obtained in associated host including associated host name, attacker
Loophole and the agreement of opening etc. existing for the permission that arrives, associated host.Every directed edge in attack graph represents attacker's benefit
With a single loophole permeated so as to cause state change.Network attack map describes all possible infiltration of attacker
Saturating path, it is simple and clear.
Each state node represents a state of host in network attack map, since same host have passed through difference
Path when reaching same state node after attack path, then shifting to multiple state nodes can repeat, especially host number
When more, so that attack graph becomes cumbersome.And in intelligent substation, especially some voltage class be 500kV and its more than
Intelligent substation in, intelligent electronic device is large number of.Use network attack map that vulnerability assessment model will can be made to become
Must be considerably complicated, in order to avoid this problem, the present invention introduces an intermediate state node in the centre of attack path, indicates
Attacker utilizes the Host Status in loophole permeation pathway intermediate stage, and different attack paths passes through the intermediate state node
Afterwards, then by the intermediate state node it is transferred to different state nodes;Since shape is as funnel, the big centre in both ends is small, referred to as
For hourglass attack graph.
Step S104: using CVSS3.0 system to attack vector AV, attack complexity AC, jurisdictions mandate PR, human-computer interaction
UI, tender spots confidentiality influence CI, tender spots availability impact AI and tender spots integrality influence II carries out scoring quantization.
This step in order to facilitate understanding below introduces general loophole points-scoring system CVSS 3.0:
The quantization of evaluation index is the important link of vulnerability assessment, it be directly related to the accuracy of Risk Calculation with it is comprehensive
Conjunction property.Fragility identification is one of important link of risk assessment, it is directly related to a possibility that security incident occurs.It is fragile
The accuracy and objectivity of the evaluation criterion of property then direct relation fragility quantitative evaluation.Compatibility, applicability are best at present, make
With being most widely CVSS (Common Vulnerability Scoring System, i.e. " general loophole points-scoring system "), it
The support of American National vulnerability scan (NVD) is obtained, all CVE fragility entries include the base of CVSS in NVD loophole
This value.CVSS latest edition is CVSS 3.0.The great advantage of CVSS 3.0 is that analyst can carry out according to specific demand
Adjustment makes it not only only account for the index of fragility itself, but also to the deployment of the application environment of the affiliated component of fragility, fragility
Property can utilize the risk elements overall merit such as degree, threat and the configuration of safety measure, attacker's situation.
CVSS 3.0 is made of three measurement groups.Elementary Measures group is the constant not changed at any time with environment, only
The intrinsic characteristic of fragility is represented, does not describe the risk of fragility in a particular application;The calculating of time measure group is based on basic
Measurement group, the characteristic that reflection fragility may change over time, than will increase CVSS3.0's using code if any easy to use
Score;The calculating of environmental metrics group is based on time measure group, description fragility and user's uniqueness use environment and demand for security again
Characteristic, allow analyst according to specific business risk demand adjust measurement factor weight.As auxiliary degree tool, time
It is affected with environmental metrics group uncontrollable factor, puts aside the two factors when scoring fragility herein.
The evaluation index of Elementary Measures group includes: attack vector AV, attack complexity AC, jurisdictions mandate PR, human-computer interaction
UI, confidentiality influence CI, availability impact II and integrality influence AI;Table 1 is its metric weight assignment table.
1 metric weight assignment table of table
It describes in detail below to each evaluation index:
(1) vector (AV) is attacked
Attack vector (Attack Vector): attack vector is described based in related context scene, which is attacked
The maximum path hit.Indicate that attacker (Network, Adjacent, Local, Physical) in which dimension can carry out
Vulnerability exploit.
(2) complexity (AC) is attacked
Attack complexity (Attack Complexity) describes complexity of the attacker using loophole when, attacker
Need to trigger loophole in certain specified conditions, such case usually requires attacker and collects more target informations, such as:
Need to know the configuration information of system, calculate exception etc..
(3) jurisdictions mandate (PR)
Jurisdictions mandate (Privileges Required), which describes after attacker needs to have special access right, just can be carried out leakage
Hole utilizes, i.e., the available higher basis point of fewer privilege.
(4) user's interaction (UI)
User's interaction (User Interaction) describes other than attacker itself, and whether triggering loophole also needs it
The cooperation of his user.This index has determined that the utilization of loophole is the wish for the person that only needs dependent attack or needs other users
It must go to cooperate in some way.When not needing user's interaction, basis point is highest.
(5) range (S)
Range (Scope) describes the influence after loophole is successfully utilized to test suite range, is only to influence component
Itself or influence loophole component outside other components.Therefore, basis point increase can and MUT module under test confidentiality, integrality and
The attributes such as certification are related.S=C indicates that influencing to set up unexpected other sets up, and S=U expression only influences itself.
(6) confidentiality influences (CI)
Confidentiality influence (Confidentiality Impact) describes can be to test suite after loophole is successfully utilized
The influence of the secrecy provision of middle information and system.Confidentiality refers to the information that the user for being defined to specified permission could access,
And prevent the information leakage of unauthorized.
(7) integrality influences (II)
Integrality influence (Integrity Impact) describe after loophole is successfully utilized to information in test suite and
The influence of the integrality of system.Integrality refers to the confidence level and authenticity of information.
(8) availability impact (AI)
Availability impact (Availability Impact) describes after loophole is successfully utilized to test suite availability
Influence.Availability refers to the loss of MUT module under test availability itself, such as network service.Therefore, availability is referred to letter
The access ability of resource is ceased, such as to resource component consumption network bandwidth, processor period or disk space.
Step S105: calculate separately each state node by success attack probability:
Pi=AVi×ACi×PRi×UIi
Wherein, subscript i indicates i-th of state node.It should be noted that the assignment of PR needs taking in view of range S
Value.Value reference table 1.
Step S106: influence function caused by after each state node is attacked is calculated separately:
Wherein: CI indicates that tender spots confidentiality influences, and AI indicates that tender spots integrality influences, and II indicates fragile point availability
It influences, value reference table 1;CP indicates that the expert estimation of host confidentiality, AP indicate that the expert estimation of host integrity, IP indicate
The expert estimation of host availability, value reference table 2.
Specifically, standard GB/T 20984-2007 " information security technology information security of the present invention according to publication in 2007
Risk assessment specification ", assets value is carried out in the assignment scoring of the confidentiality of host, integrality, availability by assets
Assessment.And the confidentiality, integrality, availability of host are divided into this very low, low, medium, high, very high 5 grades, difference assignment
1~5.Higher grade, and the confidentiality, integrality, availability for representing asset equipment are stronger.
2 assets value expert estimation of table
Step S107: the fragility of each state node is calculated separately:
Vuli=Pi×Valuei
Step S108: the fragility of single status attack sequence is calculated:
Wherein, subscript S is expressed as S bar state attack sequence.
The fragility of this state attack sequence is assessed according to the numerical values recited of the fragility Vuls of each state attack sequence
Property, numerical value is bigger, then has higher fragility, conversely, numerical value is smaller, then has lower fragility.
Further, after step S108 further include:
Calculate relay fail value-at-risk:
According to information network in relay fail value-at-risk assessment intelligent substation for the overall fragility of relay fail;Number
Value is bigger, then relay fail has higher overall fragility, conversely, numerical value is smaller, then relay fail has lower totality
Fragility.
Further, after step S108 further include:
Calculate false protection value-at-risk:
According to information network in false protection value-at-risk assessment intelligent substation for the overall fragility of false protection;Number
Value is bigger, then false protection has higher overall fragility, conversely, numerical value is smaller, then false protection has lower totality
Fragility.
For a further understanding of technical solution of the present invention, will be explained below with specific example:
Referring to FIG. 3, the intelligent substation model of one 110kV of reference is as an example come to its relay protection, (protection is refused
Dynamic/malfunction) fragility analyzed.The CPS model of 110kv intelligent substation is as shown in Fig. 2, simulated environment includes one
110kV line segregation and corresponding second power equipment and D5000 dispatching platform (for simulating remote dispatching center).Part
Electric power CPS model connects electric system as space linkage interface with protective device, measure and control device, combining unit and intelligent terminal
(mimic-disconnecting switch and simulation mutual inductor) and information space (including monitoring system, telemechanical apparatus, recording substation, mobile attacking and defending are put down
Platform, attacking and defending detection system, SCADA and D5000 platform etc.), realize that the acquisition of Operation of Electric Systems data and dispatch command are assigned.
According to the trend of information flow in intelligent substation, the simplified model that can be illustrated in fig. 4 shown below.
The host of intelligent substation our station network and remote dispatching network is respectively designated as P1~P8 host, such as Fig. 3 institute
Show.Wherein, the monitoring system P3 of station level can be in communication with each other with the protective device P6 and measure and control device P7 of wall;And telemechanical fills
It sets and only sends operational order without saying the word to protective device to measure and control device, measure and control device can also upload action message to telemechanical
Device, therefore telemechanical apparatus P4 can only be in communication with each other with measure and control device P7;Recording substation acquires protection act waveform, therefore P5 is only
It is communicated with protective device P6.
In this model, metering data value is only sent for combining unit to protective device, only single road
The communication road of diameter, has no and is in communication with each other link, has fallen the unit so simplifying.
First using hole scanner (such as Nessus or other) to intelligent substation can all end hosts into
Row vulnerability scanning obtains the real-time loophole of equipment, makes following hypothesis
1. there is the power of proposing loophole (long-range control authority can be obtained) for P1~P5;
2. mentioning power loophole, DoS attack (Denial of Service attack), Fuzzing attack (message error lattice for P6~P7
Formula attack).
Annotation: being exactly the method for carrying out right distribution and limitation according to different grades of user in " permission ".Permission is main
Be divided into seven classes, comprising: fully control (root), modification, read and operation, files listed clip directory, reading, write-in, particularly
Permission.Wherein, fully controlling includes other six permissions, is equal to possess other six permissions simultaneously as long as possessing it,
Only have administrator just to possess such highest permission in system.
For every terminal, according to scan come loophole, matching NVD (national vulnerability scan) finds out corresponding loophole
The computer authorizing of acquisition generates fragility using attack graph then according to secondary system of intelligent substation network connection relation
Assessment models, as shown in Figure 5.State node indicates a state in figure, and that state node 0 represents is attacker, in figure
Path representation is a kind of attack means using loophole, such as propose power attack, DoS attack and Fuzzing attack etc..In this example
The power that mentions be extraction root authority.
<0-P1, privilege>expression attacker attack P1 host, are to mention power loophole using loophole, to propose power attack.
<P1-P5, privilege>expression path are to mention power loophole using loophole from P1 to P5, to propose power attack.
<mid, P5, privilege>expression P5 host propose the intermediate state after power loophole is utilized.
<end, the final state that relay fail>expression attack path reaches lead to relay fail.
Concentric circles is served only for indicating the final state that attack reaches in network attack map, in order to avoid same host is passing through
Path when shifting after from multiple attack paths to next state node excessively repeats, our hourglass attack graphs for modeling
Also the intermediate state node an of host is indicated with concentric circles.Such as the state node 4,7,9 in figure is that host P3 (is supervised
Control host) in the same state reached after different attack paths.State node 4 is needed to state node 16~21 at this time
State is shifted, and similarly state node 7,9 is same, this will make the connecting line of attack graph excessive, and attack graph becomes numerous
It is trivial.An intermediate state is introduced thus, the Host Status (as obtained control) in attack link intermediate stage is indicated, thus simple
Attack graph is changed.And last concentric circles then indicates our final goals in research, that is, caused after being attacked relay fail,
False protection state.
Then, using CVSS loophole points-scoring system, score for intelligent substation specific environment as follows:
For P1~P2 host, specific loophole shows as that (CVE-2012- can be weighed by TELNET acquisition conversation sign-on access
4879).Attacker needs to launch a offensive from external network, and attack complexity needed for the loophole is lower, without acquisition user
Permission does not need user and participates in into attack process, which can make attacker obtain control, influences whether loophole relevant group
Resource other than part.P1, P2 host are the host of dispatch data net, therefore will cause the serious of confidential information after being attacked
Leakage, the loophole can also allow attacker to modify file, control access.In conclusion for the index value of this fragility, according to table
1~table 4 can obtain, AV:N/AC:L/PR:N/UI:N/S:C, C:H/I:H/A:H.
In P3~P4 host, having a loophole is the long-range loophole of RPC, can enter engineer station (CVE-2008- by it
4250).This attack is still to initiate in network outside intelligent substation, and the attack complexity of the loophole is low, does not need to assign in advance
Attacker's special access right is given, user is not required to and cooperates triggering loophole, do not interfere with the resource other than loophole associated component.The loophole
Host remote can be allowed to execute arbitrary code, therefore its confidentiality, integrality and availability impact are also very big.For this purpose, according to table 1~
Table 4, can obtain its vulnerability inder value is AV:N/AC:L/PR:N/UI:N/S:U, C:H/I:H/A:H.
For intelligent substation attack for, there may also be staff carry out unauthorized operation the case where, this operation institute
The host being related to is P3.Attacker needs just enter system using local network, and the permission on basis.Once successfully obtaining
Permission, attacker can disclose unwarranted information, carry out unwarranted modification;, it is allowed to interrupt service.So
According to 1~table of table 4, can obtain its vulnerability inder value is AV:L/AC:L/PR:L/UI:N/S:C, C:H/I:H/A:H., this leakage
Hole attack as Fig. 4<0-3, privilege>
In P5 host, specific loophole shows as TeeChart activity space buffer-overflow vulnerability, can remotely execute
Arbitrary code (CVE-2011-4034).What this attack equally and in the network outside intelligent substation was initiated, loophole attack is multiple
Miscellaneous degree is low, but needs user to interact could to trigger.P5 host is recording substation, although the loophole will lead to information leakage,
But these information confidentialities are not strong;Attacker modifies data and will not cause directly to influence;It stopped recording to service also not
Whole system can be caused to directly affect.So can obtain its vulnerability inder value is AV:N/AC:L/PR according to 1~table of table 4:
N/UI:R/S:U, C:L/I:L/A:L.
It is non-authorized files storage/access (CVE-2011-4056) there is a loophole for P6~P7 host.Attack hair
Raw is local area network in station level network, and for the outer network of station, difficulty is higher.The attack complexity of loophole is lower, and
Permission is not needed, but user is needed automatically to interact with aggressive mechanism.Attacker can modify file data, shift number
According to, but can not total ban user use.The life that attacker is transmitted by modifying the data or station level that transmit from combining unit
Data are enabled, so that protective device or measure and control device is issued bad command and makes false protection.To sum up, according to 1~table of table 4, it can be obtained
Vulnerability inder value is AV:A/AC:L/PR:N/UI:R/S:U, C:H/I:H/A:L.
In P6~P7 host, it is also possible to two kinds of Denial of Service attack can be met with, one is communicating by truncation, in short-term
It is interior to send a large amount of false User Datagram Protocol messages (user datagram protocol, UDP) to device, lure dress into
It sets and replys message constantly to exhaust the network bandwidth of station level, form DoS attack, it is final to block whole station internal communication, until making just
Normal message can not issue, and can not issue and order to intelligent terminal, cause relay fail;Another kind is started using agreement defect
Fuzzing attack, by constantly issuing lopsided message, so that after device often receives a lopsided message, because can not be normal
It parses lopsided message and crashes and restart, in cycles, finally paralyse and lose the control ability to intelligent terminal,
Cause relay fail.Network carries out in standing for both attacks, and its attack complexity is high, needs to grasp control for a long time
Message is sent, only causes extremely serious consequence to the availability of host.Therefore, according to 1~table of table 4, its fragility can be obtained
Index value is AV:A/AC:H/PR:H/UI:N/S:C, C:N/I:N/A:H.
In conjunction with the weight assignment table 1 of metric, the specific score of index can be obtained, as shown in table 3:.
The index score of each tender spots of table 3
After carrying out usability probability score and the scoring of influence property on each tender spots of host, we are in intelligent substation
Asset of equipments carries out assets value scoring.
For confidentiality angle, the host of P1 and P2 as control centre, data importance as one can imagine, assign thus
It is worth class 5;For P3 and P4 as the central host in intelligent substation, data importance is also more crucial, therefore assignment grade
4;The data confidentiality of P5~P7 is more general, thus assignment grade 3.
For integrality angle, the data of P3, P4, P6, P7 are modified, intelligent terminal may make to malfunction, it can be to business
Serious influence is caused, and P1, P2 are comparatively smaller to the business impact of intelligent substation, P5 impacts the business at the station
It is smaller.Therefore, the integrality marking of P1, P2 are 3, and the marking that the marking of P3, P4, P6, P7 are 4, P5 is 2.
For availability angle, if intelligent substation wants continued operation, monitoring system and protective device are most
Need to ensure its availability.The highest for this purpose, availability of monitoring system P3 and protective device P6 is given a mark, is assigned a value of 5 points.Telemechanical
Device P4 only needs to be implemented the order that remote dispatching is sent, and order be not have always, so its availability it is opposite and
It says not high.And recording substation P5 only just starts recording in protection act, so its availability requirement is also more general.
For remaining other equipment, its availability guarantee is required, system allows break period very little.Therefore, for P4, P5
Level of availability marking be 3, P1, P2, P7 4.
In conclusion the assets value scoring of each device Host is as shown in table 4 in intelligent transformer substation information network.
The scoring of 4 device Host assets value of table
The fragility of each state node is calculated separately, as a result such as the following table 5.
5 state node fragility table of table
State attack sequence fragility relevant to relay fail is as shown in table 6, and the value-at-risk of relay fail is 36.94,
Related average attack sequence fragility is 1.847.
6 state attack sequence fragility (relay fail) of table
State attack sequence fragility relevant to false protection is as shown in table 7 below, and the value-at-risk of false protection is
21.27, related average attack sequence fragility is 2.127.
7 state attack sequence fragility (false protection) of table
In state node fragility, the fragility highest of state node 4 and state node 7 is 1.16.4 He of state node
State node 7, which is all attacker, mentions state node caused by power loophole using P3, illustrates that P3 host, i.e. monitoring host computer are meeting with
Proposed its fragile degree highest of state in which after power is attacked.Fragility with state node 9 relevant to P3 host only has 0.60,
Host P3 mainly is attacked since state 9 to be reached needs attacker locally to go beyond one's commission, success attack rate is low, so its fragility ratio
It is smaller, it is not easy to reach the state.State node 20,23 is P7 host by the state node after DoS attack, state node
21,24 be state node of the P7 host after attacking by Fuzzing, and the fragility of this 4 state nodes is minimum.Mainly by
It is very low in the accessibility that P7 host is attacked, it is again lower than P6 host for equipment availability scoring angle.
In state attack sequence fragility, comprising P3 host by the attack sequence for mentioning state node caused by power attack
Weaker overall is relatively high.Wherein, it is related to protection of state attack sequence fragility caused by after device P6 is attacked by the power of proposing
Highest, influenced this also illustrates the different degree of monitoring host computer in intelligent substation and protective device and caused by being attacked be
It is maximum in whole transformer station.The weaker overall of relay fail is higher than false protection, mainly due to that can cause to protect
The state attack sequence of tripping is more, by using protocol bug and truncation communication can successful attack to protective device and
Measure and control device.Causing the state attack sequence of false protection can only then be made by being reached sending false command using long-range control
The purpose of malfunction is protected, it is few to reach path, but its influence that once succeeds is again very serious, therefore its average attack sequence is crisp
Weak property is higher than relay fail.
A kind of intelligent substation relay protection vulnerability assessment method provided in this embodiment, has comprehensively considered intelligent power transformation
The various factors stood in secondary network finds out the fragility of intelligent substation relay fail and false protection existing and in planning
Property, assessment accuracy with higher has important directiveness effect, practicability to the design of secondary system of intelligent substation
By force, strong innovation.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before
Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding
Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these
It modifies or replaces, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.
Claims (6)
1. a kind of intelligent substation relay protection vulnerability assessment method, which comprises the following steps:
Obtain the real-time loophole of each end host;
According to NVD, the computer authorizing that corresponding each real-time loophole can obtain is found out;
According to secondary system of intelligent substation network connection relation, vulnerability assessment model is generated using attack graph;The fragility
Property assessment models include several single status attack sequences, and the single status attack sequence includes several state nodes;
According to the computer authorizing, using CVSS3.0 system to attack vector AV, attack complexity AC, jurisdictions mandate PR, people
Machine interacts UI, tender spots confidentiality influences CI, tender spots availability impact AI and tender spots integrality influence II carries out quantization and comments
Point;
Calculate separately each state node is P by success attack probabilityi=AVi×ACi×PRi×UIi;
Calculating separately influence function caused by after each state node is attacked is
Wherein: CP indicates that the expert estimation of host confidentiality, AP indicate that the expert estimation of host integrity, IP indicate host availability
Expert estimation;
The fragility for calculating separately each state node is Vuli=Pi×Valuei;
The fragility for calculating separately each single status attack sequence is
The fragility of each state attack sequence is assessed according to the numerical values recited of the fragility Vuls of each state attack sequence.
2. intelligent substation relay protection vulnerability assessment method according to claim 1, which is characterized in that the step
Rapid: the fragility for calculating separately each single status attack sequence isLater, further includes:
Calculating relay fail value-at-risk is
According to relay fail value-at-risk, information network is assessed in intelligent substation for the overall fragility of relay fail.
3. intelligent substation relay protection vulnerability assessment method according to claim 1, which is characterized in that the step
Rapid: the fragility for calculating separately each single status attack sequence isLater, further includes:
Calculating false protection value-at-risk is
According to false protection value-at-risk, information network is assessed in intelligent substation for the overall fragility of false protection.
4. intelligent substation relay protection vulnerability assessment method according to claim 1, which is characterized in that the step
Rapid: calculating separately influence function caused by after each state node is attacked is
Before, further includes:
It is right according to the standard GB/T 20984-2007 " information security technology information security risk evaluation specification " of publication in 2007
The assignment of CP, AP and IP are assessed.
5. intelligent substation relay protection vulnerability assessment method according to claim 1, which is characterized in that the step
It is rapid: according to secondary system of intelligent substation network connection relation, to generate vulnerability assessment model using attack graph, further includes:
When same host obtains identical computer authorizing after different attack paths, in the centre of the attack path
An intermediate state node is introduced, different attack paths is after the intermediate state node, then by the intermediate state section
Point is transferred to different state nodes.
6. intelligent substation relay protection vulnerability assessment method according to claim 1, which is characterized in that the step
It is rapid: the real-time loophole of each end host is obtained, is specifically included:
Vulnerability scanning is carried out using all end hosts of the hole scanner to intelligent substation energy, obtains each end host
Real-time loophole.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811566591.3A CN109636224A (en) | 2018-12-19 | 2018-12-19 | A kind of intelligent substation relay protection vulnerability assessment method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811566591.3A CN109636224A (en) | 2018-12-19 | 2018-12-19 | A kind of intelligent substation relay protection vulnerability assessment method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109636224A true CN109636224A (en) | 2019-04-16 |
Family
ID=66076057
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811566591.3A Pending CN109636224A (en) | 2018-12-19 | 2018-12-19 | A kind of intelligent substation relay protection vulnerability assessment method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109636224A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110808947A (en) * | 2019-05-23 | 2020-02-18 | 南瑞集团有限公司 | An automated vulnerability quantitative assessment method and system |
| CN110880983A (en) * | 2019-08-14 | 2020-03-13 | 奇安信科技集团股份有限公司 | Penetration testing method and device based on scene, storage medium and electronic device |
| CN110991906A (en) * | 2019-12-06 | 2020-04-10 | 国家电网有限公司客户服务中心 | Cloud system information security risk assessment method |
| CN111447246A (en) * | 2020-06-17 | 2020-07-24 | 中国人民解放军国防科技大学 | Node vulnerability estimation method and system based on heterogeneous information network |
| CN112087408A (en) * | 2019-06-12 | 2020-12-15 | 普天信息技术有限公司 | Method and device for evaluating network assets |
| CN113076541A (en) * | 2021-03-09 | 2021-07-06 | 麒麟软件有限公司 | Vulnerability scoring model and method of operating system based on back propagation neural network |
| CN113361865A (en) * | 2021-05-17 | 2021-09-07 | 浙江大学 | Vulnerability assessment method for deep learning inertia prediction model in power system |
| CN115130691A (en) * | 2022-06-07 | 2022-09-30 | 中国人民解放军陆军工程大学 | Method and device for identifying weak link of information physical system and simulating paralysis |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871882A (en) * | 2016-05-10 | 2016-08-17 | 国家电网公司 | Network Security Risk Analysis Method Based on Network Node Vulnerability and Attack Information |
-
2018
- 2018-12-19 CN CN201811566591.3A patent/CN109636224A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871882A (en) * | 2016-05-10 | 2016-08-17 | 国家电网公司 | Network Security Risk Analysis Method Based on Network Node Vulnerability and Attack Information |
Non-Patent Citations (2)
| Title |
|---|
| 刘刚: "《中国博士学位论文全文数据库》", 15 June 2015 * |
| 陈孟婕: "《中国优秀硕士学位论文全文数据库》", 15 May 2015 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110808947A (en) * | 2019-05-23 | 2020-02-18 | 南瑞集团有限公司 | An automated vulnerability quantitative assessment method and system |
| CN110808947B (en) * | 2019-05-23 | 2022-03-04 | 南瑞集团有限公司 | An automated vulnerability quantitative assessment method and system |
| CN112087408A (en) * | 2019-06-12 | 2020-12-15 | 普天信息技术有限公司 | Method and device for evaluating network assets |
| CN110880983A (en) * | 2019-08-14 | 2020-03-13 | 奇安信科技集团股份有限公司 | Penetration testing method and device based on scene, storage medium and electronic device |
| CN110991906A (en) * | 2019-12-06 | 2020-04-10 | 国家电网有限公司客户服务中心 | Cloud system information security risk assessment method |
| CN110991906B (en) * | 2019-12-06 | 2023-11-17 | 国家电网有限公司客户服务中心 | Cloud system information security risk assessment method |
| CN111447246A (en) * | 2020-06-17 | 2020-07-24 | 中国人民解放军国防科技大学 | Node vulnerability estimation method and system based on heterogeneous information network |
| CN113076541A (en) * | 2021-03-09 | 2021-07-06 | 麒麟软件有限公司 | Vulnerability scoring model and method of operating system based on back propagation neural network |
| CN113076541B (en) * | 2021-03-09 | 2023-06-27 | 麒麟软件有限公司 | Vulnerability scoring model and method of operating system based on back propagation neural network |
| CN113361865A (en) * | 2021-05-17 | 2021-09-07 | 浙江大学 | Vulnerability assessment method for deep learning inertia prediction model in power system |
| CN113361865B (en) * | 2021-05-17 | 2022-07-19 | 浙江大学 | Vulnerability assessment method for deep learning inertia prediction model in power system |
| CN115130691A (en) * | 2022-06-07 | 2022-09-30 | 中国人民解放军陆军工程大学 | Method and device for identifying weak link of information physical system and simulating paralysis |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109636224A (en) | A kind of intelligent substation relay protection vulnerability assessment method | |
| Zhang et al. | Power system reliability assessment incorporating cyber attacks against wind farm energy management systems | |
| Zhang et al. | Inclusion of SCADA cyber vulnerability in power system reliability assessment considering optimal resources allocation | |
| Sridhar et al. | Data integrity attacks and their impacts on SCADA control system | |
| Zhang et al. | Power system reliability evaluation with SCADA cybersecurity considerations | |
| Ten et al. | Vulnerability assessment of cybersecurity for SCADA systems | |
| CN108809951A (en) | A kind of penetration testing frame suitable for industrial control system | |
| Cai et al. | Review of cyber-attacks and defense research on cyber physical power system | |
| CN103117993B (en) | For the method, apparatus and product of the fire wall for providing Process Control System | |
| CN103903187A (en) | Fast detection method for potential safety hazards of power distribution automation system information | |
| Sridhar et al. | Risk analysis of coordinated cyber attacks on power grid | |
| Ten et al. | Cybersecurity for electric power control and automation systems | |
| Yan et al. | Game-theoretical model for dynamic defense resource allocation in cyber-physical power systems under distributed denial of service attacks | |
| Mishchenko et al. | Multidomain cyber-physical testbed for power system vulnerability assessment | |
| Mumrez et al. | Comparative study on smart grid security testbeds using mitre att&ck matrix | |
| CN118449750B (en) | Vulnerability assessment verification method and system for IEC 104 protocol | |
| Gao et al. | Quantitative risk assessment of threats on scada systems using attack countermeasure tree | |
| Xiang et al. | Power system adequacy assessment with probabilistic cyber attacks against breakers | |
| Ten et al. | Cyber-vulnerability of power grid monitoring and control systems | |
| Wen et al. | Risk assessment of security and stability control system against cyber attacks | |
| Ahmed et al. | Smart grid wireless network security requirements analysis | |
| CN115134127A (en) | Power Monitoring Network Security Test System | |
| Lu et al. | The evaluation model for network security | |
| Wang et al. | A multi-stage game model for the false data injection attack against power systems | |
| Nguyen et al. | A real-time cyber-physical simulation testbed for cybersecurity assessment of power systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190416 |