CN110602710B - Non-communication time synchronization/disturbance synchronization cooperative attack logic bomb detection method based on system clock acceleration - Google Patents

Non-communication time synchronization/disturbance synchronization cooperative attack logic bomb detection method based on system clock acceleration Download PDF

Info

Publication number
CN110602710B
CN110602710B CN201910923467.6A CN201910923467A CN110602710B CN 110602710 B CN110602710 B CN 110602710B CN 201910923467 A CN201910923467 A CN 201910923467A CN 110602710 B CN110602710 B CN 110602710B
Authority
CN
China
Prior art keywords
equipment
synchronization
disturbance
time
synchronous clock
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910923467.6A
Other languages
Chinese (zh)
Other versions
CN110602710A (en
Inventor
苏盛
刘亮
曹一家
周志高
洪亮
陈清清
汪干
王坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha University of Science and Technology
Original Assignee
Changsha University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha University of Science and Technology filed Critical Changsha University of Science and Technology
Priority to CN201910923467.6A priority Critical patent/CN110602710B/en
Publication of CN110602710A publication Critical patent/CN110602710A/en
Application granted granted Critical
Publication of CN110602710B publication Critical patent/CN110602710B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

A detection method for a communication-free time synchronization/disturbance synchronization cooperative attack logic bomb based on system clock acceleration is characterized in that after equipment such as a relay protection and safety automatic device is started, a system clock of the equipment is adjusted to enable the system clock to be continuously accelerated at intervals of a fixed time for the same time period, secondary current and secondary voltage under the conditions of normal operation of a power grid and small disturbance are input into the equipment after each adjustment, whether an unexpected control command is sent or not is detected, and if the unexpected control command is sent, the equipment is judged to contain the time synchronization/disturbance synchronization cooperative attack logic bomb. The method solves the problems that the equipment security check items are relatively simple and cannot detect the time synchronization/disturbance synchronization cooperative attack logic bomb. Through the acceleration of the system clocks of the devices, the hidden time synchronization/disturbance synchronization cooperative attack logic bombs in the devices are detected, and the network security protection capability of the power system can be improved.

Description

Non-communication time synchronization/disturbance synchronization cooperative attack logic bomb detection method based on system clock acceleration
Technical Field
The invention relates to a network security protection method of a power system, in particular to a method for detecting a logical bomb without communication time synchronization/disturbance synchronization cooperative attack based on system clock acceleration.
Background
As a critical infrastructure of modern society, power systems are an important target for national-level network confrontation. The relay protection and safety automatic device is an important basis for ensuring the safe and reliable operation of the power system. The false actions of the relay protection and safety automatic device cause great harm to the stable operation of the power equipment and the power grid. The method finds potential software and hardware defects of the relay protection device, tests whether the relay protection device can normally realize protection and control functions, avoids the error action of the device, and is a key problem to be solved for carrying out type tests, routine tests, acceptance tests and identification tests of the relay protection and safety automatic device.
At present, network attacks targeting critical infrastructures such as power systems and the like are highly concerned, wherein the network attacks on relay protection and safety automatic devices mainly show that cooperative attacks are synchronously launched at a plurality of substations at the same time. Two realization modes of communication cooperation and non-communication cooperation are adopted for synchronously launching the cooperative attack at a plurality of substations, and the cooperative attack synchronized through communication between the substations is easy to detect and discover, so that the attack is likely to be launched from the plurality of substations simultaneously through a non-communication cooperation mode of time synchronization or disturbance synchronization. The method comprises the following steps that time synchronization cooperative attack logic bombs are used, and the characteristic that GPS/Beidou time service is adopted in a transformer substation to keep time synchronization is utilized, after an appointed time point is reached, attacks are launched from a plurality of transformer substations with the logic bombs in the hidden state, and a circuit breaker in the transformer substation is controlled to trip; the synchronous disturbance cooperative attack logic bomb is characterized in that when the voltage fluctuation can be sensed by substations around a fault point and the system frequency change can be sensed by substations in the power grid when the power grid is in fault disturbance, when the bus voltage and the system frequency are obviously fluctuated (are lower than the setting value of a relay protection and safety automatic device and are not enough to trigger the relay protection and safety automatic device to send a control instruction), the attacks are initiated from a plurality of substations in which the logic bombs are hidden, and the tripping of a circuit breaker in the substation is controlled. When a plurality of substations are attacked by a breaker tripping network, the power grid is pulled into a self-organization critical state to trigger a cascading failure blackout accident, so that catastrophic attack damage consequences are caused.
It should be noted that, because the relay protection and safety automation device needs to perform a functional test of whether the relay protection and safety automation device is malfunction under disturbance conditions in the type test, the routine test, the acceptance test and the identification test, the disturbance synchronous coordinated attack logic bomb based on the power grid voltage and current disturbance alone can be easily detected and found in the type test, the routine test, the acceptance test and the identification test. In order to avoid detection, the disturbance synchronous cooperative attack logic bomb may initiate attack under the condition that the time reaches the preset condition and the disturbance amplitude reaches the preset level, and the disturbance synchronous cooperative attack logic bomb is not triggered by simply inputting a single disturbance current/voltage signal or a time acceleration signal.
Besides relay protection and safety automation devices, monitoring system equipment or network communication equipment in substation automation, dispatching automation, power plant automation or power distribution automation may also potentially contain communication cooperative attack logic bombs. The monitoring system equipment and the network communication equipment also carry out time synchronization based on a satellite time synchronization system, and can carry out cooperative attack based on time synchronization; in addition, the monitoring system equipment and the network communication equipment can also judge whether the power grid is in a disturbance state according to the secondary current and the secondary voltage signals, so that disturbance synchronous and cooperative attack logic bombs can also be hidden. Therefore, detection of the communication-less cooperative attack logical bomb is also required for these monitoring system devices and network communication devices.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the problems that in the prior art, a time synchronization/disturbance synchronization cooperative attack logic bomb for directionally attacking a power grid invades a relay protection and safety automatic device, and the relay protection and safety automatic device sends control instructions such as wrong breaker tripping and the like under the logic conditions that the preset time and the power grid slightly fluctuate in a normal operation state are reached, the time synchronization/disturbance synchronization cooperative attack logic bomb is activated, and the system clock acceleration-based detection method for the communication-free time synchronization/disturbance synchronization cooperative attack logic bomb is provided.
The method is used for triggering and detecting the hidden time synchronization cooperative attack logic bomb in the equipment by accelerating the system clock of the equipment such as relay protection and safety automatic device to fast advance to a future appointed time point. Meanwhile, a small interference signal is injected under the condition of time acceleration (the action condition of the equipment is not reached) to trigger and detect the synchronous and cooperative attack logic bomb hidden in the equipment. Whether the equipment contains the time synchronization/disturbance synchronization cooperative attack logic bombs or not can be effectively checked, so that the network safety protection capability of the power system is improved, and the phenomenon that malicious software compiled by hostile organizations carries out communication-free cooperative attack when the hostile software meets preset logic conditions by using the time synchronization/disturbance synchronization cooperative attack logic bombs, and large-area power failure accidents of a power grid are caused is avoided.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a cooperative attack logic bomb detection method based on system clock acceleration and without communication time synchronization/disturbance synchronization comprises the following steps:
(1) Starting equipment before use, wherein the equipment is a relay protection and safety automatic device, or monitoring system equipment or network communication equipment in substation automation, dispatching automation, power plant automation or power distribution automation;
(2) Adjusting a system clock of the equipment to enable the system clock to be adjusted faster for a same time period every other fixed time;
(3) Detecting whether the equipment sends an unexpected control instruction or not when inputting secondary current and secondary voltage signals of a power grid during normal operation, if so, judging that the equipment contains a time synchronization cooperative attack logic bomb, and stopping detection after alarming; if the unexpected control instruction is not sent out, the step (4) is carried out;
(4) Detecting whether the equipment sends an unexpected control instruction under secondary current and secondary voltage signals when the equipment inputs a power grid and generates a small disturbance condition, and if the equipment sends the unexpected control instruction, judging that the equipment contains a disturbance synchronous cooperative attack logic bomb: if the unexpected control instruction is not sent out, whether the system time of the equipment reaches the set time of the equipment operation is further judged, if the system time of the equipment reaches the set time of the equipment operation, the detection is terminated, no time synchronization cooperative attack logic bomb or disturbance synchronization cooperative attack logic bomb exists in the equipment, and if the system time of the equipment does not reach the set time of the equipment operation, the step (2) is returned to.
Adjusting the system clock of the device in the step (2) to make the system clock adjust the same time interval at regular intervals by setting a synchronous clock acceleration module, where the synchronous clock acceleration module includes a synchronous clock generation module, a synchronous clock frequency adjustment module and a synchronous clock output time service module, the synchronous clock generation module sends a synchronous clock signal to the synchronous clock frequency adjustment module, the synchronous clock frequency adjustment module receives the synchronous clock signal sent by the synchronous clock generation module, and performs acceleration continuous adjustment on the synchronous clock of the synchronous clock generation module according to the received synchronous clock signal to make the synchronous clock adjust the same time interval at regular intervals, and then sends the adjusted clock signal to the device through the synchronous clock output time service module to perform synchronous adjustment on the system clock of the device.
The above mentioned continuous adjustment for acceleration makes the synchronous clock adjust the same time interval every other fixed time, which means that the system clock of the device is adjusted at the same time interval without interruption, and the system clock is adjusted at a fixed time interval. For example, the system clock of the relay protection and safety automatic device is adjusted to be faster by 1 hour every 1 second continuously, or the system clock of the relay protection and safety automatic device is adjusted to be faster by 1 hour every 2 seconds continuously. The following are described as the 1 hour fast adjustment for each successive fixation: for the relay protection and safety automatic device in the network access test, because the service life of the relay protection and safety automatic device is regulated to be 10 years by relevant regulations in China, the system clock acceleration of 1 hour each time is only needed to be carried out, and the time period of each hour in the next 10 years is gradually traversed. Assuming that the setting of accelerating the clock adjustment for 1 hour is continuously performed every 1 second, 3652 days are used in the next 10 years, the conversion is 87648 hours, and each continuous adjustment takes 1 second, so that 87648 seconds are consumed in total, and about 24.35 hours are required for the acceleration system test.
The above-mentioned operation setting time of the equipment is the service life time of the equipment. For example, the relay protection and safety automatic device and the national relevant regulations stipulate that the service life of the relay protection and safety automatic device is 10 years, so that the set time of equipment operation is the last day of the 10 th year after the start of use, that is, the device only needs to be detected whether time synchronization/disturbance synchronization cooperative attack logic bombs exist in the next 10 years.
The above mentioned unexpected control commands include, but are not limited to, a trip command, a constant zone switching command, a soft platen trip command, or a constant modification command.
The secondary currents, secondary voltages mentioned above are conventional in the art (see Sun Qiuye, li Haitao. Power system analysis [ M.
The above mentioned "small disturbance" in the secondary current and secondary voltage signals when the power grid has small disturbance is the industry term in the field, see Liu Xuejun relay protection principle [ M ] (china power press 2012,6,1.). For example, the parameter setting of the relay protection and safety automation device means an electric quantity that does not cause the relay protection and safety automation device to operate.
The time synchronization cooperative attack logical bomb mentioned herein refers to a logical bomb which is activated to issue a control command after a certain time condition is reached, and controls the device malfunction mentioned in the aforementioned step (1).
The disturbance synchronous cooperative attack logic bomb mentioned herein refers to a logic bomb which is activated to issue an error control instruction for tripping a breaker and the like when a certain time is reached and the current, voltage and frequency of the power grid slightly fluctuate in the normal operation state of the power grid but do not meet the device operation parameter setting conditions mentioned in the step (1).
The method aims at finding the time synchronization/disturbance synchronization cooperative attack logic bomb hidden in the relay protection and safety automatic device, can avoid malicious viruses compiled by hostile organizations from hiding the communication-free time synchronization/disturbance synchronization cooperative attack initiated in the relay protection and safety automatic device, obviously improves the safety protection capability of a power system on organized network attack, and effectively ensures the safe and reliable operation of a power grid.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
FIG. 2 is a block diagram of a clock adjustment module according to an embodiment of the present invention.
Detailed Description
The invention discloses a method for detecting a non-communication time synchronization/disturbance synchronization cooperative attack logic bomb based on system clock acceleration, which aims to detect the time synchronization/disturbance synchronization cooperative attack logic bomb hidden in equipment such as relay protection, safety automatic devices and the like. For example, when the relay protection and safety automatic device is subjected to a type test, a routine test, an acceptance test and an identification test before being put into use, secondary current and voltage signals (a secondary current monitoring signal and a secondary voltage monitoring signal) when the relay protection and safety automatic device is in normal operation of a power grid and small disturbance occurs in the power grid are respectively input into the relay protection and safety automatic device, and whether an unexpected control signal is output when a system clock of the relay protection and safety automatic device is adjusted to be accelerated is judged to judge whether the relay protection and safety automatic device is hidden in a time synchronization/disturbance synchronization cooperative attack logic bomb. When the unexpected control instructions including a tripping instruction, switching of a constant value area, switching on and off of a soft pressing plate and modification of a constant value are output when the system clock is detected to be accelerated and adjusted to a certain future moment, the cooperative attack logic bomb with time synchronization/disturbance synchronization hidden in the relay protection and safety automatic device can be judged.
Specifically, the method of the invention comprises the following steps, with reference to fig. 1:
(1) Setting a synchronous clock acceleration module, wherein the synchronous clock acceleration module is connected with certain equipment so as to synchronously adjust a system clock of the equipment; the equipment is a relay protection and safety automatic device, or monitoring system equipment or network communication equipment in substation automation, dispatching automation, power plant automation or power distribution automation;
the synchronous clock acceleration module comprises a synchronous clock generation module (such as an IGIGIG-B code generator) with a synchronous clock, a synchronous clock frequency adjustment module and a synchronous clock output time service module. The synchronous clock generation module can send a synchronous clock signal to the synchronous clock frequency adjustment module, the synchronous clock frequency adjustment module adjusts the synchronous clock of the synchronous clock generation module after receiving the synchronous clock signal sent by the synchronous clock generation module, and sends the adjusted clock signal to the equipment through the synchronous clock output time service module so as to synchronously adjust the system clock of the equipment;
(2) Starting the device before putting into use;
(3) The synchronous clock generating module sends a synchronous clock signal to the synchronous clock frequency adjusting module, the synchronous clock frequency adjusting module adjusts the synchronous clock of the synchronous clock generating module after receiving the synchronous clock signal sent by the synchronous clock generating module, sends the adjusted clock signal to the equipment through the synchronous clock output time service module, and synchronously adjusts the system clock of the equipment to enable the system clock to be adjusted at the same time interval at fixed time intervals;
(4) Detecting whether the equipment sends an unexpected control instruction or not when inputting secondary current and secondary voltage signals when a power grid normally runs, if so, judging that the equipment contains a time synchronization cooperative attack logic bomb, and stopping detection after alarming; if the unexpected control instruction is not sent out, the step (5) is carried out;
(5) Detecting whether the equipment sends an unexpected control instruction under secondary current and secondary voltage signals when the equipment inputs a power grid and generates a small disturbance condition, and if the equipment sends the unexpected control instruction, judging that the equipment contains a disturbance synchronous cooperative attack logic bomb: if the unexpected control instruction is not sent out, whether the time displayed by the system clock of the equipment reaches the set time of the equipment operation is further judged, if the time reaches the set time of the equipment operation, the detection is terminated, no time synchronization cooperative attack logic bomb or disturbance synchronization cooperative attack logic bomb exists in the equipment, and if the time does not reach the set time of the equipment operation, the step (3) is returned to.
The unexpected control command includes but is not limited to a trip command, a constant value zone switching command, a soft press plate switching command or a constant value modification command.
The following description will be given by taking a relay protection and safety automatic device as an example:
assuming that the simulation test environment is as shown in fig. 2, when the system clock of the relay protection and safety automatic device is not adjusted, the system time of the relay protection and safety automatic device is normal. By adopting the method, a synchronous clock acceleration module is arranged in a tester of the relay protection and safety automatic device, after the detection is started, the system time frequency of the relay protection and safety automatic device is accelerated, the setting of accelerating the clock adjustment for 1 hour every 1 second is continuously carried out, and then secondary current and secondary voltage signals under the condition that the power grid normally operates and the power grid generates small disturbance are sequentially input into the relay protection and safety automatic device for detection:
a. for the relay protection and safety automatic device without a remote control signal, detection is carried out under the condition that the relay protection and safety automatic device sequentially inputs secondary current and secondary voltage signals under the condition that a power grid normally operates and the power grid generates small disturbance;
b. for the allowable pilot relay protection, detection is carried out under the conditions that a relay protection and safety automatic device inputs secondary current and secondary voltage signals under the condition that a power grid normally operates and the power grid generates small disturbance in sequence and remotely inputs a locking control instruction;
c. for the locked pilot relay protection, detection is carried out under the conditions that secondary current and secondary voltage signals under the normal operation of a power grid and under the condition that the power grid generates small disturbance are sequentially input by a relay protection and safety automatic device, and a remote input permission control instruction is input;
d. for the relay protection and safety automatic device accessed with a remote control signal, detection is carried out under the conditions that the relay protection and safety automatic device inputs secondary current and secondary voltage signals which are normal under the condition that a power grid operates normally and under the condition that the power grid generates small disturbance in sequence and a control instruction is not input remotely;
and for the test a, the relay protection and safety automatic device can not act under the normal condition, and for the tests b, c and d, the relay protection and safety automatic device can not act when a tripping command is not received. However, if a time synchronization/disturbance synchronization cooperative attack logic bomb is hidden in the relay protection and safety automatic device, after the time synchronization cooperative attack logic bomb infiltrates into the relay protection and safety automatic device, a tripping command can be sent out for attack and damage under the condition that the detected current and voltage signals do not meet the tripping action condition and a remote control tripping load control command is not received, and tripping attack can be initiated at the same time.
According to the method, when the secondary current and the secondary voltage which do not reach the action condition are input into the relay protection and safety automatic device, the system clock of the relay protection and safety automatic device is adjusted to be accelerated at the same time interval every other fixed time interval continuously, so that the cooperative attack logic bomb with the time synchronization/disturbance synchronization which is possibly hidden in the relay protection and safety automatic device is triggered, and whether the cooperative attack logic bomb with the time synchronization/disturbance synchronization exists in the relay protection and safety automatic device or not can be effectively checked.
When the tested equipment is monitoring system equipment or network communication equipment in substation automation, dispatching automation, power plant automation or power distribution automation:
when disturbance synchronous cooperative attack logic bomb detection is carried out, because monitoring system equipment or network communication equipment in substation automation, dispatching automation, power plant automation or power distribution automation should not make control instructions such as breaker tripping and the like when a power grid is disturbed, the setting range of input disturbance can be set according to parameters of relay protection and safety automation devices in the same system.

Claims (3)

1. A method for detecting a logical bomb without communication time synchronization/disturbance synchronization cooperative attack based on system clock acceleration is characterized by comprising the following steps:
(1) Starting equipment before use, wherein the equipment is a relay protection and safety automatic device, or monitoring system equipment or network communication equipment in substation automation, dispatching automation, power plant automation or power distribution automation;
(2) Adjusting a system clock of the equipment to enable the system clock to be adjusted faster for a same time period every other fixed time;
(3) Detecting whether the equipment sends an unexpected control instruction or not when inputting secondary current and secondary voltage signals when a power grid normally runs, if so, judging that the equipment contains a time synchronization cooperative attack logic bomb, and stopping detection after alarming; if the unexpected control instruction is not sent out, the step (4) is carried out;
(4) Detecting whether the equipment sends an unexpected control instruction under secondary current and secondary voltage signals when the equipment inputs a power grid and generates a small disturbance condition, and if the equipment sends the unexpected control instruction, judging that the equipment contains a disturbance synchronous cooperative attack logic bomb: if the unexpected control instruction is not sent out, whether the time displayed by the system clock of the equipment reaches the set time of the equipment operation is further judged, if the time reaches the set time of the equipment operation, the detection is terminated, no time synchronization cooperative attack logic bomb or disturbance synchronization cooperative attack logic bomb exists in the equipment, and if the time does not reach the set time of the equipment operation, the step (2) is returned to.
2. The method for detecting a non-communication time synchronization/disturbance synchronization cooperative attack logic bomb based on system clock acceleration as claimed in claim 1, wherein in the step (2), the system clock of the device is adjusted to make the system clock accelerate by a same time period every other fixed time by setting a synchronous clock acceleration module, the synchronous clock acceleration module includes a synchronous clock generation module, a synchronous clock frequency adjustment module and a synchronous clock output time service module, the synchronous clock generation module sends a synchronous clock signal to the synchronous clock frequency adjustment module, the synchronous clock frequency adjustment module receives the synchronous clock signal sent by the synchronous clock generation module, and adjusts the synchronous clock of the synchronous clock generation module according to the received synchronous clock signal to make the synchronous clock accelerate by a same time period every other fixed time, and then sends the adjusted clock signal to the device through the synchronous clock output time service module to make synchronous adjustment of the system clock of the device.
3. The communication-free time synchronization/disturbance synchronization cooperative attack logic bomb detection method based on system clock acceleration as claimed in claim 1, wherein the unexpected control command in step (3) and step (4) comprises a breaker trip command, a constant value zone switching command, a soft pressure plate tripping command or a protection constant value modification command.
CN201910923467.6A 2019-09-27 2019-09-27 Non-communication time synchronization/disturbance synchronization cooperative attack logic bomb detection method based on system clock acceleration Active CN110602710B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910923467.6A CN110602710B (en) 2019-09-27 2019-09-27 Non-communication time synchronization/disturbance synchronization cooperative attack logic bomb detection method based on system clock acceleration

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910923467.6A CN110602710B (en) 2019-09-27 2019-09-27 Non-communication time synchronization/disturbance synchronization cooperative attack logic bomb detection method based on system clock acceleration

Publications (2)

Publication Number Publication Date
CN110602710A CN110602710A (en) 2019-12-20
CN110602710B true CN110602710B (en) 2023-04-07

Family

ID=68864131

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910923467.6A Active CN110602710B (en) 2019-09-27 2019-09-27 Non-communication time synchronization/disturbance synchronization cooperative attack logic bomb detection method based on system clock acceleration

Country Status (1)

Country Link
CN (1) CN110602710B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106713354A (en) * 2017-01-23 2017-05-24 全球能源互联网研究院 Method for evaluating vulnerability node of electric cyber-physical system based on undetectable information attack pre-warning technology
CN106774281A (en) * 2017-02-05 2017-05-31 上海云剑信息技术有限公司 A kind of power system malicious act recognition methods for being based on four distant logic relation pictures
WO2017171639A1 (en) * 2016-03-29 2017-10-05 Singapore University Of Technology And Design Method of detecting cyber attacks on a cyber physical system which includes at least one computing device coupled to at least one sensor and/or actuator for controlling a physical process
CN107332864A (en) * 2017-08-29 2017-11-07 长沙理工大学 Electric substation automation system orientation contract network attack guarding method based on global synchronous clock differential management
CN107819785A (en) * 2017-11-28 2018-03-20 东南大学 A kind of double-deck defence method towards power system false data injection attacks
CN108923415A (en) * 2018-06-28 2018-11-30 国网湖北省电力有限公司荆门供电公司 Information physical concerted attack analysis method in a kind of smart grid route protection

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3256818A1 (en) * 2015-02-09 2017-12-20 Utilidata Inc. Systems and methods of detecting utility grid intrusions

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017171639A1 (en) * 2016-03-29 2017-10-05 Singapore University Of Technology And Design Method of detecting cyber attacks on a cyber physical system which includes at least one computing device coupled to at least one sensor and/or actuator for controlling a physical process
CN106713354A (en) * 2017-01-23 2017-05-24 全球能源互联网研究院 Method for evaluating vulnerability node of electric cyber-physical system based on undetectable information attack pre-warning technology
CN106774281A (en) * 2017-02-05 2017-05-31 上海云剑信息技术有限公司 A kind of power system malicious act recognition methods for being based on four distant logic relation pictures
CN107332864A (en) * 2017-08-29 2017-11-07 长沙理工大学 Electric substation automation system orientation contract network attack guarding method based on global synchronous clock differential management
CN107819785A (en) * 2017-11-28 2018-03-20 东南大学 A kind of double-deck defence method towards power system false data injection attacks
CN108923415A (en) * 2018-06-28 2018-11-30 国网湖北省电力有限公司荆门供电公司 Information physical concerted attack analysis method in a kind of smart grid route protection

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Cyber-Attacks in PMU-Based Power Network and Countermeasures;Chunming Tu;《IEEE Access》;20181028;全文 *
基于攻击方视角的电力CPS网络攻击模式分析;苏盛;《电网技术》;20141105;全文 *

Also Published As

Publication number Publication date
CN110602710A (en) 2019-12-20

Similar Documents

Publication Publication Date Title
CN108153321B (en) Method and device for resisting electromagnetic radiation interference of information link of unmanned aerial vehicle
Mulhausen et al. Anti-islanding today, successful islanding in the future
Roy et al. Detection and mitigation of cyber-attacks on AGC systems of low inertia power grid
US9632147B2 (en) Method for testing multiple spatially distributed protective devices of an energy supply network, and corresponding testing system
CN106340959B (en) Power grid monitoring system and method
US10826324B2 (en) Mitigation of gratuitous conditions on electric power delivery systems
US20120286587A1 (en) Intelligent Control System for High-Voltage Switch and Control Method Thereof
EP2136530B1 (en) Collaborative defense of energy distribution protection and control devices
WO2011019762A1 (en) Electric power system automation using time coordinated instructions
US11630424B2 (en) Time signal manipulation detection using remotely managed time
US20140191591A1 (en) Preventing Out-of-Synchronism Reclosing Between Power Systems
CN103926524A (en) Method for testing converter valve control device in low-voltage control mode
CN107332864B (en) Substation automation system directional collaborative network attack protection method based on global synchronous clock differentiation management
CN110602710B (en) Non-communication time synchronization/disturbance synchronization cooperative attack logic bomb detection method based on system clock acceleration
CN106300421B (en) A kind of isolated island guard method of the monitoring system of distributed generation grid-connected system
US20150316606A1 (en) Self learning radio frequency monitoring system for identifying and locating faults in electrical distribution systems
CN110618331B (en) Network attack detection method based on relay protection and time collaborative refusal of safety automatic device
US11108737B2 (en) Secure electric power delivery system protection during cyber threats
Jacquet et al. Parasitic signals in the receiving band of the Sub‐Harmonic Arc Detection system on JET ICRF Antennas
CN102759712A (en) Battery testing device and testing method thereof
US10962608B1 (en) High-impedance fault detection using wireless current transformers
CN109581174B (en) Nuclear power station dynamic simulation test system and test method
CN112421579A (en) Active splitting control method and system based on low-frequency low voltage
Yip et al. Reliability evaluation of protection devices in electrical power systems
CN102227086A (en) Method for real-time determination of disturbance of identification signal of low-frequency oscillation of power system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant