CN112261016A - Power grid protection method in attack scene - Google Patents
Power grid protection method in attack scene Download PDFInfo
- Publication number
- CN112261016A CN112261016A CN202011085644.7A CN202011085644A CN112261016A CN 112261016 A CN112261016 A CN 112261016A CN 202011085644 A CN202011085644 A CN 202011085644A CN 112261016 A CN112261016 A CN 112261016A
- Authority
- CN
- China
- Prior art keywords
- attack
- model
- defense
- scale
- adopted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 230000007123 defense Effects 0.000 claims abstract description 101
- 230000007547 defect Effects 0.000 claims description 3
- 230000003068 static effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 5
- 238000010248 power generation Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000001363 autoimmune Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
- G06N5/042—Backward inferencing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses a power grid protection method in an attack scene, and belongs to the technical field of power grid safety. According to the method, power grid protection under an attack scene is realized through four steps of building an attack and defense model of a power system, building an independent attack and defense model, managing the attack and defense model and building a double attack and defense model. The stability degree of the power system depends on whether the power system has active defense attributes or not, the idea that the income of a defender is robbed is firstly surrounded, a certain power system subnet is taken as a case, from the perspective of an attacker, an attacker and a defender attack and defense model are constructed, the relative income values of the two parties in different states are calculated, the optimal defense strategy of selecting a part of defense modes on the power grid side is obtained, and the defense modes are appropriately corrected, so that the defense of the power grid side is assault.
Description
Technical Field
The invention belongs to the technical field of power grid safety, and particularly relates to a power grid protection method in an attack scene.
Background
Energy is one of the most important forces for promoting the development of the industrial industry of the whole society, and an energy system is important for the stable transmission of energy and is the only channel for energy transmission. As a major branch of energy systems, power systems have been the key targets of hacking in recent years: in 2010, the Renzu nuclear power plant of Iran suffered from the attack of stuxnet virus, which resulted in the loss of power generation capability in the short time; in 2014, the malicious software BlackEnergy invades the software system of the American power turbine, and the American power grid cumulatively suffers not less than 79 times of hacking attacks; in 2015, the Ukrainian power system is attacked by Black Energy malicious codes, so that a large-area power failure accident in China is caused; in 2016, the israel power supply system was attacked by hackers, resulting in the outage of a large number of computers in the power facility; in 2019, large-scale power failure events occur in Venezuela, which is caused by that more than half of areas have power failure for more than 6 days due to network attack on main hydropower stations.
The fundamental reason that energy systems such as electric power and the like can be attacked successfully frequently is that each system is protected passively and statically and has no autoimmune function. For such outstanding problems, the industry has conducted a lot of research on active defense, and there are many reports: moving target defense, mimicry defense, end-to-end hopping, and the like. The above active defense techniques have made considerable progress in theory, but suffer from the disadvantage that the construction of a system with the above-mentioned defense properties requires a significant cost, which is often intolerable. In order to solve the problem, many scholars apply the game theory to network security defense, but so far, reports on solving the security problem of the real power generation system by using the game theory are less.
And a system with active defense attribute is built, so that the cost consumption is huge. In order to solve the problem, many scholars apply the game theory to network security defense, but so far, few of the game theory is used for solving the security problem of the real power generation system. The existing defense technology has huge cost and low technical practicability.
Disclosure of Invention
The invention aims to provide a power grid protection method in an attack scene, which changes the current situation of high cost consumption and solves the safety problem of a real power production system by using a game theory.
In order to achieve the purpose, the invention adopts the following technical scheme:
a power grid protection method in an attack scene comprises the following steps:
1) constructing an attack and defense model of the electric power system: the electric power system attack and defense model is mainly divided into a single model and a double model, wherein the single model comprises a host, a network and a management model, the double model comprises a host network model, a host management model and a network management model, the external intentional attack is divided into a large-scale model, a small-scale model and a non-attack model, and the behavior of a defender is divided into a complete defending model, a partial defending model and a non-defending model;
2) constructing an independent attack and defense model:
a) the host attack and defense model: under the complete defense mode, when an attacker adopts a large-scale attack strategy, the adopted income is the largest, and under the partial defense mode, when the attacker adopts a small-scale attack strategy and a non-defense mode, the two parties reach Nash equilibrium;
b) the probability of the small-scale attack strategy is 2/3, and when the probability of the large-scale attack strategy is 1/3, a complete defense mode is adopted;
3) managing an attack and defense model: the harm degree of an attacker for implementing the attack through managing the defects is lower than that of the host, and the attacker generally adopts a static observation method;
4) constructing a double attack and defense model:
a) host and network attack and defense models: when the probability of the large-scale attack strategy is 3/9 and the probability of the adopted small-scale attack strategy is 6/9, adopting a host and a network attack and defense model;
b) the host computer manages the attack and defense model: when the probability of the large-scale attack strategy adopted by the attacker is 3/12, the probability of the small-scale attack strategy adopted is 6/12, and the probability of the non-attack strategy adopted is 3/12, the host computer is adopted to manage the attack and defense model;
c) the network management attack and defense model comprises the following steps: and when the probability of the large-scale attack strategy adopted by the attacker is 3/9 and the probability of the small-scale attack strategy adopted is 6/9, the network management attack and defense model is adopted.
The invention has the beneficial effects that:
1) the stability degree of the power system depends on whether the power system has active defense attributes or not, the idea that the income of a defender is robbed is firstly surrounded, a certain power system subnet is taken as a case, from the perspective of an attacker, an attacker and a defender attack and defense model are constructed, the relative income values of the two parties in different states are calculated, the optimal defense strategy of selecting a part of defense modes on the power grid side is obtained, and the defense modes are appropriately corrected, so that the defense of the power grid side is assault.
2) The method takes a certain power system subnet as a case, verifies a dual attack and defense model by using attack data in an actual production environment, calculates the income values of both the attack and defense parties in a future month, and obtains a defense method of which the power grid side should mainly take partial defense.
3) The invention analyzes attack initiated by an attacker in detail from the perspective of the attacker, and enables the defense strategy of the power grid side to be passive and active. And the method is combined with the actual production business process, so that the qualitative defense strategy is transited to the quantitative defense strategy.
Drawings
Fig. 1 is a diagram of profits of both attacking and defending parties when an attacker launches different attacking strategies in different defense modes.
Fig. 2 is a diagram of profits of both attacking and defending parties when an attacker launches different attacking strategies in different defense modes.
Fig. 3 is a diagram of profits of both attacking and defending parties when an attacker launches different attacking strategies in different defense modes.
Fig. 4 is a graph of profits of both attacking and defending parties when an attacker launches different attacking strategies in different defense modes.
Fig. 5 is a graph of profits of both attacking and defending parties when an attacker launches different attacking strategies in different defense modes.
Fig. 6 is a graph of profits of both attacking and defending parties when an attacker launches different attacking strategies in different defense modes.
Fig. 7 is a monthly profit diagram of the attacking and defending parties when the attacker launches different attacking strategies in different defense modes.
Fig. 8 is a monthly profit diagram of the attacking and defending parties when the attacker launches different attacking strategies in different defense modes.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
Example 1:
a power grid protection method in an attack scene comprises the following steps:
1) constructing an attack and defense model of the electric power system: the electric power system attack and defense model is mainly divided into a single model and a double model, wherein the single model comprises a host, a network and a management model, the double model comprises a host network model, a host management model and a network management model, the external intentional attack is divided into a large-scale model, a small-scale model and a non-attack model, and the behavior of a defender is divided into a complete defending model, a partial defending model and a non-defending model;
2) constructing an independent attack and defense model:
a) the host attack and defense model: under the complete defense mode, when an attacker adopts a large-scale attack strategy, the adopted income is the largest, and under the partial defense mode, when the attacker adopts a small-scale attack strategy and a non-defense mode, the two parties reach Nash equilibrium;
b) the probability of the small-scale attack strategy is 2/3, and when the probability of the large-scale attack strategy is 1/3, a complete defense mode is adopted;
3) managing an attack and defense model: the harm degree of an attacker for implementing the attack through managing the defects is lower than that of the host, and the attacker generally adopts a static observation method;
4) constructing a double attack and defense model:
a) host and network attack and defense models: when the probability of the large-scale attack strategy is 3/9 and the probability of the adopted small-scale attack strategy is 6/9, adopting a host and a network attack and defense model;
b) the host computer manages the attack and defense model: when the probability of the large-scale attack strategy adopted by the attacker is 3/12, the probability of the small-scale attack strategy adopted is 6/12, and the probability of the non-attack strategy adopted is 3/12, the host computer is adopted to manage the attack and defense model;
c) the network management attack and defense model comprises the following steps: and when the probability of the large-scale attack strategy adopted by the attacker is 3/9 and the probability of the small-scale attack strategy adopted is 6/9, the network management attack and defense model is adopted.
Through the protection of the power grid, the following technical effects are obtained: the stability degree of the power system depends on whether the power system has active defense attributes or not, the idea that the income of a defender is robbed is firstly surrounded, a certain power system subnet is taken as a case, from the perspective of an attacker, an attacker and a defender attack and defense model are constructed, the relative income values of the two parties in different states are calculated, the optimal defense strategy of selecting a part of defense modes on the power grid side is obtained, and the defense modes are appropriately corrected, so that the defense of the power grid side is assault. The method takes a certain power system subnet as a case, verifies a dual attack and defense model by using attack data in an actual production environment, calculates the income values of both the attack and defense parties in a future month, and obtains a defense method of which the power grid side should mainly take partial defense. The invention analyzes attack initiated by an attacker in detail from the perspective of the attacker, and enables the defense strategy of the power grid side to be passive and active. And the method is combined with the actual production business process, so that the qualitative defense strategy is transited to the quantitative defense strategy.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments or portions thereof without departing from the spirit and scope of the invention.
Claims (1)
1. A power grid protection method in an attack scene is characterized by comprising the following steps:
1) constructing an attack and defense model of the electric power system: the electric power system attack and defense model is mainly divided into a single model and a double model, wherein the single model comprises a host, a network and a management model, the double model comprises a host network model, a host management model and a network management model, the external intentional attack is divided into a large-scale model, a small-scale model and a non-attack model, and the behavior of a defender is divided into a complete defending model, a partial defending model and a non-defending model;
2) constructing an independent attack and defense model:
a) the host attack and defense model: under the complete defense mode, when an attacker adopts a large-scale attack strategy, the adopted income is the largest, and under the partial defense mode, when the attacker adopts a small-scale attack strategy and a non-defense mode, the two parties reach Nash equilibrium;
b) the probability of the small-scale attack strategy is 2/3, and when the probability of the large-scale attack strategy is 1/3, a complete defense mode is adopted;
3) managing an attack and defense model: the harm degree of an attacker for implementing the attack through managing the defects is lower than that of the host, and the attacker generally adopts a static observation method;
4) constructing a double attack and defense model:
a) host and network attack and defense models: when the probability of the large-scale attack strategy is 3/9 and the probability of the adopted small-scale attack strategy is 6/9, adopting a host and a network attack and defense model;
b) the host computer manages the attack and defense model: when the probability of the large-scale attack strategy adopted by the attacker is 3/12, the probability of the small-scale attack strategy adopted is 6/12, and the probability of the non-attack strategy adopted is 3/12, the host computer is adopted to manage the attack and defense model;
c) the network management attack and defense model comprises the following steps: and when the probability of the large-scale attack strategy adopted by the attacker is 3/9 and the probability of the small-scale attack strategy adopted is 6/9, the network management attack and defense model is adopted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011085644.7A CN112261016A (en) | 2020-10-12 | 2020-10-12 | Power grid protection method in attack scene |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011085644.7A CN112261016A (en) | 2020-10-12 | 2020-10-12 | Power grid protection method in attack scene |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112261016A true CN112261016A (en) | 2021-01-22 |
Family
ID=74241989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011085644.7A Pending CN112261016A (en) | 2020-10-12 | 2020-10-12 | Power grid protection method in attack scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112261016A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113225326A (en) * | 2021-04-28 | 2021-08-06 | 浙江大学 | Network attack strategy generator, terminal and storage medium based on specific consumption |
| CN115189921A (en) * | 2022-06-16 | 2022-10-14 | 国网甘肃省电力公司电力科学研究院 | Method for constructing attack and defense model of electric power system |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820413A (en) * | 2010-01-08 | 2010-09-01 | 中国科学院软件研究所 | Method for selecting optimized protection strategy for network security |
| CN102413003A (en) * | 2010-09-20 | 2012-04-11 | 中国科学院计算技术研究所 | Method and system for detecting network security |
| CN103152345A (en) * | 2013-03-07 | 2013-06-12 | 南京理工大学常熟研究院有限公司 | Network safety optimum attacking and defending decision method for attacking and defending game |
| US20130195271A1 (en) * | 2008-03-03 | 2013-08-01 | Sony Corporation | Communication device and communication method |
| CN106789275A (en) * | 2016-12-27 | 2017-05-31 | 上海科梁信息工程股份有限公司 | Transmission Network of Power System security test system and method |
| CN107147670A (en) * | 2017-06-16 | 2017-09-08 | 福建中信网安信息科技有限公司 | APT defence methods based on game system |
| CN108769062A (en) * | 2018-06-26 | 2018-11-06 | 国网福建省电力有限公司 | A kind of defence method towards power information physical system multi-Stage Network Attack |
| CN108898010A (en) * | 2018-06-25 | 2018-11-27 | 北京计算机技术及应用研究所 | A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending |
| US10225277B1 (en) * | 2018-05-24 | 2019-03-05 | Symantec Corporation | Verifying that the influence of a user data point has been removed from a machine learning classifier |
| CN109617863A (en) * | 2018-11-27 | 2019-04-12 | 杭州电子科技大学 | A method of the mobile target based on game theory defends optimal defence policies to choose |
| CN110166437A (en) * | 2019-04-19 | 2019-08-23 | 杭州电子科技大学 | The method that mobile target defence optimal policy based on DS evidential reasoning is chosen |
| CN110417733A (en) * | 2019-06-24 | 2019-11-05 | 中国人民解放军战略支援部队信息工程大学 | Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model |
| CN111064702A (en) * | 2019-11-16 | 2020-04-24 | 中国人民解放军战略支援部队信息工程大学 | Active defense strategy selection method and device based on bidirectional signal game |
| CN111461424A (en) * | 2020-03-30 | 2020-07-28 | 华北电力大学 | Network attack detection method and system for smart grid demand response |
-
2020
- 2020-10-12 CN CN202011085644.7A patent/CN112261016A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130195271A1 (en) * | 2008-03-03 | 2013-08-01 | Sony Corporation | Communication device and communication method |
| CN101820413A (en) * | 2010-01-08 | 2010-09-01 | 中国科学院软件研究所 | Method for selecting optimized protection strategy for network security |
| CN102413003A (en) * | 2010-09-20 | 2012-04-11 | 中国科学院计算技术研究所 | Method and system for detecting network security |
| CN103152345A (en) * | 2013-03-07 | 2013-06-12 | 南京理工大学常熟研究院有限公司 | Network safety optimum attacking and defending decision method for attacking and defending game |
| CN106789275A (en) * | 2016-12-27 | 2017-05-31 | 上海科梁信息工程股份有限公司 | Transmission Network of Power System security test system and method |
| CN107147670A (en) * | 2017-06-16 | 2017-09-08 | 福建中信网安信息科技有限公司 | APT defence methods based on game system |
| US10225277B1 (en) * | 2018-05-24 | 2019-03-05 | Symantec Corporation | Verifying that the influence of a user data point has been removed from a machine learning classifier |
| CN108898010A (en) * | 2018-06-25 | 2018-11-27 | 北京计算机技术及应用研究所 | A method of establishing the attacking and defending Stochastic Game Model towards malicious code defending |
| CN108769062A (en) * | 2018-06-26 | 2018-11-06 | 国网福建省电力有限公司 | A kind of defence method towards power information physical system multi-Stage Network Attack |
| CN109617863A (en) * | 2018-11-27 | 2019-04-12 | 杭州电子科技大学 | A method of the mobile target based on game theory defends optimal defence policies to choose |
| CN110166437A (en) * | 2019-04-19 | 2019-08-23 | 杭州电子科技大学 | The method that mobile target defence optimal policy based on DS evidential reasoning is chosen |
| CN110417733A (en) * | 2019-06-24 | 2019-11-05 | 中国人民解放军战略支援部队信息工程大学 | Attack Prediction method, apparatus and system based on QBD attacking and defending random evolution betting model |
| CN111064702A (en) * | 2019-11-16 | 2020-04-24 | 中国人民解放军战略支援部队信息工程大学 | Active defense strategy selection method and device based on bidirectional signal game |
| CN111461424A (en) * | 2020-03-30 | 2020-07-28 | 华北电力大学 | Network attack detection method and system for smart grid demand response |
Non-Patent Citations (2)
| Title |
|---|
| BAOYI WANG,JIANQIANG CAI,SHAOMIN ZHANG,JUN LI: "A network security assement model based on attack-defense game theory", 《IEEE》 * |
| 田猛: "电力CPS连锁故障模型及虚假数据攻击研究", 《中国博士学位论文全文数据库》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113225326A (en) * | 2021-04-28 | 2021-08-06 | 浙江大学 | Network attack strategy generator, terminal and storage medium based on specific consumption |
| CN115189921A (en) * | 2022-06-16 | 2022-10-14 | 国网甘肃省电力公司电力科学研究院 | Method for constructing attack and defense model of electric power system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Liang et al. | Distributed blockchain-based data protection framework for modern power systems against cyber attacks | |
| Zhu et al. | Resilience analysis of power grids under the sequential attack | |
| CN112261016A (en) | Power grid protection method in attack scene | |
| Li et al. | Retracted: Design of multimedia blockchain privacy protection system based on distributed trusted communication | |
| Zhao et al. | Exploring the optimum proactive defense strategy for the power systems from an attack perspective | |
| AL-Jumaili et al. | Analytical survey on the security framework of cyber-physical systems for smart power system networks | |
| Sanders et al. | Critical energy infrastructure and the evolution of cybersecurity | |
| Yang et al. | A federated learning attack method based on edge collaboration via cloud | |
| Acarali et al. | Modelling DoS attacks & interoperability in the smart grid | |
| Yadav et al. | SmartPatch: A patch prioritization framework for SCADA chain in smart grid | |
| Xu et al. | Blockchain-based trading and settlement framework for electricity markets | |
| Li et al. | A security defense model for ubiquitous electric internet of things based on game theory | |
| FAN et al. | Cooperative evolution method for blockchain mining pool based on adaptive zero-determinant strategy | |
| Li et al. | Attack modeling for electric power information networks | |
| Han et al. | Research on Quantitative Security Protection Technology of Distribution Automation Nodes based on Attack Tree | |
| Ruan et al. | Applying Large Language Models to Power Systems: Potential Security Threats | |
| Mazepa et al. | Cybercrime in Ukraine and the Cyber Security Game | |
| Chen et al. | Constructing of vulnerability prevention secure model for the cloud computing | |
| Tao et al. | Trusted security immune model of power monitoring system | |
| Zhu et al. | Discussion on information security technology of big data system | |
| Liang et al. | Ontology Based Security Risk Model for Power Terminal Equipment | |
| Li | RETRACTED: Analysis on the University’s Network Security Level System in the Big Data Era | |
| Chang et al. | Dynamic Detection Model of False Data Injection Attack Facing Power Network Security | |
| Chen | Opportunities and challenges faced by the belt and road in the era of big data | |
| Zeng et al. | A stochastic Petri nets approach to dependability analysis of control center networks in smart grid |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210122 |