CN116132161B - A threat analysis and assessment method for power monitoring system - Google Patents

A threat analysis and assessment method for power monitoring system Download PDF

Info

Publication number
CN116132161B
CN116132161B CN202310094283.XA CN202310094283A CN116132161B CN 116132161 B CN116132161 B CN 116132161B CN 202310094283 A CN202310094283 A CN 202310094283A CN 116132161 B CN116132161 B CN 116132161B
Authority
CN
China
Prior art keywords
matrix
security feature
calculation
monitoring system
power monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310094283.XA
Other languages
Chinese (zh)
Other versions
CN116132161A (en
Inventor
李建坡
王赫
王嘉骥
张秋实
李天阳
孟凡奇
朱新月
张华溢
王远洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northeast Electric Power University
Original Assignee
Northeast Dianli University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northeast Dianli University filed Critical Northeast Dianli University
Priority to CN202310094283.XA priority Critical patent/CN116132161B/en
Publication of CN116132161A publication Critical patent/CN116132161A/en
Application granted granted Critical
Publication of CN116132161B publication Critical patent/CN116132161B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N7/00Computing arrangements based on specific mathematical models
    • G06N7/02Computing arrangements based on specific mathematical models using fuzzy logic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Automation & Control Theory (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Biomedical Technology (AREA)
  • Fuzzy Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Supply And Distribution Of Alternating Current (AREA)

Abstract

本发明是一种面向电力监控系统的威胁分析与评估方法,其特点是:所述方法包括基于绝对关联度的安全特征参数权重的计算、基于信息安全三维度的安全特征参数风险的计算和电力监控系统综合威胁评估值的计算。所述方法首先对收集到的安全特征参数进行汇总,并作为威胁分析与评估的依据,利用安全特征参数建立观测矩阵,利用绝对关联度对安全特征参数权重进行计算,然后使用CIA三元组作为分析元组,完成对电力监控系统安全特征参数风险的计算,最后利用计算得到的安全特征参数的全局影响权重和攻击分别在CIA三维度造成的风险评估值,得到电力监控系统综合威胁评估值,并实时更新。具有方法科学合理,适用性强,效果佳的优点。

The present invention is a threat analysis and assessment method for an electric power monitoring system, which is characterized in that the method includes the calculation of the weight of security feature parameters based on absolute correlation, the calculation of the risk of security feature parameters based on three dimensions of information security, and the calculation of the comprehensive threat assessment value of the electric power monitoring system. The method first summarizes the collected security feature parameters and uses them as the basis for threat analysis and assessment, establishes an observation matrix using security feature parameters, calculates the weight of security feature parameters using absolute correlation, and then uses CIA triples as analysis tuples to complete the calculation of the risk of security feature parameters of the electric power monitoring system. Finally, the calculated global impact weight of the security feature parameters and the risk assessment value caused by the attack in the three dimensions of CIA are used to obtain the comprehensive threat assessment value of the electric power monitoring system, and update it in real time. It has the advantages of scientific and reasonable methods, strong applicability, and good effects.

Description

一种面向电力监控系统的威胁分析与评估方法A threat analysis and assessment method for power monitoring system

技术领域Technical Field

本发明属于网络安全技术领域,涉及到一种面向电力监控系统的威胁分析与评估方法。The invention belongs to the technical field of network security and relates to a threat analysis and assessment method for an electric power monitoring system.

背景技术Background technique

在现有技术中,电力监控系统是指在电力生产与输送过程中起到监视和控制作用的智能设备与系统,用于支撑电力系统安全稳定运行,并保证电力的可靠供应。电力监控系统的功能包括用户管理、数据采集处理、事件记录、故障报警以及遥信、遥控、遥测等。随着计算机信息技术在电力行业越来越广泛的应用,电力监控系统由于其脆弱性与重要性,不可避免地成为各类网络攻击的目标。因此,针对电力监控系统进行威胁分析与评估,提高电力系统的安全性,保证平稳供电是本领域需要亟待解决的问题。目前针对电力监控系统的威胁分析与评估方法主要存在以下问题:In the prior art, the power monitoring system refers to intelligent equipment and systems that play a monitoring and control role in the process of power production and transmission, which are used to support the safe and stable operation of the power system and ensure the reliable supply of electricity. The functions of the power monitoring system include user management, data acquisition and processing, event recording, fault alarm, as well as telesignaling, remote control, and telemetry. With the increasingly widespread application of computer information technology in the power industry, the power monitoring system has inevitably become the target of various network attacks due to its vulnerability and importance. Therefore, it is an urgent problem to be solved in this field to conduct threat analysis and assessment on the power monitoring system, improve the security of the power system, and ensure stable power supply. The current threat analysis and assessment methods for power monitoring systems mainly have the following problems:

(1)现有的威胁分析方法需要对系统日志等系统资源进行实时扫描,这可能会造成设备过载;(1) Existing threat analysis methods require real-time scanning of system resources such as system logs, which may cause device overload;

(2)现有的威胁分析方法在对多源异构数据进行统一格式化时,可能会发生对有用信息进行误裁剪的情况;(2) Existing threat analysis methods may accidentally cut out useful information when uniformly formatting multi-source heterogeneous data;

(3)由于电力监控系统本身的复杂性,系统可能对一些攻击的响应有所延后,这对某些具有高实时性要求的设备是不可接受的。(3) Due to the complexity of the power monitoring system itself, the system may have a delayed response to some attacks, which is unacceptable for some devices with high real-time requirements.

发明内容Summary of the invention

本发明的目的是克服现有技术的不足,提供一种面向电力监控系统的威胁分析与评估方法,所述方法能够评估攻击对目标的影响程度和范围,且能够在实时性、可靠性方面进行优化。The purpose of the present invention is to overcome the deficiencies of the prior art and provide a threat analysis and assessment method for an electric power monitoring system, which can assess the degree and scope of impact of an attack on a target and can be optimized in terms of real-time performance and reliability.

本发明的目的是由以下技术方案来优化实现的:一种面向电力监控系统的威胁分析与评估方法,其特征是,所述方法包括:基于绝对关联度的安全特征参数权重的计算、基于信息安全三维度的安全特征参数风险的计算和电力监控系统综合威胁评估值的计算。The objective of the present invention is to be optimized and realized by the following technical scheme: a threat analysis and assessment method for an electric power monitoring system, characterized in that the method comprises: calculation of security feature parameter weights based on absolute correlation, calculation of security feature parameter risks based on three dimensions of information security, and calculation of a comprehensive threat assessment value of an electric power monitoring system.

进一步,所述基于绝对关联度的安全特征参数权重的计算是对安全特征参数在网络全局中的影响值进行计算,对收集到的安全特征参数进行汇总,并作为威胁分析与评估的依据,利用安全特征参数建立观测矩阵,设共有m项安全特征参数,所述m项安全特征参数包括系统日志分析、攻击告警信息、设备异常分析和综合风险分析,建立的观测矩阵A表示为:Furthermore, the calculation of the security feature parameter weight based on the absolute correlation is to calculate the impact value of the security feature parameter in the global network, summarize the collected security feature parameters, and use them as the basis for threat analysis and assessment. The observation matrix is established using the security feature parameters. Suppose there are m security feature parameters in total, and the m security feature parameters include system log analysis, attack alarm information, equipment anomaly analysis and comprehensive risk analysis. The established observation matrix A is expressed as:

其中,矩阵A的第i列,i=1,2,...,m,代表第i项安全特征参数在第t,t=1,2,...,T,时刻的影响值,为使各组数据之间更具有可比性,对矩阵A的元素xi(t),按照公式(2)进行初值化运算得到xi′(t):The i-th column of matrix A, i=1,2,...,m, represents the impact value of the i-th safety feature parameter at time t, t=1,2,...,T. In order to make the data sets more comparable, the element x i (t) of matrix A is initialized according to formula (2) to obtain x i ′(t):

其中,xi(t)为第i项安全特征参数在时刻t时的影响值,xi(1)为第i项安全特征参数在时刻t=1时的影响值,也就是矩阵A的第一行元素,由此得到初值化后的矩阵A′:Wherein, xi (t) is the influence value of the ith safety feature parameter at time t, and xi (1) is the influence value of the ith safety feature parameter at time t=1, which is the first row element of matrix A. Thus, the initialized matrix A′ is obtained:

基于矩阵A′计算各子项的关联系数并构成关联矩阵,矩阵A′中,第一列为参考序列,即X1={x1′(1),x1′(2),...,x1′(T)}={1,x1′(2),...,x1′(T)},其余列为比较序列,即Xi={xi′(1),xi′(2),...,xi′(T)}={1,xi′(2),...,xi′(T)},i=2,3,...,m,通过公式(4)、(5)对参考序列作一次累减生成Δx1(t),对比较序列作一次累减生成Δxi(t):Based on the matrix A′, the correlation coefficient of each sub-item is calculated and the correlation matrix is constructed. In the matrix A′, the first column is the reference sequence, that is, X 1 ={x 1 ′(1),x 1 ′(2),...,x 1 ′(T)}={1,x 1 ′(2),...,x 1 (T)}, and the remaining columns are the comparison sequences, that is, Xi ={ xi ′(1),xi (2),...,xi ′(T)}={1, xi ′(2),..., xi ′(T)}, i=2,3,...,m. The reference sequence is subtracted once to generate Δx 1 (t) and the comparison sequence is subtracted once to generate Δxi (t) according to formulas (4) and (5):

Δx1(t)=x1′(t)-x1′(t-1),t=2,3,....,T (4)Δx 1 (t) = x 1 ′(t) - x 1 ′(t-1), t = 2, 3, ..., T (4)

Δxi(t)=xi′(t)-xi′(t-1),i=2,3,...,m;t=2,3,...,T (5) Δxi (t)= xi ′(t)-xi (t-1),i=2,3,...,m;t=2,3,...,T (5)

然后计算关联系数γi(t):Then calculate the correlation coefficient γ i (t):

由此得关联矩阵R:This gives the correlation matrix R:

由公式(8)、(9)、(10)得出任意两项安全特征参数和/>之间的关联度/> From formulas (8), (9) and (10), we can get any two safety feature parameters: and/> The correlation between

由此得新关联矩阵R′:Thus, the new incidence matrix R′ is obtained:

矩阵R′是一个m×m的非负对称矩阵,设矩阵R′存在最大特征值λmax,并且存在特征向量P,使得λmaxP=R′P,P=[ω12,...,ωm]T,其中,ωi表示第i项安全特征参数的全局影响权重,i=1,2,...,m,据此完成对m项安全特征参数对网络全局影响权重的计算。The matrix R′ is an m×m non-negative symmetric matrix. Assume that the matrix R′ has a maximum eigenvalue λ max and an eigenvector P such that λ max P=R′P, P=[ω 12 ,...,ω m ] T , where ω i represents the global impact weight of the i-th security feature parameter, i=1,2,...,m, and the calculation of the global impact weights of the m security feature parameters on the network is completed accordingly.

进一步,所述基于信息安全三维度的安全特征参数风险的计算是为了实现电力监控系统在应对攻击时的安全特征参数风险值计算,使用CIA三元组,即为:机密性(Confidentiality)、完整性(Integrity)、可用性(Availability)作为分析元组,对下层传播层次元组中的元素a1,a2,...,an进行重要性比较,具体如公式(12)所示:Furthermore, the calculation of the security characteristic parameter risk based on the three dimensions of information security is to realize the calculation of the security characteristic parameter risk value of the power monitoring system when responding to attacks. The CIA triplet, namely: confidentiality, integrity, and availability, is used as the analysis tuple, and the importance of the elements a 1 , a 2 , ..., a n in the lower layer propagation level tuple is compared, as shown in formula (12):

其中,ujk、vjk和wjk分别表示机密性、完整性、可用性三维度的元素经由重要性比较处理后的结果,由此能够分别得到机密性模糊矩阵MC、完整性模糊矩阵MI和可用性模糊矩阵MAAmong them, u jk , v jk and w jk represent the results of the elements of confidentiality, integrity and availability after importance comparison, thereby obtaining the confidentiality fuzzy matrix M C , the integrity fuzzy matrix M I and the availability fuzzy matrix MA respectively:

判断矩阵是否满足模糊一致性,若矩阵为模糊不一致矩阵,则将其调整为模糊一致矩阵,由模糊一致矩阵的判定原则,矩阵内指定两行对应元素之差为常数,那么,模糊一致矩阵,即:Determine whether the matrix satisfies fuzzy consistency. If the matrix is a fuzzy inconsistent matrix, adjust it to a fuzzy consistent matrix. According to the determination principle of the fuzzy consistent matrix, the difference between the corresponding elements of two rows in the matrix is a constant. Then, the fuzzy consistent matrix is:

其中,ufg,ufh,ugh∈Mc,vfg,vfh,vgh∈MI,wfg,wfh,wgh∈MA,f=1,2,···,n,g=1,2,···,n,h=1,2,···,n,f≠g≠h,根据公式(17)对矩阵进行一致化处理:Wherein, u fg ,u fh ,u gh ∈M c ,v fg ,v fh ,v gh ∈M I ,w fg ,w fh ,w gh ∈M A ,f=1,2,···,n,g=1,2,···,n,h=1,2,···,n,f≠g≠h, and the matrix is unified according to formula (17):

其中,u′fg、v′fg和w′fg分别表示在机密性、完整性、可用性三维度,对模糊矩阵MC、MI和MA中的元素进行一致化处理的结果;Among them, u′ fg , v′ fg and w′ fg represent the results of unifying the elements in the fuzzy matrices M C , M I and MA in the three dimensions of confidentiality, integrity and availability respectively;

计算攻击在CIA三维度上的威胁评价指数:Calculate the threat assessment index of the attack in the three dimensions of CIA:

在计算出不同维度的威胁评价指数之后,攻击分别在CIA三维度造成的风险评估值fC、fI和fA计算公式为:After calculating the threat evaluation indexes of different dimensions, the risk assessment values f C , f I and f A caused by the attack in the three dimensions of CIA are calculated as follows:

其中,函数T(x)的值随着攻击次数x的提高而增加,其表达式定义为:Among them, the value of function T(x) increases with the increase of the number of attacks x, and its expression is defined as:

据此完成对电力监控系统安全特征参数风险的计算。Based on this, the calculation of the safety characteristic parameter risks of the power monitoring system is completed.

进一步,所述电力监控系统综合威胁评估值的计算是利用计算得到的m项安全特征参数的全局影响权重ωi,i=1,2,...,m,和攻击分别在CIA三维度造成的风险评估值fC、fI和fA,最终得到电力监控系统综合威胁评估值CT,并实时更新,计算方法如公式(21)所示:Furthermore, the calculation of the comprehensive threat assessment value of the power monitoring system is to use the calculated global impact weights ω i of the m security feature parameters, i=1, 2, ..., m, and the risk assessment values f C , f I and f A caused by the attack in the three dimensions of CIA, and finally obtain the comprehensive threat assessment value CT of the power monitoring system, and update it in real time. The calculation method is shown in formula (21):

其中,xi(t)为第i项安全特征参数在时刻t时的影响值,ωi表示第i项安全特征参数的全局影响权重,i=1,2,...,m,fC、fI和fA是攻击分别在CIA三维度造成的风险评估值,α、β和χ分别用于衡量fC、fI和fA的权重。Wherein, x i (t) is the impact value of the i-th security feature parameter at time t, ω i represents the global impact weight of the i-th security feature parameter, i=1,2,...,m, f C , f I and f A are the risk assessment values caused by the attack in the three dimensions of CIA respectively, and α, β and χ are used to measure the weights of f C , f I and f A respectively.

本发明的一种面向电力监控系统的威胁分析与评估方法,首先对收集到的安全特征参数进行汇总,并作为威胁分析与评估的依据,利用安全特征参数建立观测矩阵,利用绝对关联度对安全特征参数权重进行计算,然后使用CIA三元组作为分析元组,完成对电力监控系统安全特征参数风险的计算,最后利用计算得到的安全特征参数的全局影响权重和攻击分别在CIA三维度造成的风险评估值,得到电力监控系统综合威胁评估值,并实时更新。能够评估攻击对目标的影响程度和范围,且能够在实时性、可靠性方面进行优化。具有方法科学合理,适用性强,效果佳的优点。The threat analysis and assessment method for the electric power monitoring system of the present invention first summarizes the collected security feature parameters and uses them as the basis for threat analysis and assessment, establishes an observation matrix using the security feature parameters, calculates the weights of the security feature parameters using the absolute correlation, and then uses the CIA triple as the analysis tuple to complete the calculation of the risk of the security feature parameters of the electric power monitoring system. Finally, the global impact weight of the calculated security feature parameters and the risk assessment value caused by the attack in the three dimensions of CIA are used to obtain the comprehensive threat assessment value of the electric power monitoring system and update it in real time. It can evaluate the degree and scope of the impact of the attack on the target, and can optimize in terms of real-time performance and reliability. It has the advantages of scientific and reasonable methods, strong applicability, and good effects.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明的一种面向电力监控系统的威胁分析与评估方法的流程图。FIG1 is a flow chart of a threat analysis and assessment method for a power monitoring system according to the present invention.

具体实施方式Detailed ways

下面利用附图和具体实施方式对本发明作进一步说明。The present invention will be further described below using the accompanying drawings and specific implementation methods.

参照图1,本发明所提出的一种面向电力监控系统的威胁分析与评估方法,包括:基于绝对关联度的安全特征参数权重的计算、基于信息安全三维度的安全特征参数风险的计算和电力监控系统综合威胁评估值的计算,具体内容为:1, a threat analysis and assessment method for a power monitoring system proposed in the present invention includes: calculation of security feature parameter weights based on absolute correlation, calculation of security feature parameter risks based on three dimensions of information security, and calculation of a comprehensive threat assessment value of a power monitoring system, and the specific contents are as follows:

1)基于绝对关联度的安全特征参数权重的计算1) Calculation of security feature parameter weights based on absolute correlation

为了对安全特征参数在网络全局中的影响值进行计算,对收集到的安全特征参数进行汇总,并作为威胁分析与评估的依据,利用安全特征参数建立观测矩阵,设共有m项安全特征参数,所述m项安全特征参数包括系统日志分析、攻击告警信息、设备异常分析和综合风险分析,建立的观测矩阵A表示为:In order to calculate the impact value of security feature parameters in the global network, the collected security feature parameters are summarized and used as the basis for threat analysis and assessment. The observation matrix is established using the security feature parameters. Suppose there are m security feature parameters in total, which include system log analysis, attack alarm information, device anomaly analysis and comprehensive risk analysis. The established observation matrix A is expressed as:

其中,矩阵A的第i列,i=1,2,...,m,代表第i项安全特征参数在第t,t=1,2,...,T,时刻的影响值,为使各组数据之间更具有可比性,对矩阵A的元素xi(t),按照公式(2)进行初值化运算得到xi′(t):The i-th column of matrix A, i=1,2,...,m, represents the impact value of the i-th safety feature parameter at time t, t=1,2,...,T. In order to make the data sets more comparable, the element x i (t) of matrix A is initialized according to formula (2) to obtain x i ′(t):

其中,xi(t)为第i项安全特征参数在时刻t时的影响值,xi(1)为第i项安全特征参数在时刻t=1时的影响值,也就是矩阵A的第一行元素,由此得到初值化后的矩阵A′:Wherein, xi (t) is the influence value of the ith safety feature parameter at time t, and xi (1) is the influence value of the ith safety feature parameter at time t=1, which is the first row element of matrix A. Thus, the initialized matrix A′ is obtained:

基于矩阵A′计算各子项的关联系数并构成关联矩阵,矩阵A′中,第一列为参考序列,即X1={x1′(1),x1′(2),...,x1′(T)}={1,x1′(2),...,x1′(T)},其余列为比较序列,即Xi={xi′(1),xi′(2),...,xi′(T)}={1,xi′(2),...,xi′(T)},i=2,3,...,m,通过公式(4)、(5)对参考序列作一次累减生成Δx1(t),对比较序列作一次累减生成Δxi(t):Based on the matrix A′, the correlation coefficient of each sub-item is calculated and the correlation matrix is constructed. In the matrix A′, the first column is the reference sequence, that is, X 1 ={x 1 ′(1), x 1 ′(2), ..., x 1 ′(T)} ={1, x 1 ′(2), ..., x 1 ′(T)}, and the remaining columns are the comparison sequences, that is, Xi ={ xi ′(1),xi (2), ...,xi (T)} ={1, xi ′(2), ..., xi ′(T)}, i = 2, 3, ..., m. The reference sequence is subtracted once to generate Δx 1 (t) and the comparison sequence is subtracted once to generate Δx i (t) according to formulas (4) and (5):

Δx1(t)=x1′(t)-x1′(t-1),t=2,3,....,T (4)Δx 1 (t) = x 1 ′(t) - x 1 ′(t-1), t = 2, 3, ..., T (4)

Δxi(t)=xi′(t)-xi′(t-1),i=2,3,...,m;t=2,3,...,T (5) Δxi (t)= xi ′(t)-xi (t-1),i=2,3,...,m;t=2,3,...,T (5)

然后计算关联系数γi(t):Then calculate the correlation coefficient γ i (t):

由此得关联矩阵R:This gives the correlation matrix R:

由公式(8)、(9)、(10)得出任意两项安全特征参数和/>之间的关联度/> Any two safety feature parameters can be obtained from formulas (8), (9) and (10): and/> The correlation between

由此得新关联矩阵R′:Thus, the new incidence matrix R′ is obtained:

矩阵R′是一个m×m的非负对称矩阵,设矩阵R′存在最大特征值λmax,并且存在特征向量P,使得λmaxP=R′P,P=[ω12,...,ωm]T,其中,ωi表示第i项安全特征参数的全局影响权重,i=1,2,...,m,据此完成对m项安全特征参数对网络全局影响权重的计算;The matrix R′ is an m×m non-negative symmetric matrix. Assume that the matrix R′ has a maximum eigenvalue λ max and an eigenvector P such that λ max P=R′P, P=[ω 12 ,...,ω m ] T , where ω i represents the global impact weight of the i-th security feature parameter, i=1,2,...,m, and the global impact weight of the m security feature parameters on the network is calculated accordingly;

2)基于信息安全三维度的安全特征参数风险的计算2) Calculation of security characteristic parameter risks based on the three dimensions of information security

为了实现电力监控系统在应对攻击时的安全特征参数风险值计算,使用CIA三元组,即为:机密性(Confidentiality)、完整性(Integrity)、可用性(Availability)作为分析元组,对下层传播层次元组中的元素a1,a2,...,an进行重要性比较,具体如公式(12)所示:In order to calculate the risk value of security characteristic parameters of the power monitoring system when responding to attacks, the CIA triplet, namely, confidentiality, integrity, and availability, is used as the analysis tuple, and the importance of the elements a 1 , a 2 , ..., a n in the lower propagation level tuple is compared, as shown in formula (12):

其中,ujk、vjk和wjk分别表示机密性、完整性、可用性三维度的元素经由重要性比较处理后的结果,由此能够分别得到机密性模糊矩阵MC、完整性模糊矩阵MI和可用性模糊矩阵MAAmong them, u jk , v jk and w jk represent the results of the elements of confidentiality, integrity and availability after importance comparison, thereby obtaining the confidentiality fuzzy matrix M C , the integrity fuzzy matrix M I and the availability fuzzy matrix MA respectively:

判断矩阵是否满足模糊一致性,若矩阵为模糊不一致矩阵,则将其调整为模糊一致矩阵,由模糊一致矩阵的判定原则,矩阵内指定两行对应元素之差为常数,那么,模糊一致矩阵,即:Determine whether the matrix satisfies fuzzy consistency. If the matrix is a fuzzy inconsistent matrix, adjust it to a fuzzy consistent matrix. According to the determination principle of the fuzzy consistent matrix, the difference between the corresponding elements of two rows in the matrix is a constant. Then, the fuzzy consistent matrix is:

其中,ufg,ufh,ugh∈Mc,vfg,vfh,vgh∈MI,wfg,wfh,wgh∈MA,f=1,2,···,n,g=1,2,···,n,h=1,2,···,n,f≠g≠h,根据公式(17)对矩阵进行一致化处理:Wherein, u fg ,u fh ,u gh ∈M c ,v fg ,v fh ,v gh ∈M I ,w fg ,w fh ,w gh ∈M A ,f=1,2,···,n,g=1,2,···,n,h=1,2,···,n,f≠g≠h, and the matrix is unified according to formula (17):

其中,u′fg、v′fg和w′fg分别表示在机密性、完整性、可用性三维度,对模糊矩阵MC、MI和MA中的元素进行一致化处理的结果;Among them, u′ fg , v′ fg and w′ fg represent the results of unifying the elements in the fuzzy matrices M C , M I and MA in the three dimensions of confidentiality, integrity and availability respectively;

计算攻击在CIA三维度上的威胁评价指数:Calculate the threat assessment index of the attack in the three dimensions of CIA:

在计算出不同维度的威胁评价指数之后,攻击分别在CIA三维度造成的风险评估值fC、fI和fA计算公式为:After calculating the threat evaluation indexes of different dimensions, the risk assessment values f C , f I and f A caused by the attack in the three dimensions of CIA are calculated as follows:

其中,函数T(x)的值随着攻击次数x的提高而增加,其表达式定义为:Among them, the value of function T(x) increases with the increase of the number of attacks x, and its expression is defined as:

据此完成对电力监控系统安全特征参数风险的计算;Based on this, the calculation of the safety characteristic parameter risk of the power monitoring system is completed;

3)电力监控系统综合威胁评估值的计算3) Calculation of comprehensive threat assessment value of power monitoring system

利用计算得到的m项安全特征参数的全局影响权重ωi,i=1,2,...,m,和攻击分别在CIA三维度造成的风险评估值fC、fI和fA,最终得到电力监控系统综合威胁评估值CT,并实时更新,计算方法如公式(21)所示:Using the calculated global impact weights ω i of the m security feature parameters, i = 1, 2, ..., m, and the risk assessment values f C , f I and f A caused by the attack in the three dimensions of CIA, the comprehensive threat assessment value CT of the power monitoring system is finally obtained and updated in real time. The calculation method is shown in formula (21):

其中,xi(t)为第i项安全特征参数在时刻t时的影响值,ωi表示第i项安全特征参数的全局影响权重,i=1,2,...,m,fC、fI和fA是攻击分别在CIA三维度造成的风险评估值,α、β和χ分别用于衡量fC、fI和fA的权重。Wherein, x i (t) is the impact value of the i-th security feature parameter at time t, ω i represents the global impact weight of the i-th security feature parameter, i=1,2,...,m, f C , f I and f A are the risk assessment values caused by the attack in the three dimensions of CIA respectively, and α, β and χ are used to measure the weights of f C , f I and f A respectively.

本发明所应用的软件程序依据自动化、网络和计算机处理技术编制,是本领域技术人员所熟悉的技术。The software program used in the present invention is compiled based on automation, network and computer processing technologies, which are technologies familiar to those skilled in the art.

本发明具体实施方式并非穷举,并不构成对权利要求保护范围的限定,本领域技术人员根据本发明实施例获得的启示,不经过创造性劳动就能够想到其它实质上等同的替代,均在本发明保护范围内。The specific implementation methods of the present invention are not exhaustive and do not constitute a limitation on the scope of protection of the claims. Based on the inspiration obtained from the embodiments of the present invention, those skilled in the art can think of other substantially equivalent alternatives without creative work, all of which are within the scope of protection of the present invention.

Claims (1)

1. A threat analysis and evaluation method for an electric power monitoring system is characterized in that: the method comprises the steps of calculating safety characteristic parameter weights based on absolute association, calculating safety characteristic parameter risks based on three dimensions of information safety and calculating comprehensive threat assessment values of a power monitoring system;
the calculation of the security feature parameter weight based on the absolute association degree is to calculate the influence value of the security feature parameter in the network global, collect the collected security feature parameter, use the security feature parameter to establish an observation matrix as the basis of threat analysis and evaluation, and set m security feature parameters in total, wherein the m security feature parameters comprise system log analysis, attack alarm information, equipment abnormality analysis and comprehensive risk analysis, and the established observation matrix A is expressed as:
wherein, the ith column, i of matrix AThe values of the influence of the ith safety feature parameter at T, t=1, 2,.. i (t) performing initial value operation according to the formula (2) to obtain x i ′(t):
Wherein x is i (t) is the influence value, x of the ith safety feature parameter at the time t i (1) For the impact value of the ith security feature parameter at time t=1, i.e. the first row element of matrix a, an initialized matrix a' is thus obtained:
calculating the association coefficient of each sub-item based on a matrix A 'and forming an association matrix, wherein the first column in the matrix A' is a reference sequence, namely X 1 ={x 1 ′(1),x 1 ′(2),...,x 1 ′(T)}={1,x 1 ′(2),...,x 1 'T', the remaining columns being comparison sequences, X i ={x i ′(1),x i ′(2),...,x i ′(T)}={1,x i ′(2),...,x i ' s (T) }, i=2, 3,..m, generating Deltax by one time subtracting the reference sequence by the formulas (4), (5) 1 (t) one subtraction of the comparison sequence to yield Δx i (t):
Δx 1 (t)=x 1 ′(t)-x 1 ′(t-1),t=2,3,....,T (4)
Δx i (t)=x i ′(t)-x i ′(t-1),i=2,3,...,m;t=2,3,...,T (5)
Then calculate the association coefficient gamma i (t):
Thereby obtaining an association matrix R:
obtaining any two safety characteristic parameters according to formulas (8), (9) and (10)And->Correlation between->
Thereby obtaining a new association matrix R':
the matrix R 'is a non-negative symmetric matrix of m x m, provided that the matrix R' has a maximum eigenvalue lambda max And there is a feature vector P such that lambda max P=R′P,P=[ω 12 ,...,ω m ] T Wherein ω is i Representing the security feature parameter of item iGlobal impact weight, i=1, 2,..m, accordingly, the calculation of the global influence weight of the m security feature parameters on the network is completed;
the calculation of the security feature parameter risk based on information security three dimensions is the calculation of the security feature parameter risk value of the power monitoring system when the power monitoring system is in response to attack, and CIA triples are used, namely: confidentiality (importance), integrity (Integrity), availability (Availability) as analysis tuples, for element a in the underlying propagation hierarchy tuple 1 ,a 2 ,...,a n The importance comparison is carried out as shown in a specific formula (12):
wherein u is jk 、v jk And w jk The confidentiality fuzzy matrix M can be obtained by comparing the results of the elements with three dimensions of confidentiality, integrity and availability C Integrity fuzzy matrix M I And availability ambiguity matrix M A
Judging whether the matrix meets the fuzzy consistency, if the matrix is a fuzzy inconsistent matrix, adjusting the matrix into the fuzzy consistency matrix, and designating the difference between two rows of corresponding elements in the matrix as a constant according to the judging principle of the fuzzy consistency matrix, wherein the fuzzy consistency matrix is as follows:
wherein u is fg ,u fh ,u gh ∈M c ,v fg ,v fh ,v gh ∈M I ,w fg ,w fh ,w gh ∈M A F=1, 2, ··, n, g=1, 2, the terms, n, h=1, 2, n, f +.g +.h, the matrix is normalized according to equation (17):
wherein u' fg 、v′ fg And w' fg Respectively represent the fuzzy matrix M in three dimensions of confidentiality, integrity and availability C 、M I And M A A result of the element unification processing;
calculating threat assessment index of attack in CIA three dimensions:
after threat evaluation indexes of different dimensions are calculated, attack is performed on risk evaluation values f respectively caused by CIA three-dimensions C 、f I And f A The calculation formula is as follows:
wherein the value of the function T (x) increases with the number of attacks x, and the expression is defined as:
the calculation of the safety characteristic parameter risk of the power monitoring system is completed according to the risk;
the calculation of the comprehensive threat assessment value of the power monitoring system is to utilize the global influence weight omega of m security feature parameters obtained by calculation i I=1, 2,..m, and risk assessment value f by attack on CIA three-dimension, respectively C 、f I And f A Finally, the comprehensive threat assessment value CT of the power monitoring system is obtained and updated in real time, and the calculation method is shown as a formula (21):
wherein x is i (t) is the influence value, omega, of the ith safety feature parameter at the time t i Global impact weight representing the i-th security feature parameter, i=1, 2,.. C 、f I And f A Is a risk evaluation value respectively caused by attacks in CIA three-dimension, and alpha, beta and χ are respectively used for measuring f C 、f I And f A Is a weight of (2).
CN202310094283.XA 2023-02-08 2023-02-08 A threat analysis and assessment method for power monitoring system Active CN116132161B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310094283.XA CN116132161B (en) 2023-02-08 2023-02-08 A threat analysis and assessment method for power monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310094283.XA CN116132161B (en) 2023-02-08 2023-02-08 A threat analysis and assessment method for power monitoring system

Publications (2)

Publication Number Publication Date
CN116132161A CN116132161A (en) 2023-05-16
CN116132161B true CN116132161B (en) 2024-04-05

Family

ID=86311471

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310094283.XA Active CN116132161B (en) 2023-02-08 2023-02-08 A threat analysis and assessment method for power monitoring system

Country Status (1)

Country Link
CN (1) CN116132161B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12341816B1 (en) 2020-04-08 2025-06-24 Wells Fargo Bank, N.A. Security model utilizing multi-channel data with service level agreement integration
US11720686B1 (en) * 2020-04-08 2023-08-08 Wells Fargo Bank, N.A. Security model utilizing multi-channel data with risk-entity facing cybersecurity alert engine and portal
CN118192443B (en) * 2024-01-31 2024-12-13 深圳市图高智能有限公司 Internet security service system for intelligent control

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104657915A (en) * 2015-03-10 2015-05-27 国家电网公司 Dynamic self-adaptive power system terminal security threat evaluation method
WO2017044446A1 (en) * 2015-09-08 2017-03-16 Sikorsky Aircraft Corporation Cyber security system for a vehicle
CN111614615A (en) * 2020-04-16 2020-09-01 国网浙江省电力有限公司湖州供电公司 A Quantitative Evaluation Method for Network Security of Substation Power Monitoring System
CN113408114A (en) * 2021-06-04 2021-09-17 中国电力科学研究院有限公司 Method and system for evaluating vulnerability threat degree of power monitoring system equipment
CN114862267A (en) * 2022-05-31 2022-08-05 国家石油天然气管网集团有限公司 Evaluation method and system of oil and gas pipeline alarm management system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104657915A (en) * 2015-03-10 2015-05-27 国家电网公司 Dynamic self-adaptive power system terminal security threat evaluation method
WO2017044446A1 (en) * 2015-09-08 2017-03-16 Sikorsky Aircraft Corporation Cyber security system for a vehicle
CN111614615A (en) * 2020-04-16 2020-09-01 国网浙江省电力有限公司湖州供电公司 A Quantitative Evaluation Method for Network Security of Substation Power Monitoring System
CN113408114A (en) * 2021-06-04 2021-09-17 中国电力科学研究院有限公司 Method and system for evaluating vulnerability threat degree of power monitoring system equipment
CN114862267A (en) * 2022-05-31 2022-08-05 国家石油天然气管网集团有限公司 Evaluation method and system of oil and gas pipeline alarm management system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于电力系统的信息安全风险评估机制研究;梁智强;林丹生;;信息网络安全;20170410(第04期);全文 *

Also Published As

Publication number Publication date
CN116132161A (en) 2023-05-16

Similar Documents

Publication Publication Date Title
CN116132161B (en) A threat analysis and assessment method for power monitoring system
CN106453417B (en) A Network Attack Target Prediction Method Based on Nearest Neighbor Similarity
CN113780443B (en) Threat detection-oriented network security situation assessment method
CN106713233B (en) A method for judging and protecting network security status
CN114301712A (en) A method and system for correlation analysis of industrial Internet alarm logs based on graph method
CN111600842A (en) Internet of Things terminal security control method and system based on trusted threat intelligence
CN112769869A (en) SDN network security prediction method based on Bayesian attack graph and corresponding system
CN115856756A (en) Fault assessment method for electric energy metering box
CN116112283A (en) CNN-LSTM-based power system network security situation prediction method and system
CN110298170B (en) A Security Evaluation Method of Power SCADA System Considering Blind Attack Factor
CN116170200A (en) Power monitoring system time sequence abnormality detection method, system, equipment and storage medium
CN111865899A (en) Threat-driven collaborative collection method and device
CN112052277A (en) Voltage sag severity assessment method and device based on big data
Shi Research on the network information security evaluation model and algorithm based on grey relational clustering analysis
CN116707940B (en) Data security visual analysis method and system based on big data
CN117972684A (en) Database abnormal access detection method based on artificial intelligence
CN117633787A (en) A security analysis method and system based on user behavior data
CN114500011B (en) Auxiliary decision-making method based on behavior baseline anomaly analysis and event arrangement
CN109873786A (en) For the safety situation evaluation system of multi-source heterogeneous information cloud platform
CN114124486A (en) Method for improving node security in Byzantine consensus mechanism
CN112910730B (en) Communication network real-time early warning monitoring system and monitoring method thereof
CN118939701B (en) A log audit analysis method and system
CN118733387A (en) A multi-server log analysis method, device and storage medium
CN119276606B (en) Network security optimization analysis system based on deep learning
Gao et al. Research on Internet Security Big Data Protection Technology and Model Simulation Design Based on Deep Learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant