CN116208505A - Electric power infrastructure network security behavior model - Google Patents

Electric power infrastructure network security behavior model Download PDF

Info

Publication number
CN116208505A
CN116208505A CN202211677123.XA CN202211677123A CN116208505A CN 116208505 A CN116208505 A CN 116208505A CN 202211677123 A CN202211677123 A CN 202211677123A CN 116208505 A CN116208505 A CN 116208505A
Authority
CN
China
Prior art keywords
power
model
node
attack
entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211677123.XA
Other languages
Chinese (zh)
Inventor
王艳正
司光亚
唐宇波
王燕
齐剑男
吴高洁
黄海燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Defence University Of People's Liberation Army Joint Operation Institute
Original Assignee
National Defence University Of People's Liberation Army Joint Operation Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Defence University Of People's Liberation Army Joint Operation Institute filed Critical National Defence University Of People's Liberation Army Joint Operation Institute
Priority to CN202211677123.XA priority Critical patent/CN116208505A/en
Publication of CN116208505A publication Critical patent/CN116208505A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Supply And Distribution Of Alternating Current (AREA)

Abstract

The invention provides a network security behavior model of an electric power infrastructure, which comprises an electric power entity model and an electric power network behavior model; the electric power physical domain entity model is used for simulating the topological relation and the electric power function of the electric transmission line in the area, and the electric power information domain entity model is used for simulating the network characteristic and the electric power dispatching function of the electric power information regulation and control facility; the power network action model comprises a power network safety behavior model, and is used for evaluating the influence of network safety behavior on the power entity model, detecting, protecting and repairing the power entity model, and guaranteeing that the established power infrastructure network safety behavior model has higher reusability.

Description

Electric power infrastructure network security behavior model
Technical Field
The invention relates to the field of network security, in particular to a network security behavior model of an electric power infrastructure.
Background
The electric power infrastructure is based on an electric power CPS (Cyber-physical System), is formed by fusing an electric power physical domain and an electric power information domain, is compatible with electric technologies such as intelligent power distribution, renewable energy grid connection, intelligent power grid restoration and the like, and the electric power information domain is the most main target of network safety protection action, and is a network safety action generated in the electric power information domain, so that a larger-scale networking effect of a power grid system and even other combat domains can be caused. Network security actions refer to personal (collective) actions such as malicious (accidental) destruction, modification, leakage, protection, etc. of hardware, software and data in the network system, including network intrusion actions, network protection actions, etc.
At present, an electric power network safety behavior model generally builds an electric power network safety behavior policy optimization problem through a complex network theory, or builds a network protection policy under the fault type of an expected power grid system by adopting a petri network modeling method.
However, the electric power network security behavior model has strong pertinence to the existing entity domain, has weak reusability, and lacks a network security behavior model constructed from the aspect of system modeling.
Disclosure of Invention
The invention solves the problem of how to build a power network safety behavior model with strong reusability.
In order to solve the problems, the invention provides a network security behavior model of an electric power infrastructure, which comprises an electric power entity model and an electric power network action model;
the electric power physical domain entity model is used for simulating the topological relation and the electric power function of the electric transmission line in the area, and the electric power information domain entity model is used for simulating the network characteristic and the electric power dispatching function of the electric power information regulation and control facility;
the power network action model comprises a power network safety behavior model which is used for evaluating the influence of network safety behavior on the power entity model and detecting, protecting and repairing the power entity model.
Optionally, the electric power physical domain entity model includes a power station node model, a substation node model, a distribution substation node model, and a load center model.
Optionally, the power information domain entity model includes a power plant monitoring model, a substation monitoring model, and a power dispatching center model.
Optionally, the information in the power station node model, the substation node model, the distribution substation node model, and the load center model includes a node name, a unit number, a node number, an administrative region to which the power station belongs, a power grid region to which the power station belongs, a heterogeneous node name, a repair time, a voltage, a power, a node state, a node type, an equipment type, and a position coordinate.
Optionally, the information in the power station monitoring model, the substation monitoring model and the power dispatching center model includes node names, unit numbers, node numbers, heterogeneous nodes, repair time, defense modes, node states, node types, positions, administrative areas, power grid areas, controlled enemy units, initial controllers and visible parties.
Optionally, the power network security behavior model comprises a virus attack model, a malicious code attack model, an intrusion detection model and a power network repair model;
the virus attack model is used for simulating the influence of virus attack on the electric power entity model;
the malicious code attack model is used for simulating the influence of malicious code attack on the electric power entity model;
the intrusion detection model is used for simulating the influence of network attack on the electric power entity model;
the power grid repair model is used for simulating the overall repair behavior of the damaged power entity model.
Optionally, the virus attack model is constructed by a virus attack simulation method, and the virus attack simulation method comprises the following steps:
determining whether the virus attack of the source node of the power information domain is successful or not through a network attack and defense dynamic game algorithm according to a source node, a target node, a virus propagation hop count and a virus attack intensity array of the virus attack, wherein the network attack and defense dynamic game algorithm comprises an external exposure probability judgment and a comprehensive defense intensity judgment, and when the external exposure probability is larger than an exposure threshold, the target node is in an external visible state; when the attack intensity is greater than the comprehensive defense intensity, judging that the virus attack is successful; when the attack intensity is smaller than or equal to the comprehensive defense intensity, judging that the virus attack fails;
when judging that the virus attack is successful, changing the electrical attribute of the electric power physical domain entity model controlled by the electric power information domain entity model, downtime of the electric power information domain entity, and setting the power of the electric power information domain entity control node to zero;
traversing the power information domain entity directly related to the information of the virus attack power information domain entity, and returning to the step of determining whether the power information domain source node virus attack is successful or not through the network attack and defense dynamic game algorithm;
judging whether the virus transmission hop count reaches the maximum transmission hop count or not;
and if the maximum propagation hop count is not reached, returning to the step of changing the electrical attribute of the power physical domain entity model controlled by the power information domain entity model, downtime of the power information domain entity and setting the power of the power information domain entity control node to zero until the maximum propagation hop count is reached.
Optionally, the malicious code attack model is constructed by a malicious code attack method, the malicious code attack method comprising:
at a first moment, traversing information network characteristics of nodes of a power information domain entity model in an attack path of malicious codes, and judging whether the power information domain entity model is attacked by the malicious codes;
if the power grid system is attacked by the malicious codes, updating the attacked power grid system topology and electrical parameters;
at a second moment, checking whether a communication link of a physical model of a local electric power physical domain is attacked by the malicious code;
if the power grid system is attacked by the malicious codes, updating the attacked power grid system topology and electrical parameters;
at a third moment, determining whether a path from an attacked node to a next attacked node of the electric power information domain entity model is normal or not according to the attack path;
if not, updating the topology and electrical parameters of the attacked power grid system;
at a fourth moment, checking whether a first path from an attack entity to a power dispatching center, which needs to be subjected to power flow adjustment and electric local monitoring, is normal or not;
at a fifth moment, checking whether the information paths from the attack power information domain entity model and the power dispatching center entity are normal;
if the first path and the information path are normal, cutting off a corresponding load or a backup circuit;
and traversing the fault conditions of all links, and calculating the proportion of the maximum connected node clusters remained after fault propagation.
Optionally, the intrusion detection model is constructed by an intrusion detection method, the intrusion detection method comprising:
according to the virus attack simulation method, the invasion condition of the virus is detected through the preset detection time.
Optionally, the power grid repair model is constructed by a power grid repair method, the power grid repair method comprising:
judging the repairing condition of the nodes in the electric power entity model to be repaired;
judging whether a preset physical domain entity repairing condition is met when the node is an electric power physical domain entity, and starting repairing when the electric power physical domain entity node meets the physical domain entity repairing condition, wherein the preset physical domain entity repairing condition comprises that the node is in a fault state, the repairing probability is larger than the preset probability, and at least one normal electric line exists in the node;
when the node is an electric power information domain entity, searching a heterogeneous node of the node, judging whether the heterogeneous node is down, if so, judging whether the heterogeneous node meets the physical domain entity restoration condition, and if so, starting to restore the heterogeneous node;
and when the repairing of all the nodes associated with the power information domain entity is completed, ending the power repairing action.
Compared with the prior art, the method and the device have the advantages that the physical entity of the electrical facility is depicted by establishing the physical domain entity model; establishing an information domain entity model, and describing electric control rules and information scheduling characteristics of the electric facilities, so as to ensure that the model of the electric facilities is established from the aspect of system modeling; and based on the power network action model, the network security behavior simulation is carried out on the established entity model, the influence of the network security behavior on the entity model is simulated, and then the detection, the protection and the restoration are carried out according to the influence condition, so that the power information transmission influence rule and effect are ensured, the simulation of the power network behavior technical layer is constructed, and the model is ensured to have higher reusability.
Drawings
FIG. 1 is a system block diagram of a power infrastructure network security behavior model of an embodiment of the invention;
FIG. 2 is a flow chart of a virus attack model of a power infrastructure network security behavior model according to an embodiment of the present invention;
FIG. 3 is a flow chart of a malicious code attack model of a power infrastructure network security behavior model according to an embodiment of the invention;
FIG. 4 is a flow chart of an intrusion detection model of a power infrastructure network security behavior model according to an embodiment of the invention;
fig. 5 is a flowchart of a power grid repair model of a power infrastructure network security behavior model according to an embodiment of the invention.
Detailed Description
In order that the above objects, features and advantages of the invention will be readily understood, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. While the invention is susceptible of embodiment in the drawings, it is to be understood that the invention may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided to provide a more thorough and complete understanding of the invention. It should be understood that the drawings and embodiments of the invention are for illustration purposes only and are not intended to limit the scope of the present invention.
It should be understood that the various steps recited in the method embodiments of the present invention may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the invention is not limited in this respect.
The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments"; the term "optionally" means "alternative embodiments". Related definitions of other terms will be given in the description below. It should be noted that the terms "first," "second," and the like herein are merely used for distinguishing between different devices, modules, or units and not for limiting the order or interdependence of the functions performed by such devices, modules, or units.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those skilled in the art will appreciate that "one or more" is intended to be construed as "one or more" unless the context clearly indicates otherwise.
As shown in fig. 1, an embodiment of the present invention provides a power infrastructure network security behavior model, including a power entity model and a power network behavior model;
the electric power physical domain entity model is used for simulating the topological relation and the electric power function of the electric transmission line in the area, and the electric power information domain entity model is used for simulating the network characteristic and the electric power dispatching function of the electric power information regulation and control facility;
the power network action model comprises a power network safety behavior model which is used for evaluating the influence of network safety behavior on the power entity model and detecting, protecting and repairing the power entity model.
The invention aims to design a power network security protection action model for large-scale key infrastructure network security deduction. The model overcomes the defect of weak model reusability and expandability in the technical field of electric power profession, and from the perspective of system modeling, the EBNI modeling framework is referenced, and from the basis of the rule and effect of network security game on electric power information transmission, the professional models of the existing electric power infrastructure, electric power network security and the like are aggregated and improved, and the models of an electric power entity, an electric power network monitoring entity and the like for bearing electric power network security service are mainly constructed; and constructing the technical layer simulation of the power network action equipment from the aspect of reflecting the safety action effect of the power network.
The electric power infrastructure network security behavior model is different from the electric power and network technology layer model, and mainly analyzes and extracts the electric power information transmission influence rules and influence effect models in the scenes of virus attack, malicious code attack and the like from the system modeling perspective, and mainly supports electric power network security protection effect simulation and research, and increases and researches the influence of electric power infrastructure network security attack and defense on traffic, economy and the like from the security perspective.
Optionally, the electric power physical domain entity model includes a power station node model, a substation node model, a distribution substation node model, and a load center model.
Optionally, the power information domain entity model includes a power plant monitoring model, a substation monitoring model, and a power dispatching center model.
Specifically, the physical domain entity model of the electric power simulates the topological relationship and the electric power function of electric facilities and transmission lines for regional electric energy generation, transmission, distribution and use. In order to support the deduction requirements of prototype systems with multiple resolutions and different scales, the electric power physical domain entity is divided into four entity models of a power station, a transformer substation, a power distribution station and various loads. The model is different from an electric power technology model, and only describes the key attribute dynamic evolution rule of the electric facility influenced by the network safety protection action. The power information domain entity simulates the network characteristics and power scheduling functions of the power information regulating facility. According to the effect of network security actions on the propagation of power dispatching information, the power information domain entity is divided into a local power monitoring model and a power dispatching center model, and the electric control rules and information dispatching characteristics of regional power grids and local electric facilities are described in an important mode. The local power monitoring entity model comprises a power station monitoring model, a transformer substation monitoring model, a power distribution monitoring model and the like. The local monitoring entity is in geographic coincidence with the corresponding local electric facility, so that the electric attribute monitoring and scheduling function of the local electric facility is realized. The power dispatching center entity simulates comprehensive power dispatching and emergency control rules of different levels of power dispatching centers, and comprises the following steps: large area and regional etc. power dispatching center entities.
The electric power infrastructure network safety behavior model provided by the embodiment can support the large-scale combined network safety command deduction demand, can also independently support electric power infrastructure network safety protection deduction, and improves the combined command capability for electric power network safety protection.
Optionally, the information in the power station node model, the substation node model, the distribution substation node model, and the load center model includes a node name, a unit number, a node number, an administrative region to which the power station belongs, a power grid region to which the power station belongs, a heterogeneous node name, a repair time, a voltage, a power, a node state, a node type, an equipment type, and a position coordinate.
Specifically, the power station node model simulates electric energy generation and electric properties of various power station entities in different areas, including entities such as a nuclear power station, a hydropower station, a thermal power station and a wind power station, supports the development of other types of power station entities, and the main parameter list of the power station node model is shown in the following table:
Figure BDA0004017421620000071
Figure BDA0004017421620000081
specifically, the substation node model simulates the boost (buck) voltage and electrical performance of various voltage class substations in an area. With high voltage as the physical voltage attribute, different voltage class transformer station models are divided, and the transformer stations with different voltage classes bear different range electric energy conversion functions, for example: the ultra-high voltage transformer substation is responsible for the regional power conversion tasks above the city, the medium-high voltage transformer substation is responsible for the regional power conversion tasks of the city, county and community, and the main parameters of the transformer substation node model are shown in the following table:
Figure BDA0004017421620000082
Figure BDA0004017421620000091
in particular, the substation endpoint model simulates the power distribution functions of a county (community) low voltage substation in each region, including county (community) low voltage substation entities. The entity describes distribution attributes and functions of county (community) electric energy to various electric loads, and main parameters of a distribution station node model are shown in the following table:
Figure BDA0004017421620000092
Figure BDA0004017421620000101
specifically, the load center model simulates the power attributes of power consumption center nodes in counties (communities), including: if the model fails, the power consumption load convergence points of industry, business, residents and the like generate power faults with a plurality of power consumption facilities with power supply relation, and the main parameters of the load center model are as follows:
Figure BDA0004017421620000102
Figure BDA0004017421620000111
optionally, the information in the power station monitoring model, the substation monitoring model and the power dispatching center model includes node names, unit numbers, node numbers, heterogeneous nodes, repair time, defense modes, node states, node types, positions, administrative areas, power grid areas, controlled enemy units, initial controllers and visible parties.
Specifically, the power plant monitoring model simulates the power generation power and excitation control performance in the local normal monitoring or controllable overrun range of the power plant, and comprises the following steps: hydropower station monitoring entities, thermal power station monitoring entities and the like support expansion of monitoring of other types of power stations, network protection of power station monitoring and scheduling repair actions on the power stations are simulated, and main parameters of a power station monitoring model are shown in the following table:
Figure BDA0004017421620000112
Figure BDA0004017421620000121
specifically, the substation monitoring model simulates a computer to monitor and execute the normal state of local rising (falling) voltage or the excitation voltage and active power control performance within the controllable overrun range. Comprising the following steps: the main parameters of the transformer substation monitoring entity with different voltage levels are shown in the following table:
Figure BDA0004017421620000122
Figure BDA0004017421620000131
specifically, the power dispatching center model and the local monitoring model establish network association, execute power dispatching actions such as power network electric energy balance dispatching, power network fault repairing and the like, and have relevant services of network defense and network repairing. Comprising the following steps: large area and regional dispatch center models, etc., and the main parameters of the power dispatch center model are shown in the following table:
Figure BDA0004017421620000132
Figure BDA0004017421620000141
optionally, the power network security behavior model comprises a virus attack model, a malicious code attack model, an intrusion detection model and a power network repair model;
the virus attack model is used for simulating the influence of virus attack on the electric power entity model;
the malicious code attack model is used for simulating the influence of malicious code attack on the electric power entity model;
the intrusion detection model is used for simulating the influence of network attack on the electric power entity model;
the power grid repair model is used for simulating the overall repair behavior of the damaged power entity model.
Optionally, as shown in fig. 2, the virus attack model is constructed by a virus attack simulation method, and the virus attack simulation method includes:
determining whether the virus attack of the source node of the power information domain is successful or not through a network attack and defense dynamic game algorithm according to a source node, a target node, a virus propagation hop count and a virus attack intensity array of the virus attack, wherein the network attack and defense dynamic game algorithm comprises an external exposure probability judgment and a comprehensive defense intensity judgment, and when the external exposure probability is larger than an exposure threshold, the target node is in an external visible state; when the attack intensity is greater than the comprehensive defense intensity, judging that the virus attack is successful; when the attack intensity is smaller than or equal to the comprehensive defense intensity, judging that the virus attack fails;
when judging that the virus attack is successful, changing the electrical attribute of the electric power physical domain entity model controlled by the electric power information domain entity model, downtime of the electric power information domain entity, and setting the power of the electric power information domain entity control node to zero;
traversing the power information domain entity directly related to the information of the virus attack power information domain entity, and returning to the step of determining whether the power information domain source node virus attack is successful or not through the network attack and defense dynamic game algorithm;
judging whether the virus transmission hop count reaches the maximum transmission hop count or not;
and if the maximum propagation hop count is not reached, returning to the step of changing the electrical attribute of the power physical domain entity model controlled by the power information domain entity model, downtime of the power information domain entity and setting the power of the power information domain entity control node to zero until the maximum propagation hop count is reached.
Specifically, network virus attack behaviors aiming at the power information domain entity are to realize network monitoring and authority stealing of a power data dispatching network by utilizing modes such as phishing mail, USB flash disk transmission and the like, and misoperation of the power information domain and large-scale cascading failure of a regional power grid system are caused by destroying availability and authenticity of power dispatching information. The model mainly simulates a cross-domain influence rule of network virus attack on power dispatching behaviors under given network defense resource allocation.
In one embodiment, parameters such as a source node, a target node, a number of hops for virus propagation, an array of intensity of virus attack, and the like are set. And judging whether the virus attack of the source node of the power information domain is successful or not by adopting a network attack and defense dynamic game algorithm at the beginning time of the virus attack initiating action. If the target node external exposure probability is greater than the exposure threshold, the target node is exposed in an external visible state; if the attack intensity is greater than the comprehensive defense intensity, the virus successfully attacks the power information domain entity; if the attack intensity is not greater than the comprehensive defense intensity, the electric power information domain entity network defense facility successfully defends against virus attack.
When the virus succeeds, the electric property of the electric power physical domain entity controlled by the electric power information domain entity is changed, the electric power information domain entity is down, and the node power controlled by the electric power information domain entity is set to zero.
Traversing the power information domain entity directly related to the information of the power information domain entity of the virus attack, and returning to the step of judging whether the virus attack of the power information domain source node succeeds or not by adopting a network attack and defense dynamic game algorithm at the beginning time of the virus attack initiating action.
Judging whether the virus transmission hop count reaches the maximum transmission hop count, and returning to the step of changing the electrical attribute of the power physical domain entity controlled by the power information domain entity when the virus transmission hop count does not reach the maximum transmission hop count.
When the maximum number of propagation hops is reached, the virus attack action ends.
The main parameters of the virus attack model are shown in the following table:
Figure BDA0004017421620000161
optionally, as shown in fig. 3, the malicious code attack model is constructed by a malicious code attack method, and the malicious code attack method includes:
at a first moment, traversing information network characteristics of nodes of a power information domain entity model in an attack path of malicious codes, and judging whether the power information domain entity model is attacked by the malicious codes;
if the power grid system is attacked by the malicious codes, updating the attacked power grid system topology and electrical parameters;
at a second moment, checking whether a communication link of a physical model of a local electric power physical domain is attacked by the malicious code;
if the power grid system is attacked by the malicious codes, updating the attacked power grid system topology and electrical parameters;
at a third moment, determining whether a path from an attacked node to a next attacked node of the electric power information domain entity model is normal or not according to the attack path;
if not, updating the topology and electrical parameters of the attacked power grid system;
at a fourth moment, checking whether a first path from an attack entity to a power dispatching center, which needs to be subjected to power flow adjustment and electric local monitoring, is normal or not;
at a fifth moment, checking whether the information paths from the attack power information domain entity model and the power dispatching center entity are normal;
if the first path and the information path are normal, cutting off a corresponding load or a backup circuit;
and traversing the fault conditions of all links, and calculating the proportion of the maximum connected node clusters remained after fault propagation.
Specifically, the malicious code attack on the power information domain causes malicious regulation and misoperation of the power information domain entity to the power grid system by a network intrusion and network monitoring mode, and causes local or even large-range faults of the power grid. The method mainly simulates multipoint cooperative malicious codes to attack the power information domain entity, so that malicious and fault operation of power dispatching is caused, and local and even large-scale paralysis of a power grid system is caused.
In an embodiment, traversing information network characteristics of power information domain nodes in a malicious code attack path at a first moment, namely an initial moment, and judging whether a power information domain entity is attacked by malicious code; if the malicious code attack of the power information domain node is successful and the original communication link is normal, updating the topology and the electrical parameters of the power grid system; if the malicious code attack of the power information domain node fails and the original communication link is abnormal, updating the topology and the electrical parameters of the power grid system;
at a second moment, checking whether a communication link (such as a local low-voltage distribution monitoring circuit switch) of the local power physical domain entity is normal; if the original communication link is abnormal, updating the topology and electrical parameters of the power grid system; if the original communication link is normal, updating the topology and electrical parameters of the power grid system;
at a third moment, checking whether the current attack power information domain node is normal to the next attack power information domain node by adopting a network attack path; if the communication link is normal and the original communication link is abnormal, updating the topology and the electrical parameters of the power grid system; if not, and the original communication link is normal, updating the topology and the electrical parameters of the power grid system;
at a fourth moment, checking whether a path from an attack entity to a power dispatching center, which needs to be subjected to power flow adjustment and electric local monitoring, is normal or not; fifthly, checking whether the information paths of the attacking power information domain entity and the power dispatching center entity are normal or not; if both are normal, cutting off the corresponding load or the backup circuit; and if at least one of the load shedding operations is abnormal, not performing the load shedding operation.
And traversing all links by the method to judge whether the fault exists, and calculating the proportion of the maximum connected node cluster remained after the fault is propagated as a result of malicious code attack simulation.
The main parameters of the malicious code attack model are shown in the following table:
Figure BDA0004017421620000181
optionally, as shown in fig. 4, the intrusion detection model is constructed by an intrusion detection method, and the intrusion detection method includes:
according to the virus attack simulation method, the invasion condition of the virus is detected through the preset detection time.
Specifically, the intrusion detection model simulates that the electric power information domain entity is attacked by the network, adopts intrusion detection behaviors to carry out network protection, and comprises specified time execution and automatic execution according to different intrusion detection modes.
The main parameters of the intrusion detection model are shown in the following table:
Figure BDA0004017421620000191
optionally, as shown in fig. 5, the power grid repair model is constructed by a power grid repair method, the power grid repair method comprising:
judging the repairing condition of the nodes in the electric power entity model to be repaired;
judging whether a preset physical domain entity repairing condition is met when the node is an electric power physical domain entity, and starting repairing when the electric power physical domain entity node meets the physical domain entity repairing condition, wherein the preset physical domain entity repairing condition comprises that the node is in a fault state, the repairing probability is larger than the preset probability, and at least one normal electric line exists in the node;
when the node is an electric power information domain entity, searching a heterogeneous node of the node, judging whether the heterogeneous node is down, if so, judging whether the heterogeneous node meets the physical domain entity restoration condition, and if so, starting to restore the heterogeneous node;
and when the repairing of all the nodes associated with the power information domain entity is completed, ending the power repairing action.
Specifically, the power grid repair model simulates the overall repair behavior of regional power grid damage, and the power information domain performs power grid recovery regulation and control before the power information domain repair, so that the behavior strategy and process simulation of power grid system fault repair recovery under power information domain scheduling such as overload load shedding, relay protection, low-frequency generator set switching and the like are supported; and the simulation and verification of the power physical domain restoration optimization strategy of black start, power grid reconstruction, load restoration and the like are supported.
In one embodiment, when the network repair action start time is reached, performing repair condition judgment on the power information domain (physical domain) node to be repaired;
if the node is an entity of the power physical domain, the judging standard comprises: the node to be repaired is in a fault state at present; the repair probability satisfies the strength with which the node can be repaired; at least one outgoing line of the repair node is normal; i.e., the repair probability satisfies the strength with which the node can be repaired. After the judging condition is met, changing the node state into a repairing state, traversing all node outlet lists of the nodes, and if the nodes are physical domain nodes, directly repairing; if the node is the information domain node, searching whether the state of the heterogeneous node physical domain node of the information domain machine node is normal, repairing the heterogeneous physical domain node if the heterogeneous node is down, and if the repairing probability of the information domain node is met and the state of the heterogeneous node is normal, the information domain node repairing condition is met, and the information domain node is successfully repaired.
And if the repair of all the associated information domain nodes and the heterogeneous nodes is completed, ending the power repair action.
The main parameters of the power grid repair model are shown in the following table:
Figure BDA0004017421620000201
an electronic device provided in another embodiment of the present invention includes a memory and a processor; the memory is used for storing a computer program; the processor is configured to implement the power infrastructure network security behavior model as described above when executing the computer program.
A further embodiment of the invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a power infrastructure network security behavior model as described above.
An electronic device that can be a server or a client of the present invention will now be described, which is an example of a hardware device that can be applied to aspects of the present invention. Electronic devices are intended to represent various forms of digital electronic computer devices, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other suitable computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
The electronic device includes a computing unit that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) or a computer program loaded from a storage unit into a Random Access Memory (RAM). In the RAM, various programs and data required for the operation of the device may also be stored. The computing unit, ROM and RAM are connected to each other by a bus. An input/output (I/O) interface is also connected to the bus.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (RandomAccessMemory, RAM), or the like. In this application, the units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention. In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
Although the present disclosure is described above, the scope of protection of the present disclosure is not limited thereto. Various changes and modifications may be made by one skilled in the art without departing from the spirit and scope of the disclosure, and these changes and modifications will fall within the scope of the invention.

Claims (10)

1. A power infrastructure network security behavior model, comprising a power entity model and a power network behavior model;
the electric power physical domain entity model is used for simulating the topological relation and the electric power function of the electric transmission line in the area, and the electric power information domain entity model is used for simulating the network characteristic and the electric power dispatching function of the electric power information regulation and control facility;
the power network action model comprises a power network safety behavior model which is used for evaluating the influence of network safety behavior on the power entity model and detecting, protecting and repairing the power entity model.
2. The power infrastructure network security behavior model of claim 1, wherein the power physical domain entity model comprises a power plant node model, a substation node model, a distribution substation node model, and a load center model.
3. The power infrastructure network security behavior model of claim 1, wherein the power information domain entity model comprises a power plant monitoring model, a substation monitoring model, and a power dispatching center model.
4. The power infrastructure network security behavior model of claim 2, wherein the information in the power plant node model, the substation node model, and the load center model includes node names, unit numbers, node numbers, administrative areas to which the power grid belongs, heterogeneous node names, repair times, voltages, power, node status, node types, device types, and location coordinates.
5. A power infrastructure network security behavior model according to claim 3, characterized in that the information in the power plant monitoring model, the substation monitoring model and the power dispatching center model comprises node name, unit number, node number, heterogeneous node, repair time, defense mode, node status, node type, location, administrative area, grid area, controlled enemy unit, initial controlled, visible party.
6. The power infrastructure network security behavior model of claim 1, wherein the power network security behavior model comprises a virus attack model, a malicious code attack model, an intrusion detection model, and a power network repair model;
the virus attack model is used for simulating the influence of virus attack on the electric power entity model;
the malicious code attack model is used for simulating the influence of malicious code attack on the electric power entity model;
the intrusion detection model is used for simulating the influence of network attack on the electric power entity model;
the power grid repair model is used for simulating the overall repair behavior of the damaged power entity model.
7. The power infrastructure network security behavior model of claim 6, wherein the virus attack model is constructed by a virus attack simulation method comprising:
determining whether the virus attack of the source node of the power information domain is successful or not through a network attack and defense dynamic game algorithm according to a source node, a target node, a virus propagation hop count and a virus attack intensity array of the virus attack, wherein the network attack and defense dynamic game algorithm comprises an external exposure probability judgment and a comprehensive defense intensity judgment, and when the external exposure probability is larger than an exposure threshold, the target node is in an external visible state; when the attack intensity is greater than the comprehensive defense intensity, judging that the virus attack is successful; when the attack intensity is smaller than or equal to the comprehensive defense intensity, judging that the virus attack fails;
when judging that the virus attack is successful, changing the electrical attribute of the electric power physical domain entity model controlled by the electric power information domain entity model, downtime of the electric power information domain entity, and setting the power of the electric power information domain entity control node to zero;
traversing the power information domain entity directly related to the information of the virus attack power information domain entity, and returning to the step of determining whether the power information domain source node virus attack is successful or not through the network attack and defense dynamic game algorithm;
judging whether the virus transmission hop count reaches the maximum transmission hop count or not;
and if the maximum propagation hop count is not reached, returning to the step of changing the electrical attribute of the power physical domain entity model controlled by the power information domain entity model, downtime of the power information domain entity and setting the power of the power information domain entity control node to zero until the maximum propagation hop count is reached.
8. The power infrastructure network security behavior model of claim 6, wherein the malicious code attack model is constructed from a malicious code attack method comprising:
at a first moment, traversing information network characteristics of nodes of a power information domain entity model in an attack path of malicious codes, and judging whether the power information domain entity model is attacked by the malicious codes;
if the power grid system is attacked by the malicious codes, updating the attacked power grid system topology and electrical parameters;
at a second moment, checking whether a communication link of a physical model of a local electric power physical domain is attacked by the malicious code;
if the power grid system is attacked by the malicious codes, updating the attacked power grid system topology and electrical parameters;
at a third moment, determining whether a path from an attacked node to a next attacked node of the electric power information domain entity model is normal or not according to the attack path;
if not, updating the topology and electrical parameters of the attacked power grid system;
at a fourth moment, checking whether a first path from an attack entity to a power dispatching center, which needs to be subjected to power flow adjustment and electric local monitoring, is normal or not;
at a fifth moment, checking whether the information paths from the attack power information domain entity model and the power dispatching center entity are normal;
if the first path and the information path are normal, cutting off a corresponding load or a backup circuit;
and traversing the fault conditions of all links, and calculating the proportion of the maximum connected node clusters remained after fault propagation.
9. The power infrastructure network security behavior model of claim 6, wherein the intrusion detection model is constructed from an intrusion detection method comprising:
according to the virus attack simulation method, the invasion condition of the virus is detected through the preset detection time.
10. The power infrastructure network security behavior model of claim 6, wherein the power grid repair model is constructed from a power grid repair method comprising:
judging the repairing condition of the nodes in the electric power entity model to be repaired;
judging whether a preset physical domain entity repairing condition is met when the node is an electric power physical domain entity, and starting repairing when the electric power physical domain entity node meets the physical domain entity repairing condition, wherein the preset physical domain entity repairing condition comprises that the node is in a fault state, the repairing probability is larger than the preset probability, and at least one normal electric line exists in the node;
when the node is an electric power information domain entity, searching a heterogeneous node of the node, judging whether the heterogeneous node is down, if so, judging whether the heterogeneous node meets the physical domain entity restoration condition, and if so, starting to restore the heterogeneous node;
and when the repairing of all the nodes associated with the power information domain entity is completed, ending the power repairing action.
CN202211677123.XA 2022-12-26 2022-12-26 Electric power infrastructure network security behavior model Pending CN116208505A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211677123.XA CN116208505A (en) 2022-12-26 2022-12-26 Electric power infrastructure network security behavior model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211677123.XA CN116208505A (en) 2022-12-26 2022-12-26 Electric power infrastructure network security behavior model

Publications (1)

Publication Number Publication Date
CN116208505A true CN116208505A (en) 2023-06-02

Family

ID=86512061

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211677123.XA Pending CN116208505A (en) 2022-12-26 2022-12-26 Electric power infrastructure network security behavior model

Country Status (1)

Country Link
CN (1) CN116208505A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116599762A (en) * 2023-06-25 2023-08-15 北京五一嘉峪科技有限公司 Distributed denial of service attack and defense exercise system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116599762A (en) * 2023-06-25 2023-08-15 北京五一嘉峪科技有限公司 Distributed denial of service attack and defense exercise system and method

Similar Documents

Publication Publication Date Title
Mishra et al. Microgrid resilience: A holistic approach for assessing threats, identifying vulnerabilities, and designing corresponding mitigation strategies
Gholami et al. Toward a consensus on the definition and taxonomy of power system resilience
Cai et al. Cascading failure analysis considering interaction between power grids and communication networks
Lin et al. A review of key strategies in realizing power system resilience
Dehghanian et al. Quantifying power system resiliency improvement using network reconfiguration
Huang et al. Balancing system survivability and cost of smart grid via modeling cascading failures
Thakar et al. System reconfiguration in microgrids
Kundur et al. Towards modelling the impact of cyber attacks on a smart grid
Zeng et al. Dependability analysis of control center networks in smart grid using stochastic petri nets
Beccuti et al. Quantification of dependencies between electrical and information infrastructures
Chiaradonna et al. Definition, implementation and application of a model-based framework for analyzing interdependencies in electric power systems
Paul et al. On vulnerability and resilience of cyber-physical power systems: A review
Pepyne et al. Vulnerability assessment and allocation of protection resources in power systems
Isazadeh et al. New intelligent controlled islanding scheme in large interconnected power systems
Huang et al. Service restoration of distribution systems under distributed generation scenarios
Akaber et al. CASeS: concurrent contingency analysis-based security metric deployment for the smart grid
Li et al. Analysis of frequency emergency control characteristics of UHV AC/DC large receiving end power grid
Shipman et al. Con-resistant trust for improved reliability in a smart-grid special protection system
Ghasemi et al. A stochastic planning model for improving resilience of distribution system considering master-slave distributed generators and network reconfiguration
Xu et al. Risk‐averse multi‐objective generation dispatch considering transient stability under load model uncertainty
CN116208505A (en) Electric power infrastructure network security behavior model
WO2020238418A1 (en) Inter-domain data interaction method and apparatus
Salehpour et al. Modeling cascading failures in coupled smart grid networks
Sandhya et al. PN inference based autonomous sequential restoration of distribution system under natural disaster
Li et al. Power Grid‐Oriented Cascading Failure Vulnerability Identifying Method Based on Wireless Sensors

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination