摘要
电力信息物理系统的主动异常检测能够弥补传统以隔离为主的防御手段的不足,实现对突破安全边界的攻击行为的检测。针对仅依靠信息侧通信特征的传统检测方法存在的高误报率及漏报率,文章计及电力系统状态对通信网络流量的影响,从信息-物理联合角度提出一种异常流量检测方法。该方法先通过数据驱动的通信行为特征异常检测方法实现异常流量初筛,同时提取异常流量对应物理侧特征,通过一种基于双侧特征的异常溯源方法区分故障流和攻击流,从而实现对攻击行为的准确检测。基于电力信息物理联合仿真平台实验构造了实验数据集,验证了所提方法能够在保证较高的攻击检测准确率的同时大幅降低误报率。
The active anomaly detection of the cyber physical power system(CPPS) realizes the detection of cyberattacks that have breached the security boundary,making up for the shortcomings of the traditional isolation-based defense methods.The traditional detection based only on the communication characteristics usually has a high false alarm rate and a high false missing report rate.To address this defect,this paper proposes a method of abnormal traffic detection from the perspective of cyber-physical combination,considering the influence of the power system state on the communication network traffic.Firstly,a data-driven anomaly detection based on the communication behavior characteristics is proposed to realize the preliminary screening of the abnormal traffics.At the same time,the corresponding physical characteristics of the abnormal traffics are extracted.Then the cyberattack flows are distinguished from the abnormal flows through an abnormal source tracing method based on the bilateral characteristics,thereby realizing the accurate detection of the cyberattacks.The experimental data set is constructed based on the co-simulation platform of the CPPS,and it is verified that the proposed method can greatly reduce the rate of false positives while ensuring a high detection accuracy against cyberattacks.
作者
陈家琪
王琦
汤奕
摆世彬
CHEN Jiaqi;WANG Qi;TANG Yi;BAI Shibin(School of Electrical Engineering,Southeast University,Nanjing 210096,Jiangsu Province,China;State Grid Ningxia Electric Power Co.,Ltd.,Yinchuan 750001,Ningxia Hui Autonomous Region,China)
出处
《电网技术》
EI
CSCD
北大核心
2022年第6期2339-2347,共9页
Power System Technology
基金
国家电网有限公司总部科技项目(电网安全稳定控制系统遭受信网恶意攻击风险分析及对策研究,5100-202040440A-0-0-00)。
关键词
电力信息物理系统
网络攻击
异常检测
cyber physical power system
cyberattacks
anomaly detection
