电力工控系统高隐身虚假遥控指令注入攻击检测OA北大核心CSTPCD
Detection of High-stealth False Remote Control Command Injection Attacks on Power Industrial Control Systems
随着新型电力系统中信息域与物理域耦合程度的加深和网络攻击技术的快速发展,电力工控系统正面临定制化网络攻击威胁,其中,高隐身虚假遥控指令注入(HFCI)攻击已成为破坏能力最强的网络攻击类型之一.文中提出一种电力工控系统HFCI攻击检测方法.首先,利用优化卷积神经网络模型对IEC 60870-5-104协议业务流量进行浅应用层HFCI检测并过滤异常报文;然后,通过HFCI厂站级指令威胁度评估模块和HFCI系统级指令风险判断模块,对深应用层的HFCI攻击指令进行检测;最后,通过IEEE 30节点仿真系统,验证了所提HFCI攻击检测方法的准确性和泛化能力.
With the deepening of the coupling between information domain and physical domain in new power system and the rapid development of cyber attack technology,power industrial control systems are facing the threat of customized cyber attack,among which high-stealth false remote control command injection(HFCI)attacks have become one of the most destructive cyber attack types.This paper presents a HFCI attack detection method for power industrial control system.First,the optimized convolutional neural network model is used to detect HFCI and filter abnormal packets at the shallow application layer for IEC 60870-5-104 protocol business traffic.Then,HFCI attack commands at deep application layer are detected through the factory-level command threat assessment module and the system-level command risk judgment module.Finally,the IEEE 30-bus simulation system verifies the accuracy and generalization ability of the proposed HFCI attack detection method.
张博;宋宇飞;郑豪丰;刘绚;王文博
湖南大学电气与信息工程学院,湖南省长沙市 410082
电力工控系统IEC60870-5-104协议业务流量高隐身虚假遥控指令注入攻击攻击检测
power industrial control systemIEC 60870-5-104 protocolbusiness traffichigh-stealth false remote control command injection(HFCI)attackattack detection
《电力系统自动化》 2024 (017)
97-108 / 12
国家自然科学基金资助项目(51777062). This work is supported by the National Natural Science Foundation of China(No.51777062).
评论