电测与仪表2025,Vol.62Issue(10):1-12,12.DOI:10.19753/j.issn1001-1390.2025.10.001
结合时延特征与安全评估的电力工控系统攻击溯源方法
Tracing method based on delay feature and security assessment for cyber-attack in power industrial control system
摘要
Abstract
The existing cyber-attack tracing methods mainly focus on the Internet and are not suitable for power in-dustrial control system(PICS)due to its high real-time requirements and special communication protocols.In PICS,the end-to-end delays between the nodes are consistent,and most of the terminals are embedded terminals with limited resources and a single business.Therefore,a tracing method based on delay feature and security as-sessment for cyber-attack is proposed in this paper.A delay feature library is built according to the delay features of messages,which can be matched with the delay feature of the attack message to obtain the suspicious terminals.The security assessment of suspicious terminals is performed by assessment indicators to locate the attack source.Experiments and analysis show that the proposed method can traceback in non-internat protocoal(IP)network,and the impact on the performance of terminals in PICS is within acceptable limits.Compared with existing fine-grained tracing methods,the proposed method is relatively easy to deploy.关键词
电力工控系统/网络攻击溯源/时延特征/终端安全评估/支持向量机Key words
power industrial control system/tracing for cyber-attack/delay feature/terminal security assessment/support vector machine分类
信息技术与安全科学引用本文复制引用
黄桂容,李俊娥,王宇,朱朝阳,周亮,缪思薇..结合时延特征与安全评估的电力工控系统攻击溯源方法[J].电测与仪表,2025,62(10):1-12,12.基金项目
国家自然科学基金资助项目(51977155) (51977155)
