一种基于BF-DT-CUSUM算法的电网工控系统DDoS攻击检测方法被引量：2

Efficient detection technology of DDoS attacks based on BF-DT-CUSUM algorithm in smart grid industrial control system

下载PDF

导出

摘要信息通信技术的高速发展使得国家电网已经迈进了智能化、信息化、自动化发展时代,然而同时智能电网中信息通信技术的广泛应用也为攻击者提供了更多的途径入侵和攻击电网工控系统。提出一种基于BloomFilter地址统计的动态阈值更新的改进型CUSUM(BF-DT-CUSUM)DDo S(distributed denial of service)入侵攻击检测方法,针对电网工控系统存在的DDoS攻击采用基于BloomFilter正常流量统计的动态阈值技术,同时改进了传统的EWMA算法使其可用于计算识别DDoS攻击用阈值,并对CUSUM(cumulative sum)算法作出一定变动,以此来更高效地检测电网工控系统DDoS攻击事件。仿真实验验证了该方法对电网工控系统中DDoS攻击具有较高的检测速度和精度,且系统开销小。 Rapid development of information and communication technology has led China National Grid Corp into the era of intelligent, informational and automated, simultaneously with wide application of information and communication technology in smart grid also providing more ways for attackers to invade and attack power system. A DDoS attacks detection method based on modified CUSUM with dynamic threshold was proposed according to Bloom Filter address statistics in smart grid. The proposed method used dynamic threshold technology based on Bloom Filter normal traffic statistics, and optimized traditional EWMA algorithm to identify threshold of DDoS attacks, finally modified CUSUM algorithm in order to efficiently detect DDoS attacks in smart grid. Simulation experiments demonstrate that proposed method has high detection speed and precision for DDoS attacks in smart grid, and the system overhead is small.

作者费稼轩张涛马媛媛周诚

机构地区国网智能电网研究院

出处《电信科学》北大核心 2015年第S1期106-112,共7页 Telecommunications Science

基金国家电网公司2015年科技项目(电网智能化单元传输规约安全分析及增强技术研究)~~

关键词电网工控系统攻击检测 DDOS EWMA CUSUM smart grid industrial control system attack detection DDoS EWMA CUSUM

分类号 TM76 [电气工程—电力系统及自动化] TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献17

1Yao Liu,Peng Ning,Michael K. Reiter.False data injection attacks against state estimation in electric power grids[J]. ACM Transactions on Information and System Security (TISSEC) . 2011 (1)
2Xi Fang,Satyajayant Misra,Guoliang Xue.Smart Grid - The New and Improved Power Grid: A Survey. IEEE COMMUNICATIONS SURVEYS AND TUTORIALS . 2012
3SYSTEMS C.Security for the smart grid. . 2009
4SUN Yanan,GUAN Xiaohong,LIU Ting,et al.A cyber-physical monitoring system for attack detection in smart grid. IEEE INFOCOM 2013 . 2013
5Metke, A.R.,Ekl, R.L.Security Technology for Smart Grid Networks. Smart Grid, IEEE Transactions on . 2010
6WANG Dai,GUAN Xiaohong,LIU Ting,et al.Extended distributed state estimation:a detection method against tolerable false data injection attacks in smart grids. Energies . 2014
7LINE M B,TONDEL I A,JAATUN M G.Cyber security challenges in smart grids. The 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies (ISGT Europe) . 2011
8FALLIERE N,MURCHU L O,CHIEN E.W32stuxnet dossier. . 2011
9梁智强,范颖.电力二次系统安全防护的DDoS攻击原理及防御技术[J].计算机安全,2010(9):70-72. 被引量：11
10Wenye Wang,Zhuo Lu.Cyber security in the Smart Grid: Survey and challenges[J]. Computer Networks . 2013 (5)

二级参考文献7

1聂林,张玉清,王闵.入侵防御系统的研究与分析[J].计算机应用研究,2005,22(9):131-133. 被引量：9
2Christos DouligerJs, Aikaterini Mitrokotsa. DDoS Attacks and Defense Mechaisms: Classification and Stare--of-the--Art. Computer Networks, 2004, 44:643-666.
3Rocky K. C. Chang. Defending against Flooding--Based Distributed Denial--of--Service Attacks: A Tutorial. IEEE Communications Magazine, October 2002, IEEE Volume 40 Issue 10.42 51.
4Andrey Belenky and Nirwan Ansari. On IP Traceback. IEEE Communications Magazine, July 2003, Vol.41 No.7 : 142--153.
5Burbeck K. Current gesearch and Use of Anomaly Detection. Enabling Technologies: Infrastructure for Collaborative Enterprise, 2005. 14th IEEE International Workshops on, Link?ping University, Sweden, June 3-15 2005 : 138.
6徐永红,张琨,杨云,刘凤玉.Smurf攻击及其对策研究[J].南京理工大学学报,2002,26(5):512-516. 被引量：12
7李恒华,田捷,常琤,杨鑫.基于滥用检测和异常检测的入侵检测系统[J].计算机工程,2003,29(10):14-16. 被引量：12