摘要
随着电力系统自动化程度的快速提升,电力工控系统已成为网络攻击的重要目标。文中将因果关联方法应用于电力工控系统攻击场景还原,并提出一个完整的场景还原框架。该框架在攻击取证阶段通过入侵检测和监测设备得到多源原始告警信息,然后采用入侵检测信息交换格式将多源告警信息标准化并去除冗余,获得有效攻击证据;在场景还原阶段,引入告警信息差异度计算方法,并结合因果关联方法推理还原攻击路径。配电网攻击还原案例分析验证了所提框架的可行性。
With the improvement of power systems automation,power industrial control systems have become an important target of cyber-attacks.In the situation,the causal correlation method is applied to the restoration of the attack scene of power industrial control system,and a complete reconstruction framework is proposed.In the phase of attack forensics,the framework obtains multi-source original alarm information through intrusion detection and monitoring equipment.Then,multi-source alarm information can be standardized by intrusion detection equipment without redundancy information to obtain effective attack evidence.Combined with causal correlation method,the method of calculating the difference degree of alarm information is introduced to restore attack path in the phase of scene restoration.The analysis of the proposed framework feasibility verified by the case of attack recovery in distribution network.
作者
韩宜轩
秦元庆
HAN Yi-xuan;QIN Yuan-qing(Key Laboratory of Ministry of Education for Image,Processing and Intelligent Control,School of Artificialintelligence and Automation,Huazhong University of Science and Technology,Wuhan 430074,China)
出处
《信息技术》
2019年第8期41-44,48,共5页
Information Technology
基金
国家电网公司科技项目资助(52110417001B)
国家自然科学基金重点项目资助(61433006)
关键词
场景还原
因果关联
电力工控系统
attack scenario reconstruction
causal association
power industrial control system
