智能电网电力监控系统网络安全态势感知平台关键技术研究及应用

Research and Application of Key Technologies of Network Security Situation Awareness for Smart Grid Power Control Systems

网络安全态势感知能全局、动态地感知潜在的网络安全风险,受到越来越多的关注.电力监控系统网络安全态势感知借助机器学习、人工智能、大数据等技术,从长期、海量网络安全态势数据处理过程中学习,洞察数据隐含的内在逻辑关系,对电力业务网络中各种活动实现异常行为辨识、攻击意图理解和行为影响评估,以达到对安全态势的推理性判断和知识性把控.本文首先简述了网络安全态势感知的基本概念和系统框架,然后介绍了电力监控系统网络安全防护的现状和存在的风险.针对这些风险和不足,从实践角度系统阐述了电力监控系统网络安全态势感知平台所涉及的多维度安全事件关联分析模型、基于"基线学习"的异常流量和异常行为检测方法、基于攻击场景的攻击链识别模型和基于"地址自校验"的电力遥控安全技术等关键技术.最后,对电力监控系统态势感知解决方案及其应用进行了总结和展望.

The network security situational awareness(NSSA) technology, which can perceive the potential network security risks globally and dynamically, is receiving more and more attention.With the help of machine learning, artificial intelligence, big data, and the other technologies, the network security situation awareness solution of power control system can learn from the process of the long-term and massive network security situation data, gain insight into the internal logical relationship implied in the data, and realize the abnormal behavior identification, intrusion intention understanding, and impact assessment of various activities in the power business network. First, the basic concept and the logical block diagram of NSSA are introduced. Then, the current situation and the risk of network security of power control system are summarized. Next, aimed at these risks and deficiencies, the key technologies involved in the network security situation awareness platform from the perspective of practice are expounded, which include the multidimensional security event correlation analysis model, the abnormal traffic and abnormal behavior detection method based on “baseline learning”,the attack chain recognition model based on attack scenario, and the power remote control security technology based on “address self verification”. Finally, the situation awareness solution and its application in power monitoring systems are stated and prospected.