摘要
智能微电网作为一种新型的分布式电力系统,整合了传统的输配电技术和智能化的集成能源管理系统.作为控制中枢,微电网能量管理系统(MGEMS)需要借助互联网技术收集和处理大量的实时数据,进行调度决策和管理控制.一旦其中的Web应用存在漏洞,攻击者就能够攻击系统服务器,窃取电力数据甚至扰乱电能的正常传输与配送.针对智能微电网系统中涉及到的Web安全,设计并实现了一个较为全面的漏洞检测框架,可以由用户自由选择扫描引擎或进行自动化的漏洞扫描,以辅助安全人员进行漏洞检测.框架内部的功能封装为独立的API接口,供使用者后续扩展功能或编写插件.考虑到系统开销和资源占用,使用协程技术避免无意义的调度,提升检测性能.最后,对实际网站进行了攻击测试,实验结果显示该框架能实现密码爆破、模糊测试等功能,并能有效地检测Web系统中存在的漏洞.
As a new type of distributed power system, smart microgrid integrates traditional power transmission and distribution technology with intelligent integrated energy management system. As the control center, the microgrid energy management system(MGEMS) needs to use internet technology to collect and process a large amount of real-time data for dispatching decision-making and management control. Once there are vulnerabilities in the Web application, the attacker can attack the system server, steal power data and even disrupt the normal transmission and distribution of power. Aiming at the Web security involved in the smart microgrid system, this paper designs and implements a more comprehensive vulnerability detection framework. Users can freely select a scanning engine or perform automated vulnerability scanning to assist security personnel in vulnerability detection. The functions inside the framework are encapsulated as independent API interfaces for users to subsequently extend functions or write plug-ins. Considering the system overhead and resource occupancy, we use coroutine technology to avoid meaningless scheduling and improve detection performance. Finally, we conduct an attack test on an actual website. The experimental results show that the framework can realize functions such as password blasting and fuzzing, which can effectively detect vulnerabilities in the Web system.
作者
廖微
Liao Wei(Institute of Military New Energy Technology,Academy of System,Engineering,Academy of Military Sciences,Beijing 102300)
出处
《信息安全研究》
2022年第12期1198-1208,共11页
Journal of Information Security Research
关键词
智能微电网
WEB安全
漏洞扫描
漏洞检测
协程
smart microgrid
Web security
vulnerability scan
vulnerability detection
coroutine