数据推断:信息物理融合系统数据泄露威胁范式和防御方法

Data inference:data leakage paradigms and defense methods in cyber-physical systems

随着计算单元和物理对象的高度集成,信息系统和物理系统正逐渐耦合发展为信息物理融合系统(cyber-physical system,CPS).根据CPS物理系统的客观规律,或业务流程间的复杂关联关系,CPS数据之间存在相互推断的可能;当出现从低安全域数据向高安全域数据的准确推断途径时,将引发推断型数据泄露威胁.本文通过分析数据推断引发的CPS数据泄露事件,从数据窃取和数据推断两个维度,提出数据泄露威胁的范式;将数据推断归纳为3类问题:状态估计问题、参数辨识问题和盲源分离问题,从模型驱动、数据驱动和数据–模型双驱动的角度,总结了数据推断的方法和算法.以电力市场为例,展示了基于公开电价数据推断电力系统关键参数的过程,验证了数据推断可以引发严重CPS数据泄露威胁.同时,分析了现有数据保护方法应对数据推断攻击时面临的挑战,探讨了CPS数据推断防御和数据安全治理的研究方向.

With the high integration of computing units and physical objects,cyber and physical systems are gradually coupled into cyber-physical systems(CPSs).According to the laws of physical systems and operation ow in CPSs,unknown CPS data can be inferred from other known data.The inferred data leakage threat is triggered when an accurate inference path connects between low-and high-security domain data.In this paper,by analyzing CPS data leakage accidents caused by data inference,paradigms of data leakage threats are proposed from two dimensions:data theft and data inference.Data inference is classi ed into three problem types:state estimation,parameter identi cation,and blind source separation.The algorithms for data inference are categorized as model-driven,data-driven,and data-model-driven methods.In the case of an electricity market,the process of inferring key parameters of a power system from public electricity price data is demonstrated,verifying that data inference can cause severe CPS data leakage threats.Meanwhile,the challenges of existing data protection methods are investigated.Additionally,the future research of CPS data inference defense and data security governance is discussed.