期刊文献+

电力工控系统高隐身虚假遥控指令注入攻击检测

Detection of High-stealth False Remote Control Command Injection Attacks on Power Industrial Control Systems
下载PDF
导出
摘要 随着新型电力系统中信息域与物理域耦合程度的加深和网络攻击技术的快速发展,电力工控系统正面临定制化网络攻击威胁,其中,高隐身虚假遥控指令注入(HFCI)攻击已成为破坏能力最强的网络攻击类型之一。文中提出一种电力工控系统HFCI攻击检测方法。首先,利用优化卷积神经网络模型对IEC 60870-5-104协议业务流量进行浅应用层HFCI检测并过滤异常报文;然后,通过HFCI厂站级指令威胁度评估模块和HFCI系统级指令风险判断模块,对深应用层的HFCI攻击指令进行检测;最后,通过IEEE 30节点仿真系统,验证了所提HFCI攻击检测方法的准确性和泛化能力。 With the deepening of the coupling between information domain and physical domain in new power system and the rapid development of cyber attack technology,power industrial control systems are facing the threat of customized cyber attack,among which high-stealth false remote control command injection(HFCI)attacks have become one of the most destructive cyber attack types.This paper presents a HFCI attack detection method for power industrial control system.First,the optimized convolutional neural network model is used to detect HFCI and filter abnormal packets at the shallow application layer for IEC 60870-5-104 protocol business traffic.Then,HFCI attack commands at deep application layer are detected through the factory-level command threat assessment module and the system-level command risk judgment module.Finally,the IEEE 30-bus simulation system verifies the accuracy and generalization ability of the proposed HFCI attack detection method.
作者 张博 宋宇飞 郑豪丰 刘绚 王文博 ZHANG Bo;SONG Yufei;ZHENG Haofeng;LIU Xuan;WANG Wenbo(School of Electrical and Information Engineering,Hunan University,Changsha 410082,China)
出处 《电力系统自动化》 EI CSCD 北大核心 2024年第17期97-108,共12页 Automation of Electric Power Systems
基金 国家自然科学基金资助项目(51777062)。
关键词 电力工控系统 IEC 60870-5-104协议 业务流量 高隐身虚假遥控指令注入攻击 攻击检测 power industrial control system IEC 60870-5-104 protocol business traffic high-stealth false remote control command injection(HFCI)attack attack detection
  • 相关文献

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部