基于马尔可夫决策过程的变电站网络安全攻防策略

宋佳翰; 李婧娇; 皮杰; 欧阳宗帅; 王海鸣; 樊友平

doi:10.3969/j.issn.1000-7229.2019.10.012

PDF(2990 KB)

电力建设 ›› 2019, Vol. 40 ›› Issue (10) : 104-110. DOI: 10.3969/j.issn.1000-7229.2019.10.012

智能电网

基于马尔可夫决策过程的变电站网络安全攻防策略

宋佳翰1，李婧娇2，1，皮杰1，欧阳宗帅1，王海鸣1，樊友平1

作者信息 +

Research on Attack and Defense Strategy of Substation Network Security Applying Markov Decision Process

SONG Jiahan1，LI Jingjiao2，1，PI Jie1，OUYANG Zongshuai1，WANG Haiming1，FAN Youping1

Author information +

文章历史 +

摘要

考虑到在越来越复杂的网络安全环境中变电站的防御能力对于维持电网安全稳定运行具有重要意义，文章提出了一种基于马尔可夫决策过程（Markov decision process，MDP）的变电站网络攻/防策略建模方法。首先，介绍了网络攻击的详细步骤并深入分析了成功入侵变电站的可能路径。然后，基于此，分别从攻击者和防御者的视角建立了网络攻击成功的概率模型。最后，在考虑了目标变电站特性的基础上，利用马尔可夫决策过程建模求解攻/防双方的最优行动策略。该方法综合考虑了目标变电站的关键特性、攻/防双方的技术能力，为攻/防双方在电力信息物理系统（cyber-physical systems，CPS）网络安全场景设计中的行为选择提供了理论依据。

Abstract

Considering that the defense capability of substation is more and more important in maintaining the safe and stable operation of power grid in an increasingly complex network security environment， this paper proposes a method for modeling the attack/defense strategy of substation network on the basis of Markov decision process（MDP）. Firstly， the detailed steps of the network attack are introduced and the possible paths of successful intrusion into the substation are analyzed in depth. Then， the probability model of successful network attack is established from the perspective of attacker and defender respectively. Finally， according to the characteristics of the target substation， Markov decision process modeling is used to solve the optimal action strategy of both attack and defense. The method comprehensively considers the key characteristics of the target substation and the technical capabilities of the attack/defense sides， and provides a theoretical basis for the attack/defense of both sides in the behavior design of the power cyber-physical system（CPS）in network security scenario.

导出引用

宋佳翰，李婧娇，皮杰，欧阳宗帅，王海鸣，樊友平. 基于马尔可夫决策过程的变电站网络安全攻防策略[J]. 电力建设. 2019, 40(10): 104-110 https://doi.org/10.3969/j.issn.1000-7229.2019.10.012

SONG Jiahan，LI Jingjiao，PI Jie，OUYANG Zongshuai，WANG Haiming，FAN Youping. Research on Attack and Defense Strategy of Substation Network Security Applying Markov Decision Process[J]. Electric Power Construction. 2019, 40(10): 104-110 https://doi.org/10.3969/j.issn.1000-7229.2019.10.012

中图分类号： TM 74

参考文献

［1］GOVINDARASU M . Cyber-physical systems security for smart grid［R］. Ames， IA， USA:Lowa State University， 2012.
［2］CHEN Y， HONG J， LIU C. Modeling of intrusion and defense for assessment of cyber security at power substations［J］. IEEE Transactions on Smart Grid， 2018， 9（4）: 2541-2552.
［3］WANG J W， RONG L L. Cascade-based attack vulnerability on the US power grid［J］. Safety Science， 2009， 47（10）: 1332-1336.
［4］SRIDHAR S， HAHN A， GOVINDARASU M. Cyber-physical system security for the electric power grid［J］. Proceedings of the IEEE， 2012， 100（1）: 210-224.
［5］RANDOLPH J. Electric power substations engineering［J］. IEEE Power and Energy Magazine， 2013， 11（3）: 103-105.
［6］LANGNER R.Stuxnet: Dissecting a cyberwarfare weapon［J］. IEEE Security and Privacy， 2011， 9（3）: 49-51.
［7］ESMALIFALAK M， SHI G， HAN Z， et al. Bad data injection attack and defense in electricity market using game theory study［J］. IEEE Transactions on Smart Grid， 2013， 4（1）: 160-169.
［8］LIU T， GU Y， WANG D， et al. A novel method to detect bad data injection attack in smart grid［C］//2013 IEEE Conference on Computer Communications Workshops （INFOCOM WKSHPS）. New York: IEEE， 2013.
［9］WINTERFELD S， ANDRESS J. The basics of cyber warfare: Understanding the fundamentals of cyber warfare in theory and practice［M］.Syngress Publishing， 2012.
［10］ORD J K. Handbook of the Poisson distribution［J］. Journal of the Operational Research Society， 1967， 18（4）: 478-479.
［11］PASQUALETTI F， DORFLER F， BULLO F. Cyber-physical attacks in power networks: Models， fundamental limitations and monitor design［C］// 2011 50th IEEE Conference on Decision and Control and European Control Conference. New York: IEEE， 2011.
［12］DASGUPTA A. Fundamentals of probability: A first course［M］. New York: Springer， 2010.
［13］FAN Y P， LI J J， ZHANG D ， et al. Supporting sustainable maintenance of substations under cyber-threats: An evaluation method of cybersecurity risk for power CPS［J］. Sustainability， 2019， 11（4）: 982.
［14］郭创新，俞斌，郭嘉，等. 基于IEC 61850的变电站自动化系统安全风险评估［J］. 中国电机工程学报， 2014， 34（4）: 685-694.
GUO Chuangxin， YU Bin， GUO Jia， et al. Security risk assessment of the IEC 61850-based substation automation system［J］. Proceedings of the CSEE， 2014， 34（4）: 685-694.
［15］JONSSON E， OLOVSSON T. A quantitative model of the security intrusion process based on attacker behavior［J］. IEEE Transactions on Software Engineering， 1997， 23（4）: 235-245.
［16］AXELSSON S. The base-rate fallacy and the difficulty of intrusion detection［J］. ACM Transactions on Information and System Security， 2000， 3（3）: 186-205.
［17］CHADS I， CHAPRON G， CROS M， et al.MDPtoolbox: a multi-platform toolbox to solve stochastic dynamic programming problems［J］. Ecography， 2014， 37（9）: 916-920.
［18］HONG J， LIU C， GOVINDARASU M. Integrated anomaly detection for cyber security of the substations［J］. IEEE Transactions on Smart Grid， 2014， 5（4）: 1643-1653.