一种基于BF-DT-CUSUM算法的电网工控系统DDoS攻击检测方法

doi:10.11959/j.issn.1000-0801.2015402

电信科学 ›› 2015, Vol. 31 ›› Issue (Z1): 106-112.doi: 10.11959/j.issn.1000-0801.2015402

一种基于BF-DT-CUSUM算法的电网工控系统DDoS攻击检测方法

费稼轩,张涛,马媛媛,周诚

国网智能电网研究院，江苏南京210003

出版日期:2015-12-20 发布日期:2017-07-03
基金资助:
国家电网公司2015年科技项目（电网智能化单元传输规约安全分析及增强技术研究）

Efficient detection technology of DDoS attacks based onBF-DT-CUSUM algorithm in smart grid industrial control system

Jiaxuan FEI,Tao ZHANG,Yuanyuan MA,Cheng ZHOU

State Grid Smart Grid Research Institute,Nanjing 210003,China

Online:2015-12-20 Published:2017-07-03
Supported by:
The 2015 Science and Technology Project of State Grid Corporation of China:Security Analysis and Enhance Technical Research of Power Grid's Intelligent Transmission Protocols

摘要/Abstract

摘要：

摘要：信息通信技术的高速发展使得国家电网已经迈进了智能化、信息化、自动化发展时代，然而同时智能电网中信息通信技术的广泛应用也为攻击者提供了更多的途径入侵和攻击电网工控系统。提出一种基于BloomFilter地址统计的动态阈值更新的改进型CUSUM（BF-DT-CUSUM）DDoS（distributed denial of service）入侵攻击检测方法，针对电网工控系统存在的DDoS攻击采用基于BloomFilter正常流量统计的动态阈值技术，同时改进了传统的EWMA算法使其可用于计算识别DDoS攻击用阈值，并对CUSUM（cumulative sum）算法作出一定变动，以此来更高效地检测电网工控系统DDoS攻击事件。仿真实验验证了该方法对电网工控系统中DDoS攻击具有较高的检测速度和精度，且系统开销小。

关键词: 电网工控系统, 攻击检测, DDoS, EWMA, CUSUM

Abstract:

Rapid development of information and communication technology has led China National Grid Corp into the era of intelligent,informational and automated,simultaneously with wide application of information and communication technology in smart grid also providing more ways for attackers to invade and attack power system.A DDoS attacks detection method based on modified CUSUM with dynamic threshold was proposed according to BloomFilter address statistics in smart grid.The proposed method used dynamic threshold technology based on BloomFilter normal traffic statistics,and optimized traditional EWMA algorithm to identify threshold of DDoS attacks,finally modified CUSUM algorithm in order to efficiently detect DDoS attacks in smart grid.Simulation experiments demonstrate that proposed method has high detection speed and precision for DDoS attacks in smart grid,and the system overhead is small.

Key words: smart grid industrial control system, attack detection, DDoS,EWMA, CUSUM

费稼轩,张涛,马媛媛,周诚. 一种基于BF-DT-CUSUM算法的电网工控系统DDoS攻击检测方法[J]. 电信科学, 2015, 31(Z1): 106-112.

Jiaxuan FEI,Tao ZHANG,Yuanyuan MA,Cheng ZHOU. Efficient detection technology of DDoS attacks based onBF-DT-CUSUM algorithm in smart grid industrial control system[J]. Telecommunications Science, 2015, 31(Z1): 106-112.

图/表 4

参考文献 17

[1]	FANG X , MISRA S , XUE G L , et al. Smart grid-the new and improved power grid:a survey[J]. IEEE Communications Surveys & Tutorials, 2012,14(4):944-980.
[2]	WANG W Y , LU Z . Cyber security in the smart grid:survey and challenges[J]. Computer Networks, 2013,57(5):1344-1371.
[3]	METKE A R , EKL R L . Security technology for smart grid networks[J]. IEEE Transactions on Smart Grid, 2010,V1(1):99-107.
[4]	LINE M B , TONDEL I A , JAATUN M G . Cyber security challenges in smart grids[C]// The 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies（ISGT Europe）, December 5-7,2011, Manchester,United Kingdom. New Jersey: IEEE Press, 2011:1-8.
[5]	FALLIERE N , MURCHU L O , CHIEN E . W32stuxnet dossier[R]. 2011.
[6]	CHEN T M . Stuxnet,the real start of cyber warfare?[J]. IEEE Network, 2010,24(6):2-3.
[7]	LU Z , WANG W , et al. Review and evaluation of security threats on the communication networks in the smart grid[C]// The 2010 Military Communications Conference （MILCOM 2010）, October 31-November3,2010, San Jose,USA. [S.l.:s.n.], 2010:1830-1835.
[8]	DOULIGERIS C , MITROKOSTA A . DDoS attacks and defense mechanisms:classification and state-of-the-art[J]. Computer Networks, 2004,44(44):643-666.
[9]	VALDES A , CHEUNG S . S[C]// The 42nd Hawaii International Conference on System Sciences（HICSS'09）, Januaryr 5-8,2009, Hawaii,USA. Washington: IEEE Computer Society, 2009:1-7.
[10]	Systems C . Security for the smart grid[R]. San Jose: Cisco 2009.
[11]	LIANG Z Q , FAN Y . Principles and defense techniques of DDoS attacks in electricity auxiliray system security protection[J]. Computer Security, 2010(9):70-72.
[12]	SUN Y A , GUAN X H , LIU T , et al. A cyber-physical monitoring system for attack detection in smart grid[C]// IEEE INFOCOM 2013. April 26-May 1,2013, Hong Kong,China. Washington: IEEE Computer Society, 2013:1-7.
[13]	YI H , EEMALIFALAK M , NGUYEN H , et al. Bad data injection in smart grid:attack and defense mechanisms[J]. IEEE Communications Magazine, 2013,51(1):27-33.
[14]	LIU T , YUN G , DAI W , et al. A novel method to detect bad data injection attack in smart grid[C]// The 2013 IEEE Conference on Computer Communications Workshops（INFOCOM WKSHPS）. April 11-19,2013, Turin,Italy. Washington: IEEE Computer Society, 2013:49-54.
[15]	WANG D , GUAN X H , LIU T , et al. Extended distributed state estimation:a detection method against tolerable false data injection attacks in smart grids[J]. Energies, 2014,7(3):1517-1538.
[16]	KOSUT O , JIA L Y , THOMAS R J , et al. Malicious data attacks on the smart grid[J]. IEEE Transactions on Smart Grid, 2011,2(4):645-658.
[17]	LIU Y , NINE P , REITER M K , et al. False data injection attacks against state estimation in electric power grids[J]. ACM Transactions on Information and System Security, 2011,14(1):1301-1333.

一种基于BF-DT-CUSUM算法的电网工控系统DDoS攻击检测方法

Efficient detection technology of DDoS attacks based onBF-DT-CUSUM algorithm in smart grid industrial control system

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 17

相关文章 14

Metrics

推荐阅读 0

[1]	章坚武, 安彦军, 邓黄燕. DNS攻击检测与安全防护研究综述[J]. 电信科学, 2022, 38(9): 1-17.
[2]	刘飞扬, 李坤, 宋飞, 周华春. DDoS攻击恶意行为知识库构建[J]. 电信科学, 2021, 37(11): 17-32.
[3]	侯慧芳,李雪芳,潘洁,丁志刚. 5G承载网数据采集和安全管控演进思路[J]. 电信科学, 2020, 36(9): 154-159.
[4]	江伟玉, 刘冰洋, 王闯. 内生安全网络架构[J]. 电信科学, 2019, 35(9): 20-28.
[5]	贺余盛. 物联网DDoS僵尸网络C＆C通信流量检测分析研究[J]. 电信科学, 2019, 35(6): 96-101.
[6]	汪来富,金华敏,刘东鑫,王帅. 面向网络大数据的安全分析技术应用[J]. 电信科学, 2017, 33(3): 112-118.
[7]	王帅,汪来富,金华敏,沈军. 网络安全分析中的大数据技术应用[J]. 电信科学, 2015, 31(7): 139-144.
[8]	罗志强,沈军,金华敏. 分布式DNS反射DDoS攻击检测及控制技术[J]. 电信科学, 2015, 31(10): 1-196.
[9]	胡晓艳,龚俭. 信息中心网络中网络缓存的角色探索[J]. 电信科学, 2014, 30(3): 67-74.
[10]	刘国荣,刘东鑫,沈军,金华敏. 超宽带网络异常流量检测与防治技术探析[J]. 电信科学, 2012, 28(1): 22-25.
[11]	. 超宽带网络异常流量检测与防治技术探析[J]. 电信科学, 2012, 28(1): 26-29.
[12]	杜成,徐川,唐红. DDoS攻击检测研究综述[J]. 电信科学, 2011, 27(3): 85-89.
[13]	杨松,李宗林. 一种DDoS攻击的检测算法[J]. 电信科学, 2010, 26(9): 106-110.
[14]	陈仲华,张连营,王孝明. CC攻击检测方法研究[J]. 电信科学, 2009, 25(5): 62-65.