Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Power service message attack identification method and system based on service logic

A technology for power business and attack identification, applied in transmission systems, electrical components, data processing applications, etc.

Pending Publication Date: 2020-02-04
CHINA ELECTRIC POWER RES INST +3
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention proposes a business logic-based power service message attack identification method and system to solve the problem of how to effectively identify power service message attacks to determine the security status of the power grid

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Power service message attack identification method and system based on service logic
  • Power service message attack identification method and system based on service logic
  • Power service message attack identification method and system based on service logic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0128] Suppose the state block attacked by the attacker has three FCDAs, and the address information of each FCDA is as follows:

[0129] pos 1 ="(APPID=0x0001)-(dataset=DeviceF001 / LLN0$GOOSE1)-(alldata.1)",

[0130] pos 2 ="(APPID=0x0001)-(dataset=DeviceF001 / LLN0$GOOSE1)-(alldata.2)",

[0131] pos 3 ="(APPID=0x0001)-(dataset=DeviceF001 / LLN0$GOOSE1)-(alldata.3)",

[0132] The corresponding control block status is: status 1 =(0,0,0) T , status 2 =(0,0,1) T ,...,status 8 =(1,1,1) T . Set the security risk threshold X for the intrusion detection method safe is 0.25.

[0133] When it is determined that the power grid is attacked by power service packets, the specific implementation method is as follows:

[0134] Step (1), status chain entry: assume that the entered status sequence is status_sequence 1 =(S 1 , pos_sequence), where S 1 =(status 1 , status 2), pos_sequence=(pos 1 ,pos 2 ,pos 3 ) T , now extract a state node Node from the application layer messag...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a power service message attack identification method and system based on service logic. The method comprises the following steps: determining a current state sequence of a power service; respectively determining a dangerous state sequence set and a safe state sequence set corresponding to the current state sequence according to the multi-point signal address sequence of thecurrent state sequence; determining the threat degree of the current state sequence according to the current state sequence, the dangerous state sequence set and the safe state sequence set; and whenthe threat degree of the current state sequence is greater than or equal to a preset security risk threshold, determining that the power grid is attacked by the power service message. According to the invention, a dangerous state sequence set and a safe state sequence set of power business logic are defined; according to the method, misuse detection and anomaly detection methods are combined, thethreat degree of the power service is evaluated, and whether the power grid is attacked by the power service message is determined according to the threat degree, so that the power service message attack is effectively identified, and the safe and reliable operation of a power industrial control system is guaranteed.

Description

technical field [0001] The present invention relates to the technical field of smart grid security, and more specifically, to a method and system for attack identification of power service packets based on business logic. Background technique [0002] With the deepening of the coupling between smart grid information space and physical space, in recent years, grid physical system failures caused by cyber attacks have become more and more common, seriously affecting the normal operation of the power system. For example, at the end of 2015, attackers obtained the operating authority of the substation monitoring system server and carried out malicious switching operations, causing power outages for 80,000 users of the Ukrainian power grid; in 2016, Israel’s power supply system was hit by a major cyber attack and forced the power supply system to run offline. In the power grid, all kinds of intelligent terminals and devices used for the measurement and control of primary system o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06Q50/06H04L29/06
CPCG06Q50/06H04L63/1416H04L63/1441
Inventor 周亮朱朝阳王海翔王宇张锐文李俊娥应欢韩丽芳朱亚运缪思薇李霁远
Owner CHINA ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products