The Coordinated Cyber Physical Power Attack Strategy Based on Worm Propagation and False Data Injection
-
摘要: 随着信息技术与现代电力系统的结合日趋紧密, 通信系统异常和网络攻击均可能影响到电力系统的安全稳定运行. 为了研究工控蠕虫病毒对电网带来的安全隐患, 本文首次建立了基于马尔科夫决策过程(Markov Decision Process, MDP)的电力信息物理系统跨空间协同攻击模型, 该模型同时考虑通信设备漏洞被利用的难易程度为代价以及对电力网络的破坏程度为收益两方面因素, 能够更有效的识别系统潜在风险. 其次, 采用Q学习算法求解在该模型下的最优攻击策略, 并依据电力系统状态估计的误差值来评定该攻击行为对电力系统造成的破坏程度. 最后, 本文在通信8节点-电力14节点的耦合系统上进行联合仿真, 对比结果表明相较单一攻击方式, 协同攻击对电网的破坏程度更大. 与传统的不考虑通信网络的电力层攻击研究相比, 本模型辨识出的薄弱节点也考虑了信息层的关键节点的影响, 对防御资源的分配有指导作用.Abstract: With the deep integration of information technologies in modern power systems, cyber system anomalies and network attacks can threaten the safety and stability of power system operation. To study the security risks of the power system caused by the latest industrial control worm, a coordinated cyber-physical power attack model based on Markov Decision Process (MDP) is proposed in this thesis. Then, the Q-learning algorithm is adopted to search for the optimal attack strategy in the proposed model, and the error of state estimation result induced by the attacks is devised to quantify the potential physical influences-attack benefits. Eventually, numerical joint simulation experiments are conducted on the 8CYBER_NODE-14BUS coupling test system, and the results show that the coordinated attack model proposed in this paper is more destructive. Compared with the traditional isolated physical attack without considering the cyber network, the identified weak nodes can also consider the influence of the cyber devices and guide the allocation of defense resources.
-
表 1 考虑不同攻击方法下的影响
Table 1 Attack effect under different attack methods
攻击类型 参数 n = 1 n = 2 n = 3 网络攻击 $\pi^*$ 1 $2\rightarrow 3$ $2\rightarrow 3\rightarrow 4$ $f(\Delta \theta )$ 0.022 0.103 0.2333 $f(\Delta V )$ 0.043 0.115 0.245 物理攻击 $\pi^*$ 4 $5 \rightarrow 6$ $5\rightarrow 4\rightarrow 7$ $f(\Delta \theta )$ 0.035 0.144 0.344 $f(\Delta V )$ 0.061 0.134 0.444 协同攻击 $\pi^*$ 3 $6 \rightarrow 7$ $2 \rightarrow 4 \rightarrow 8$ $f(\Delta \theta )$ 0.077 0.223 0.523 $f(\Delta V )$ 0.062 0.267 0.667 表 2 电力设备被攻击可能性分析(%)
Table 2 The vulnerability analysis of power equipment
通信-电力 C-n 1 C-n 2 C-n 3 C-n 4 C-n 5 C-n 6 C-n 7 C-n 8 节点耦合 Bus 2 Bus 4 Bus 6 Bus 7 Bus 8 Bus 10 Bus 13 Bus 14 协同攻击 31.65 32.51 30.60 0.67 0.85 1.00 1.44 1.25 物理攻击 16.66 16.40 11.27 15.26 5.97 19.54 8.70 6.20 表 3 系统离散程度不同时电力设备被攻击的可能性分析
Table 3 vulnerability analysis of power equipment under different discrete degrees of false data
离散状态数目 各个电力设备被攻击的可能性分析(%) 标号 Bus 2 Bus 4 Bus 6 Bus 7 Bus 8 Bus 10 Bus 13 Bus 14 $N_V^g = N_\theta^g = 4$ 7.18 20.88 13.36 18.25 6.54 16.03 9.02 6.31 $N_V^g = N_\theta^g = 6$ 8.31 19.95 12.97 17.66 6.43 17.38 10.50 6.80 $N_V^g = N_\theta^g = 8$ 8.11 20.45 12.27 17.66 6.97 17.54 9.70 7.20 表 4 NS2中通信网络的参数配置
Table 4 The parameters of cyber network in NS2
起点 终点 带宽 Mbps 时延 ms C-n 1 C-n 2 60 60 C-n 2 C-n 6 60 20 C-n 2 C-n 8 60 20 C-n 7 C-n 8 60 20 C-n 7 C-n 6 60 20 C-n 1 C-n 3 60 60 C-n 3 C-n 4 60 20 C-n 3 C-n 5 60 20 C-n 4 C-n 5 60 20 表 5 每个通信设备上存在的漏洞的CVSS评分
Table 5 The CVSS standards of each cyber node
标号 漏洞ID标号 影响度量分数 漏洞利用分数 基础分数 C-n 1 CVE-2016-8366 3.4 3.9 7.3 C-n 2 CVE-2016-8366 3.4 3.9 7.3 C-n 3 CVE-2016-8366 3.4 3.9 7.3 C-n 4 CVE-2017-14470 2.7 2.8 5.5 C-n 5 CVE-2017-14470 2.7 2.8 5.5 C-n 6 CVE-2017-14470 2.7 2.8 5.5 C-n 7 CVE-2018-16210 5.9 3.9 9.8 C-n 8 CVE-2018-16210 5.9 3.9 9.8 -
[1] 王冰玉, 孙秋野, 马大中. 能源互联网多时间尺度的信息物理融合模型. 电力系统自动化, 2016, 40(17): 13−21Wang B Y, Sun Q Y, Ma D Z, Huang Bo-Nan. A cyber physical model of the Energy Internet based on multiple time scales. Automation of Electric Power Systems, 2016, 40(17): 13−21 [2] 刘烃, 田决, 王稼舟. 信息物理融合系统综合安全威胁与防御研究. 自动化学报, 2019, 45(1): 5−24Liu T, Tian J, Wang J Z, Wu H Y. Integrated security threats and defense of cyber-physical systems. Acta Automatica Sinica, 2019, 45(1): 5−24 [3] Mo Y, Xing L, Zhong F. Reliability Evaluation of Network Systems with Dependent Propagated Failures Using Decision Diagrams. IEEE Transactions on Dependable and Secure Computing, 2016, 13(6): 672−83 [4] YAO Y, SHENG C, FU Q, et al. A propagation model with defensive measures for PLC-PC worms in industrial networks. Applied Mathematical Modelling, 2019, 69(696-713) [5] 王先培, 田猛, 董政呈. 输电网虚假数据攻击研究综述. 电网技术, 2016, 40(11): 3406−14DONG Z, TIAN M, WANG X. Survey of False Data Injection Attacks in Power Transmission Systems. Power System Technology, 2016, 40(11): 3406−14 [6] Hug G, Giampapa J A. Vulnerability Assessment of AC State Estimation With Respect to False Data Injection Cyber-Attacks. IEEE Transactions on Smart Grid, 2012, 3(3): 1362−70 doi: 10.1109/TSG.2012.2195338 [7] 王琦, 邰伟, 汤奕. 面向电力信息物理系统的虚假数据注入攻击研究综述. 自动化学报, 2019, 45(1): 72−83Wang Q, Tai W, Tang Y. A review on false data injection attack toward cyber-physical power system. Acta Automatica Sinica, 2019, 45(1): 72−83 [8] Xiang Y, Wang L, Liu N. Coordinated attacks on electric power systems in a cyber-physical environment. Electric Power Systems Research, 2017, 149: 156−68 [9] 杨飞生, 汪璟, 潘泉, 等. 网络攻击下信息物理融合电力系统的弹性事件触发控制. 自动化学报, 2019, 45(1): 110−119Yang F S, Wang J, Pan Q. Resilient event-triggered control of grid cyber-physical systems against cyber attack. Acta Automatica Sinica, 2019, 45(1): 110−119 [10] DENG R, PENG Z, HAO L. CCPA: Coordinated Cyber-Physical Attacks and Countermeasures in Smart Grid. IEEE Transactions on Smart Grid, 2017, 8(5): 2420−30 doi: 10.1109/TSG.2017.2702125 [11] 郭庆来, 辛蜀骏, 王剑辉. 由乌克兰停电事件看信息能源系统综合安全评估. 电力系统自动化, (5): 145−147Guo Q L, Xin S J, Wang J H. Comprehensive Security Assessment for a Cyber Physical Energy System: a Lesson from Ukraine"s Blackout. Automation of Electric Power Systems, (5): 145−147 [12] Liang G, Weller S R, Zhao J. The 2015 Ukraine Blackout: Implications for False Data Injection Attacks. IEEE Transactions on Power Systems, 2017, 32(4): 3317−8 doi: 10.1109/TPWRS.2016.2631891 [13] Korkali M, Veneman J G, Tivnan B F. Reducing Cascading Failure Risk by Increasing Infrastructure Network Interdependence. Scientific Reports, 2017: 7 [14] Buldyrev S V, Roni P, Gerald P. Catastrophic cascade of failures in interdependent networks. Nature, 2010, 464(7291): 1025−8 [15] 汤奕, 韩啸, 吴英俊, 鞠勇, 周霞, 倪明. 考虑通信系统影响的电力系统综合脆弱性评估. 中国电机工程学报, 2015, 35(23): 6066−74TANG Y, HAN X, WU Y J, Ju Y, Zhou X, Ni M. Electric Power System Vulnerability Assessment Considering the Influence of Communication System. Proceedings of the CSEE, 2015, 35(23): 6066−74 [16] 田猛, 董政呈, 王先培, 赵乐, 简子倪. 目标冲突下电力信息物理协同攻击分析. 电网技术, 2019, 43(07): 2336−44Tian M, Dong Z C, Wang X P, Zhao L, Jian Z N. Analysis of Electrical Coordinated Cyber Physical Attacks Under Goal Conflict. Power System Technology, 2019, 43(07): 2336−44 [17] Xuan L, Li Z, Liu X. Masking Transmission Line Outages via False Data Injection Attacks. IEEE Transactions on Information Forensics & Security, 2016, 11(7): 1592−602 [18] Zhang J, Sankar L. Physical System Consequences of Unobservable State-and-Topology Cyber-Physical Attacks. IEEE Transactions on Smart Grid, 2017, 7(4): 2016−25. 19 [19] Hao Y, Wang M, Chow J H. Likelihood Analysis of Cyber Data Attacks to Power Systems With Markov Decision Processes. IEEE Transactions on Smart Grid, 2018, 9(4): 3191−202 doi: 10.1109/TSG.2016.2628522 [20] Duan J, Mo-Yuen C. A Novel Data Integrity Attack on Consensus-based Distributed Energy Management Algorithm using Local Information. IEEE Transactions on Industrial Informatics, 2018, PP(99): 1−88 [21] 孙秋野, 杨凌霄, 张化光. 智慧能源-人工智能技术在电力系统中的应用与展望. 控制与决策, 2018, 33(05): 938−49Sun Q Y, Yang L X, Zhang H G. Smart energy -Applications and prospects of artificial intelligence technology in power system. Control and Decision, 2018, 33(05): 938−49 [22] Yan J, He H, Zhong X, et al. Q-Learning-Based Vulnerability Analysis of Smart Grid Against Sequential Topology Attacks. IEEE Transactions on Information Forensics & Security, 2017, 12(1): 200−210 [23] 石立宝, 简洲. 基于动态攻防博弈的电力信息物理融合系统脆弱性评估. 电力系统自动化, 2016, 40(17): 99−105Shi L B, Jian Zhou. Vulnerability assessment of cyberphysical power system based on dynamic attack-defense game model. Automation of Electric Power Systems, 2016, 40(17): 99−105 [24] Wei L, Sarwat A I, Saad W. Stochastic Games for Power Grid Protection Against Coordinated Cyber-Physical Attacks. IEEE Transactions on Smart Grid, 2018, 9(2): 684−94 doi: 10.1109/TSG.2016.2561266 [25] 周彦衡, 吴俊勇, 张广韬, 苗青, 屈博, 胡艳梅. 考虑级联故障的电力系统脆弱性评估. 电网技术, 2013, 37(2): 444−9Zhou Y H, Wu J Y, Zhang G T, Miao Q, Qu T, Hu Y M. Electric Power System Vulnerability Assessment Considering the Influence of Communication System. Power System Technology, 2013, 37(2): 444−9 [26] Langner, R. Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Security & Privacy, 2011, 9(3): 49−51 [27] Warda H, Zhioua S, AlmulhemAL A. PLC access control: a security analysis. In: Proceedings of the 2016 World Congress on Industrial Control Systems Security (WCICSS).IEEE, 2016. [28] 叶夏明, 文福拴, 尚金成, 何洋. 电力系统中信息物理安全风险传播机制. 电网技术, 384(11): 88−95 doi: 10.3321/j.issn:1000-3673.2007.11.017Ye X M, W en, F S, Shang J C, He Y. Propagation Mechanism of Cyber Physical Security Risks in Power Systems. Power System Technology, 384(11): 88−95 doi: 10.3321/j.issn:1000-3673.2007.11.017 [29] Tarali A, Abur A. Bad data detection in two-stage state estimation using phasor measurements. In: Proceedings of the 2012 3rd IEEE PES Innovative Smart Grid Technologies (ISGT). Europe: IEEE, 2012 [30] WANG X, SHI D, WANG J. Online Identification and Data Recovery for PMU Data Manipulation Attack. IEEE Transactions on Smart Grid, 2019, 10(6): 5889−98 [31] Beasley C, Zhong X, Deng J, et al. A survey of electric power synchrophasor network cyber security. In: Proceedings of the IEEE PES Innovative Smart Grid Technologies (ISGT). Europe: IEEE, 2014 12−15 [32] 李强, 周京阳, 于尔铿, 刘树春, 王磊. 基于相量量测的电力系统线性状态估计. 电力系统自动化, 2005, 29(18): 24−8 doi: 10.3321/j.issn:1000-1026.2005.18.005Li Q, Zhou J Y, Yu E J, Liu S C, Wang L. Power System Linear State Estimation Based on Phasor Measurement. Automation of Electric Power Systems, 2005, 29(18): 24−8 doi: 10.3321/j.issn:1000-1026.2005.18.005 [33] Li P, Liu Y, Xin H, et al. A Robust Distributed Economic Dispatch Strategy of Virtual Power Plant Under Cyber-Attacks. IEEE Transactions on Industrial Informatics, 2018, 14(10): 4343−4352 doi: 10.1109/TII.2017.2788868 [34] Liang J, Sankar L, Kosut O. Vulnerability Analysis and Consequences of False Data Injection Attack on Power System State Estimation. IEEE Transactions on Power Systems, 2016, 31(5): 3864−7 -

计量
- 文章访问数: 46
- HTML全文浏览量: 30
- 被引次数: 0