基于FARIMA模型的智能变电站通信流量异常分析
|
摘要
随着输变电设备自动化、变电站智能化建设的快速发展,电网信息安全隐患日益凸显。精确可靠的变电站通信网络流量模型建模和异常检测方法已成为预防网络安全问题和识别网络攻击的重要手段。文中在对变电站站控层网络流量行为特性进行分析的基础上,采用分形自回归积分滑动平均(FARIMA)模型对网络流量构建了阈值模型。针对变电站典型的网络攻击模式和流量异常特征,基于运行状态评估算法对某实际变电站站控层流量数据进行分析,并计算典型网络异常概率,从而实现了变电站在网络攻击情形下的安全态势评价。
With the rapid development of power transmission and transformation equipment automation and smart substation construction,the hidden danger of grid information security is increasingly prominent.Accurate and reliable traffic modeling and anomaly detection method of substation communication network(SCN)have become very important to prevent network security problems and identify cyber attacks.Based on the analysis of behavior characteristics of network traffic on the control layer of substation station,this paper proposes the fractional autoregressive integrated moving average(FARIMA)model to construct the threshold model for network traffic.Aiming at the typical cyber-attack mode and traffic anomaly characteristics of substation,the traffic data on the control layer of an actual substation station is analyzed based on the operation state assessment algorithm.And the probability of typical network anomaly is calculated.Finally,the safety situation evaluation of the substation is realized under the cyber attacks.
With the rapid development of power transmission and transformation equipment automation and smart substation construction,the hidden danger of grid information security is increasingly prominent.Accurate and reliable traffic modeling and anomaly detection method of substation communication network(SCN)have become very important to prevent network security problems and identify cyber attacks.Based on the analysis of behavior characteristics of network traffic on the control layer of substation station,this paper proposes the fractional autoregressive integrated moving average(FARIMA)model to construct the threshold model for network traffic.Aiming at the typical cyber-attack mode and traffic anomaly characteristics of substation,the traffic data on the control layer of an actual substation station is analyzed based on the operation state assessment algorithm.And the probability of typical network anomaly is calculated.Finally,the safety situation evaluation of the substation is realized under the cyber attacks.
引文
[1]LI Fangxing,QIAO Wei,SUN Hongbin,et al.Smart transmission grid:vision and framework[J].IEEE Transactions on Smart Grid,2010,1(2):168-177.
[2]王栋,陈传鹏,颜佳,等.新一代电力信息网络安全架构的思考[J].电力系统自动化,2016,40(2):6-11.DOI:10.7500/AEPS20150117004.WANG Dong,CHEN Chuanpeng,YAN Jia,et al.Pondering a new-generation security architecture model for power information network[J].Automation of Electric Power Systems,2016,40(2):6-11.DOI:10.7500/AEPS20150117004.
[3]GIUSTINA D,RINALDI S.Hybrid communication network for the smart grid:results from a field test experience[J].IEEETransactions on Power Delivery,2015,30(6):2492-2500.
[4]KOLBUSZ J,PASZCZYNSKI S,WILAMOWSKI B M.Network traffic model for industrial environment[J].IEEETransactions on Industrial Informatics,2006,2(4):213-220.
[5]ZHANG Yanxu,CAI Zexiang,LI Xiaohua,et al.Analytical modeling of traffic flow in the substation communication network[J].IEEE Transactions on Power Delivery,2015,30(5):2119-2127.
[6]WANG Jing.A process level network traffic prediction algorithm based on ARIMA model in smart substation[C]//IEEE International Conference on Signal Processing,Communication and Computing(ICSPCC 2013),August 5-8,2013,Kunming,China.
[7]ZHU Lin,SHI Dongyuan,WANG Pengyuan.IEC 61850-based information model and configuration description of communication network in substation automation[J].IEEETransactions on Power Delivery,2014,29(1):97-107.
[8]LIU Xiaosheng,PANG Jiwei,ZHANG Liang,et al.A highreliability and determinacy architecture for smart substation process-level network based on cobweb topology[J].IEEETransactions on Power Delivery,2014,29(2):842-850.
[9]HONG J,LIU C,GOVINDARASU M.Integrated anomaly detection for cyber security of the substations[J].IEEETransactions on Smart Grid,2014,5(4):1643-1653.
[10]IEC SMB Smart Grid Strategic Group.IEC smart grid standardization roadmap[R].2010.
[11]佟为明,高吉星,卢雷,等.基于报文信息标签的智能变电站通信服务策略[J].电力系统自动化,2018,42(3):124-129.DOI:10.7500/AEPS20170615012.TONG Weiming,GAO Jixing,LU Lei,et al.Communication service strategy of smart substation based on message information label[J].Automation of Electric Power Systems,2018,42(3):124-129.DOI:10.7500/AEPS20170615012.
[12]赵俊华,梁高琪,文福拴,等.乌克兰事件的启示:防范针对电网的虚假数据注入攻击[J].电力系统自动化,2016,40(7):149-151.DOI:10.7500/AEPS20160203101.ZHAO Junhua,LIANG Gaoqi,WEN Fushuan,et al.Lessons learnt from Ukrainian blackout:protecting power grids against false data injection attacks[J].Automation of Electric Power Systems,2016,40(7):149-151.DOI:10.7500/AEPS20160203101.
[13]王文龙,胡荣,张喜铭,等.二次一体化框架下变电站站控层体系架构探讨[J].电力系统自动化,2013,37(14):113-116.WANG Wenlong,HU Rong,ZHANG Ximing,et al.Substation control layer architecture for secondary integration framework[J].Automation of Electric Power Systems,2013,37(14):113-116.
[14]苏占波.基于FARIMA模型的网络流量建模与预测[D].成都:电子科技大学,2010.SU Zhanbo.Modeling and forecasting of network traffic based on FARIMA model[D].Chengdu:University of Electronic Science and Technology of China,2010.
[15]吴温翠.智能变电站过程层网络风暴抑制方法研究[D].北京:华北电力大学,2015.WU Wencui.Research on the network storm suppression on process level in smart substations[D].Beijing:North China Electric Power University,2015.
[16]SHU Y,JIN Z,ZHANG L,et al.Traffic prediction using FARIMA models[C]//IEEE International Conference on Communications,June 6-10,1999,Vancouver,Canada.
[17]李锋,谢俊,赵银凤,等.基于IEC 61850的智能变电站交换机IED信息模型[J].电力系统自动化,2012,36(7):76-80.LI Feng,XIE Jun,ZHAO Yinfeng,et al.IEC 61850based information model of switch intelligent electronic device for smart substations[J].Automation of Electric Power Systems,2012,36(7):76-80.
[18]陈凯,朱钰.机器学习及其相关算法综述[J].统计与信息论坛,2007,22(5):105-112.CHEN Kai,ZHU Yu.A summary of machine learning and related algorithms[J].Statistics&Information Forum,2007,22(5):105-112.
[19]HU Ningning,STEENKISTE P.Estimating available bandwidth using packet pair probing[D].Pittsburgh,USA:Carnegie Mellon University,2002.
[20]李士宁,闫焱,覃征.基于FARIMA模型的网络流量预测[J].计算机工程与应用,2006,42(29):148-150.LI Shining,YAN Yan,QIN Zheng.Network traffic forecast based on FARIMA model[J].Computer Engineering and Applications,2006,42(29):148-150.
[21]张倩倩.面向配电网的电力通信流量分析和预测技术[D].天津:天津大学,2012.ZHANG Qianqian.Power communication traffic analysis and prediction technology for distribution network[D].Tianjin:Tianjin University,2012.
[22]NAIK P A,SHI Peide,TSAI C L.Extending the Akaike information criterion to mixture regression models[J].Journal of the American Statistical Association,2007,102(477):244-254.
[23]BULBUL R,SAPKOTA P,TEN C W,et al.Intrusion evaluation of communication network architectures for power substations[J].IEEE Transactions on Power Delivery,2015,30(3):1372-1382.
[24]高磊,卜强生,袁宇波,等.基于二次回路比对的智能变电站调试及安全措施[J].电力系统自动化,2015,39(20):130-134.DOI:10.7500/AEPS20150101001.GAO Lei,BU Qiangsheng,YUAN Yubo,et al.Smart substation commissioning and safety measures based on secondary circuit comparison[J].Automation of Electric Power Systems,2015,39(20):130-134.DOI:10.7500/AEPS20150101001.
[25]THATTE G.MITRA U,HEIDEMANN J.Parametric methods for anomaly detection in aggregate traffic[J].IEEE/ACM Transactions on Networking,2011,19(2):512-525.
[26]NEVAT I,DIVAKARAN D M,NAGARAJAN S G,et al.Anomaly detection and attribution in networks with temporally correlated traffic[J].IEEE/ACM Transactions on Networking,2018,26(1):131-144.
[2]王栋,陈传鹏,颜佳,等.新一代电力信息网络安全架构的思考[J].电力系统自动化,2016,40(2):6-11.DOI:10.7500/AEPS20150117004.WANG Dong,CHEN Chuanpeng,YAN Jia,et al.Pondering a new-generation security architecture model for power information network[J].Automation of Electric Power Systems,2016,40(2):6-11.DOI:10.7500/AEPS20150117004.
[3]GIUSTINA D,RINALDI S.Hybrid communication network for the smart grid:results from a field test experience[J].IEEETransactions on Power Delivery,2015,30(6):2492-2500.
[4]KOLBUSZ J,PASZCZYNSKI S,WILAMOWSKI B M.Network traffic model for industrial environment[J].IEEETransactions on Industrial Informatics,2006,2(4):213-220.
[5]ZHANG Yanxu,CAI Zexiang,LI Xiaohua,et al.Analytical modeling of traffic flow in the substation communication network[J].IEEE Transactions on Power Delivery,2015,30(5):2119-2127.
[6]WANG Jing.A process level network traffic prediction algorithm based on ARIMA model in smart substation[C]//IEEE International Conference on Signal Processing,Communication and Computing(ICSPCC 2013),August 5-8,2013,Kunming,China.
[7]ZHU Lin,SHI Dongyuan,WANG Pengyuan.IEC 61850-based information model and configuration description of communication network in substation automation[J].IEEETransactions on Power Delivery,2014,29(1):97-107.
[8]LIU Xiaosheng,PANG Jiwei,ZHANG Liang,et al.A highreliability and determinacy architecture for smart substation process-level network based on cobweb topology[J].IEEETransactions on Power Delivery,2014,29(2):842-850.
[9]HONG J,LIU C,GOVINDARASU M.Integrated anomaly detection for cyber security of the substations[J].IEEETransactions on Smart Grid,2014,5(4):1643-1653.
[10]IEC SMB Smart Grid Strategic Group.IEC smart grid standardization roadmap[R].2010.
[11]佟为明,高吉星,卢雷,等.基于报文信息标签的智能变电站通信服务策略[J].电力系统自动化,2018,42(3):124-129.DOI:10.7500/AEPS20170615012.TONG Weiming,GAO Jixing,LU Lei,et al.Communication service strategy of smart substation based on message information label[J].Automation of Electric Power Systems,2018,42(3):124-129.DOI:10.7500/AEPS20170615012.
[12]赵俊华,梁高琪,文福拴,等.乌克兰事件的启示:防范针对电网的虚假数据注入攻击[J].电力系统自动化,2016,40(7):149-151.DOI:10.7500/AEPS20160203101.ZHAO Junhua,LIANG Gaoqi,WEN Fushuan,et al.Lessons learnt from Ukrainian blackout:protecting power grids against false data injection attacks[J].Automation of Electric Power Systems,2016,40(7):149-151.DOI:10.7500/AEPS20160203101.
[13]王文龙,胡荣,张喜铭,等.二次一体化框架下变电站站控层体系架构探讨[J].电力系统自动化,2013,37(14):113-116.WANG Wenlong,HU Rong,ZHANG Ximing,et al.Substation control layer architecture for secondary integration framework[J].Automation of Electric Power Systems,2013,37(14):113-116.
[14]苏占波.基于FARIMA模型的网络流量建模与预测[D].成都:电子科技大学,2010.SU Zhanbo.Modeling and forecasting of network traffic based on FARIMA model[D].Chengdu:University of Electronic Science and Technology of China,2010.
[15]吴温翠.智能变电站过程层网络风暴抑制方法研究[D].北京:华北电力大学,2015.WU Wencui.Research on the network storm suppression on process level in smart substations[D].Beijing:North China Electric Power University,2015.
[16]SHU Y,JIN Z,ZHANG L,et al.Traffic prediction using FARIMA models[C]//IEEE International Conference on Communications,June 6-10,1999,Vancouver,Canada.
[17]李锋,谢俊,赵银凤,等.基于IEC 61850的智能变电站交换机IED信息模型[J].电力系统自动化,2012,36(7):76-80.LI Feng,XIE Jun,ZHAO Yinfeng,et al.IEC 61850based information model of switch intelligent electronic device for smart substations[J].Automation of Electric Power Systems,2012,36(7):76-80.
[18]陈凯,朱钰.机器学习及其相关算法综述[J].统计与信息论坛,2007,22(5):105-112.CHEN Kai,ZHU Yu.A summary of machine learning and related algorithms[J].Statistics&Information Forum,2007,22(5):105-112.
[19]HU Ningning,STEENKISTE P.Estimating available bandwidth using packet pair probing[D].Pittsburgh,USA:Carnegie Mellon University,2002.
[20]李士宁,闫焱,覃征.基于FARIMA模型的网络流量预测[J].计算机工程与应用,2006,42(29):148-150.LI Shining,YAN Yan,QIN Zheng.Network traffic forecast based on FARIMA model[J].Computer Engineering and Applications,2006,42(29):148-150.
[21]张倩倩.面向配电网的电力通信流量分析和预测技术[D].天津:天津大学,2012.ZHANG Qianqian.Power communication traffic analysis and prediction technology for distribution network[D].Tianjin:Tianjin University,2012.
[22]NAIK P A,SHI Peide,TSAI C L.Extending the Akaike information criterion to mixture regression models[J].Journal of the American Statistical Association,2007,102(477):244-254.
[23]BULBUL R,SAPKOTA P,TEN C W,et al.Intrusion evaluation of communication network architectures for power substations[J].IEEE Transactions on Power Delivery,2015,30(3):1372-1382.
[24]高磊,卜强生,袁宇波,等.基于二次回路比对的智能变电站调试及安全措施[J].电力系统自动化,2015,39(20):130-134.DOI:10.7500/AEPS20150101001.GAO Lei,BU Qiangsheng,YUAN Yubo,et al.Smart substation commissioning and safety measures based on secondary circuit comparison[J].Automation of Electric Power Systems,2015,39(20):130-134.DOI:10.7500/AEPS20150101001.
[25]THATTE G.MITRA U,HEIDEMANN J.Parametric methods for anomaly detection in aggregate traffic[J].IEEE/ACM Transactions on Networking,2011,19(2):512-525.
[26]NEVAT I,DIVAKARAN D M,NAGARAJAN S G,et al.Anomaly detection and attribution in networks with temporally correlated traffic[J].IEEE/ACM Transactions on Networking,2018,26(1):131-144.