电力监控系统的网络安全威胁溯源技术研究
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

TM732;TP391.1

基金项目:

国家电网有限公司科技项目“电力监控系统安全监视预警和分析处置技术研究”(SGFJ0000DKJS1900279)


Network security threat tracing technology of power monitoring system
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    为解决电力监控系统中网络安全威胁的防御问题,文中在借鉴国内外威胁溯源方法研究的基础上,分析了电力监控系统安全防护的要求,并结合电力二次系统安全防护特点,提出了建立事件发生链定位攻击源头的电力监控系统网络安全威胁溯源方法。首先对告警日志进行树状图建模,构建事件发生树,然后对发生树进行聚合得到初始的事件发生链集合,最后经过断链处理,得到最终的事件发生链集合。该方法能够自动对电力监控系统的告警数据进行有效分析,提取攻击事件,将原始告警处理成可直观展示的攻击图,实现关联主机的有效捕捉,帮助网络管理者实时监测网络安全状态,及时作出安全处置措施,保障网络、数据及设备等的安全。

    Abstract:

    On the basis of the research results of domestic and foreign threat tracing methods, in order to solve the problem of network security threat defense in power monitoring system. This paper combines with the requirements of power monitoring system security protection and the characteristics of power secondary system security protection by establishing the source of event location chain attack. The method firstly models the alarm log tree, constructs an event generation tree, and then aggregates the occurrence tree to obtain an initial event generation chain set. Finally, after the chain breaking process, the final event generation chain set is obtained. The method can automatically analyze the alarm data of the power monitoring system, extract the attack event, and process the original alarm into an attack map that can be visually displayed, thereby effectively capturing the associated host, and helping the network manager to monitor network security status in real time. So that timely safety measures are taken to ensure the safety of the network, data and equipment.

    参考文献
    相似文献
    引证文献
引用本文

李泽科,陈泽文,王春艳,徐志光,梁野.电力监控系统的网络安全威胁溯源技术研究[J].电力工程技术,2020,39(2):166-172

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2019-10-08
  • 最后修改日期:2019-11-19
  • 录用日期:2019-12-13
  • 在线发布日期: 2020-04-13
  • 出版日期: 2020-03-28
文章二维码