Scada intrusion detection method for power dispatching based on active deception of virtual components

Abstract

The invention relates to an active deception type power dispatching SCADA intrusion detection method based on virtual components. Data of virtual power transmission and distribution lines, generators and transformer components and data of related circuit breaker components are inserted in the existing practical power dispatching SCADA database table; therefore, a power dispatching SCADA system generates corresponding virtual lines, generators, transformers and circuit breakers, such that malicious software intruding into the SCADA system is deceptive to remotely control the virtual components to trip; and the remote control IP address, the MAC address and the port number of the virtual circuit breakers point to an intrusion detection system of the power dispatching SCADA system. When the malicious software intrudes and sends a control command signal to the IP address, the MAC address and the port number relative to the virtual circuit breakers, the intrusion detection system can judge that the malicious software intrudes; the control function of the power dispatching SCADA system is closed or switched to a spare system; the intruded malicious software is prevented from remotely controlling practical important generators, transformers and lines, such that the power grid security is ensured; and the active information security protective capability of the SCADA system can be obviously increased.

Description

technical field [0001] The invention relates to an intrusion detection method of a power dispatching SCADA system, in particular to an intrusion detection method based on active deception and virtual important components to lure intruders to attack. Background technique [0002] As a critical infrastructure of modern society, power systems are high-value targets for cyber attacks. In the process of digitalization and network development of the power system, the power system has gradually developed into a hybrid system composed of information systems and physical grids. Among them, the scheduling control and production management of the power grid are highly dependent on the information system, and the possible consequences of information security incidents have increased significantly. The United States has also set up a special cyber command, specializing in cyber attack and defense research in fields such as electric power. [0003] At present, the research on power syst...

AI Technical Summary

Problems solved by technology

First of all, the virus can bypass the security boundary and attack physically isolated industrial control systems with the help of the enhanced design of the USB flash drive transmission mechanism; The software cannot be checked and killed; finally, because the Stuxnet virus has precise damage targets and has a deep understanding of the target system, it will not spread like ordinary viruses and Trojan horses, and can accurately modify the control parameters of the attack target without communication probing , Carrying out damage, this behavior pattern is obviously different from general malware and viruses, and it is difficult for existing passive intrusion detection systems to accurately capture

To sum up, there is currently a lack of targeted defense against Stuxnet-like malware

Images