IEC61850-based detection method and system for detecting power industrial control network intrusions

A network control and intrusion detection technology, applied in transmission systems, electrical components, etc., can solve problems such as missing real attacks, detection accuracy needs to be improved, and spoofing attacks

Active Publication Date: 2017-07-25
JIANGSU ELECTRIC POWER RES INST +2
View PDF5 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the lack of control instruction authentication mechanism in the traditional power industry system, malicious attackers may access the industrial control system without authorization, destroy the integrity and availability of information, launch spoofing attacks, replay attacks and man-in-the-middle attacks, which may cause catastrophic damage and endanger safe operation of the system
Existing intrusion detection...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IEC61850-based detection method and system for detecting power industrial control network intrusions
  • IEC61850-based detection method and system for detecting power industrial control network intrusions
  • IEC61850-based detection method and system for detecting power industrial control network intrusions

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0106] In the following, the implementation cases of the present invention will be described in detail with reference to the accompanying drawings;

[0107] Such as figure 1 As shown, the IEC 61850-based intrusion detection method for electric power industry control network according to the present invention includes:

[0108] ACD access control detection: used to prevent malware activities and attacks that try to communicate with the control server during the initial infection stage; it includes the establishment of the MAC address in the data link layer, the IP address in the network layer and the access control of the transport layer port Whitelist, if any address or port is not in the corresponding whitelist, a preset action will be taken;

[0109] PWD protocol whitelist detection: used to detect abnormal protocol traffic in the station control layer network and process layer network of the substation and alarm; it includes the setting of various protocols supported by the stati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an IEC61850-based detection method and system for detecting power industrial control network intrusions; the method comprises access control detection, protocol white list detection, model-based detection and multiple-parameter-based detection, wherein through the access control detection, it is possible to prevent malware intending to communicate with a control server from acting and attacking, and the effect is particularly good in the initial infection stage; through the protocol white list detection, it is possible to detect abnormal protocol traffic in station control layer and process layer network of a substation and give a warning; the model-based anomaly detection has the potential to discover hostile attack or untended anomalies in the station control layer and process layer network; in the multiple-parameter-based detection, possible threats to an industrial control system due to internal untended misuse or external hostile attack can be recognized by monitoring the most sensitive parameters of an intelligent substation. Validation on a network physical test platform for simulating actual 500 kV intelligent substations shows that the method is timely and practical.

Description

Technical field [0001] The invention belongs to the technical field of industrial control system network information security, and in particular relates to an IEC61850-based power industry control network intrusion detection method and system. Background technique [0002] The industrial control system is a computer-based production process control and scheduling automation system. It can monitor and control on-site operating equipment and play an important role in the industrial control system of key infrastructure such as power, petroleum, and chemical industries. As the complexity and interconnectivity of industrial control systems continue to increase, the possibility of malicious network attacks has also increased significantly. Industrial control networks that follow traditional communication protocols often have insufficient consideration of network security threats at the beginning of their design. The continuously evolving industrial control system may be regarded by ma...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0236H04L63/1425H04L63/1441H04L63/145H04L63/1458
Inventor 杨毅
Owner JIANGSU ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap