A Security Defense Method Against SYN Flood Attacks In Distributed Power SCADA Systems

With the increasing expansion of power system,a great amount of distributed power subsystem as new energy power plants and converting stations are connected in the prime power system.Because of territory and cost restrictions,the SC ADA(Supervisory Control and Data Acquisition)system,whose network nodes are exposed in public network,operates majorly via public network,so its network security is far bellow that of the SPD-net in prime power system.Traditional malicious attacks on power system as DOS can easily get in touch with the nodes of distributed power system,and make the partial power information system paralyzed.Moreover,it is important to note that the traditional defense approach—firewall—is naturally deficient in dealing with DOS attacks.As a result,DOS attacks become a great threat to the SCADA system and there is no better defense approach than firewall currently.Based on the research to this phenomenon,this paper is to solve the principal problem through algorithm defense approaches.Statistics show that,the most dangerous attack is SYN flood.Hence,this paper focuses on the security defense of the SYN flood attack in distributed power SCADA system.The major research processes are as follows.1.A physical attacking and defending platform of the distributed power SCADA system is established.Based on the advanced experimental condition from information-security Laboratory of NARI Experimental Center as well as experimental projects and instruments under the regulations of RFCC2544 network testing benchmarks and?National Electric Net Ltd.Configuration Regulations of Terminal Equipment for Production and Moving Task?([2012]-102),this platform witnesses the information transmission experiments without any attacks and lays the foundation for experiments with only attacks as well as experiments with both attacks and algorithms defense approaches.2.The attacking projects of SYN flood has been established.This research analyses the attack mechanism of the SYN flood,and simulates the attack through leading in the network performance tester by C language programming.According to the experi-mental result diagram and the response of NSR-378 transformer protector,it shows the negative impact of SYN flood to the distributed power SCADA system and further illustrates the necessity of new defense approaches.3.This research has analysed the feasibilities and principles of the RED algorithm and the Reno algorithm,and tested the operation of them through Arp-tools.Finally,according to the comparison between the analog results and the effect of traditional firewalls,the defense algorithm provided by this paper,proved to be of superiority and practicability,can make compensation for traditional firewalls and can be a supplement to traditional defense approaches.