Tracing Method For Cyber Attacks In Grid Cyber Physical Systems

Tracing for cyber attacks can help Grid Cyber Physical Systems(GCPS)to adopt appropriate defense strategies,block cyber attacks from the source,and make GCPS free from the threat of cyber attacks to the maximum extent.To the author’s knowledge,there is almost no relevant research on tracing for cyber attacks in GCPS.Because real-time control services in GCPS have high real-time requirements and some communication protocols are not based on TCP/IP,the tracing methods for cyber attacks in traditional information networks are not applicable to GCPS.Based on the above background,this paper studies the tracing methods for cyber attacks in GCPS.The specific research content contains four aspects:1)According to the composition of GCPS,the security of each component of cyber space is analyzed,three types of cyber attacks that GCPS may suffer are summarized,the detection methods of the three types of cyber attacks are given,and the information that intrusion detection system can provide is analyzed.2)Comprehensively considering the situation awareness of grid physical system and cyber system,a tracing model collaborating cyber side and physical side for cyber attacks in GCPS is constructed.Based on the existing fault abductive model,a fault abductive model for grid physical system considering cyber attack is constructed.3)Based on the characteristics of the grid cyber system,four tracing methods for cyber attacks in the grid cyber system are proposed which are the hybrid tracing method against cyber attack combining package marking and package log and the tracing method for cyber attacks based on communication delay and security assessment.To ensure real-time communication of business messages and accuracy of tracing for cyber attacks,a scheduling scheme of tracing methods for cyber attacks combining with business priority is proposed.The scheduling scheme considers the advantages and disadvantages of the two tracing methods for cyber attacks mentioned above.The deployment and functional module design of tracing system for cyber attacks in grid cyber system is presented.4)The application of collaborative tracing model for cyber attacks in the active defense system and fault protection control of GCPS is discussed.A specific attack scenario is conceived with reference to the 2015 grid outage in Ukraine.The combination of theoretical analysis and simulation verifies the effectiveness of the GCPS collaborative tracing model for cyber attacks and tracing methods for cyber attacks in the grid cyber system proposed in this paper.The collaborative tracing model for GCPS,the grid physical system fault abductive model considering cyber attack,and the two tracing methods for cyber attacks in grid cyber system proposed in this paper can trace the cause of grid physical system faults and find the attack source.Thus it can help GCPS to take effective blocking measures to resist cyber attacks and ensure the safe and stable operation of GCPS.Meanwhile,it can also provide reference for GCPS to formulate more effective fault protection control measures.