Research On High Concealment Security Threat Detection Method Of Cyber-Physical Power System

The cyber physical power system(CPPS)is a fundamental idea and an important way to realize the construction of smart grids.Relying on the rapid development of information technology,the CPPS realizes the synergy between global optimization and local control,and with the implementation of the new power system,a new national energy security strategy,this advantage of the CPPS will become more prominent.But the control operation of the power network is heavily dependent on the power communication network,and this interdependence and interaction makes the CPPS more exposed to potential uncertain security threats.In recent years,high concealment has become a major feature of the CPPS security threat,internal penetration,supply chain attacks,and no communication collaboration,which seriously threaten the power system security.Therefore,there is an urgent need to conduct research on highly covert security threats.In this paper,we focus on the problem of highly concealed security threats in CPPS,and carry out research on security threat analysis and detection methods from two perspectives:insider threats and external attacks.The main contents of the article include:(1)A comprehensive overview of insider threats.Firstly,potential insider security threats are analyzed from two systems:production control and marketing,and then the existing protection measures are elaborated from five aspects:security protocol guidance,error prevention technology research,domain knowledge application,permission allocation research and data leakage protection.The possibility of applying blockchain and zero trust in insider threat protection is explored.(2)An insider threat detection method of Advanced Metering Infrastructure(AMI)is proposed.In view of the violation and mis-operation of remote charge control operations in the Advanced Metering Infrastructure,a charge control instruction verification module is designed based on business knowledge,and the practicality of the method is verified by using actual user data.In view of the malicious false tariff data and smart meter disconnection instruction issuance in AMI.a detection module is designed based on the business scenario context,and based on the design of the detection algorithm,it is found that the system clock synchronization and the parameter setting of the algorithm adjustment are the keys to ensure the detection accuracy.(3)An external attack detection method of Substation Automation System is proposed.For the attacker with a priori knowledge of penetration intrusion after accessing the substation configuration description file for precise attack brings no obvious anomalies and difficult detection,based on the characteristics of fixed and closed SCD file operation environment and limited application scenarios,the SCD file access control whitelist consisting of three elements of process feature code,call function and call order is constructed to detect illegal operations,and the method can realize SCD file attack and intrusion detection under limited resource consumption.The research on insider threats,a special kind of highly concealed security threats,can effectively fill the research gap in the related field and improve the security protection system of power systems.The proposed detection method can overcome the disadvantages of the commonly used anomaly detection algorithms,which inherently rely on a large amount of sample data,uncontrollable false alarm rate,difficult decision making,and poor interpretability of the detection process in a "black box" state,and improve the active security defense capability of the power system.