随着工业4.0的快速推进,与之互联的电力数据采集与监视控制(Supervisory Control and Data Acquisition,SC ADA)系统逐渐趋于信息化和智能化.由于这些系统本身具有脆弱性以及受到攻击和防御能力的不对等性,使得系统存在各种安全隐患.近年来,针对电力攻击事件频发,亟需提出针对智能电网的攻击缓解方法.蜜罐作为一种高效的欺骗防御方法,能够有效地收集智能电网中的攻击行为.针对现有的智能电网蜜罐中存在的交互深度不足、物理工业过程仿真缺失、扩展性差的问题,设计并实现了一种基于强化学习的智能电网蜜罐框架——SGPot,它能够基于电力行业真实设备中的系统不变量模拟智能变电站控制端,通过电力业务流程的仿真来提升蜜罐欺骗性,诱使攻击者与蜜罐深度交互.为了评估蜜罐框架的性能,搭建了小型智能变电站实验验证环境,同时将SGPot和现有的GridPot以及SHaPe蜜罐同时部署在公网环境中,收集了 30天的交互数据.实验结果表明,SGPot收集到的请求数据比GridPot多20%,比SHaPe多75%.SGPot能够诱骗攻击者与蜜罐进行更深度的交互,获取到的交互会话长度大于6的会话数量多于GridPot和SHaPe.
SGPot:A Reinforcement Learning-based Honeypot Framework for Smart Grid
With the rapid advancement of Industry 4.0,the supervisory control and data acquisition(SC ADA)system,which is interconnected with Industry 4.0,is gradually becoming more informationized and intelligent.There are various security hazards in the SCADA system caused by the vulnerability of the system and the disparity in attack and defense capability.Due to the fre-quency of power attacks in recent years,there has been an urgency to propound attack mitigation measures for smart grid.Honey-pots,as an efficient deception defense method,can effectively collect attacks in smart grids.To address the issues of insufficient interaction depth,deficiency of physical industrial process simulation,and poor scalability in existing smart grid honeypots,this paper designs and implements a reinforcement learning-based smart grid honeypot framework—SGPot.It can simulate control side of a smart substation based on the system invariants in real devices of the power industry.Through the simulation of the power business process,the SGPot can enhance the deception of the honeypot and induce attackers to interact deeply with the ho-neypot.In order to evaluate the performance of the honeypot framework,this paper builds a small smart substation experimental validation environment.Mean while,SGPot,the existing GridPot and SHaPe honeypots are simultaneously deployed in the public network environment,and 30 days of interaction data are collected.According to the experimental results of this paper,the re-quest data collected by SGPot is 20%more than GridPot and 75%more than SHaPe.SGPot can induce attackers to interact with the honeypot in greater depth than GridPot and SHaPe,and it obtains more sessions with interaction lengths greater than 6.
万方数据
维普
