能源关键基础设施网络安全威胁与防御技术综述

李建华

doi:10.11999/JEIT191055

能源关键基础设施网络安全威胁与防御技术综述

doi: 10.11999/JEIT191055

李建华^,

1.
上海交通大学网络安全技术研究院上海 200240
2.
中国能源研究会能源网络安全研究中心北京 100045

基金项目: 国家自然科学基金(61431008)

详细信息

作者简介:
李建华：男，1965年生，教授，博士生导师，研究方向为网络安全技术与应用

通讯作者:
李建华　lijh888@sjtu.edu.cn

中图分类号: TN915.08; TP393
计量
- 文章访问数: 2266
- HTML全文浏览量: 1556
- PDF下载量: 274
- 被引次数: 0
出版历程
- 收稿日期: 2019-12-31
- 修回日期: 2020-08-05
- 网络出版日期: 2020-08-06
- 刊出日期: 2020-09-27

Overview of Cyber Security Threats and Defense Technologies for Energy Critical Infrastructure

Jianhua LI^,

1.
Institute of Cyber Science and Technology, Shanghai Jiao Tong University, Shanghai 200240, China
2.
Research Center for Energy Security, China Energy Research Society, Beijing 100045, China

Funds: The National Natural Science Foundation of China (61431008)

摘要

摘要: 在信息技术飞速发展的背景下，能源关键基础设施得到了变革性的飞速发展，与人工智能、大数据、物联网等新技术深度融合。信息技术在显著优化能源关键基础设施的效率和性能的同时，也带来了更加具有持续性和隐蔽性的新型安全威胁。如何针对能源关键基础设施建立体系化、智能化的安全防御体系是亟需解决的问题。该文从能源关键基础设施本身的发展趋势入手，对其面对的传统和新型安全威胁的机理进行了分析。在此基础上，对能源关键基础设施的防御技术演进进行深入的研究和分析。
- 能源关键基础设施 /
- 网络安全 /
- 人工智能 /
- 高级持续威胁 /
- 软件定义网络
Abstract: Energy critical infrastructure has undergone transformative rapid development in the context of the rapid development of information technology, and has been deeply integrated with new technologies such as Artificial Intelligence (AI), big data, and the Internet of Things. While information technology significantly improves the efficiency and performance of energy critical infrastructure, it also brings new types of security threats that are more persistent and covert. An urgent problem is how to establish a systematic and intelligent security defense system for energy critical infrastructure. This paper starts with the development trend of energy critical infrastructure, and analyzes the mechanism of the traditional and new security threat mechanisms it faces. On this basis, insightful analysis on the research status and evolution trends of defense technologies for energy critical infrastructures is made.
- Energy critical infrastructure /
- Cyber security /
- Artificial Intelligence (AI) /
- Advanced Persistent Threat (APT) /
- Software-defined networking

HTML全文

图 1 能源关键基础设施基本架构

下载: 全尺寸图片幻灯片

图 2 能源关键基础设施的网络安全威胁演进

下载: 全尺寸图片幻灯片

图 3 BlackEnergy的APT攻击流程

下载: 全尺寸图片幻灯片

图 4 能源基础设施的信息安全防御技术

下载: 全尺寸图片幻灯片

表 1 国内外现有智能电网安全相关标准与规范

国际标准与规范
标准、建议、规定、指南	制订单位
Smart Grid Cyber Security Strategy and Requirements (DRAFT NIST 7628)	National Institute of Standards and Technology (NIST)
IEEE 21451 -- Standard for a Smart Transducer Interface for Sensors, and Actuators	Shanghai Jiao Tong University (NIST)
Good Practice Guide, Process Control and SCADA Security	Centre for the Protection ofNational Infrastructure (CPNI)
ANSI/ISA-99 Manufacturing and Control Systems Security’ Part 1: Concepts, Models and Terminology (2007) Part2: Establishing a Manufacturing and Control Systems Security Program (2009)	The International Society of Automation (ISA)
21 steps to Improve Cyber Security of SCADA Networks	U.S. Department of Energy (DOE)
Guide to Industrial Control Systems (ICS) Security (NIST SP 800-82)	National Institute of Standards and Technology (NIST)
Recommended Security Controls for Federal Information Systems (including those for Bulk Power System) (NIST SP 800-53)	National Institute of Standards and Technology (NIST)
Advanced Metering Infrastructure (AMI) System Security Requirements	Advanced Security Acceleration Project (ASAP) – Smart Grid
Security Profile for Advanced Metering Infrastructure	Advanced Security Acceleration Project (ASAP) – Smart Grid
Utility AMI Home Area Network System Requirements Specification	Utility AMI
IEC 62351 1-8, Power System Control and Associated Communications – Data and Communication Security	International Electrotechnical Commission (IEC)
IEEE 1686-2007, IEEE Standard for Substation Intelligent Electronic Devices (IED) Cyber Security Capabilities	IEEE
CIP-002, 003-009	North American Electric Reliability Corporation (NERC)
Cyber Security Procurement Language for Control Systems	Department of Homeland Security (DHS)
System Protection Profile - Industrial Control Systems	National Institute of Standards and Technology (NIST)
Catalog of Control Systems Security: Recommendations for Standards Developers	Department of Homeland Security (DHS)
Wireless Standards (ISA SP100)	ISA
国内标准与规范
电力监控系统安全防护规定	发改委
信息安全技术安全可控信息系统电力系统安全指标体系	中国电力科学研究院
电力系统管理及其信息交换数据和通信安全	全国电力系统管理及其信息交换标准化技术委员会

下载: 导出CSV

参考文献(102)

SATO T, KAMMEN D M, DUAN B, et al. Smart Grid Standards: Specifications, Requirements, and Technologies[M]. Singapore: John Wiley & Sons, 2015.

AKINGENEYE I and WU Jingxian. Low latency detection of sparse false data injections in smart grids[J]. IEEE Access, 2018, 6: 58564–58573. doi: 10.1109/ACCESS.2018.2873981

张钧, 黄翰, 张义斌. 国外智能电网顶层技术路线对比分析[J]. 华北电力大学学报: 社会科学版, 2015(4): 25–30.

ZHANG Jun, HUANG Han, and ZHANG Yibin. Comparative analysis of foreign smart grid top-level roadmaps[J]. Journal of North China Electric Power University:Social Sciences, 2015(4): 25–30.

WANG Kuan, LI Jianhua, WU Jun, et al. QoS-predicted energy efficient routing for information-centric smart grid: A network calculus approach[J]. IEEE Access, 2018, 6: 52867–52876. doi: 10.1109/ACCESS.2018.2870929

LIGHTNER E M and WIDERGREN S E. An orderly transition to a transformed electricity system[J]. IEEE Transactions on Smart Grid, 2010, 1(1): 3–10. doi: 10.1109/TSG.2010.2045013

RADOGLOU-GRAMMATIKIS P I and SARIGIANNIDIS P G. Securing the smart grid: A comprehensive compilation of intrusion detection and prevention systems[J]. IEEE Access, 2019, 7: 46595–46620. doi: 10.1109/ACCESS.2019.2909807

BUSH G W. Address to a joint session of congress and the American people[R]. 2001: xviii.

FANG Xi, MISRA S, XUE Guoliang, et al. Smart grid—The new and improved power grid: A survey[J]. IEEE Communications Surveys & Tutorials, 2012, 14(4): 944–980.

BERA S, MISRA S, and RODRIGUES J J P C. Cloud computing applications for smart grid: A survey[J]. IEEE Transactions on Parallel and Distributed Systems, 2015, 26(5): 1477–1494. doi: 10.1109/TPDS.2014.2321378

TANYINGYONG V, OLSSON R, CHO J W, et al. IoT-grid: IoT communication for smart DC grids[C]. 2016 IEEE Global Communications Conference, Washington, USA, 2016: 1–7.

YOUSSEF N E H B, BAROUNI Y, KHALFALLAH S, et al. Mixing SDN and CCN for content-centric Qos aware smart grid architecture[C]. The 25th IEEE/ACM International Symposium on Quality of Service, Vilanovaila Geltru, 2017: 1–5.

LI Gaolei, WU Jun, GUO Longhua, et al. SDN based dynamic and autonomous bandwidth allocation as ACSI services of IEC61850 communications in smart grid[C]. 2016 IEEE Smart Energy Grid Engineering, Oshawa, 2016: 342–346.

KUMAR N, ZEADALLY S, and RODRIGUES J J P C. Vehicular delay-tolerant networks for smart grid data management using mobile edge computing[J]. IEEE Communications Magazine, 2016, 54(10): 60–66. doi: 10.1109/MCOM.2016.7588230

AHSAN U and BAIS A. Distributed big data management in smart grid[C]. The 26th Wireless and Optical Communication Conference, Newark, 2017: 1–6.

LIU Keyan, SHENG Wanxing, LIU Yuan, et al. Optimal sitting and sizing of DGs in distribution system considering time sequence characteristics of loads and DGs[J]. International Journal of Electrical Power & Energy Systems, 2015, 69: 430–440.

AMIN S, LITRICO X, SASTRY S S, et al. Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models[J]. IEEE Transactions on Control Systems Technology, 2013, 21(5): 1679–1693. doi: 10.1109/TCST.2012.2211874

NTALAMPIRAS S. Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling[J]. IEEE Transactions on Industrial Informatics, 2015, 11(1): 104–111. doi: 10.1109/TII.2014.2367322

LIU Xuan and LI Zuyi. Trilevel modeling of cyber attacks on transmission lines[J]. IEEE Transactions on Smart Grid, 2017, 8(2): 720–729.

NI Jianbing, ALHARBI K, LIN Xiaodong, et al. Security-enhanced data aggregation against malicious gateways in smart grid[C]. 2015 IEEE Global Communications Conference, San Diego, 2015: 1–6.

伊胜伟, 张翀斌, 谢丰, 等. 基于Peach的工业控制网络协议安全分析[J]. 清华大学学报: 自然科学版, 2017, 57(1): 50–54.

YI Shengwei, ZHANG Chongbin, XIE Feng, et al. Security analysis of industrial control network protocols based on Peach[J]. Journal of Tsinghua University:Science and Technology, 2017, 57(1): 50–54.

OOZEER M I and HAYKIN S. Cognitive risk control for mitigating cyber-attack in smart grid[J]. IEEE Access, 2019, 7: 125806–125826. doi: 10.1109/ACCESS.2019.2939089

ALOUL F, AL-ALI A R, AL-DALKY R, et al. Smart grid security: Threats, vulnerabilities and solutions[J]. International Journal of Smart Grid and Clean Energy, 2012, 1(1): 1–6.

GUAN Zhitao, LI Jing, ZHU Liehuang, et al. Toward delay-tolerant flexible data access control for smart grid with renewable energy resources[J]. IEEE Transactions on Industrial Informatics, 2017, 13(6): 3216–3225. doi: 10.1109/TII.2017.2706760

SHENG Wanxing, LIU Keyan, CHENG Sheng, et al. A trust region SQP method for coordinated voltage control in smart distribution grid[J]. IEEE Transactions on Smart Grid, 2016, 7(1): 381–391. doi: 10.1109/TSG.2014.2376197

ABHINAV S, MODARES H, LEWIS F L, et al. Synchrony in networked microgrids under attacks[J]. IEEE Transactions on Smart Grid, 2018, 9(6): 6731–6741. doi: 10.1109/TSG.2017.2721382

吴聪, 唐巍, 白牧可, 等. 基于能源路由器的用户侧能源互联网规划[J]. 电力系统自动化, 2017, 41(4): 20–28.

WU Cong, TANG Wei, BAI Muke, et al. Energy router based planning of energy internet at user side[J]. Automation of Electric Power Systems, 2017, 41(4): 20–28.

孟晓丽, 高君, 盛万兴, 等. 含分布式电源的配电网日前两阶段优化调度模型[J]. 电网技术, 2015, 39(5): 1294–1300.

MENG Xiaoli, GAO Jun, SHENG Wanxing, et al. A day-ahead two-stage optimal scheduling model for distribution network containing distributed generations[J]. Power System Technology, 2015, 39(5): 1294–1300.

WANG Yufei, ZHANG Bo, LIN Weimin, et al. Smart grid information security - a research on standards[C]. 2011 International Conference on Advanced Power System Automation and Protection, Beijing, China, 2011: 1188–1194.

BASSO T, HAMBRICK J, and DEBLASIO D. Update and review of IEEE P2030 Smart Grid Interoperability and IEEE 1547 interconnection standards[C]. 2012 IEEE PES Innovative Smart Grid Technologies, Washington, USA, 2012: 1–7.

SRIKANTHA P and KUNDUR D. Denial of service attacks and mitigation for stability in cyber-enabled power grid[C]. 2015 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference, Washington, USA, 2015: 1–5.

ZHANG Zhenghao, GONG Shuping, DIMITROVSKI A D, et al. Time synchronization attack in smart grid: Impact and analysis[J]. IEEE Transactions on Smart Grid, 2013, 4(1): 87–98. doi: 10.1109/TSG.2012.2227342

LIU Yao, NING Peng, and REITER M K. False data injection attacks against state estimation in electric power grids[J]. ACM Transactions on Information and System Security, 2011, 14(1): 13.

YAN Jun, HE Haibo, ZHONG Xiangnan, et al. Q-learning-based vulnerability analysis of smart grid against sequential topology attacks[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(1): 200–210.

XIANG Yingmeng, DING Zhilu, ZHANG Yichi, et al. Power system reliability evaluation considering load redistribution attacks[J]. IEEE Transactions on Smart Grid, 2017, 8(2): 889–901.

LIU Shan, KUNDUR D, ZOURNTOS T, et al. Coordinated variable structure switching attack in the presence of model error and state estimation[C]. The 3rd IEEE International Conference on Smart Grid Communications, Tainan, China, 2012: 318–323.

SANKAR L, RAJAGOPALAN S R, MOHAJER S, et al. Smart meter privacy: A theoretical framework[J]. IEEE Transactions on Smart Grid, 2013, 4(2): 837–846. doi: 10.1109/TSG.2012.2211046

XU Ruzhi, WANG Rui, GUAN Zhitao, et al. Achieving efficient detection against false data injection attacks in smart grid[J]. IEEE Access, 2017, 5: 13787–13798. doi: 10.1109/ACCESS.2017.2728681

YE Hongxing, GE Yinyin, LIU Xuan, et al. Transmission line rating attack in two-settlement electricity markets[J]. IEEE Transactions on Smart Grid, 2016, 7(3): 1346–1355. doi: 10.1109/TSG.2015.2426418

TEN C W, HONG J, and LIU C C. Anomaly detection for cybersecurity of the substations[J]. IEEE Transactions on Smart Grid, 2011, 2(4): 865–873. doi: 10.1109/TSG.2011.2159406

SALMERON J, WOOD K, and BALDICK R. Analysis of electric grid security under terrorist threat[J]. IEEE Transactions on Power Systems, 2004, 19(2): 905–912. doi: 10.1109/TPWRS.2004.825888

ALSHAMRANI A, MYNENI S, CHOWDHARY A, et al. A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities[J]. IEEE Communications Surveys & Tutorials, 2019, 21(2): 1851–1877.

SRIVASTAVA A, MORRIS T, ERNSTER T, et al. Modeling cyber-physical vulnerability of the smart grid with incomplete information[J]. IEEE Transactions on Smart Grid, 2013, 4(1): 235–244. doi: 10.1109/TSG.2012.2232318

李中伟, 佟为明, 金显吉. 智能电网信息安全防御体系与信息安全测试系统构建乌克兰和以色列国家电网遭受网络攻击事件的思考与启示[J]. 电力系统自动化, 2016, 40(8): 147–151.

LI Zhongwei, TONG Weiming, and JIN Xianji. Construction of cyber security defense hierarchy and cyber security testing system of smart grid: Thinking and enlightenment for network attack events to national power grid of Ukraine and Israel[J]. Automation of Electric Power Systems, 2016, 40(8): 147–151.

STELLIOS I, KOTZANIKOLAOU P, and PSARAKIS M. Advanced persistent threats and zero-day exploits in industrial internet of things[M]. ALCARAZ C. Security and Privacy Trends in the Industrial Internet of Things. Cham: Springer, 2019: 47–68.

BERRUETA E, MORATO D, MAGAÑA E, et al. A survey on detection techniques for cryptographic ransomware[J]. IEEE Access, 2019, 7: 144925–144944. doi: 10.1109/ACCESS.2019.2945839

AL-RIMY B A S, MAAROF M A, and SHAID S Z M. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions[J]. Computers & Security, 2018, 74: 144–166.

LEE K, LEE S Y, and YIM K. Machine learning based file entropy analysis for ransomware detection in backup systems[J]. IEEE Access, 2019, 7: 110205–110215. doi: 10.1109/ACCESS.2019.2931136

PAUDEL S, SMITH P, and ZSEBY T. Attack models for advanced persistent threats in smart grid wide area monitoring[C]. The 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, Pittsburgh, 2017: 61–66.

SKOPIK F, FRIEDBERG I, and FIEDLER R. Dealing with advanced persistent threats in smart grid ICT networks[C]. ISGT 2014, Washington, 2014: 1–5.

WANG Zhiwei. An identity-based data aggregation protocol for the smart grid[J]. IEEE Transactions on Industrial Informatics, 2017, 13(5): 2428–2435. doi: 10.1109/TII.2017.2705218

FOUDA M M, FADLULLAH Z M, and KATO N. Assessing attack threat against ZigBee-based home area network for smart grid communications[C]. 2010 International Conference on Computer Engineering & Systems, Cairo, Egypt, 2010: 245–250.

ISMAIL Z, LENEUTRE J, BATEMAN D, et al. A game theoretical analysis of data confidentiality attacks on smart-grid AMI[J]. IEEE Journal on Selected Areas in Communications, 2014, 32(7): 1486–1499. doi: 10.1109/JSAC.2014.2332095

FARRAJ A K, HAMMAD E M, AL DAOUD A, et al. A game-theoretic control approach to mitigate cyber switching attacks in smart grid systems[C]. 2014 IEEE International Conference on Smart Grid Communications, Venice, Italy, 2014: 958–963.

GIANI A, BITAR E, GARCIA M, et al. Smart grid data integrity attacks[J]. IEEE Transactions on Smart Grid, 2013, 4(3): 1244–1253. doi: 10.1109/TSG.2013.2245155

KOSUT O, JIA Liyan, THOMAS R J, et al. Malicious data attacks on the smart grid[J]. IEEE Transactions on Smart Grid, 2011, 2(4): 645–658. doi: 10.1109/TSG.2011.2163807

MASTER N, MOUNZER J, and BAMBOS N. Distributed smart grid architecture for delay and price sensitive power management[C]. 2014 IEEE International Conference on Communications, Sydney, 2014: 3670–3675.

AYDEGER A, AKKAYA K, CINTUGLU M H, et al. Software defined networking for resilient communications in smart grid active distribution networks[C]. 2016 IEEE International Conference on Communications, Kuala Lumpur, Malaysia, 2016: 1–6.

RANA M M, LI Li, and SU S W. An adaptive-then-combine dynamic state estimation considering renewable generations in smart grids[J]. IEEE Journal on Selected Areas in Communications, 2016, 34(12): 3954–3961. doi: 10.1109/JSAC.2016.2611963

ROSSEBØ J E Y, WOLTHUIS R, FRANSEN F, et al. An enhanced risk-assessment methodology for smart grids[J]. Computer, 2017, 50(4): 62–71. doi: 10.1109/MC.2017.106

ZHANG Shanghua, LI Qiang, WU Jun, et al. A security mechanism for software-defined networking based communications in vehicle-to-grid[C]. 2016 IEEE Smart Energy Grid Engineering, Oshawa, 2016: 386–391.

谢永, 李香, 张松松. 一种可证安全的车联网无证书聚合签名改进方案[J]. 电子与信息学报, 2020, 42(5): 1125–1131. doi: 10.11999/JEIT190184

XIE Yong, LI Xiang, ZHANG Songsong, et al. An improved provable secure certificateless aggregation signature scheme for vehicular Ad Hoc NETworks[J]. Journal of Electronics &Information Technology, 2020, 42(5): 1125–1131. doi: 10.11999/JEIT190184

LI Gaolei, WU Jun, LI Jianhua, et al. Battery status sensing software-defined multicast for V2G regulation in smart grid[J]. IEEE Sensors Journal, 2017, 17(23): 7838–7848. doi: 10.1109/JSEN.2017.2731971

邵苏杰, 郭少勇, 邱雪松, 等. 基于加权队列的无线智能电网通信网采集数据流量调度算法[J]. 电子与信息学报, 2014, 36(5): 1209–1214.

SHAO Sujie, GUO Shaoyong, QIU Xuesong, et al. Traffic scheduling algorithm based on weighted queue for meter data collection in wireless smart grid communication network[J]. Journal of Electronics &Information Technology, 2014, 36(5): 1209–1214.

CHEN Pinyu, CHENG S M, and CHEN K C. Smart attacks in smart grid communication networks[J]. IEEE Communications Magazine, 2012, 50(8): 24–29. doi: 10.1109/MCOM.2012.6257523

JOHNSON R E. Survey of SCADA security challenges and potential attack vectors[C]. 2010 International Conference for Internet Technology and Secured Transactions, London, 2010: 1–5.

YANG Yi, XU Haiqing, GAO Lei, et al. Multidimensional intrusion detection system for IEC 61850-based SCADA networks[J]. IEEE Transactions on Power Delivery, 2017, 32(2): 1068–1078. doi: 10.1109/TPWRD.2016.2603339

DO V L, FILLATRE L, NIKIFOROV I, et al. Security of SCADA systems against cyber–physical attacks[J]. IEEE Aerospace and Electronic Systems Magazine, 2017, 32(5): 28–45. doi: 10.1109/MAES.2017.160047

ZHANG Jiexin, GAN Shaoduo, LIU Xiaoxue, et al. Intrusion detection in SCADA systems by traffic periodicity and telemetry analysis[C]. 2016 IEEE Symposium on Computers and Communication, Messina, Italy, 2016: 318–325.

PAN Zhiwen, HARIRI S, and PACHECO J. Context aware intrusion detection for building automation systems[J]. Computers & Security, 2019, 85: 181–201.

YILMAZ E N and GÖNEN S. Attack detection/prevention system against cyber attack in industrial control systems[J]. Computers & Security, 2018, 77: 94–105.

LIANG Gaoqi, ZHAO Junhua, LUO Fengji, et al. A review of false data injection attacks against modern power systems[J]. IEEE Transactions on Smart Grid, 2017, 8(4): 1630–1638. doi: 10.1109/TSG.2015.2495133

YU Shucheng, REN Kui, and LOU Wenjing. FDAC: Toward fine-grained distributed data access control in wireless sensor networks[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(4): 673–686. doi: 10.1109/TPDS.2010.130

WU Jun, DONG Mianxiong, OTA K, et al. Cross-domain fine-grained data usage control service for industrial wireless sensor networks[J]. IEEE Access, 2015, 3: 2939–2949. doi: 10.1109/ACCESS.2015.2504541

KIM Y, KOLESNIKOV V, and THOTTAN M. Resilient end-to-end message protection for cyber-physical system communications[J]. IEEE Transactions on Smart Grid, 2018, 9(4): 2478–2487. doi: 10.1109/TSG.2016.2613545

ELATTAR M. Reliable Communications Within Cyber-Physical Systems Using the Internet (RC4CPS)[M]. Berlin, Heidelberg: 2020.

GUAN Zhitao, LI Jing, WU Longfei, et al. Achieving efficient and secure data acquisition for cloud-supported internet of things in smart grid[J]. IEEE Internet of Things Journal, 2017, 4(6): 1934–1944. doi: 10.1109/JIOT.2017.2690522

MARKHAM T and PAYNE C. Security at the network edge: A distributed firewall architecture[C]. DARPA Information Survivability Conference and Exposition II. DISCEX’01, Anaheim, 2001, 1: 279–286.

MONTERO D, YANNUZZI M, SHAW A, et al. Virtualized security at the network edge: A user-centric approach[J]. IEEE Communications Magazine, 2015, 53(4): 176–186. doi: 10.1109/MCOM.2015.7081092

MONTERO D and SERRAL-GRACIÀ R. Offloading personal security applications to the network edge: A mobile user case scenario[C]. 2016 International Wireless Communications and Mobile Computing Conference, Paphos, Cyprus, 2016: 96–101.

ESPOSITO C, CASTIGLIONE A, POP F, et al. Challenges of connecting edge and cloud computing: A security and forensic perspective[J]. IEEE Cloud Computing, 2017, 4(2): 13–17. doi: 10.1109/MCC.2017.30

SHAH G A, GUNGOR V C, and AKAN O B. A cross-layer QoS-aware communication framework in cognitive radio sensor networks for smart grid applications[J]. IEEE Transactions on Industrial Informatics, 2013, 9(3): 1477–1485. doi: 10.1109/TII.2013.2242083

SUN Mingyang, KONSTANTELOS I, and STRBAC G. A deep learning-based feature extraction framework for system security assessment[J]. IEEE Transactions on Smart Grid, 2019, 10(5): 5007–5020. doi: 10.1109/TSG.2018.2873001

ZAFAR S, JANGSHER S, BOUACHIR O, et al. QoS enhancement with deep learning-based interference prediction in mobile IoT[J]. Computer Communications, 2019, 148: 86–97. doi: 10.1016/j.comcom.2019.09.010

关志涛, 徐月, 伍军. 传感器网络中基于三元多项式的密钥管理方案[J]. 通信学报, 2013, 34(12): 71–78. doi: 10.3969/j.issn.1000-436x.2013.12.008

GUAN Zhitao, XU Yue, and WU Jun. Ternary polynomial based key management scheme for wireless sensor network[J]. Journal on Communications, 2013, 34(12): 71–78. doi: 10.3969/j.issn.1000-436x.2013.12.008

LUO Shibo, DONG Mianxiong, OTA K, et al. A security assessment mechanism for software-defined networking-based mobile networks[J]. Sensors, 2015, 15(12): 31843–31858. doi: 10.3390/s151229887

SAXENA N, CHUKWUKA V, XIONG Leilei, et al. CPSA: A cyber-physical security assessment tool for situational awareness in smart grid[C]. The 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, Dallas, 2017: 69–79.

WU Jun, OTA K, DONG Mianxiong, et al. Big data analysis-based security situational awareness for smart grid[J]. IEEE Transactions on Big Data, 2018, 4(3): 408–417. doi: 10.1109/TBDATA.2016.2616146

李建华. 网络空间威胁情报感知、共享与分析技术综述[J]. 网络与信息安全学报, 2016, 2(2): 16–29. doi: 10.11959/j.issn.2096-109x.2016.00028

LI Jianhua. Overview of the technologies of threat intelligence sensing, sharing and analysis in cyber space[J]. Chinese Journal of Network and Information Security, 2016, 2(2): 16–29. doi: 10.11959/j.issn.2096-109x.2016.00028

柴争义, 白浩, 张浩军. 一种容侵的CA私钥签名方案[J]. 河北师范大学学报: 自然科学版, 2008, 32(3): 310–312.

CHAI Zhengyi, BAI Hao, and ZHANG Haojun. An intrusion tolerant signature scheme of CA private key[J]. Journal of Hebei Normal University:Natural Science Edition, 2008, 32(3): 310–312.

AJTAI M. Generating hard instances of lattice problems (extended abstract)[C]. The 28th Annual ACM Symposium on Theory of Computing, Philadelphia, 1996: 99–108.

CHEN L, JORDAN S, LIU Yikai, et al. Report on post-quantum cryptography[R]. NISTIR 8105, 2016.

邬江兴. 拟态计算与拟态安全防御的原意和愿景[J]. 电信科学, 2014, 30(7): 2–7. doi: 10.3969/j.issn.1000-0801.2014.07.001

WU Jiangxing. Meaning and vision of mimic computing and mimic security defense[J]. Telecommunications Science, 2014, 30(7): 2–7. doi: 10.3969/j.issn.1000-0801.2014.07.001

HEYDARI V, KIM S I, and YOO S M. Scalable anti-censorship framework using moving target defense for Web servers[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(5): 1113–1124. doi: 10.1109/TIFS.2016.2647218

HUANG Lina, LI Gaolei, WU Jun, et al. Software-defined QoS provisioning for fog computing advanced wireless sensor networks[C]. 2016 IEEE SENSORS, Orlando, 2016: 1–3.

XIAO Liang, XU Dongjin, XIE Caixia, et al. Cloud storage defense against advanced persistent threats: A prospect theoretic study[J]. IEEE Journal on Selected Areas in Communications, 2017, 35(3): 534–544. doi: 10.1109/JSAC.2017.2659418

张浩, 王丽娜, 谈诚, 等. 云环境下APT攻击的防御方法综述[J]. 计算机科学, 2016, 43(3): 1–7, 43. doi: 10.11896/j.issn.1002-137X.2016.03.001

ZHANG Hao, WANG Lina, TAN Cheng, et al. Review of defense methods against advanced persistent threat in cloud environment[J]. Computer Science, 2016, 43(3): 1–7, 43. doi: 10.11896/j.issn.1002-137X.2016.03.001

付钰, 李洪成, 吴晓平, 等. 基于大数据分析的APT攻击检测研究综述[J]. 通信学报, 2015, 36(11): 1–14. doi: 10.11959/j.issn.1000-436x.2015184

FU Yu, LI Hongcheng, WU Xiaoping, et al. Detecting APT attacks: A survey from the perspective of big data analysis[J]. Journal on Communications, 2015, 36(11): 1–14. doi: 10.11959/j.issn.1000-436x.2015184

HONG K F, CHEN C C, CHIU Y T, et al. Ctracer: Uncover C&C in advanced persistent threats based on scalable framework for enterprise log data[C]. 2015 IEEE International Congress on Big Data, New York, 2015: 551–558.

WANG Xu, ZHENG Kangfeng, NIU Xinxin, et al. Detection of command and control in advanced persistent threat based on independent access[C]. 2016 IEEE International Conference on Communications, Kuala Lumpur, Malaysia, 2016: 1–6.

刘彩霞, 胡鑫鑫, 刘树新, 等. 基于Lowe分类法的5G网络EAP-AKA’协议安全性分析[J]. 电子与信息学报, 2019, 41(8): 1800–1807.

LIU Caixia, HU Xinxin, LIU Shuxin, et al. Security analysis of 5G network EAP-AKA’ protocol based on Lowe’s taxonomy[J]. Journal of Electronics &Information Technology, 2019, 41(8): 1800–1807.

张小松, 牛伟纳, 杨国武, 等. 基于树型结构的APT攻击预测方法[J]. 电子科技大学学报, 2016, 45(4): 582–588. doi: 10.3969/j.issn.1001-0548.2016.04.011

ZHANG Xiaosong, NIU Weina, YANG Guowu, et al. Method for APT prediction based on tree structure[J]. Journal of University of Electronic Science and Technology of China, 2016, 45(4): 582–588. doi: 10.3969/j.issn.1001-0548.2016.04.011

姚苏, 关建峰, 潘华, 等. 基于APT潜伏攻击的网络可生存性模型与分析[J]. 电子学报, 2016, 44(10): 2415–2422. doi: 10.3969/j.issn.0372-2112.2016.10.020

YAO Su, GUAN Jianfeng, PAN Hua, et al. Modeling and analysis for network survivability of APT latent attack[J]. Acta Electronsica Sinica, 2016, 44(10): 2415–2422. doi: 10.3969/j.issn.0372-2112.2016.10.020

施引文献

资源附件(0)

访问统计