高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

能源关键基础设施网络安全威胁与防御技术综述

李建华

李建华. 能源关键基础设施网络安全威胁与防御技术综述[J]. 电子与信息学报, 2020, 42(9): 2065-2081. doi: 10.11999/JEIT191055
引用本文: 李建华. 能源关键基础设施网络安全威胁与防御技术综述[J]. 电子与信息学报, 2020, 42(9): 2065-2081. doi: 10.11999/JEIT191055
Jianhua LI. Overview of Cyber Security Threats and Defense Technologies for Energy Critical Infrastructure[J]. Journal of Electronics and Information Technology, 2020, 42(9): 2065-2081. doi: 10.11999/JEIT191055
Citation: Jianhua LI. Overview of Cyber Security Threats and Defense Technologies for Energy Critical Infrastructure[J]. Journal of Electronics and Information Technology, 2020, 42(9): 2065-2081. doi: 10.11999/JEIT191055

能源关键基础设施网络安全威胁与防御技术综述

doi: 10.11999/JEIT191055
基金项目: 国家自然科学基金(61431008)
详细信息
    作者简介:

    李建华:男,1965年生,教授,博士生导师,研究方向为网络安全技术与应用

    通讯作者:

    李建华 lijh888@sjtu.edu.cn

  • 中图分类号: TP393

Overview of Cyber Security Threats and Defense Technologies for Energy Critical Infrastructure

Funds: The National Natural Science Foundation of China (61431008)
  • 摘要: 在信息技术飞速发展的背景下,能源关键基础设施得到了变革性的飞速发展,与人工智能、大数据、物联网等新技术深度融合。信息技术在显著优化能源关键基础设施的效率和性能的同时,也带来了更加具有持续性和隐蔽性的新型安全威胁。如何针对能源关键基础设施建立体系化、智能化的安全防御体系是亟需解决的问题。该文从能源关键基础设施本身的发展趋势入手,对其面对的传统和新型安全威胁的机理进行了分析。在此基础上,对能源关键基础设施的防御技术演进进行深入的研究和分析。
  • 图  1  能源关键基础设施基本架构

    图  2  能源关键基础设施的网络安全威胁演进

    图  3  BlackEnergy的APT攻击流程

    图  4  能源基础设施的信息安全防御技术

    表  1  国内外现有智能电网安全相关标准与规范

    国际标准与规范
    标准、建议、规定、指南制订单位
    Smart Grid Cyber Security Strategy and Requirements (DRAFT NIST 7628)National Institute of Standards and Technology (NIST)
    IEEE 21451 -- Standard for a Smart Transducer Interface for Sensors, and ActuatorsShanghai Jiao Tong University (NIST)
    Good Practice Guide, Process Control and SCADA SecurityCentre for the Protection ofNational Infrastructure (CPNI)
    ANSI/ISA-99 Manufacturing and Control Systems Security’ Part 1: Concepts, Models and Terminology (2007) Part2: Establishing a Manufacturing and Control Systems Security Program (2009)The International Society of Automation (ISA)
    21 steps to Improve Cyber Security of SCADA NetworksU.S. Department of Energy (DOE)
    Guide to Industrial Control Systems (ICS) Security (NIST SP 800-82)National Institute of Standards and Technology (NIST)
    Recommended Security Controls for Federal Information Systems (including those for Bulk Power System) (NIST SP 800-53)National Institute of Standards and Technology (NIST)
    Advanced Metering Infrastructure (AMI) System Security RequirementsAdvanced Security Acceleration Project (ASAP) – Smart Grid
    Security Profile for Advanced Metering InfrastructureAdvanced Security Acceleration Project (ASAP) – Smart Grid
    Utility AMI Home Area Network System Requirements SpecificationUtility AMI
    IEC 62351 1-8, Power System Control and Associated Communications – Data and Communication SecurityInternational Electrotechnical Commission (IEC)
    IEEE 1686-2007, IEEE Standard for Substation Intelligent Electronic Devices (IED) Cyber Security CapabilitiesIEEE
    CIP-002, 003-009North American Electric Reliability Corporation (NERC)
    Cyber Security Procurement Language for Control SystemsDepartment of Homeland Security (DHS)
    System Protection Profile - Industrial Control SystemsNational Institute of Standards and Technology (NIST)
    Catalog of Control Systems Security: Recommendations for Standards DevelopersDepartment of Homeland Security (DHS)
    Wireless Standards (ISA SP100)ISA
    国内标准与规范
    电力监控系统安全防护规定发改委
    信息安全技术安全可控信息系统电力系统安全指标体系中国电力科学研究院
    电力系统管理及其信息交换数据和通信安全全国电力系统管理及其信息交换标准化技术委员会
    下载: 导出CSV
  • [1] SATO T, KAMMEN D M, DUAN B, et al. Smart Grid Standards: Specifications, Requirements, and Technologies[M]. Singapore: John Wiley & Sons, 2015.
    [2] AKINGENEYE I and WU Jingxian. Low latency detection of sparse false data injections in smart grids[J]. IEEE Access, 2018, 6: 58564–58573. doi:  10.1109/ACCESS.2018.2873981
    [3] 张钧, 黄翰, 张义斌. 国外智能电网顶层技术路线对比分析[J]. 华北电力大学学报: 社会科学版, 2015(4): 25–30.

    ZHANG Jun, HUANG Han, and ZHANG Yibin. Comparative analysis of foreign smart grid top-level roadmaps[J]. Journal of North China Electric Power University:Social Sciences, 2015(4): 25–30.
    [4] WANG Kuan, LI Jianhua, WU Jun, et al. QoS-predicted energy efficient routing for information-centric smart grid: A network calculus approach[J]. IEEE Access, 2018, 6: 52867–52876. doi:  10.1109/ACCESS.2018.2870929
    [5] LIGHTNER E M and WIDERGREN S E. An orderly transition to a transformed electricity system[J]. IEEE Transactions on Smart Grid, 2010, 1(1): 3–10. doi:  10.1109/TSG.2010.2045013
    [6] RADOGLOU-GRAMMATIKIS P I and SARIGIANNIDIS P G. Securing the smart grid: A comprehensive compilation of intrusion detection and prevention systems[J]. IEEE Access, 2019, 7: 46595–46620. doi:  10.1109/ACCESS.2019.2909807
    [7] BUSH G W. Address to a joint session of congress and the American people[R]. 2001: xviii.
    [8] FANG Xi, MISRA S, XUE Guoliang, et al. Smart grid—The new and improved power grid: A survey[J]. IEEE Communications Surveys & Tutorials, 2012, 14(4): 944–980.
    [9] BERA S, MISRA S, and RODRIGUES J J P C. Cloud computing applications for smart grid: A survey[J]. IEEE Transactions on Parallel and Distributed Systems, 2015, 26(5): 1477–1494. doi:  10.1109/TPDS.2014.2321378
    [10] TANYINGYONG V, OLSSON R, CHO J W, et al. IoT-grid: IoT communication for smart DC grids[C]. 2016 IEEE Global Communications Conference, Washington, USA, 2016: 1–7.
    [11] YOUSSEF N E H B, BAROUNI Y, KHALFALLAH S, et al. Mixing SDN and CCN for content-centric Qos aware smart grid architecture[C]. The 25th IEEE/ACM International Symposium on Quality of Service, Vilanovaila Geltru, 2017: 1–5.
    [12] LI Gaolei, WU Jun, GUO Longhua, et al. SDN based dynamic and autonomous bandwidth allocation as ACSI services of IEC61850 communications in smart grid[C]. 2016 IEEE Smart Energy Grid Engineering, Oshawa, 2016: 342–346.
    [13] KUMAR N, ZEADALLY S, and RODRIGUES J J P C. Vehicular delay-tolerant networks for smart grid data management using mobile edge computing[J]. IEEE Communications Magazine, 2016, 54(10): 60–66. doi:  10.1109/MCOM.2016.7588230
    [14] AHSAN U and BAIS A. Distributed big data management in smart grid[C]. The 26th Wireless and Optical Communication Conference, Newark, 2017: 1–6.
    [15] LIU Keyan, SHENG Wanxing, LIU Yuan, et al. Optimal sitting and sizing of DGs in distribution system considering time sequence characteristics of loads and DGs[J]. International Journal of Electrical Power & Energy Systems, 2015, 69: 430–440.
    [16] AMIN S, LITRICO X, SASTRY S S, et al. Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models[J]. IEEE Transactions on Control Systems Technology, 2013, 21(5): 1679–1693. doi:  10.1109/TCST.2012.2211874
    [17] NTALAMPIRAS S. Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling[J]. IEEE Transactions on Industrial Informatics, 2015, 11(1): 104–111. doi:  10.1109/TII.2014.2367322
    [18] LIU Xuan and LI Zuyi. Trilevel modeling of cyber attacks on transmission lines[J]. IEEE Transactions on Smart Grid, 2017, 8(2): 720–729.
    [19] NI Jianbing, ALHARBI K, LIN Xiaodong, et al. Security-enhanced data aggregation against malicious gateways in smart grid[C]. 2015 IEEE Global Communications Conference, San Diego, 2015: 1–6.
    [20] 伊胜伟, 张翀斌, 谢丰, 等. 基于Peach的工业控制网络协议安全分析[J]. 清华大学学报: 自然科学版, 2017, 57(1): 50–54.

    YI Shengwei, ZHANG Chongbin, XIE Feng, et al. Security analysis of industrial control network protocols based on Peach[J]. Journal of Tsinghua University:Science and Technology, 2017, 57(1): 50–54.
    [21] OOZEER M I and HAYKIN S. Cognitive risk control for mitigating cyber-attack in smart grid[J]. IEEE Access, 2019, 7: 125806–125826. doi:  10.1109/ACCESS.2019.2939089
    [22] ALOUL F, AL-ALI A R, AL-DALKY R, et al. Smart grid security: Threats, vulnerabilities and solutions[J]. International Journal of Smart Grid and Clean Energy, 2012, 1(1): 1–6.
    [23] GUAN Zhitao, LI Jing, ZHU Liehuang, et al. Toward delay-tolerant flexible data access control for smart grid with renewable energy resources[J]. IEEE Transactions on Industrial Informatics, 2017, 13(6): 3216–3225. doi:  10.1109/TII.2017.2706760
    [24] SHENG Wanxing, LIU Keyan, CHENG Sheng, et al. A trust region SQP method for coordinated voltage control in smart distribution grid[J]. IEEE Transactions on Smart Grid, 2016, 7(1): 381–391. doi:  10.1109/TSG.2014.2376197
    [25] ABHINAV S, MODARES H, LEWIS F L, et al. Synchrony in networked microgrids under attacks[J]. IEEE Transactions on Smart Grid, 2018, 9(6): 6731–6741. doi:  10.1109/TSG.2017.2721382
    [26] 吴聪, 唐巍, 白牧可, 等. 基于能源路由器的用户侧能源互联网规划[J]. 电力系统自动化, 2017, 41(4): 20–28.

    WU Cong, TANG Wei, BAI Muke, et al. Energy router based planning of energy internet at user side[J]. Automation of Electric Power Systems, 2017, 41(4): 20–28.
    [27] 孟晓丽, 高君, 盛万兴, 等. 含分布式电源的配电网日前两阶段优化调度模型[J]. 电网技术, 2015, 39(5): 1294–1300.

    MENG Xiaoli, GAO Jun, SHENG Wanxing, et al. A day-ahead two-stage optimal scheduling model for distribution network containing distributed generations[J]. Power System Technology, 2015, 39(5): 1294–1300.
    [28] WANG Yufei, ZHANG Bo, LIN Weimin, et al. Smart grid information security - a research on standards[C]. 2011 International Conference on Advanced Power System Automation and Protection, Beijing, China, 2011: 1188–1194.
    [29] BASSO T, HAMBRICK J, and DEBLASIO D. Update and review of IEEE P2030 Smart Grid Interoperability and IEEE 1547 interconnection standards[C]. 2012 IEEE PES Innovative Smart Grid Technologies, Washington, USA, 2012: 1–7.
    [30] SRIKANTHA P and KUNDUR D. Denial of service attacks and mitigation for stability in cyber-enabled power grid[C]. 2015 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference, Washington, USA, 2015: 1–5.
    [31] ZHANG Zhenghao, GONG Shuping, DIMITROVSKI A D, et al. Time synchronization attack in smart grid: Impact and analysis[J]. IEEE Transactions on Smart Grid, 2013, 4(1): 87–98. doi:  10.1109/TSG.2012.2227342
    [32] LIU Yao, NING Peng, and REITER M K. False data injection attacks against state estimation in electric power grids[J]. ACM Transactions on Information and System Security, 2011, 14(1): 13.
    [33] YAN Jun, HE Haibo, ZHONG Xiangnan, et al. Q-learning-based vulnerability analysis of smart grid against sequential topology attacks[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(1): 200–210.
    [34] XIANG Yingmeng, DING Zhilu, ZHANG Yichi, et al. Power system reliability evaluation considering load redistribution attacks[J]. IEEE Transactions on Smart Grid, 2017, 8(2): 889–901.
    [35] LIU Shan, KUNDUR D, ZOURNTOS T, et al. Coordinated variable structure switching attack in the presence of model error and state estimation[C]. The 3rd IEEE International Conference on Smart Grid Communications, Tainan, China, 2012: 318–323.
    [36] SANKAR L, RAJAGOPALAN S R, MOHAJER S, et al. Smart meter privacy: A theoretical framework[J]. IEEE Transactions on Smart Grid, 2013, 4(2): 837–846. doi:  10.1109/TSG.2012.2211046
    [37] XU Ruzhi, WANG Rui, GUAN Zhitao, et al. Achieving efficient detection against false data injection attacks in smart grid[J]. IEEE Access, 2017, 5: 13787–13798. doi:  10.1109/ACCESS.2017.2728681
    [38] YE Hongxing, GE Yinyin, LIU Xuan, et al. Transmission line rating attack in two-settlement electricity markets[J]. IEEE Transactions on Smart Grid, 2016, 7(3): 1346–1355. doi:  10.1109/TSG.2015.2426418
    [39] TEN C W, HONG J, and LIU C C. Anomaly detection for cybersecurity of the substations[J]. IEEE Transactions on Smart Grid, 2011, 2(4): 865–873. doi:  10.1109/TSG.2011.2159406
    [40] SALMERON J, WOOD K, and BALDICK R. Analysis of electric grid security under terrorist threat[J]. IEEE Transactions on Power Systems, 2004, 19(2): 905–912. doi:  10.1109/TPWRS.2004.825888
    [41] ALSHAMRANI A, MYNENI S, CHOWDHARY A, et al. A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities[J]. IEEE Communications Surveys & Tutorials, 2019, 21(2): 1851–1877.
    [42] SRIVASTAVA A, MORRIS T, ERNSTER T, et al. Modeling cyber-physical vulnerability of the smart grid with incomplete information[J]. IEEE Transactions on Smart Grid, 2013, 4(1): 235–244. doi:  10.1109/TSG.2012.2232318
    [43] 李中伟, 佟为明, 金显吉. 智能电网信息安全防御体系与信息安全测试系统构建乌克兰和以色列国家电网遭受网络攻击事件的思考与启示[J]. 电力系统自动化, 2016, 40(8): 147–151.

    LI Zhongwei, TONG Weiming, and JIN Xianji. Construction of cyber security defense hierarchy and cyber security testing system of smart grid: Thinking and enlightenment for network attack events to national power grid of Ukraine and Israel[J]. Automation of Electric Power Systems, 2016, 40(8): 147–151.
    [44] STELLIOS I, KOTZANIKOLAOU P, and PSARAKIS M. Advanced persistent threats and zero-day exploits in industrial internet of things[M]. ALCARAZ C. Security and Privacy Trends in the Industrial Internet of Things. Cham: Springer, 2019: 47–68.
    [45] BERRUETA E, MORATO D, MAGAÑA E, et al. A survey on detection techniques for cryptographic ransomware[J]. IEEE Access, 2019, 7: 144925–144944. doi:  10.1109/ACCESS.2019.2945839
    [46] AL-RIMY B A S, MAAROF M A, and SHAID S Z M. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions[J]. Computers & Security, 2018, 74: 144–166.
    [47] LEE K, LEE S Y, and YIM K. Machine learning based file entropy analysis for ransomware detection in backup systems[J]. IEEE Access, 2019, 7: 110205–110215. doi:  10.1109/ACCESS.2019.2931136
    [48] PAUDEL S, SMITH P, and ZSEBY T. Attack models for advanced persistent threats in smart grid wide area monitoring[C]. The 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, Pittsburgh, 2017: 61–66.
    [49] SKOPIK F, FRIEDBERG I, and FIEDLER R. Dealing with advanced persistent threats in smart grid ICT networks[C]. ISGT 2014, Washington, 2014: 1–5.
    [50] WANG Zhiwei. An identity-based data aggregation protocol for the smart grid[J]. IEEE Transactions on Industrial Informatics, 2017, 13(5): 2428–2435. doi:  10.1109/TII.2017.2705218
    [51] FOUDA M M, FADLULLAH Z M, and KATO N. Assessing attack threat against ZigBee-based home area network for smart grid communications[C]. 2010 International Conference on Computer Engineering & Systems, Cairo, Egypt, 2010: 245–250.
    [52] ISMAIL Z, LENEUTRE J, BATEMAN D, et al. A game theoretical analysis of data confidentiality attacks on smart-grid AMI[J]. IEEE Journal on Selected Areas in Communications, 2014, 32(7): 1486–1499. doi:  10.1109/JSAC.2014.2332095
    [53] FARRAJ A K, HAMMAD E M, AL DAOUD A, et al. A game-theoretic control approach to mitigate cyber switching attacks in smart grid systems[C]. 2014 IEEE International Conference on Smart Grid Communications, Venice, Italy, 2014: 958–963.
    [54] GIANI A, BITAR E, GARCIA M, et al. Smart grid data integrity attacks[J]. IEEE Transactions on Smart Grid, 2013, 4(3): 1244–1253. doi:  10.1109/TSG.2013.2245155
    [55] KOSUT O, JIA Liyan, THOMAS R J, et al. Malicious data attacks on the smart grid[J]. IEEE Transactions on Smart Grid, 2011, 2(4): 645–658. doi:  10.1109/TSG.2011.2163807
    [56] MASTER N, MOUNZER J, and BAMBOS N. Distributed smart grid architecture for delay and price sensitive power management[C]. 2014 IEEE International Conference on Communications, Sydney, 2014: 3670–3675.
    [57] AYDEGER A, AKKAYA K, CINTUGLU M H, et al. Software defined networking for resilient communications in smart grid active distribution networks[C]. 2016 IEEE International Conference on Communications, Kuala Lumpur, Malaysia, 2016: 1–6.
    [58] RANA M M, LI Li, and SU S W. An adaptive-then-combine dynamic state estimation considering renewable generations in smart grids[J]. IEEE Journal on Selected Areas in Communications, 2016, 34(12): 3954–3961. doi:  10.1109/JSAC.2016.2611963
    [59] ROSSEBØ J E Y, WOLTHUIS R, FRANSEN F, et al. An enhanced risk-assessment methodology for smart grids[J]. Computer, 2017, 50(4): 62–71. doi:  10.1109/MC.2017.106
    [60] ZHANG Shanghua, LI Qiang, WU Jun, et al. A security mechanism for software-defined networking based communications in vehicle-to-grid[C]. 2016 IEEE Smart Energy Grid Engineering, Oshawa, 2016: 386–391.
    [61] 谢永, 李香, 张松松. 一种可证安全的车联网无证书聚合签名改进方案[J]. 电子与信息学报, 2020, 42(5): 1125–1131. doi:  10.11999/JEIT190184

    XIE Yong, LI Xiang, ZHANG Songsong, et al. An improved provable secure certificateless aggregation signature scheme for vehicular Ad Hoc NETworks[J]. Journal of Electronics &Information Technology, 2020, 42(5): 1125–1131. doi:  10.11999/JEIT190184
    [62] LI Gaolei, WU Jun, LI Jianhua, et al. Battery status sensing software-defined multicast for V2G regulation in smart grid[J]. IEEE Sensors Journal, 2017, 17(23): 7838–7848. doi:  10.1109/JSEN.2017.2731971
    [63] 邵苏杰, 郭少勇, 邱雪松, 等. 基于加权队列的无线智能电网通信网采集数据流量调度算法[J]. 电子与信息学报, 2014, 36(5): 1209–1214.

    SHAO Sujie, GUO Shaoyong, QIU Xuesong, et al. Traffic scheduling algorithm based on weighted queue for meter data collection in wireless smart grid communication network[J]. Journal of Electronics &Information Technology, 2014, 36(5): 1209–1214.
    [64] CHEN Pinyu, CHENG S M, and CHEN K C. Smart attacks in smart grid communication networks[J]. IEEE Communications Magazine, 2012, 50(8): 24–29. doi:  10.1109/MCOM.2012.6257523
    [65] JOHNSON R E. Survey of SCADA security challenges and potential attack vectors[C]. 2010 International Conference for Internet Technology and Secured Transactions, London, 2010: 1–5.
    [66] YANG Yi, XU Haiqing, GAO Lei, et al. Multidimensional intrusion detection system for IEC 61850-based SCADA networks[J]. IEEE Transactions on Power Delivery, 2017, 32(2): 1068–1078. doi:  10.1109/TPWRD.2016.2603339
    [67] DO V L, FILLATRE L, NIKIFOROV I, et al. Security of SCADA systems against cyber–physical attacks[J]. IEEE Aerospace and Electronic Systems Magazine, 2017, 32(5): 28–45. doi:  10.1109/MAES.2017.160047
    [68] ZHANG Jiexin, GAN Shaoduo, LIU Xiaoxue, et al. Intrusion detection in SCADA systems by traffic periodicity and telemetry analysis[C]. 2016 IEEE Symposium on Computers and Communication, Messina, Italy, 2016: 318–325.
    [69] PAN Zhiwen, HARIRI S, and PACHECO J. Context aware intrusion detection for building automation systems[J]. Computers & Security, 2019, 85: 181–201.
    [70] YILMAZ E N and GÖNEN S. Attack detection/prevention system against cyber attack in industrial control systems[J]. Computers & Security, 2018, 77: 94–105.
    [71] LIANG Gaoqi, ZHAO Junhua, LUO Fengji, et al. A review of false data injection attacks against modern power systems[J]. IEEE Transactions on Smart Grid, 2017, 8(4): 1630–1638. doi:  10.1109/TSG.2015.2495133
    [72] YU Shucheng, REN Kui, and LOU Wenjing. FDAC: Toward fine-grained distributed data access control in wireless sensor networks[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(4): 673–686. doi:  10.1109/TPDS.2010.130
    [73] WU Jun, DONG Mianxiong, OTA K, et al. Cross-domain fine-grained data usage control service for industrial wireless sensor networks[J]. IEEE Access, 2015, 3: 2939–2949. doi:  10.1109/ACCESS.2015.2504541
    [74] KIM Y, KOLESNIKOV V, and THOTTAN M. Resilient end-to-end message protection for cyber-physical system communications[J]. IEEE Transactions on Smart Grid, 2018, 9(4): 2478–2487. doi:  10.1109/TSG.2016.2613545
    [75] ELATTAR M. Reliable Communications Within Cyber-Physical Systems Using the Internet (RC4CPS)[M]. Berlin, Heidelberg: 2020.
    [76] GUAN Zhitao, LI Jing, WU Longfei, et al. Achieving efficient and secure data acquisition for cloud-supported internet of things in smart grid[J]. IEEE Internet of Things Journal, 2017, 4(6): 1934–1944. doi:  10.1109/JIOT.2017.2690522
    [77] MARKHAM T and PAYNE C. Security at the network edge: A distributed firewall architecture[C]. DARPA Information Survivability Conference and Exposition II. DISCEX’01, Anaheim, 2001, 1: 279–286.
    [78] MONTERO D, YANNUZZI M, SHAW A, et al. Virtualized security at the network edge: A user-centric approach[J]. IEEE Communications Magazine, 2015, 53(4): 176–186. doi:  10.1109/MCOM.2015.7081092
    [79] MONTERO D and SERRAL-GRACIÀ R. Offloading personal security applications to the network edge: A mobile user case scenario[C]. 2016 International Wireless Communications and Mobile Computing Conference, Paphos, Cyprus, 2016: 96–101.
    [80] ESPOSITO C, CASTIGLIONE A, POP F, et al. Challenges of connecting edge and cloud computing: A security and forensic perspective[J]. IEEE Cloud Computing, 2017, 4(2): 13–17. doi:  10.1109/MCC.2017.30
    [81] SHAH G A, GUNGOR V C, and AKAN O B. A cross-layer QoS-aware communication framework in cognitive radio sensor networks for smart grid applications[J]. IEEE Transactions on Industrial Informatics, 2013, 9(3): 1477–1485. doi:  10.1109/TII.2013.2242083
    [82] SUN Mingyang, KONSTANTELOS I, and STRBAC G. A deep learning-based feature extraction framework for system security assessment[J]. IEEE Transactions on Smart Grid, 2019, 10(5): 5007–5020. doi:  10.1109/TSG.2018.2873001
    [83] ZAFAR S, JANGSHER S, BOUACHIR O, et al. QoS enhancement with deep learning-based interference prediction in mobile IoT[J]. Computer Communications, 2019, 148: 86–97. doi:  10.1016/j.comcom.2019.09.010
    [84] 关志涛, 徐月, 伍军. 传感器网络中基于三元多项式的密钥管理方案[J]. 通信学报, 2013, 34(12): 71–78. doi:  10.3969/j.issn.1000-436x.2013.12.008

    GUAN Zhitao, XU Yue, and WU Jun. Ternary polynomial based key management scheme for wireless sensor network[J]. Journal on Communications, 2013, 34(12): 71–78. doi:  10.3969/j.issn.1000-436x.2013.12.008
    [85] LUO Shibo, DONG Mianxiong, OTA K, et al. A security assessment mechanism for software-defined networking-based mobile networks[J]. Sensors, 2015, 15(12): 31843–31858. doi:  10.3390/s151229887
    [86] SAXENA N, CHUKWUKA V, XIONG Leilei, et al. CPSA: A cyber-physical security assessment tool for situational awareness in smart grid[C]. The 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, Dallas, 2017: 69–79.
    [87] WU Jun, OTA K, DONG Mianxiong, et al. Big data analysis-based security situational awareness for smart grid[J]. IEEE Transactions on Big Data, 2018, 4(3): 408–417. doi:  10.1109/TBDATA.2016.2616146
    [88] 李建华. 网络空间威胁情报感知、共享与分析技术综述[J]. 网络与信息安全学报, 2016, 2(2): 16–29. doi:  10.11959/j.issn.2096-109x.2016.00028

    LI Jianhua. Overview of the technologies of threat intelligence sensing, sharing and analysis in cyber space[J]. Chinese Journal of Network and Information Security, 2016, 2(2): 16–29. doi:  10.11959/j.issn.2096-109x.2016.00028
    [89] 柴争义, 白浩, 张浩军. 一种容侵的CA私钥签名方案[J]. 河北师范大学学报: 自然科学版, 2008, 32(3): 310–312.

    CHAI Zhengyi, BAI Hao, and ZHANG Haojun. An intrusion tolerant signature scheme of CA private key[J]. Journal of Hebei Normal University:Natural Science Edition, 2008, 32(3): 310–312.
    [90] AJTAI M. Generating hard instances of lattice problems (extended abstract)[C]. The 28th Annual ACM Symposium on Theory of Computing, Philadelphia, 1996: 99–108.
    [91] CHEN L, JORDAN S, LIU Yikai, et al. Report on post-quantum cryptography[R]. NISTIR 8105, 2016.
    [92] 邬江兴. 拟态计算与拟态安全防御的原意和愿景[J]. 电信科学, 2014, 30(7): 2–7. doi:  10.3969/j.issn.1000-0801.2014.07.001

    WU Jiangxing. Meaning and vision of mimic computing and mimic security defense[J]. Telecommunications Science, 2014, 30(7): 2–7. doi:  10.3969/j.issn.1000-0801.2014.07.001
    [93] HEYDARI V, KIM S I, and YOO S M. Scalable anti-censorship framework using moving target defense for Web servers[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(5): 1113–1124. doi:  10.1109/TIFS.2016.2647218
    [94] HUANG Lina, LI Gaolei, WU Jun, et al. Software-defined QoS provisioning for fog computing advanced wireless sensor networks[C]. 2016 IEEE SENSORS, Orlando, 2016: 1–3.
    [95] XIAO Liang, XU Dongjin, XIE Caixia, et al. Cloud storage defense against advanced persistent threats: A prospect theoretic study[J]. IEEE Journal on Selected Areas in Communications, 2017, 35(3): 534–544. doi:  10.1109/JSAC.2017.2659418
    [96] 张浩, 王丽娜, 谈诚, 等. 云环境下APT攻击的防御方法综述[J]. 计算机科学, 2016, 43(3): 1–7, 43. doi:  10.11896/j.issn.1002-137X.2016.03.001

    ZHANG Hao, WANG Lina, TAN Cheng, et al. Review of defense methods against advanced persistent threat in cloud environment[J]. Computer Science, 2016, 43(3): 1–7, 43. doi:  10.11896/j.issn.1002-137X.2016.03.001
    [97] 付钰, 李洪成, 吴晓平, 等. 基于大数据分析的APT攻击检测研究综述[J]. 通信学报, 2015, 36(11): 1–14. doi:  10.11959/j.issn.1000-436x.2015184

    FU Yu, LI Hongcheng, WU Xiaoping, et al. Detecting APT attacks: A survey from the perspective of big data analysis[J]. Journal on Communications, 2015, 36(11): 1–14. doi:  10.11959/j.issn.1000-436x.2015184
    [98] HONG K F, CHEN C C, CHIU Y T, et al. Ctracer: Uncover C&C in advanced persistent threats based on scalable framework for enterprise log data[C]. 2015 IEEE International Congress on Big Data, New York, 2015: 551–558.
    [99] WANG Xu, ZHENG Kangfeng, NIU Xinxin, et al. Detection of command and control in advanced persistent threat based on independent access[C]. 2016 IEEE International Conference on Communications, Kuala Lumpur, Malaysia, 2016: 1–6.
    [100] 刘彩霞, 胡鑫鑫, 刘树新, 等. 基于Lowe分类法的5G网络EAP-AKA’协议安全性分析[J]. 电子与信息学报, 2019, 41(8): 1800–1807.

    LIU Caixia, HU Xinxin, LIU Shuxin, et al. Security analysis of 5G network EAP-AKA’ protocol based on Lowe’s taxonomy[J]. Journal of Electronics &Information Technology, 2019, 41(8): 1800–1807.
    [101] 张小松, 牛伟纳, 杨国武, 等. 基于树型结构的APT攻击预测方法[J]. 电子科技大学学报, 2016, 45(4): 582–588. doi:  10.3969/j.issn.1001-0548.2016.04.011

    ZHANG Xiaosong, NIU Weina, YANG Guowu, et al. Method for APT prediction based on tree structure[J]. Journal of University of Electronic Science and Technology of China, 2016, 45(4): 582–588. doi:  10.3969/j.issn.1001-0548.2016.04.011
    [102] 姚苏, 关建峰, 潘华, 等. 基于APT潜伏攻击的网络可生存性模型与分析[J]. 电子学报, 2016, 44(10): 2415–2422. doi:  10.3969/j.issn.0372-2112.2016.10.020

    YAO Su, GUAN Jianfeng, PAN Hua, et al. Modeling and analysis for network survivability of APT latent attack[J]. Acta Electronsica Sinica, 2016, 44(10): 2415–2422. doi:  10.3969/j.issn.0372-2112.2016.10.020
  • [1] 张海波, 荆昆仑, 刘开健, 贺晓帆.  车联网中一种基于软件定义网络与移动边缘计算的卸载策略, 电子与信息学报. doi: 10.11999/JEIT190304
    [2] 左志斌, 常朝稳, 祝现威.  一种基于数据平面可编程的软件定义网络报文转发验证机制, 电子与信息学报. doi: 10.11999/JEIT190381
    [3] 向敏, 饶华阳, 张进进, 陈梦鑫.  基于图卷积神经网络的软件定义电力通信网络路由控制策略, 电子与信息学报. doi: 10.11999/JEIT190971
    [4] 曾帅, 钱志华, 赵天烽, 任彦, 王育杰.  生存性条件约束下的软件定义光网络控制器部署算法, 电子与信息学报. doi: 10.11999/JEIT190395
    [5] 胡宇翔, 李子勇, 胡宗魁, 胡涛.  基于流量工程的软件定义网络控制资源优化机制, 电子与信息学报. doi: 10.11999/JEIT190276
    [6] 吴奇, 陈鸿昶.  软件定义网络容错控制平面的最小覆盖布局方法, 电子与信息学报. doi: 10.11999/JEIT190972
    [7] 史久根, 邾伟, 贾坤荥, 徐颖.  软件定义网络中基于负载均衡的多控制器部署算法, 电子与信息学报. doi: 10.11999/JEIT170464
    [8] 郭晓军, 程光, 胡一非, 戴冕.  基于LLMNR协议与证据理论的本地网络CC信息分享机制, 电子与信息学报. doi: 10.11999/JEIT160410
    [9] 伊鹏, 刘邦舟, 王文博, 张少军.  一种考虑软件定义网络控制节点故障的控制器部署和交换机迁移方法, 电子与信息学报. doi: 10.11999/JEIT161216
    [10] 武泽慧, 魏强, 任开磊, 王清贤.  基于OpenFlow交换机洗牌的DDoS攻击动态防御方法, 电子与信息学报. doi: 10.11999/JEIT160449
    [11] 史久根, 许辉亮, 陆立鹏.  软件定义网络中数据中心虚拟机迁移序列问题的研究, 电子与信息学报. doi: 10.11999/JEIT160792
    [12] 姚琳元, 董平, 张宏科.  基于对象特征的软件定义网络分布式拒绝服务攻击检测方法, 电子与信息学报. doi: 10.11999/JEIT160370
    [13] 伊鹏, 刘洪, 胡宇翔.  一种可扩展的软件定义数据中心网络流调度策略, 电子与信息学报. doi: 10.11999/JEIT160623
    [14] 熊钢, 胡宇翔, 段通, 兰巨龙.  一种软件定义网络的安全服务链动态组合机制, 电子与信息学报. doi: 10.11999/JEIT150876
    [15] 邓泽林, 谭冠政, 何锫, 李峰.  一种基于动态识别邻域的免疫网络分类算法及其性能分析, 电子与信息学报. doi: 10.11999/JEIT141077
    [16] 葛琳, 季新生, 江涛.  基于关联规则的网络信息内容安全事件发现及其Map-Reduce实现, 电子与信息学报. doi: 10.3724/SP.J.1146.2013.01272
    [17] 姚琳元, 陈颖, 宋飞, 张宏科.  基于时延的软件定义网络快速响应控制器部署, 电子与信息学报. doi: 10.3724/SP.J.1146.2014.00211
    [18] 周烨, 杨旭, 李勇, 苏厉, 金德鹏, 曾烈光.  基于分类的软件定义网络流表更新一致性方案, 电子与信息学报. doi: 10.3724/SP.J.1146.2012.01431
    [19] 葛海慧, 肖达, 陈天平, 杨义先.  基于动态关联分析的网络安全风险评估方法, 电子与信息学报. doi: 0.3724/SP.J.1146.2012.01539
    [20] 刘刚, 李千目, 张宏.  信度向量正交投影分解的网络安全风险评估方法, 电子与信息学报. doi: 10.3724/SP.J.1146.2011.01387
  • 加载中
  • 图(4) / 表ll (1)
    计量
    • 文章访问数:  229
    • HTML全文浏览量:  125
    • PDF下载量:  44
    • 被引次数: 0
    出版历程
    • 收稿日期:  2019-12-31
    • 修回日期:  2020-08-05
    • 网络出版日期:  2020-08-06
    • 刊出日期:  2020-09-27

    目录

      /

      返回文章
      返回

      官方微信,欢迎关注