面向电力网络APT攻击的入侵攻击模拟验证系统设计
Design of Intrusion Attack Simulation Verification System for Advanced Persistent Threat Targeting Electric Network
DOI: 10.12677/csa.2024.149190, PDF,   
作者: 刘雪梅, 张五一, 赵创业:南京南自数安技术有限公司,江苏 南京;盛明伟:南京赛宁信息技术有限公司,江苏 南京
关键词: 电力监控系统高级持续性威胁入侵攻击模拟安全验证Electric Power System Supervision and Control Advanced Persistent Threat Intrusion Attack Simulation Security Verification
摘要: 入侵攻击模拟验证系统作为提高电网安全性的一种代表性工具,通过自动模拟从内外部对网络、系统和应用程序发起的广泛攻击,实现模拟攻击,评估系统安全能力。然而,针对电力网络中主要面临的长期且多阶段的高级持续攻击,现存入侵攻击模拟验证系统的设计却普遍存在一定的局限性,不能有效地进行全面模拟和防御。针对上述问题,本文提出了一种面向电力网络高级持续攻击防御的自动化入侵攻击模拟验证系统设计方案,该方案采用虚拟化与流量模拟技术实现了对电力网络的实战仿真,并在仿真环境中,通过对比防护前后攻击的效果来对高级持续攻击的防护措施进行有效性验证。本文首先基于虚拟化技术实现了针对高级持续攻击的基础网络与组件的模拟,其次采用流量模拟技术实现了系统中电网业务流量和高级持续攻击流量的双重模拟,最后搭建了面向高级持续攻击的实战场景,实现了防护措施的有效性验证模块。经试验表明,本文所提方案能够较好地进行电力网络攻防实验和防御长期多阶段的高级持续攻击。
Abstract: As a representative tool to improve the security of power grids, the Intrusion Attack Simulation Verification System automatically simulates a wide range of attacks on networks, systems, and applications from inside and outside, realizes simulated attacks, and evaluates system security capabilities. However, in view of the long-term and multi-stage advanced persistent attacks mainly faced in power networks, the design of the existing intrusion attack simulation and verification system has some limitations, and it cannot be effectively simulated and defended. In order to solve the above problems, this paper proposes a design scheme for the automatic intrusion attack simulation and verification system for advanced continuous attack defense of power network, which uses virtualization and traffic simulation technology to realize the actual combat simulation of power network, and verifies the effectiveness of the protection measures of advanced continuous attack by comparing the effect of attack before and after protection in the simulation environment. In this paper, the simulation of the basic network and components for advanced persistent attacks is realized based on virtualization technology, and secondly, the dual simulation of power grid service traffic and advanced persistent attack traffic in the system is realized by using traffic simulation technology, and finally the actual combat scenario for advanced persistent attacks is built, and the effectiveness verification module of protective measures is realized. Experiments show that the proposed scheme can be better for power network attack and defense experiments and defense against long-term and multi-stage advanced persistent attacks.
文章引用:刘雪梅, 张五一, 赵创业, 盛明伟. 面向电力网络APT攻击的入侵攻击模拟验证系统设计[J]. 计算机科学与应用, 2024, 14(9): 90-102. https://doi.org/10.12677/csa.2024.149190

参考文献

[1] 黄慧萍, 肖世德, 孟祥印. SCADA系统信息安全测试床研究进展[J]. 计算机应用研究, 2015, 32(7): 1926-1930.
[2] Ferraz, T.A. (2022) Breach and Attack Simulator.
[3] Moyal, M. (2024).
https://cymulate.com/
[4] PICUS Security (2023) The Red Report 2023.
https://www.picussecurity.com/resource/report/the-red-report-2023
[5] Badhwar, R. (2021) OEM and Third-Party Sourced Application and Services Risk. In: Badhwar, R., Ed., The CISOs Next Frontier, Springer International Publishing, Berlin, 335-344. [Google Scholar] [CrossRef
[6] Jaber, A.N., Anwar, S., Khidzir, N.Z.B. and Anbar, M. (2021) A Detailed Analysis on Intrusion Identification Mechanism in Cloud Computing and Datasets. In: Anbar, M., Abdullah, N. and Manickam, S., Eds., Advances in Cyber Security, Springer, Singapore, 550-573. [Google Scholar] [CrossRef
[7] XM Cyber (2024)
https://www.xmcyber.com/
[8] 崔伟健, 马小宁, 李琪. 铁路网络攻防靶场平台方案研究[J]. 铁路计算机应用, 2021, 30(6): 58-62.
[9] 王佰玲, 刘红日, 张耀方, 等. 工业控制系统安全仿真关键技术研究综述[J]. 系统仿真学报, 2021, 33(6): 1466-1488.
[10] 符永铨, 赵辉, 王晓锋, 等. 网络行为仿真综述[J]. 软件学报, 2022, 33(1): 274-296.
[11] 谢丽霞, 李雪鸥, 杨宏宇, 等. 基于样本特征强化的APT攻击多阶段检测方法[J]. 通信学报, 2022, 43(12): 66-76.
[12] Kali (2024, February 6) Kali Linux 2023.3 Release (Internal Infrastructure & Kali Autopilot).
https://www.kali.org/blog/kali-linux-2023-3-release/
[13] Khan, R., Maynard, P., McLaughlin, K., Laverty, D. and Sezer, S. (2016) Threat Analysis of Blackenergy Malware for Synchrophasor Based Real-Time Control and Monitoring in Smart Grid. 4th International Symposium for ICS & SCADA Cyber Security Research, Belfast, 23-25 August 2016, 53-63. [Google Scholar] [CrossRef
[14] ADLab. 深度分析: 乌克兰战争背后的网络攻击和情报活动[Z/OL]. Secrss.
https://www.secrss.com/articles/39636, 2022-02-24.
[15] NIST (n.d.) CVE-2014-4114 Detail.
https://nvd.nist.gov/vuln/detail/CVE-2014-4114
[16] Komninos, T. and Serpanos, D. (2023) Cyberwarfare in Ukraine: Incidents, Tools and Methods. In: Ferrag, M.A., et al., Eds., Hybrid Threats, Cyberterrorism and Cyberwarfare, CRC Press, Boca Raton, 127-147. [Google Scholar] [CrossRef