作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2023, Vol. 49 ›› Issue (2): 161-168. doi: 10.19678/j.issn.1000-3428.0063799

• 网络空间安全 • 上一篇    下一篇

雾化零信任组件的5G电力失陷终端威胁检测

顾智敏1, 王梓莹1, 郭静1, 郭雅娟1, 冯景瑜2   

  1. 1. 国网江苏省电力有限公司电力科学研究院, 南京 211103;
    2. 西安邮电大学 无线网络安全技术国家工程实验室, 西安 710121
  • 收稿日期:2022-01-20 修回日期:2022-03-23 发布日期:2022-07-18
  • 作者简介:顾智敏(1993-),女,工程师、硕士,主研方向为电力系统信息安全;王梓莹,工程师;郭静,高级工程师;郭雅娟,研究员级高级工程师;冯景瑜,副教授。
  • 基金资助:
    国网江苏省电力有限公司科技项目“能源互联网5G网络检测关键技术研究”(J2021206)。

5G-Power-Compromised Terminal Threat Detection Based on Atomized Zero-Trust Component

GU Zhimin1, WANG Ziying1, GUO Jing1, GUO Yajuan1, FENG Jingyu2   

  1. 1. Electric Power Research Institute, State Grid Jiangsu Electric Power Co., Ltd., Nanjing 211103, China;
    2. National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China
  • Received:2022-01-20 Revised:2022-03-23 Published:2022-07-18

摘要: 5G技术在电力行业的普及推进了海量电力终端接入网络,但众多电力终端暴露在互联网中,攻击者可以先入侵脆弱的电力终端进行远程控制,然后以失陷终端作为跳板,纵向渗透到5G电力物联网内部从而窃取敏感数据。零信任的出现为失陷终端威胁检测提供了可能,然而电力终端分布具有广泛性,致使中心化零信任安全架构无法直接应用于5G电力物联网。提出一种雾化零信任组件的失陷终端威胁检测方案。采用分布式多点方式将零信任组件雾化部署到电力终端周围,并设计一套宕机组件应急响应流程用于及时发现单点失效的零信任组件。建立一种突发信任评估模型,充分利用安装在电力终端的零信任代理持续性地收集终端行为因素,从中提取突发因子并量化反映到信任值,以快速发现和阻断具有突发异常行为的失陷终端。仿真结果表明,该方案能有效缓解零信任组件部署于5G电力物联网时的检测压力,在失陷终端比例为20%的条件下对突变异常失陷终端的检测率高达92.3%,具有较好的非法访问抑制效果。

关键词: 5G电力物联网, 零信任组件, 雾化部署, 信任评估, 失陷终端

Abstract: The widespread application of 5G technology in the power industry has promoted access by many power terminals to the network.However, many power terminals are exposed to the Internet, attackers can first invade vulnerable power terminals for remote control and then use the lost terminals as a springboard to vertically penetrate the 5G-power Internet of Things(IoT) to steal sensitive data.The emergence of zero-trust makes it possible to detect the threat of collapsed terminals.However, because of the wide distribution of power terminals, the centralized zero-trust security architecture cannot be directly applied to 5G-power IoT.This paper presents a threat detection scheme for a failed terminal with atomized zero-trust components.Zero-trust components are atomized and deployed around power terminals in a distributed multipoint manner.A set of emergency response processes for downtime components is designed to promptly determine zero-trust components with single-point failure.A sudden trust evaluation model is established to fully use the zero-trust agent installed in the power terminal to continuously collect the terminal behavior factors, extract the sudden factors from them, and quantify them into the trust value to rapidly determine and block the failed terminal with sudden abnormal behavior.The simulation results show that the scheme can effectively alleviate the detection pressure of zero-trust components deployed in 5G-power IoT.When the proportion of failed terminals is 20%, the detection rate of sudden abnormal failed terminals is as high as 92.3%, reasonably suppressing illegal access.

Key words: 5G power Internet of Things(IoT), zero-trust component, atomization deployment, trust evaluation, compromised terminal

中图分类号: