| Power industrial control systems(PICSs)play a vital role in national critical infrastructures.However,with the extensive advancement of national strategic plannings such as“Internet plus” and “Integration of information technology and industrialization”,the rapid development of intelligent power infrastructure,as well as the widespread application of big data,cloud computing and other technologies,thereby resulting that the traditional relatively closed PICSs face new threats of cyberattacks.The safety of PICSs is related to public life and national security.Once cyber-attacks penetrate into PICSs,they will cause property damage and accidents.More seriously,they may further cause large-scale power outages,endanger the public life and lead to social unrest.Under the context,this dissertation,with focus on the dynamic cyber-security protection issues of PICSs,investigates the close coupling characteristics between the cyber domain and the physical domain.Furthermore,this dissertation analyzes the vulnerability of the system itself and the potential cyber-security threats faced by the outside world,and proposes a unified architecture for cyber-security protection of PICSs from the perspective of system safety engineering.Specifically,this dissertation focuses on the closed-loop idea of tolerating intrusion prevention,and makes an in-depth study on the three aspects of “intrusion detection,risk assessment,and decision-making”.The proposed approach can help to achieve early detection of attack behavior and system abnormal state,and accurately grasp the system security situation.On the basis of obtained security situation,the defender develops an appropriate security strategy,and furtherly ensures the safety and resilience of PICSs under cyber attacks.As the first phase of dynamic risk perception,intrusion detection provides trigger conditions and important information for subsequent threat analysis and risk assessment.Most of the traditional collaborative intrusion detection(CID)methods do not consider the credibility of the detection results.Therefore,a CID approach using consensus mechanism in blockchain is presented,which is fit in decentralized scenario,more so in multimicrogrid systems.In the approach,the target of CID,called a proposal,is generated based on multipattern proposal generation algorithm.This algorithm is used to increase the frequency of proposal generation,as well as reducing the false negative rate of detection.On the basis,by using the consensus mechanism in blockchain,distributed detection results achieve consensus,enhancing the accuracy of intrusion detection without the need of a trusted authority or central server.Thus,this approach overcomes the scalability problems of traditional centralized CID methods,such as single point of failure,the bottleneck of computing or storage resources,etc.The final detection results are stored on blockchain in sequence,ensuring the consistency and nonrepudiability of information dissemination.Based on the abnormal state information and attack evidence obtained by intrusion detection,risk assessment aims to understand and predict the risks faced by the system,and provides necessary information for the decision-making process.Accordingly,a dynamic risk propagation analysis approach has been proposed considering attack intention for PICSs.Firstly,considering that the spatial heterogeneity of PICSs will diversify the risk penetration process in different zones,the interdependence between nodes is used to partition the system.Based on the partitioned system,the risk penetration analysis model is constructed for different regions respectively.Meanwhile,this paper explores the mechanism of attack propagation under different attack intentions,and designs the mapping relationship of state transfer rules respectively,which improves the prediction accuracy of the attack behavior and the attack path.Then,a multi-dimensional quantitative risk assessment method is proposed to quantify the consequences of different attack scenarios at a unified scale,which is set up with consideration of system cost and working state.Finally,attack intention verification is devised for dynamically revising attack intention,making the penetration analysis results in the subsequent stages more accurate.Decision-making needs to develop an appropriate protection and recovery strategy after assessing the current security situation.It can help defend PICSs against cyber-attacks,mintigate the impact of cyber-attacks,and keep the security risk within an acceptable range.In a realistic attack-defense game,a player may not know exactly the payoffs of the game or the types of their opponents,which is an incomplete information game.Therefore,a decentralized consensus decision-making approach is proposed in this paper for the security of decentralized PICSs.More specifically,considering the fuzzy preferences of different types of attackers and defenders,the payoff matrix is determined from multiple perspectives,i.e.,the expense of enforcing strategy,system loss and state stability.On this basis,a fuzzy static Bayesian game model is designed,and the Harsanyi transformation is used to obtain the optimal security strategy in each of the distributed agents.And then,based on the hybrid consensus mechanism and incentive mechanism,a consensus on the security strategy is realized.According to this approach,the lack of trust issues of distributed nodes are solved,and the immutability and reliability of decision-making results are ensured.Finally,the research content and novelties of this dissertation are summarized,and the future research and development directions are also prospected. |