| In recent years,attacks against electric power information network(EPIN)have occurred frequently,which has significant impact on the security and stability of the electric power system.Currently,EPIN security is based on the construction of a Defense in Depth architecture.This is achieved through the deployment of various security devices and the application of security technologies,which have effectively improved the security protection capabilities of the EPIN.However,the lack of unified coordination among security devices deployed independently,which based on different security requirements,results in a lack of overall defense capabilities.With the development of new power systems,the openness and interactivity requirements of EPIN have increased,and the security requirements have also increased simultaneously.In response to the new requirements for security protection,this dissertation studies the security defense system of EPIN based on coordination control theory.Based on the Information Assurance Technical Framework(IATF)Defense in Depth idea,this dissertation follows the security defense requirements of the EPIN,constructs a coordination control model for the security defense of EPIN,combined with specific applications of power network security.Furthermore,the key technologies for security defense and coordination control of EPIN are studied in this dissertation.The main contributions of this dissertation are summarized in the following four aspects.(1)The coordination control theory for security defense of EPIN is proposed.The Defense in Depth of IATF and its application in EPIN are studied.The concepts,models and structures of coordination control are investigated,the security risks and defense requirements of EPIN are analyzed,and then the coordination control theory is applied to the security defense of EPIN.The concept of coordination control is proposed and a coordination control model is constructed for the EPIN’s security defense.(2)This dissertation studies and constructs a coordination control strategy model for the security defense of EPIN.Aiming at the problem of fragmentation of security capability,a coordination model of security defense capability orchestration for EPIN is constructed,and a network security defense resource orchestration algorithm is proposed to realize unified scheduling of security defense capability.Aiming at the problem of global security state awareness in EPIN,a hierarchical coordination model of network security state is studied,including bussiness process layer,application service layer and operating system layer,and a network attack path identification method based on system call dependency is designed,realizing the global security situation awareness.Aiming at the problem of optimal decision making of multi-stage defense strategy for the attack and defense confrontation in the EPIN,a multi-stage coordination control decision model based on game theory is proposed to realize multi-stage optimal decision making of network security defense strategy.(3)This dissertation investigates the key technologies for security defense and coordination control of EPIN.Based on the theory and model of coordination control for the security defense of EPIN,this dissertation studies its corresponding key technologies,including network traffic scheduling technology,automatic intrusion response technology for security orchestration,and attack backup blocking technology,which improves the timeliness and accuracy of network security defense.(4)In order to meet the requirements for the security defense of EPIN,the research results of coordination control theory,model,and key technologies are applied to construct a closed-loop coordination control defense system for EPIN.The implementation of security devices orchestration based on SDN and virtual security resource orchestration based on cloud technology is emphasized.This dissertation constructs a coordinated control defense system for EPIN,which provides an application case for the research of coordination control theory in the EPIN. |
PDF Full Text Request