機器學習運用於智慧電網入侵偵測 之簡易設計與實作

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：90

、訪客IP：18.223.106.205

姓名

李承運(Cheng-Yun Li) 查詢紙本館藏

畢業系所

通訊工程學系在職專班

論文名稱

機器學習運用於智慧電網入侵偵測之簡易設計與實作
(Machine Learning for Intrusion Detection in Smart Grid: Simple Design and Implementation)

相關論文

★ 非結構同儕網路上以特徵相似度為基準之搜尋方法	★ 以階層式叢集聲譽為基礎之行動同儕網路拓撲架構
★ 線上RSS新聞資料流中主題性事件監測機制之設計與實作	★ 耐延遲網路下具密度感知的路由方法
★ 整合P2P與UPnP內容分享服務之家用多媒體閘道器：設計與實作	★ 家庭網路下簡易無縫式串流影音播放服務之設計與實作
★ 耐延遲網路下訊息傳遞時間分析與高效能路由演算法設計	★ BitTorrent P2P 檔案系統下載端網路資源之可調式配置方法與效能實測
★ 耐延遲網路中利用訊息編碼重組條件之資料傳播機制	★ 耐延遲網路中基於人類移動模式之路由機制
★ 車載網路中以資料匯集技術改善傳輸效能之封包傳送機制	★ 適用於交叉路口環境之車輛叢集方法
★ 車載網路下結合路側單元輔助之訊息廣播機制	★ 耐延遲網路下以靜態中繼節點（暫存盒）最佳化訊息傳遞效能之研究
★ 耐延遲網路下以動態叢集感知建構之訊息傳遞機制	★ 跨裝置影音匯流平台之設計與實作

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2027-7-22以後開放)

摘要(中)

隨著科技發展及網路傳輸技術的進步，電力傳輸供應模式從傳統的電廠經電力線供應電力給用戶，轉變為採用IEC 61850國際標準的智能電力網路。這一標準統一了各廠家電錶的傳輸規格，並支援關鍵變電站自動化及數位變電站內保護設備之間的即時通信和數據交換。
自2011年起，台灣電力公司（台電）積極推進智能電力網路的前期布建、推廣及廣泛應用，以提升發電、調度、輸電及配電等各環節的效率。然而，在從傳統電力系統向智能電力網路轉型的過程中，因為IEC 61850標準並不特別強調安全性，儘管採用了IEC 62439-3的獨立傳輸協定，但仍缺乏強大的網路安全機制，導致至今仍面臨諸多網路攻擊及安全問題。
在智能電力網路中，智慧型電子裝置（Intelligent Electronic Device, IED）的反應時間至關重要，因此在極力減少延遲的情況下，IEC 61850標準採用了未加密的明文傳輸方式。這使得任何侵入智能電力網路的攻擊者都能通過網路封包分析器即時擷取封包中的資料，從而進行癱瘓、欺騙及取代等網路攻擊行為。因此，智能電力網路安全問題亟需研究偵測和防護方法。
本論文首先模擬IEC 61850標準中的通用物件導向變電站事件（Generic Object-Oriented Substation Event, GOOSE）及IEC 62439-3標準中的高可用性無縫冗餘（High Availability Seamless Redundancy, HSR）實體傳輸電力網路環境，並仿冒攻擊者進行網路封包擷取、複製、竄改及偽冒等操作。接著，進行阻斷服務攻擊（Denial-of-Service attack, DoS）及中間人攻擊（Man-in-the-Middle attack, MITM）等網路攻擊，然後對數據進行特徵提取，並利用長短期記憶網路（Long Short-Term Memory, LSTM）和支持向量機（Support Vector Machine, SVM）進行訓練學習，對比兩種演算法的準確率。
本論文探討在智能電力網路攻擊環境中，利用深度學習演算法進行入侵偵測的精準度及其優缺點，並通過實作結果比較，提出改善電力網路安全問題的入侵偵測方法。

摘要(英)

With the advancement of technology and network transmission techniques, the power transmission and supply model has evolved from the traditional method of power plants supplying electricity to users via power lines to the adoption of the IEC 61850 international standard for smart power grids. This standard unifies the transmission specifications of electricity meters from various manufacturers and supports real-time communication and data exchange between protection devices in key substations and digital substations.
Since 2011, Taiwan Power Company (Tai power) has been actively promoting the preliminary construction, dissemination, and widespread application of smart power grids to enhance efficiency in power generation, dispatching, transmission, and distribution. However, during the transition from traditional power systems to smart power grids, security has been a significant concern. The IEC 61850 standard, although incorporating the independent transmission protocol IEC 62439-3, does not particularly emphasize security, resulting in a lack of robust network security mechanisms. Consequently, smart power grids still face numerous network attacks and security issues.
In smart power grids, the response time of Intelligent Electronic Devices (IEDs) is critical. To minimize latency, the IEC 61850 standard employs unencrypted plaintext transmission. This allows any attacker who infiltrates the smart power grid to use network packet analyzers to intercept the data in real-time, leading to various network attacks such as denial-of-service, spoofing, and substitution. Therefore, there is an urgent need to research detection and protection methods for smart power grid security.
This thesis first simulates the Generic Object-Oriented Substation Event (GOOSE) as specified in the IEC 61850 standard and the High Availability Seamless Redundancy (HSR) in the IEC 62439-3 standard within a physical transmission power grid environment. It then emulates attackers to perform network packet interception, duplication, modification, and spoofing. Subsequently, it conducts network attacks such as Denial-of-Service (DoS) and Man-in-the-Middle (MITM), extracts features from the data, and uses Long Short-Term Memory (LSTM) and Support Vector Machine (SVM) for training and learning. The accuracy of the two algorithms is then compared.
This thesis explores the accuracy and advantages and disadvantages of using deep learning algorithms for intrusion detection in a smart power grid attack environment. Based on the implementation results, it proposes intrusion detection methods to improve power grid security issues.

關鍵字(中)

★ 電力網路安全
★ 入侵偵測。
★ 高可用性無縫冗餘

關鍵字(英)

★ Power Grid Security
★ High Availability Seamless Redundancy
★ Intrusion Detection

論文目次

中文摘要 i
Abstract iii
誌謝 v
目錄 vi
一、緒論
1-1 研究背景與動機 1
1-2 研究目的 2
1-3 章節概要 3
二、文獻探討與研究背景
2-1 IEC-62439規範 4
2-2 高可用性無縫冗餘(High-availability Seamless Redundancy)
5
2-3通用物件導向變電站事件(Generic Object Oriented Substation Event) 8
2-4 針對 IEC 61850 網路的攻擊 10
2-4-1 基於GOOSE封包DOS攻擊 11
2-4-2 基於GOOSE封包MITM攻擊 12
2-5 入侵偵測方法 13
2-5-1 GOOSE封包特徵擷取選擇 13
2-5-2 深度學習在入侵偵測中的應用 15
2-6 研究缺點與不足處 21
2-7 研究的理論與方法 22
三、模擬攻擊及入侵偵測方法實驗平台設計
3-1 引言 24
3-2 研究設計與實作 24
3-2-1虛擬智能電力網路環境的構建 24
3-2-2 智慧電力網路攻擊的具體實施方法 30
四、機器學習對於入侵偵測的實作及實驗結果
4-1特徵提取選擇 36
4-1-1 數據預處理 36
4-1-2 SVM與LSTM模型建置與訓練結果 39
4-1-3 SVM與LSTM針對非時間序列訓練與預測結果 48
五、結論與未來研究方向
5-1 結論 49
5-2 未來研究方向 50
參考文獻 52

參考文獻

[1]Collection IEC Fieldbus Standards: https://felser.ch/download/index.html.
[2]International Standard:. https://webstore.iec.ch/publication/64423
[3]R. Borgohain, M. J. Roy, P. Paul Choudhury and R. Das, "A brief introduction to High Availability Seamless Redundancy (HSR) and some of its drawbacks : An insight into the functioning of HSR Protocol," 2018 3rd International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, 2018, pp. 523-527, doi: 10.1109/CESYS.2018.8724055.
[4]J. T. Yu, "A Scalable Architecture for High Availability Seamless Redundancy (HSR)," 2017 IEEE 19th International Conference on High Performance Computing and Communications; IEEE 15th International Conference on Smart City; IEEE 3rd International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Bangkok, Thailand, 2017, pp. 292-298, doi: 10.1109/HPCC-SmartCity-DSS.2017.38.
[5]Wikimedia Commons [Online].Available: https://commons.wikimedia.org/wiki/File:IEC_62439-3.5_HSR_Nodes_20170204_Kirrmann.jpg.
[6]Wikimedia Commons [Online].Available: https://commons.wikimedia.org/wiki/File:IEC_62439-3.5_HSR_Multicast_Ring_20170204_Kirrmann.jpg.
[7]Taiwan Power Research Institute [Online].Available: https://www.bsmi.gov.tw/wSite/public/Data/f1706757555893.pdf.
[8]Moscovits, Yanny & Torres, Eliseu & Martins, Joberto. (2020). Managing IEC 61850 Message Exchange for SDN-Controlled Cognitive Communication Resource Allocation in the Smart Grid. 10.5281/zenodo.3581404.
[9]A. Elgargouri and M. Elmusrati, "Analysis of Cyber-Attacks on IEC 61850 Networks," 2017 IEEE 11th International Conference on Application of Information and Communication Technologies (AICT), Moscow, Russia, 2017, pp. 1-4, doi: 10.1109/ICAICT.2017.8686894.
[10]Z. Li, R. Ma, Y. Xie and L. Lu, "Overview of Intrusion Detection in Smart Substation," 2022 IEEE 10th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), Chongqing, China, 2022, pp. 2377-2384, doi: 10.1109/ITAIC54216.2022.9836858.
[11]T. S. Ustun, S. M. Farooq and S. M. S. Hussain, "A Novel Approach for Mitigation of Replay and Masquerade Attacks in Smartgrids Using IEC 61850 Standard," in IEEE Access, vol. 7, pp. 156044-156053, 2019, doi: 10.1109/ACCESS.2019.2948117.
[12]M. T. A. Rashid, S. Yussof, Y. Yusoff and R. Ismail, "A review of security attacks on IEC61850 substation automation system network," Proceedings of the 6th International Conference on Information Technology and Multimedia, Putrajaya, Malaysia, 2014, pp. 5-10, doi: 10.1109/ICIMU.2014.7066594.
[13]X. Wang, C. Fidge, G. Nourbakhsh, E. Foo, Z. Jadidi and C. Li, "Feature Selection for Precise Anomaly Detection in Substation Automation Systems," 2021 13th IEEE PES Asia Pacific Power & Energy Engineering Conference (APPEEC), Thiruvananthapuram, India, 2021, pp. 1-6, doi: 10.1109/APPEEC50844.2021.9687629.
[14]Y. Kwon, H. K. Kim, Y. H. Lim and J. I. Lim, "A behavior-based intrusion detection technique for smart grid infrastructure," 2015 IEEE Eindhoven PowerTech, Eindhoven, Netherlands, 2015, pp. 1-6, doi: 10.1109/PTC.2015.7232339.
[15]X. Wang, C. Fidge, G. Nourbakhsh, E. Foo, Z. Jadidi and C. Li, "Anomaly Detection for Insider Attacks From Untrusted Intelligent Electronic Devices in Substation Automation Systems," in IEEE Access, vol. 10, pp. 6629-6649, 2022, doi: 10.1109/ACCESS.2022.3142022.
[16]TMDSICE3359 AM3359 Industrial Communications Engine [Online].https://www.ti.com/tool/TMDSICE3359
[17]open source libraries [Online]. Availablehttps://libiec61850.com/
[18]Processor SDK Linux AM3359[Online]. Availablehttps://libiec61850.com/
[19]LSTM 內部結構介紹[Online]. https://ithelp.ithome.com.tw/articles/10188818?sc=rss.iron
[20]Support Vector Machine (SVM)支援向量機[Online]. https://ithelp.ithome.com.tw/articles/10302332
[21]TEXAS INSTRUMENTS[Online]. https://software-dl.ti.com/processor-sdk-linux/esd/docs/latest/linux/Foundational_Components/PRU-ICSS/Linux_Drivers/PRU-ICSS_Ethernet.html

指導教授

胡誌麟(Chih-Lin Hu)

審核日期

2024-7-24

推文