| 摘要: | 隨著科技發展及網路傳輸技術的進步,電力傳輸供應模式從傳統的電廠經電力線供應電力給用戶,轉變為採用IEC 61850國際標準的智能電力網路。這一標準統一了各廠家電錶的傳輸規格,並支援關鍵變電站自動化及數位變電站內保護設備之間的即時通信和數據交換。
自2011年起,台灣電力公司(台電)積極推進智能電力網路的前期布建、推廣及廣泛應用,以提升發電、調度、輸電及配電等各環節的效率。然而,在從傳統電力系統向智能電力網路轉型的過程中,因為IEC 61850標準並不特別強調安全性,儘管採用了IEC 62439-3的獨立傳輸協定,但仍缺乏強大的網路安全機制,導致至今仍面臨諸多網路攻擊及安全問題。
在智能電力網路中,智慧型電子裝置(Intelligent Electronic Device, IED)的反應時間至關重要,因此在極力減少延遲的情況下,IEC 61850標準採用了未加密的明文傳輸方式。這使得任何侵入智能電力網路的攻擊者都能通過網路封包分析器即時擷取封包中的資料,從而進行癱瘓、欺騙及取代等網路攻擊行為。因此,智能電力網路安全問題亟需研究偵測和防護方法。
本論文首先模擬IEC 61850標準中的通用物件導向變電站事件(Generic Object-Oriented Substation Event, GOOSE)及IEC 62439-3標準中的高可用性無縫冗餘(High Availability Seamless Redundancy, HSR)實體傳輸電力網路環境,並仿冒攻擊者進行網路封包擷取、複製、竄改及偽冒等操作。接著,進行阻斷服務攻擊(Denial-of-Service attack, DoS)及中間人攻擊(Man-in-the-Middle attack, MITM)等網路攻擊,然後對數據進行特徵提取,並利用長短期記憶網路(Long Short-Term Memory, LSTM)和支持向量機(Support Vector Machine, SVM)進行訓練學習,對比兩種演算法的準確率。
本論文探討在智能電力網路攻擊環境中,利用深度學習演算法進行入侵偵測的精準度及其優缺點,並通過實作結果比較,提出改善電力網路安全問題的入侵偵測方法。
;With the advancement of technology and network transmission techniques, the power transmission and supply model has evolved from the traditional method of power plants supplying electricity to users via power lines to the adoption of the IEC 61850 international standard for smart power grids. This standard unifies the transmission specifications of electricity meters from various manufacturers and supports real-time communication and data exchange between protection devices in key substations and digital substations.
Since 2011, Taiwan Power Company (Tai power) has been actively promoting the preliminary construction, dissemination, and widespread application of smart power grids to enhance efficiency in power generation, dispatching, transmission, and distribution. However, during the transition from traditional power systems to smart power grids, security has been a significant concern. The IEC 61850 standard, although incorporating the independent transmission protocol IEC 62439-3, does not particularly emphasize security, resulting in a lack of robust network security mechanisms. Consequently, smart power grids still face numerous network attacks and security issues.
In smart power grids, the response time of Intelligent Electronic Devices (IEDs) is critical. To minimize latency, the IEC 61850 standard employs unencrypted plaintext transmission. This allows any attacker who infiltrates the smart power grid to use network packet analyzers to intercept the data in real-time, leading to various network attacks such as denial-of-service, spoofing, and substitution. Therefore, there is an urgent need to research detection and protection methods for smart power grid security.
This thesis first simulates the Generic Object-Oriented Substation Event (GOOSE) as specified in the IEC 61850 standard and the High Availability Seamless Redundancy (HSR) in the IEC 62439-3 standard within a physical transmission power grid environment. It then emulates attackers to perform network packet interception, duplication, modification, and spoofing. Subsequently, it conducts network attacks such as Denial-of-Service (DoS) and Man-in-the-Middle (MITM), extracts features from the data, and uses Long Short-Term Memory (LSTM) and Support Vector Machine (SVM) for training and learning. The accuracy of the two algorithms is then compared.
This thesis explores the accuracy and advantages and disadvantages of using deep learning algorithms for intrusion detection in a smart power grid attack environment. Based on the implementation results, it proposes intrusion detection methods to improve power grid security issues. |
