1. A method of assessing a power monitoring system network attack vulnerability level, the method comprising:

determining a network attack behavior path aiming at the power monitoring system, determining a network attack behavior difficulty coefficient according to the network attack behavior path, and determining the success probability of network attack under a specific attack cost according to the network attack behavior difficulty coefficient;

determining the load loss amount of the power system caused by the network attack behavior;

and determining the influence probability of the network attack behavior, and determining the network attack destructive power degree of the power monitoring system according to the load loss amount, the success probability and the influence probability of the network attack.

2. The method of claim 1, wherein determining a network attack behavior difficulty coefficient comprises:

according to the network attack path, a hierarchical structure model for evaluating difficulty of network attack behaviors is constructed, and the hierarchical structure model comprises: a target layer, a criterion layer, an index layer and a behavior layer;

determining the mutual importance degree of different factors in the criterion layer, and constructing a judgment matrix of the criterion layer to the target layer;

determining the mutual importance degree of different factors in the index layer, and constructing a judgment matrix of the index layer to the criterion layer;

acquiring the maximum eigenvalue and eigenvector of the judgment matrix, and performing consistency check on the judgment matrix;

if the consistency check is passed, determining a weight vector of the index layer element relative to the target layer element according to the maximum feature vector;

establishing a decision matrix of the behavior layer elements to the index layer elements;

establishing a weighted standardized decision matrix according to the decision matrix and the weight vector of the index layer element to the target layer element;

and determining the difficulty coefficient of the network attack behavior through the weighted normalized decision matrix.

3. The method of claim 2, wherein the hierarchical structure model establishes a target layer with a difficulty coefficient of network attack behavior calculation as a target element; establishing a criterion layer by taking the attacker skill of the network attack behavior and the important configuration items of the attack object as reference criterion elements; aiming at the evaluation index elements of the skill of an attacker and the configuration condition of an attack object, establishing an index layer; and establishing a behavior layer by taking each behavior of the network attack behavior as a behavior element.

4. The method of claim 1, the determination of the probability of success of the cyber attack comprising: and determining a success probability function of any one-time network attack behavior according to the reliability calculation method and the network attack behavior difficulty coefficient, and determining the success probability of the network attack according to the success probability function.

5. The method of claim 1, wherein the load loss is calculated from power system fault simulation.

6. A system for assessing a level of network attack vulnerability of a power monitoring system, the system comprising:

the probability calculation unit is used for determining a network attack behavior path aiming at the power monitoring system, determining a network attack behavior difficulty coefficient according to the network attack behavior path, and determining the success probability of network attack under a specific attack cost according to the network attack behavior difficulty coefficient;

the fault simulation unit is used for determining the load loss of the power system caused by the network attack behavior;

and the evaluation unit is used for determining the influence probability of the network attack behavior and determining the network attack destructive power degree of the power monitoring system according to the load loss amount, the success probability and the influence probability of the network attack.

7. The system of claim 6, the determining a network attack behavior difficulty coefficient, comprising:

according to the network attack path, a hierarchical structure model for evaluating difficulty of network attack behaviors is constructed, and the hierarchical structure model comprises: a target layer, a criterion layer, an index layer and a behavior layer;

determining the mutual importance degree of different factors in the criterion layer, and constructing a judgment matrix of the criterion layer to the target layer;

determining the mutual importance degree of different factors in the index layer, and constructing a judgment matrix of the index layer to the criterion layer;

acquiring the maximum eigenvalue and eigenvector of the judgment matrix, and performing consistency check on the judgment matrix;

if the consistency check is passed, determining a weight vector of the index layer element relative to the target layer element according to the maximum feature vector;

establishing a decision matrix of the behavior layer elements to the index layer elements;

establishing a weighted standardized decision matrix according to the decision matrix and the weight vector of the index layer element to the target layer element;

and determining the difficulty coefficient of the network attack behavior through the weighted normalized decision matrix.

8. The system of claim 7, wherein the hierarchical model establishes a target layer with a difficulty coefficient of network attack behavior as a target element; establishing a criterion layer by taking the attacker skill of the network attack behavior and the important configuration items of the attack object as reference criterion elements; aiming at the evaluation index elements of the skill of an attacker and the configuration condition of an attack object, establishing an index layer; and establishing a behavior layer by taking each behavior of the network attack behavior as a behavior element.

9. The system of claim 6, the determination of the probability of success of the cyber attack comprising: and determining a success probability function of any one-time network attack behavior according to the reliability calculation method and the network attack behavior difficulty coefficient, and determining the success probability of the network attack according to the success probability function.

10. The system of claim 6, wherein the load loss is calculated from power system fault simulation.

Background

According to the principle of information security risk analysis, three elements of assets, threats and vulnerabilities are involved in the information security risk analysis, and each element has respective attributes as follows:

(1) the property of the asset is asset value, and the asset value is determined through asset identification;

(2) the attribute of the threat can be a threat subject, an influence object, an appearance frequency, a motivation and the like, and the frequency of the threat appearance is determined through threat identification;

(3) the attribute of vulnerability is the severity of asset vulnerability, and the extent of vulnerability is determined by vulnerability identification.

The principle of developing risk analysis comprehensively considering the incidence relation among the three elements is as follows: determining the possibility of an attack event according to the frequency of threat occurrence and the severity of the vulnerability; determining the loss caused by the attack event according to the asset value and the severity of the vulnerability; and finally, determining the security risk degree of the attack event according to the possibility of the attack event and the loss consequence.

By taking the idea of information security risk assessment as reference and combining with the characteristic analysis of the power secondary system, the security risk degree can be regarded as the destructive power degree of the network attack behavior of the power system, and the higher the security risk degree of the attack event is, the larger the destructive power is.

The destructive influence factors of the power system network attack mainly include the following two aspects:

(1) probability of an attack event. The probability of an attack event occurring is determined based on the attacker's skill (i.e., the attack threat) and its difficulty in exploiting the vulnerability. Event occurrence is a necessary condition for generating destructive power, and only possible attack events can affect the power system. Meanwhile, the probability and the destructive power of the event are in a positive incidence relation, and for a specific attack result, the larger the occurrence probability of the event is, the larger the destructive power of the event can be considered.

(2) The consequences of an attack event. The more severe the loss caused by an information security event, the greater the security risk of the event. The final purpose of the network attack of the power system is to destroy the normal operation of the primary power system, and finally cause the influence of power failure. In other words, the higher the asset value of the power system network attack target, the greater the impact, that is, the greater the load of the power outage, the higher the impact degree of the attack event, and the stronger the destructive power thereof.

At present, the related research aiming at the network attack destructive power evaluation and analysis of the power monitoring system is mainly reflected in the aspects related to the operation of the primary power system, namely, a simple estimation method is usually adopted for the operation influence of the primary power system caused by a network attack event, and an evaluation method combined with the simulation analysis result of the primary power system is lacked, so that the stringency and the accuracy of the destructive power evaluation result are insufficient. Therefore, how to accurately take the influence of the attack event on the operation of the primary power system into account when carrying out network attack destructive power evaluation is of great significance for accurately evaluating the network attack destructive power degree of the power monitoring system.

Disclosure of Invention

In order to solve the above problems, the present invention provides a method for evaluating a network attack destructive power degree of a power monitoring system, comprising:

determining a network attack behavior path aiming at the power monitoring system, determining a network attack behavior difficulty coefficient according to the network attack behavior path, and determining the success probability of network attack under a specific attack cost according to the network attack behavior difficulty coefficient;

determining the load loss amount of the power system caused by the network attack behavior;

and determining the influence probability of the network attack behavior, and determining the network attack destructive power degree of the power monitoring system according to the load loss amount, the success probability and the influence probability of the network attack.

Optionally, determining the difficulty coefficient of the network attack behavior includes:

according to the network attack path, a hierarchical structure model for evaluating difficulty of network attack behaviors is constructed, and the hierarchical structure model comprises: a target layer, a criterion layer, an index layer and a behavior layer;

determining the mutual importance degree of different factors in the criterion layer, and constructing a judgment matrix of the criterion layer to the target layer;

determining the mutual importance degree of different factors in the index layer, and constructing a judgment matrix of the index layer to the criterion layer;

acquiring the maximum eigenvalue and eigenvector of the judgment matrix, and performing consistency check on the judgment matrix;

if the consistency check is passed, determining a weight vector of the index layer element relative to the target layer element according to the maximum feature vector;

establishing a decision matrix of the behavior layer elements to the index layer elements;

establishing a weighted standardized decision matrix according to the decision matrix and the weight vector of the index layer element to the target layer element;

and determining the difficulty coefficient of the network attack behavior through the weighted normalized decision matrix.

Optionally, the hierarchical structure model establishes a target layer by taking the difficulty coefficient of the network attack behavior calculation as a target element; establishing a criterion layer by taking the attacker skill of the network attack behavior and the important configuration items of the attack object as reference criterion elements; aiming at the evaluation index elements of the skill of an attacker and the configuration condition of an attack object, establishing an index layer; and establishing a behavior layer by taking each behavior of the network attack behavior as a behavior element.

Optionally, the determining of the success probability of the network attack includes: and determining a success probability function of any one-time network attack behavior according to the reliability calculation method and the network attack behavior difficulty coefficient, and determining the success probability of the network attack according to the success probability function.

Optionally, the load loss is obtained through simulation calculation according to the power system fault.

The invention also provides a system for evaluating the network attack destructive power degree of the power monitoring system, which comprises the following steps:

the probability calculation unit is used for determining a network attack behavior path aiming at the power monitoring system, determining a network attack behavior difficulty coefficient according to the network attack behavior path, and determining the success probability of network attack under a specific attack cost according to the network attack behavior difficulty coefficient;

the fault simulation unit is used for determining the load loss of the power system caused by the network attack behavior;

and the evaluation unit is used for determining the influence probability of the network attack behavior and determining the network attack destructive power degree of the power monitoring system according to the load loss amount, the success probability and the influence probability of the network attack.

Optionally, determining the difficulty coefficient of the network attack behavior includes:

according to the network attack path, a hierarchical structure model for evaluating difficulty of network attack behaviors is constructed, and the hierarchical structure model comprises: a target layer, a criterion layer, an index layer and a behavior layer;

determining the mutual importance degree of different factors in the criterion layer, and constructing a judgment matrix of the criterion layer to the target layer;

determining the mutual importance degree of different factors in the index layer, and constructing a judgment matrix of the index layer to the criterion layer;

acquiring the maximum eigenvalue and eigenvector of the judgment matrix, and performing consistency check on the judgment matrix;

if the consistency check is passed, determining a weight vector of the index layer element relative to the target layer element according to the maximum feature vector;

establishing a decision matrix of the behavior layer elements to the index layer elements;

establishing a weighted standardized decision matrix according to the decision matrix and the weight vector of the index layer element to the target layer element;

and determining the difficulty coefficient of the network attack behavior through the weighted normalized decision matrix.

Optionally, the hierarchical structure model establishes a target layer by taking the difficulty coefficient of the network attack behavior calculation as a target element; establishing a criterion layer by taking the attacker skill of the network attack behavior and the important configuration items of the attack object as reference criterion elements; aiming at the evaluation index elements of the skill of an attacker and the configuration condition of an attack object, establishing an index layer; and establishing a behavior layer by taking each behavior of the network attack behavior as a behavior element.

Optionally, the determining of the success probability of the network attack includes: and determining a success probability function of any one-time network attack behavior according to the reliability calculation method and the network attack behavior difficulty coefficient, and determining the success probability of the network attack according to the success probability function.

Optionally, the load loss is obtained through simulation calculation according to the power system fault.

According to the method, under the conditions of specific attacker skill, attack cost and specific power monitoring system configuration, the network attack event probability and the power primary system operation influence of the power monitoring system are considered, the comprehensive evaluation of the network attack event destructive power of the associated power primary system operation consequences is realized, and a technical reference is provided for accurately evaluating the network attack destructive power degree of the power monitoring system.

Drawings

FIG. 1 is a flow chart of the method of the present invention;

FIG. 2 is a diagram of a hierarchy model of the method of the present invention;

FIG. 3 is a diagram of a hierarchical model of a substation monitoring system according to the method of the present invention;

FIG. 4 is a block diagram of an IEEE 39 node system embodying the present invention;

FIG. 5 is a system frequency variation graph of an attack scenario of the method of the present invention;

FIG. 6 is a frequency variation graph of a system in an attack scenario II according to the method of the present invention;

fig. 7 is a schematic diagram of the system of the present invention.

Detailed Description

The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.

Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.

The invention provides a method for evaluating the network attack destructive power degree of a power monitoring system, as shown in figure 1, comprising the following steps:

firstly, calculating the probability of the network attack event under a specific attack cost based on the network attack path flow and the behavior difficulty.

And then, analyzing the influence of the network attack event on the operation control of the primary power equipment, and carrying out simulation calculation analysis on the primary power system fault under the network attack background to obtain the load loss caused by the attack event.

And finally, quantitatively evaluating the destructive power of the network attack event based on the attack event probability and the load loss amount of the primary power system and considering the triggering probability of the attack influence.

(1) And solving the comprehensive difficulty coefficient of the network attack behavior as follows:

the method combines the characteristics of a network attack scene and a distributed system vulnerability assessment method, considers that an analytic hierarchy process and an approximate ideal solution ordering process are adopted to realize the quantitative analysis of the attack behavior difficulty, and comprises the following specific steps:

1) constructing a hierarchical structure model for comprehensive difficulty evaluation of network attack behaviors;

the hierarchical structure model for the comprehensive difficulty evaluation of the network attack behavior is composed of four levels, namely a target layer, a criterion layer, an index layer and a behavior layer, as shown in fig. 2, wherein the calculated comprehensive difficulty coefficient of the attack behavior is a target and is independently used as an element of the target layer; attacker skills and important configuration items of an attack object closely related to the comprehensive difficulty system are reference criteria for determining the difficulty coefficient, and form criteria layer elements together; specific index items required to be obtained when the skill of an attacker and the configuration condition of an attack object are evaluated, such as specific skill mastered by the attacker and specific configuration conditions of the attack object, are developed, so that index layer elements are formed together, and a basis is provided for quantitative analysis criterion layer elements; each attack behavior forms the bottom behavior layer element and aims to explain the attack difficulty relation between each attack behavior and the index layer element.

The model constructs the overall relation between the network attack behaviors and various factors related to the network attack behaviors, and finally obtains the comprehensive difficulty coefficient indexes of the behaviors through layered one-by-one analysis.

2) Constructing a judgment matrix;

according to the comparison condition of the mutual importance degree of different factors of the criterion layer, the expert scoring opinion is solicited, and a judgment matrix A (m +1 order) of the criterion layer to the target layer is constructed according to the expert scoring opinion, wherein A_ijIndicating the degree of importance of the index i relative to the index j. Similarly, constructing judgment matrixes B0(n order), B1(p order), B2(q order), … … and Bm (r order) of the index layer for the skill of the attacker and the configuration items 1-m of the attack object in the criterion layer.

3) Solving and judging the maximum eigenvector of the matrix and checking consistency;

the maximum eigenvalues and eigenvectors W of the judgment matrixes A, B0, B1, B2, … … and Bm are respectively obtained_A、W_B0、W_B1、W_B2、……、W_Bm. Since the judgment matrix is a judgment given according to expert experienceThis is where inconsistencies are unavoidable, but inconsistencies need to be within a certain range to be acceptable. The consistency check is a method for inspecting and judging the degree of inconsistency. The consistency check index CI is defined as follows:

wherein n is the order of the judgment matrix, λ_maxIs the maximum eigenvalue, and when identical, CI is 0. When the random consensus is inconsistent, generally, the larger n is, the worse the consistency is, so that an average random consensus index RI and a random consensus ratio CR are introduced:

the average random consistency index RI is obtained by randomly constructing n-order positive and inverse matrix, and when a sufficiently large subsample is taken, the maximum eigenvalue average value lambda is obtained_aveAnd then calculating to obtain RI, wherein each order corresponds to an RI value. The introduction of RI overcomes the defect that the consistency check index CI is increased along with the increase of the matrix order to a certain extent. When consistency judgment is carried out, if the random consistency ratio CR is less than 0.1, inconsistency is considered to be acceptable; if CR is greater than or equal to 0.1, the inconsistency is considered unacceptable, and the judgment matrix needs to be modified.

4) Calculating a weight vector of the index layer element relative to the target layer element;

the weight vector of the index layer elements to the target layer elements is:

W＝[W_B0，W_B1，W_B2，……，W_Bm]×W_A (4)

5) constructing a decision matrix of the behavior layer elements to the index layer elements;

for s rowsConstructing a decision matrix C ═ C (C) for the t index layer elements_ij) Where t is n + p + q + r, i is 1, 2, … …, s, j is 1, 2, … …, t, c_ijAssigning a value to the difficulty of breaking the jth index for the ith behavior, wherein the greater the difficulty is, the c_ijThe larger the value.

Normalizing the decision matrix to form a normalized matrix D, wherein:

6) constructing a weighted standardized decision matrix;

weighted normalized decision matrix Z_ij＝W_j×D_ijWherein W is_jIs the jth element of W.

7) Calculating a comprehensive attack difficulty coefficient of each behavior;

calculating a positive ideal solution Z + and a negative ideal solution Z-according to an approximate ideal solution sorting method, wherein:

the distance between each behavior attack difficulty coefficient and the positive and negative ideal solutions is as follows:

calculating ideal solution closeness, and calculating to obtain an attack comprehensive difficulty coefficient of each behavior by combining the difficulty average value in the decision matrix:

wherein the content of the first and second substances,

8) and solving the attack success probability of the attack path as follows:

referring to a reliability calculation method, defining a success probability function of a certain attack behavior as follows:

wherein C is the equivalent attack cost that an attacker can pay, C is the equivalent attack cost required by the implementation of the attack behavior, and the larger p (C) is, the higher the probability of success of the behavior is represented.

Combining with the attack path diagram analysis, when the number n of the attack behaviors contained in a certain path is more than or equal to 2, the probability of completing the whole process of the certain attack path is as follows:

(2) solving the load loss caused by the attack event as follows:

analyzing the influence of the network attack event on the operation control of the primary power equipment, and carrying out simulation calculation analysis on the primary power system fault under the network attack background to obtain the load loss L caused by the attack event.

(3) Solving the network attack destructive power evaluation factor as follows:

considering that a primary system fault caused by relevant attacks such as relay protection belongs to a hidden fault, the influence triggering probability of the attacks needs to be considered. Based on the attack event probability P and the primary power system load loss L, and considering the trigger probability of attack influence, a network attack destructive power evaluation factor calculation formula is set as follows:

A＝r×P×L (11)

wherein, A represents a network attack destructive power evaluation factor; r is influence trigger probability (recessive fault 0 is less than or equal to r is less than or equal to 1, and non-recessive fault r is 1); p is the success probability of the secondary system attack; and L is the load loss of the primary system.

Taking a certain typical substation monitoring system adopting the IEC 61850 standard as an example, based on network attack path analysis, the vulnerability threats of the key devices related to 6 attack paths under specific configuration conditions are evaluated, and the attack behaviors included in the combed 6 attack paths are shown in Table 1:

TABLE 1

The functions of the equipment are marked in the table, the equipment corresponds to the logic nodes in the IEC 61850 standard, the equipment is an attack object, the function of the equipment is actually attacked, the attack behavior numbers included in the attack path are shown on the right, and a hierarchical structure model for comprehensive difficulty evaluation of the network attack behavior of the substation monitoring system is constructed as shown in fig. 3.

And (3) comparing the mutual importance degrees of the elements by adopting a reciprocal 1-9 scaling method, constructing a judgment matrix A of the criterion layer to the target layer and judgment matrices B0-B4 of the index layer to the criterion layer, calculating the maximum eigenvalue and the corresponding eigenvector, and carrying out consistency check.

When a judgment matrix is constructed, the importance degrees among all elements are compared fully, and reasonable assignment is carried out according to a measurement result, taking the judgment matrix A as an example, the evaluation matrix A assigns values to the comparison condition of the importance degrees among 5 indexes such as attacker skills, network environment, target objects and the like by fully soliciting expert opinions, for example, A₁₁The attacker skill index and the self-measure value are 1 (the diagonal elements of the matrix are the index and the self-measure value are both 1), A₁₂Assuming that the degree of importance of the attacker skill relative to the network environment is about 3 times that of the network environment when the target layer elements are evaluated, a is₁₂The value is 3; similarly, the assignment of the remaining matrix elements is done according to the rules described above. In addition, in order to avoid serious inconsistency in the measurement process, consistency check needs to be performed on the judgment matrix.

The calculation results are as follows:

λ_Amax＝5.0723

λ_B0max＝2.0

λ_B1max＝2.0

λ_B2max＝3.0092

λ_B3max＝3.0183

λ_B4max＝3.0183

the consistency test is performed on the matrix, and according to the statistical calculation result, the RI value is shown in table 2:

TABLE 2

n	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20
																					RI	0	0	0.58	0.90	1.12	1.24	1.32	1.41	1.45	1.49	1.52	1.54	1.56	1.58	1.59	1.59	1.61	1.61	1.62	1.63

The results of the consistency check are shown in table 3, and the judgment matrices all pass the consistency check.

TABLE 3

The weight vector of the calculated index layer elements to the target layer elements is:

W＝[0.0693 0.2079 0.0785 0.0393 0.1435 0.0790 0.2608 0.0099 0.0113 0.0260 0.0091 0.0238 0.0416]^T

the decision matrix of behavior layer elements to index layer elements is constructed as follows:

the decision matrix is normalized to form a normalized matrix as follows:

the weighted normalized decision matrix is calculated as follows:

the positive ideal solution Z + and the negative ideal solution Z-are respectively:

Z⁺＝[0.0423 0.1085 0.0419 0.0187 0.0487 0.0276 0.1284 0.0047 0.0049 0.0122 0.0040 0.0103 0.0149]

Z^-＝[0.0106 0.0310 0.0105 0.0070 0.0348 0.0215 0.0482 0.0009 0.0014 0.0061 0.0020 0.0051 0.0085]

the distance between each behavior attack difficulty coefficient and the positive and negative ideal solutions is as follows:

d⁺＝[0.0871 0.0905 0.1120 0.0520 0.0976 0.0384 0.1010 0.0864 0.1088 0.0762 0.0606]

d^-＝[0.0405 0.0387 0.0164 0.0913 0.0278 0.0996 0.0344 0.0391 0.0207 0.0473 0.0686]

calculating ideal solution closeness, and calculating to obtain an attack comprehensive difficulty coefficient of each behavior by combining the difficulty average value in the decision matrix as follows:

DI＝[1.5141 1.2450 0.4215 3.0864 1.1072 4.7171 1.1132 1.4616 0.5891 1.6505 2.5722]

the attack success probability of each attack path is calculated (assuming that the attack cost c is 1), as shown in table 4:

TABLE 4

Further, an IEEE 39 node standard system is taken as an example, a power grid structure is shown in fig. 4, simulation analysis of system faults caused by network attacks is developed, a low-frequency load shedding action round of a power grid in a certain region of China is configured as a reference, and the configuration is shown in table 5:

TABLE 5

Consider the following two types of attack scenarios:

(1) an attack scenario I: an attacker invades the master dispatching station, remotely controls the governed transformer stations by utilizing the function of the telemechanical workstation, maliciously issues control instructions or modifies relay protection setting values, and causes the two transformer stations to stop operating simultaneously.

Assuming that two substations corresponding to nodes 37# and 38# are shut down at the same time, since the two substations are both generator set step-up transformers, the active power loss of the feed-in system caused by the shutdown is about 1370 MW. The frequency of the system bus is reduced to 48.4Hz as a result of the outage of the substation, the low-frequency load shedding action is triggered to cut off the load to reach 1500MW in total, then the frequency of the bus is gradually restored to be close to the rated value, and the frequency of the system changes as shown in FIG. 5.

The attack scenario corresponds to the network attack paths 3 and 4 of the transformer substation monitoring system, the success probability of the path attack is 0.1520 and 0.1172, and if the trigger probability of one-time equipment false tripping caused by the constant value tampering of the relay protection device is 0.8, the evaluation factor of the network attack destructive power under 2 paths is shown in table 6:

TABLE 6

Path numbering	Probability of attack success P	Load loss L	Influence trigger probability r	Factor A for evaluating destructive power
					3	0.1520	1500	1	228
4	0.1172	1500	0.8	140.6

(2) An attack scenario two: an attacker invades a transformer substation monitoring system and maliciously issues a control instruction or modifies a relay protection fixed value, so that one transformer substation is shut down.

Assuming that the substation corresponding to the node # 38 is shut down, which causes the loss of active power fed into the system to be about 830MW, and the shutdown of the substation causes the bus frequency of the system to be reduced to 48.8Hz, a low-frequency load shedding action is triggered to cut off the load for a total of 738MW, and then the bus frequency gradually recovers to be close to the rated value, and the system frequency changes as shown in fig. 6.

The attack scenarios correspond to network attack paths 1, 2, 5 and 6 of the substation monitoring system, and the success probabilities of the path attacks are 0.3204, 0.1771, 0.2363 and 0.1751 respectively. Similarly, assuming that the triggering probability of causing the primary equipment to trip by mistake after the relay protection device is tampered with the fixed value is 0.8, the evaluation factors of the network attack destructive power under 4 paths are shown in table 7:

TABLE 7

Path numbering	Probability of attack success P	Load loss L	Influence trigger probability r	Factor A for evaluating destructive power
					1	0.3204	738	1	236.5
2	0.1771	738	1	130.7
					5	0.2363	738	0.8	139.5
6	0.1751	738	0.8	103.4

Statistics is performed on the destructive power of the network attack scene of the substation monitoring system in this case, as shown in table 8:

TABLE 8

As can be seen from table 8, in the overall comparison, the attack path success probability corresponding to shutdown caused by intrusion of the substation monitoring host is highest, and although the load shedding influence caused by shutdown of a single substation is small, comprehensive analysis shows that the path destructive power evaluation factor is the largest; the success probability of the attack path corresponding to the simultaneous shutdown of the two substations is low due to the remote instruction issued by the dispatching master station, the load shedding influence is large, and the evaluation factor of the path destructive power is known by comprehensive analysis; the attack path success probability corresponding to the outage of a single transformer substation caused by the intrusion of the protection device is centered, the load shedding influence is small, the influence triggering probability is smaller than 1, and the comprehensive analysis shows that the path destructive power evaluation factor is minimum. The above is an implementation case for realizing quantitative evaluation of the influence of the destructive power of the network attack by adopting the method.

The present invention further provides a system 200 for evaluating the network attack destructive power degree of a power monitoring system, as shown in fig. 7, including:

the probability calculation unit 201 determines a network attack behavior path for the power monitoring system, determines a network attack behavior difficulty coefficient according to the network attack behavior path, and determines the success probability of network attack under a specific attack cost according to the network attack behavior difficulty coefficient;

the fault simulation unit 202 is used for determining the load loss of the power system caused by the network attack behavior;

and the evaluation unit 203 determines the influence probability of the network attack behavior, and determines the network attack destructive power degree of the power monitoring system according to the load loss amount, the success probability and the influence probability of the network attack.

The determining of the network attack behavior difficulty coefficient comprises the following steps:

according to the network attack path, a hierarchical structure model for evaluating difficulty of network attack behaviors is constructed, and the hierarchical structure model comprises: a target layer, a criterion layer, an index layer and a behavior layer;

determining the mutual importance degree of different factors in the criterion layer, and constructing a judgment matrix of the criterion layer to the target layer;

determining the mutual importance degree of different factors in the index layer, and constructing a judgment matrix of the index layer to the criterion layer;

acquiring the maximum eigenvalue and eigenvector of the judgment matrix, and performing consistency check on the judgment matrix;

if the consistency check is passed, determining a weight vector of the index layer element relative to the target layer element according to the maximum feature vector;

establishing a decision matrix of the behavior layer elements to the index layer elements;

establishing a weighted standardized decision matrix according to the decision matrix and the weight vector of the index layer element to the target layer element;

and determining the difficulty coefficient of the network attack behavior through the weighted normalized decision matrix.

The hierarchical structure model establishes a target layer by taking the difficulty coefficient of network attack behavior calculation as a target element; establishing a criterion layer by taking the attacker skill of the network attack behavior and the important configuration items of the attack object as reference criterion elements; aiming at the evaluation index elements of the skill of an attacker and the configuration condition of an attack object, establishing an index layer; and establishing a behavior layer by taking each behavior of the network attack behavior as a behavior element.

The determination of the success probability of the network attack comprises the following steps: and determining a success probability function of any one-time network attack behavior according to the reliability calculation method and the network attack behavior difficulty coefficient, and determining the success probability of the network attack according to the success probability function.

And the load loss is obtained by simulation calculation according to the fault of the power system.

According to the method, under the conditions of specific attacker skill, attack cost and specific power monitoring system configuration, the network attack event probability and the power primary system operation influence of the power monitoring system are considered, the comprehensive evaluation of the network attack event destructive power of the associated power primary system operation consequences is realized, and a technical reference is provided for accurately evaluating the network attack destructive power degree of the power monitoring system.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The scheme in the embodiment of the application can be implemented by adopting various computer languages, such as object-oriented programming language Java and transliterated scripting language JavaScript.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.