电力信息物理系统入侵容忍能力评估方法

随着控制系统与新信息技术的集成程度不断提高，电力信息物理系统（cyber-physical power system, CPPS）不仅面临着来自物理世界的不确定性，还面临着来自网络空间的攻击威胁，亟须能够评估CPPS遭受网络攻击时防御能力的方法。提出一种以平均失效时间与可靠度为评估指标的入侵容忍能力与最优资源配置的评估方法。首先，采用半马尔可夫链模型对高级可持续威胁（advanced persistent threat，APT）进行建模，具体分析来自网络层面的攻击对CPPS的破坏渗透过程，利用随机博弈模型动态描述CPPS中攻防双方的交互过程，预测纳什均衡下攻击者的理性进攻策略，确定应对恶意攻击的最佳防御策略。最后，以CPPS安全试验场为案例仿真验证了入侵容忍能力评估方法的有效性，结果说明：入侵容忍能力对CPPS安全运行具有不可忽视的作用。

An Intrusion Tolerance Assessment Method for Cyber-Physical Power System

With the increasing integration of information and communication technology, the cyber-physical power system (CPPS) is facing not only uncertainties from the physical world but also threat from cyberspace. It is urgently needed for a method to assess the defensive capability of CPPS against cyber attacks. An assessment method is proposed for intrusion tolerance and optimal defense resource allocation of CPPS based on mean failure time and reliability. Firstly, a semi-Markov chain attack model is established for the advanced persistent threat (APT) to analyze the penetration process of attacks from cyber level to CPPS. Besides, a stochastic game model is adopted to dynamically describe the interaction process between attackers and defenders in CPPS, subsequently predicting the optimal strategy of attackers under Nash equilibrium, and determining the optimal defense strategy against malicious attacks. Finally, the effectiveness of the intrusion tolerance assessment method is verified through a CPPS security testbed, which shows that the intrusion tolerance capability has a significant role in the secure operation of the CPPS.