能源關(guān)鍵基礎(chǔ)設(shè)施網(wǎng)絡(luò)安全威脅與防御技術(shù)綜述
doi: 10.11999/JEIT191055
-
1.
上海交通大學(xué)網(wǎng)絡(luò)安全技術(shù)研究院 上海 200240
-
2.
中國能源研究會能源網(wǎng)絡(luò)安全研究中心 北京 100045
Overview of Cyber Security Threats and Defense Technologies for Energy Critical Infrastructure
-
1.
Institute of Cyber Science and Technology, Shanghai Jiao Tong University, Shanghai 200240, China
-
2.
Research Center for Energy Security, China Energy Research Society, Beijing 100045, China
-
摘要: 在信息技術(shù)飛速發(fā)展的背景下,能源關(guān)鍵基礎(chǔ)設(shè)施得到了變革性的飛速發(fā)展,與人工智能、大數(shù)據(jù)、物聯(lián)網(wǎng)等新技術(shù)深度融合。信息技術(shù)在顯著優(yōu)化能源關(guān)鍵基礎(chǔ)設(shè)施的效率和性能的同時,也帶來了更加具有持續(xù)性和隱蔽性的新型安全威脅。如何針對能源關(guān)鍵基礎(chǔ)設(shè)施建立體系化、智能化的安全防御體系是亟需解決的問題。該文從能源關(guān)鍵基礎(chǔ)設(shè)施本身的發(fā)展趨勢入手,對其面對的傳統(tǒng)和新型安全威脅的機(jī)理進(jìn)行了分析。在此基礎(chǔ)上,對能源關(guān)鍵基礎(chǔ)設(shè)施的防御技術(shù)演進(jìn)進(jìn)行深入的研究和分析。
-
關(guān)鍵詞:
- 能源關(guān)鍵基礎(chǔ)設(shè)施 /
- 網(wǎng)絡(luò)安全 /
- 人工智能 /
- 高級持續(xù)威脅 /
- 軟件定義網(wǎng)絡(luò)
Abstract: Energy critical infrastructure has undergone transformative rapid development in the context of the rapid development of information technology, and has been deeply integrated with new technologies such as Artificial Intelligence (AI), big data, and the Internet of Things. While information technology significantly improves the efficiency and performance of energy critical infrastructure, it also brings new types of security threats that are more persistent and covert. An urgent problem is how to establish a systematic and intelligent security defense system for energy critical infrastructure. This paper starts with the development trend of energy critical infrastructure, and analyzes the mechanism of the traditional and new security threat mechanisms it faces. On this basis, insightful analysis on the research status and evolution trends of defense technologies for energy critical infrastructures is made. -
表 1 國內(nèi)外現(xiàn)有智能電網(wǎng)安全相關(guān)標(biāo)準(zhǔn)與規(guī)范
國際標(biāo)準(zhǔn)與規(guī)范 標(biāo)準(zhǔn)、建議、規(guī)定、指南 制訂單位 Smart Grid Cyber Security Strategy and Requirements (DRAFT NIST 7628) National Institute of Standards and Technology (NIST) IEEE 21451 -- Standard for a Smart Transducer Interface for Sensors, and Actuators Shanghai Jiao Tong University (NIST) Good Practice Guide, Process Control and SCADA Security Centre for the Protection ofNational Infrastructure (CPNI) ANSI/ISA-99 Manufacturing and Control Systems Security’ Part 1: Concepts, Models and Terminology (2007) Part2: Establishing a Manufacturing and Control Systems Security Program (2009) The International Society of Automation (ISA) 21 steps to Improve Cyber Security of SCADA Networks U.S. Department of Energy (DOE) Guide to Industrial Control Systems (ICS) Security (NIST SP 800-82) National Institute of Standards and Technology (NIST) Recommended Security Controls for Federal Information Systems (including those for Bulk Power System) (NIST SP 800-53) National Institute of Standards and Technology (NIST) Advanced Metering Infrastructure (AMI) System Security Requirements Advanced Security Acceleration Project (ASAP) – Smart Grid Security Profile for Advanced Metering Infrastructure Advanced Security Acceleration Project (ASAP) – Smart Grid Utility AMI Home Area Network System Requirements Specification Utility AMI IEC 62351 1-8, Power System Control and Associated Communications – Data and Communication Security International Electrotechnical Commission (IEC) IEEE 1686-2007, IEEE Standard for Substation Intelligent Electronic Devices (IED) Cyber Security Capabilities IEEE CIP-002, 003-009 North American Electric Reliability Corporation (NERC) Cyber Security Procurement Language for Control Systems Department of Homeland Security (DHS) System Protection Profile - Industrial Control Systems National Institute of Standards and Technology (NIST) Catalog of Control Systems Security: Recommendations for Standards Developers Department of Homeland Security (DHS) Wireless Standards (ISA SP100) ISA 國內(nèi)標(biāo)準(zhǔn)與規(guī)范 電力監(jiān)控系統(tǒng)安全防護(hù)規(guī)定 發(fā)改委 信息安全技術(shù)安全可控信息系統(tǒng)電力系統(tǒng)安全指標(biāo)體系 中國電力科學(xué)研究院 電力系統(tǒng)管理及其信息交換數(shù)據(jù)和通信安全 全國電力系統(tǒng)管理及其信息交換標(biāo)準(zhǔn)化技術(shù)委員會 下載: 導(dǎo)出CSV
-
SATO T, KAMMEN D M, DUAN B, et al. Smart Grid Standards: Specifications, Requirements, and Technologies[M]. Singapore: John Wiley & Sons, 2015. AKINGENEYE I and WU Jingxian. Low latency detection of sparse false data injections in smart grids[J]. IEEE Access, 2018, 6: 58564–58573. doi: 10.1109/ACCESS.2018.2873981 張鈞, 黃翰, 張義斌. 國外智能電網(wǎng)頂層技術(shù)路線對比分析[J]. 華北電力大學(xué)學(xué)報: 社會科學(xué)版, 2015(4): 25–30.ZHANG Jun, HUANG Han, and ZHANG Yibin. Comparative analysis of foreign smart grid top-level roadmaps[J]. Journal of North China Electric Power University:Social Sciences, 2015(4): 25–30. WANG Kuan, LI Jianhua, WU Jun, et al. QoS-predicted energy efficient routing for information-centric smart grid: A network calculus approach[J]. IEEE Access, 2018, 6: 52867–52876. doi: 10.1109/ACCESS.2018.2870929 LIGHTNER E M and WIDERGREN S E. An orderly transition to a transformed electricity system[J]. IEEE Transactions on Smart Grid, 2010, 1(1): 3–10. doi: 10.1109/TSG.2010.2045013 RADOGLOU-GRAMMATIKIS P I and SARIGIANNIDIS P G. Securing the smart grid: A comprehensive compilation of intrusion detection and prevention systems[J]. IEEE Access, 2019, 7: 46595–46620. doi: 10.1109/ACCESS.2019.2909807 BUSH G W. Address to a joint session of congress and the American people[R]. 2001: xviii. FANG Xi, MISRA S, XUE Guoliang, et al. Smart grid—The new and improved power grid: A survey[J]. IEEE Communications Surveys & Tutorials, 2012, 14(4): 944–980. BERA S, MISRA S, and RODRIGUES J J P C. Cloud computing applications for smart grid: A survey[J]. IEEE Transactions on Parallel and Distributed Systems, 2015, 26(5): 1477–1494. doi: 10.1109/TPDS.2014.2321378 TANYINGYONG V, OLSSON R, CHO J W, et al. IoT-grid: IoT communication for smart DC grids[C]. 2016 IEEE Global Communications Conference, Washington, USA, 2016: 1–7. YOUSSEF N E H B, BAROUNI Y, KHALFALLAH S, et al. Mixing SDN and CCN for content-centric Qos aware smart grid architecture[C]. The 25th IEEE/ACM International Symposium on Quality of Service, Vilanovaila Geltru, 2017: 1–5. LI Gaolei, WU Jun, GUO Longhua, et al. SDN based dynamic and autonomous bandwidth allocation as ACSI services of IEC61850 communications in smart grid[C]. 2016 IEEE Smart Energy Grid Engineering, Oshawa, 2016: 342–346. KUMAR N, ZEADALLY S, and RODRIGUES J J P C. Vehicular delay-tolerant networks for smart grid data management using mobile edge computing[J]. IEEE Communications Magazine, 2016, 54(10): 60–66. doi: 10.1109/MCOM.2016.7588230 AHSAN U and BAIS A. Distributed big data management in smart grid[C]. The 26th Wireless and Optical Communication Conference, Newark, 2017: 1–6. LIU Keyan, SHENG Wanxing, LIU Yuan, et al. Optimal sitting and sizing of DGs in distribution system considering time sequence characteristics of loads and DGs[J]. International Journal of Electrical Power & Energy Systems, 2015, 69: 430–440. AMIN S, LITRICO X, SASTRY S S, et al. Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models[J]. IEEE Transactions on Control Systems Technology, 2013, 21(5): 1679–1693. doi: 10.1109/TCST.2012.2211874 NTALAMPIRAS S. Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling[J]. IEEE Transactions on Industrial Informatics, 2015, 11(1): 104–111. doi: 10.1109/TII.2014.2367322 LIU Xuan and LI Zuyi. Trilevel modeling of cyber attacks on transmission lines[J]. IEEE Transactions on Smart Grid, 2017, 8(2): 720–729. NI Jianbing, ALHARBI K, LIN Xiaodong, et al. Security-enhanced data aggregation against malicious gateways in smart grid[C]. 2015 IEEE Global Communications Conference, San Diego, 2015: 1–6. 伊勝偉, 張翀斌, 謝豐, 等. 基于Peach的工業(yè)控制網(wǎng)絡(luò)協(xié)議安全分析[J]. 清華大學(xué)學(xué)報: 自然科學(xué)版, 2017, 57(1): 50–54.YI Shengwei, ZHANG Chongbin, XIE Feng, et al. Security analysis of industrial control network protocols based on Peach[J]. Journal of Tsinghua University:Science and Technology, 2017, 57(1): 50–54. OOZEER M I and HAYKIN S. Cognitive risk control for mitigating cyber-attack in smart grid[J]. IEEE Access, 2019, 7: 125806–125826. doi: 10.1109/ACCESS.2019.2939089 ALOUL F, AL-ALI A R, AL-DALKY R, et al. Smart grid security: Threats, vulnerabilities and solutions[J]. International Journal of Smart Grid and Clean Energy, 2012, 1(1): 1–6. GUAN Zhitao, LI Jing, ZHU Liehuang, et al. Toward delay-tolerant flexible data access control for smart grid with renewable energy resources[J]. IEEE Transactions on Industrial Informatics, 2017, 13(6): 3216–3225. doi: 10.1109/TII.2017.2706760 SHENG Wanxing, LIU Keyan, CHENG Sheng, et al. A trust region SQP method for coordinated voltage control in smart distribution grid[J]. IEEE Transactions on Smart Grid, 2016, 7(1): 381–391. doi: 10.1109/TSG.2014.2376197 ABHINAV S, MODARES H, LEWIS F L, et al. Synchrony in networked microgrids under attacks[J]. IEEE Transactions on Smart Grid, 2018, 9(6): 6731–6741. doi: 10.1109/TSG.2017.2721382 吳聰, 唐巍, 白牧可, 等. 基于能源路由器的用戶側(cè)能源互聯(lián)網(wǎng)規(guī)劃[J]. 電力系統(tǒng)自動化, 2017, 41(4): 20–28.WU Cong, TANG Wei, BAI Muke, et al. Energy router based planning of energy internet at user side[J]. Automation of Electric Power Systems, 2017, 41(4): 20–28. 孟曉麗, 高君, 盛萬興, 等. 含分布式電源的配電網(wǎng)日前兩階段優(yōu)化調(diào)度模型[J]. 電網(wǎng)技術(shù), 2015, 39(5): 1294–1300.MENG Xiaoli, GAO Jun, SHENG Wanxing, et al. A day-ahead two-stage optimal scheduling model for distribution network containing distributed generations[J]. Power System Technology, 2015, 39(5): 1294–1300. WANG Yufei, ZHANG Bo, LIN Weimin, et al. Smart grid information security - a research on standards[C]. 2011 International Conference on Advanced Power System Automation and Protection, Beijing, China, 2011: 1188–1194. BASSO T, HAMBRICK J, and DEBLASIO D. Update and review of IEEE P2030 Smart Grid Interoperability and IEEE 1547 interconnection standards[C]. 2012 IEEE PES Innovative Smart Grid Technologies, Washington, USA, 2012: 1–7. SRIKANTHA P and KUNDUR D. Denial of service attacks and mitigation for stability in cyber-enabled power grid[C]. 2015 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference, Washington, USA, 2015: 1–5. ZHANG Zhenghao, GONG Shuping, DIMITROVSKI A D, et al. Time synchronization attack in smart grid: Impact and analysis[J]. IEEE Transactions on Smart Grid, 2013, 4(1): 87–98. doi: 10.1109/TSG.2012.2227342 LIU Yao, NING Peng, and REITER M K. False data injection attacks against state estimation in electric power grids[J]. ACM Transactions on Information and System Security, 2011, 14(1): 13. YAN Jun, HE Haibo, ZHONG Xiangnan, et al. Q-learning-based vulnerability analysis of smart grid against sequential topology attacks[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(1): 200–210. XIANG Yingmeng, DING Zhilu, ZHANG Yichi, et al. Power system reliability evaluation considering load redistribution attacks[J]. IEEE Transactions on Smart Grid, 2017, 8(2): 889–901. LIU Shan, KUNDUR D, ZOURNTOS T, et al. Coordinated variable structure switching attack in the presence of model error and state estimation[C]. The 3rd IEEE International Conference on Smart Grid Communications, Tainan, China, 2012: 318–323. SANKAR L, RAJAGOPALAN S R, MOHAJER S, et al. Smart meter privacy: A theoretical framework[J]. IEEE Transactions on Smart Grid, 2013, 4(2): 837–846. doi: 10.1109/TSG.2012.2211046 XU Ruzhi, WANG Rui, GUAN Zhitao, et al. Achieving efficient detection against false data injection attacks in smart grid[J]. IEEE Access, 2017, 5: 13787–13798. doi: 10.1109/ACCESS.2017.2728681 YE Hongxing, GE Yinyin, LIU Xuan, et al. Transmission line rating attack in two-settlement electricity markets[J]. IEEE Transactions on Smart Grid, 2016, 7(3): 1346–1355. doi: 10.1109/TSG.2015.2426418 TEN C W, HONG J, and LIU C C. Anomaly detection for cybersecurity of the substations[J]. IEEE Transactions on Smart Grid, 2011, 2(4): 865–873. doi: 10.1109/TSG.2011.2159406 SALMERON J, WOOD K, and BALDICK R. Analysis of electric grid security under terrorist threat[J]. IEEE Transactions on Power Systems, 2004, 19(2): 905–912. doi: 10.1109/TPWRS.2004.825888 ALSHAMRANI A, MYNENI S, CHOWDHARY A, et al. A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities[J]. IEEE Communications Surveys & Tutorials, 2019, 21(2): 1851–1877. SRIVASTAVA A, MORRIS T, ERNSTER T, et al. Modeling cyber-physical vulnerability of the smart grid with incomplete information[J]. IEEE Transactions on Smart Grid, 2013, 4(1): 235–244. doi: 10.1109/TSG.2012.2232318 李中偉, 佟為明, 金顯吉. 智能電網(wǎng)信息安全防御體系與信息安全測試系統(tǒng)構(gòu)建烏克蘭和以色列國家電網(wǎng)遭受網(wǎng)絡(luò)攻擊事件的思考與啟示[J]. 電力系統(tǒng)自動化, 2016, 40(8): 147–151.LI Zhongwei, TONG Weiming, and JIN Xianji. Construction of cyber security defense hierarchy and cyber security testing system of smart grid: Thinking and enlightenment for network attack events to national power grid of Ukraine and Israel[J]. Automation of Electric Power Systems, 2016, 40(8): 147–151. STELLIOS I, KOTZANIKOLAOU P, and PSARAKIS M. Advanced persistent threats and zero-day exploits in industrial internet of things[M]. ALCARAZ C. Security and Privacy Trends in the Industrial Internet of Things. Cham: Springer, 2019: 47–68. BERRUETA E, MORATO D, MAGA?A E, et al. A survey on detection techniques for cryptographic ransomware[J]. IEEE Access, 2019, 7: 144925–144944. doi: 10.1109/ACCESS.2019.2945839 AL-RIMY B A S, MAAROF M A, and SHAID S Z M. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions[J]. Computers & Security, 2018, 74: 144–166. LEE K, LEE S Y, and YIM K. Machine learning based file entropy analysis for ransomware detection in backup systems[J]. IEEE Access, 2019, 7: 110205–110215. doi: 10.1109/ACCESS.2019.2931136 PAUDEL S, SMITH P, and ZSEBY T. Attack models for advanced persistent threats in smart grid wide area monitoring[C]. The 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, Pittsburgh, 2017: 61–66. SKOPIK F, FRIEDBERG I, and FIEDLER R. Dealing with advanced persistent threats in smart grid ICT networks[C]. ISGT 2014, Washington, 2014: 1–5. WANG Zhiwei. An identity-based data aggregation protocol for the smart grid[J]. IEEE Transactions on Industrial Informatics, 2017, 13(5): 2428–2435. doi: 10.1109/TII.2017.2705218 FOUDA M M, FADLULLAH Z M, and KATO N. Assessing attack threat against ZigBee-based home area network for smart grid communications[C]. 2010 International Conference on Computer Engineering & Systems, Cairo, Egypt, 2010: 245–250. ISMAIL Z, LENEUTRE J, BATEMAN D, et al. A game theoretical analysis of data confidentiality attacks on smart-grid AMI[J]. IEEE Journal on Selected Areas in Communications, 2014, 32(7): 1486–1499. doi: 10.1109/JSAC.2014.2332095 FARRAJ A K, HAMMAD E M, AL DAOUD A, et al. A game-theoretic control approach to mitigate cyber switching attacks in smart grid systems[C]. 2014 IEEE International Conference on Smart Grid Communications, Venice, Italy, 2014: 958–963. GIANI A, BITAR E, GARCIA M, et al. Smart grid data integrity attacks[J]. IEEE Transactions on Smart Grid, 2013, 4(3): 1244–1253. doi: 10.1109/TSG.2013.2245155 KOSUT O, JIA Liyan, THOMAS R J, et al. Malicious data attacks on the smart grid[J]. IEEE Transactions on Smart Grid, 2011, 2(4): 645–658. doi: 10.1109/TSG.2011.2163807 MASTER N, MOUNZER J, and BAMBOS N. Distributed smart grid architecture for delay and price sensitive power management[C]. 2014 IEEE International Conference on Communications, Sydney, 2014: 3670–3675. AYDEGER A, AKKAYA K, CINTUGLU M H, et al. Software defined networking for resilient communications in smart grid active distribution networks[C]. 2016 IEEE International Conference on Communications, Kuala Lumpur, Malaysia, 2016: 1–6. RANA M M, LI Li, and SU S W. An adaptive-then-combine dynamic state estimation considering renewable generations in smart grids[J]. IEEE Journal on Selected Areas in Communications, 2016, 34(12): 3954–3961. doi: 10.1109/JSAC.2016.2611963 ROSSEB? J E Y, WOLTHUIS R, FRANSEN F, et al. An enhanced risk-assessment methodology for smart grids[J]. Computer, 2017, 50(4): 62–71. doi: 10.1109/MC.2017.106 ZHANG Shanghua, LI Qiang, WU Jun, et al. A security mechanism for software-defined networking based communications in vehicle-to-grid[C]. 2016 IEEE Smart Energy Grid Engineering, Oshawa, 2016: 386–391. 謝永, 李香, 張松松. 一種可證安全的車聯(lián)網(wǎng)無證書聚合簽名改進(jìn)方案[J]. 電子與信息學(xué)報, 2020, 42(5): 1125–1131. doi: 10.11999/JEIT190184XIE Yong, LI Xiang, ZHANG Songsong, et al. An improved provable secure certificateless aggregation signature scheme for vehicular Ad Hoc NETworks[J]. Journal of Electronics &Information Technology, 2020, 42(5): 1125–1131. doi: 10.11999/JEIT190184 LI Gaolei, WU Jun, LI Jianhua, et al. Battery status sensing software-defined multicast for V2G regulation in smart grid[J]. IEEE Sensors Journal, 2017, 17(23): 7838–7848. doi: 10.1109/JSEN.2017.2731971 邵蘇杰, 郭少勇, 邱雪松, 等. 基于加權(quán)隊列的無線智能電網(wǎng)通信網(wǎng)采集數(shù)據(jù)流量調(diào)度算法[J]. 電子與信息學(xué)報, 2014, 36(5): 1209–1214.SHAO Sujie, GUO Shaoyong, QIU Xuesong, et al. Traffic scheduling algorithm based on weighted queue for meter data collection in wireless smart grid communication network[J]. Journal of Electronics &Information Technology, 2014, 36(5): 1209–1214. CHEN Pinyu, CHENG S M, and CHEN K C. Smart attacks in smart grid communication networks[J]. IEEE Communications Magazine, 2012, 50(8): 24–29. doi: 10.1109/MCOM.2012.6257523 JOHNSON R E. Survey of SCADA security challenges and potential attack vectors[C]. 2010 International Conference for Internet Technology and Secured Transactions, London, 2010: 1–5. YANG Yi, XU Haiqing, GAO Lei, et al. Multidimensional intrusion detection system for IEC 61850-based SCADA networks[J]. IEEE Transactions on Power Delivery, 2017, 32(2): 1068–1078. doi: 10.1109/TPWRD.2016.2603339 DO V L, FILLATRE L, NIKIFOROV I, et al. Security of SCADA systems against cyber–physical attacks[J]. IEEE Aerospace and Electronic Systems Magazine, 2017, 32(5): 28–45. doi: 10.1109/MAES.2017.160047 ZHANG Jiexin, GAN Shaoduo, LIU Xiaoxue, et al. Intrusion detection in SCADA systems by traffic periodicity and telemetry analysis[C]. 2016 IEEE Symposium on Computers and Communication, Messina, Italy, 2016: 318–325. PAN Zhiwen, HARIRI S, and PACHECO J. Context aware intrusion detection for building automation systems[J]. Computers & Security, 2019, 85: 181–201. YILMAZ E N and G?NEN S. Attack detection/prevention system against cyber attack in industrial control systems[J]. Computers & Security, 2018, 77: 94–105. LIANG Gaoqi, ZHAO Junhua, LUO Fengji, et al. A review of false data injection attacks against modern power systems[J]. IEEE Transactions on Smart Grid, 2017, 8(4): 1630–1638. doi: 10.1109/TSG.2015.2495133 YU Shucheng, REN Kui, and LOU Wenjing. FDAC: Toward fine-grained distributed data access control in wireless sensor networks[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(4): 673–686. doi: 10.1109/TPDS.2010.130 WU Jun, DONG Mianxiong, OTA K, et al. Cross-domain fine-grained data usage control service for industrial wireless sensor networks[J]. IEEE Access, 2015, 3: 2939–2949. doi: 10.1109/ACCESS.2015.2504541 KIM Y, KOLESNIKOV V, and THOTTAN M. Resilient end-to-end message protection for cyber-physical system communications[J]. IEEE Transactions on Smart Grid, 2018, 9(4): 2478–2487. doi: 10.1109/TSG.2016.2613545 ELATTAR M. Reliable Communications Within Cyber-Physical Systems Using the Internet (RC4CPS)[M]. Berlin, Heidelberg: 2020. GUAN Zhitao, LI Jing, WU Longfei, et al. Achieving efficient and secure data acquisition for cloud-supported internet of things in smart grid[J]. IEEE Internet of Things Journal, 2017, 4(6): 1934–1944. doi: 10.1109/JIOT.2017.2690522 MARKHAM T and PAYNE C. Security at the network edge: A distributed firewall architecture[C]. DARPA Information Survivability Conference and Exposition II. DISCEX’01, Anaheim, 2001, 1: 279–286. MONTERO D, YANNUZZI M, SHAW A, et al. Virtualized security at the network edge: A user-centric approach[J]. IEEE Communications Magazine, 2015, 53(4): 176–186. doi: 10.1109/MCOM.2015.7081092 MONTERO D and SERRAL-GRACIà R. Offloading personal security applications to the network edge: A mobile user case scenario[C]. 2016 International Wireless Communications and Mobile Computing Conference, Paphos, Cyprus, 2016: 96–101. ESPOSITO C, CASTIGLIONE A, POP F, et al. Challenges of connecting edge and cloud computing: A security and forensic perspective[J]. IEEE Cloud Computing, 2017, 4(2): 13–17. doi: 10.1109/MCC.2017.30 SHAH G A, GUNGOR V C, and AKAN O B. A cross-layer QoS-aware communication framework in cognitive radio sensor networks for smart grid applications[J]. IEEE Transactions on Industrial Informatics, 2013, 9(3): 1477–1485. doi: 10.1109/TII.2013.2242083 SUN Mingyang, KONSTANTELOS I, and STRBAC G. A deep learning-based feature extraction framework for system security assessment[J]. IEEE Transactions on Smart Grid, 2019, 10(5): 5007–5020. doi: 10.1109/TSG.2018.2873001 ZAFAR S, JANGSHER S, BOUACHIR O, et al. QoS enhancement with deep learning-based interference prediction in mobile IoT[J]. Computer Communications, 2019, 148: 86–97. doi: 10.1016/j.comcom.2019.09.010 關(guān)志濤, 徐月, 伍軍. 傳感器網(wǎng)絡(luò)中基于三元多項式的密鑰管理方案[J]. 通信學(xué)報, 2013, 34(12): 71–78. doi: 10.3969/j.issn.1000-436x.2013.12.008GUAN Zhitao, XU Yue, and WU Jun. Ternary polynomial based key management scheme for wireless sensor network[J]. Journal on Communications, 2013, 34(12): 71–78. doi: 10.3969/j.issn.1000-436x.2013.12.008 LUO Shibo, DONG Mianxiong, OTA K, et al. A security assessment mechanism for software-defined networking-based mobile networks[J]. Sensors, 2015, 15(12): 31843–31858. doi: 10.3390/s151229887 SAXENA N, CHUKWUKA V, XIONG Leilei, et al. CPSA: A cyber-physical security assessment tool for situational awareness in smart grid[C]. The 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, Dallas, 2017: 69–79. WU Jun, OTA K, DONG Mianxiong, et al. Big data analysis-based security situational awareness for smart grid[J]. IEEE Transactions on Big Data, 2018, 4(3): 408–417. doi: 10.1109/TBDATA.2016.2616146 李建華. 網(wǎng)絡(luò)空間威脅情報感知、共享與分析技術(shù)綜述[J]. 網(wǎng)絡(luò)與信息安全學(xué)報, 2016, 2(2): 16–29. doi: 10.11959/j.issn.2096-109x.2016.00028LI Jianhua. Overview of the technologies of threat intelligence sensing, sharing and analysis in cyber space[J]. Chinese Journal of Network and Information Security, 2016, 2(2): 16–29. doi: 10.11959/j.issn.2096-109x.2016.00028 柴爭義, 白浩, 張浩軍. 一種容侵的CA私鑰簽名方案[J]. 河北師范大學(xué)學(xué)報: 自然科學(xué)版, 2008, 32(3): 310–312.CHAI Zhengyi, BAI Hao, and ZHANG Haojun. An intrusion tolerant signature scheme of CA private key[J]. Journal of Hebei Normal University:Natural Science Edition, 2008, 32(3): 310–312. AJTAI M. Generating hard instances of lattice problems (extended abstract)[C]. The 28th Annual ACM Symposium on Theory of Computing, Philadelphia, 1996: 99–108. CHEN L, JORDAN S, LIU Yikai, et al. Report on post-quantum cryptography[R]. NISTIR 8105, 2016. 鄔江興. 擬態(tài)計算與擬態(tài)安全防御的原意和愿景[J]. 電信科學(xué), 2014, 30(7): 2–7. doi: 10.3969/j.issn.1000-0801.2014.07.001WU Jiangxing. Meaning and vision of mimic computing and mimic security defense[J]. Telecommunications Science, 2014, 30(7): 2–7. doi: 10.3969/j.issn.1000-0801.2014.07.001 HEYDARI V, KIM S I, and YOO S M. Scalable anti-censorship framework using moving target defense for Web servers[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(5): 1113–1124. doi: 10.1109/TIFS.2016.2647218 HUANG Lina, LI Gaolei, WU Jun, et al. Software-defined QoS provisioning for fog computing advanced wireless sensor networks[C]. 2016 IEEE SENSORS, Orlando, 2016: 1–3. XIAO Liang, XU Dongjin, XIE Caixia, et al. Cloud storage defense against advanced persistent threats: A prospect theoretic study[J]. IEEE Journal on Selected Areas in Communications, 2017, 35(3): 534–544. doi: 10.1109/JSAC.2017.2659418 張浩, 王麗娜, 談?wù)\, 等. 云環(huán)境下APT攻擊的防御方法綜述[J]. 計算機(jī)科學(xué), 2016, 43(3): 1–7, 43. doi: 10.11896/j.issn.1002-137X.2016.03.001ZHANG Hao, WANG Lina, TAN Cheng, et al. Review of defense methods against advanced persistent threat in cloud environment[J]. Computer Science, 2016, 43(3): 1–7, 43. doi: 10.11896/j.issn.1002-137X.2016.03.001 付鈺, 李洪成, 吳曉平, 等. 基于大數(shù)據(jù)分析的APT攻擊檢測研究綜述[J]. 通信學(xué)報, 2015, 36(11): 1–14. doi: 10.11959/j.issn.1000-436x.2015184FU Yu, LI Hongcheng, WU Xiaoping, et al. Detecting APT attacks: A survey from the perspective of big data analysis[J]. Journal on Communications, 2015, 36(11): 1–14. doi: 10.11959/j.issn.1000-436x.2015184 HONG K F, CHEN C C, CHIU Y T, et al. Ctracer: Uncover C&C in advanced persistent threats based on scalable framework for enterprise log data[C]. 2015 IEEE International Congress on Big Data, New York, 2015: 551–558. WANG Xu, ZHENG Kangfeng, NIU Xinxin, et al. Detection of command and control in advanced persistent threat based on independent access[C]. 2016 IEEE International Conference on Communications, Kuala Lumpur, Malaysia, 2016: 1–6. 劉彩霞, 胡鑫鑫, 劉樹新, 等. 基于Lowe分類法的5G網(wǎng)絡(luò)EAP-AKA’協(xié)議安全性分析[J]. 電子與信息學(xué)報, 2019, 41(8): 1800–1807.LIU Caixia, HU Xinxin, LIU Shuxin, et al. Security analysis of 5G network EAP-AKA’ protocol based on Lowe’s taxonomy[J]. Journal of Electronics &Information Technology, 2019, 41(8): 1800–1807. 張小松, 牛偉納, 楊國武, 等. 基于樹型結(jié)構(gòu)的APT攻擊預(yù)測方法[J]. 電子科技大學(xué)學(xué)報, 2016, 45(4): 582–588. doi: 10.3969/j.issn.1001-0548.2016.04.011ZHANG Xiaosong, NIU Weina, YANG Guowu, et al. Method for APT prediction based on tree structure[J]. Journal of University of Electronic Science and Technology of China, 2016, 45(4): 582–588. doi: 10.3969/j.issn.1001-0548.2016.04.011 姚蘇, 關(guān)建峰, 潘華, 等. 基于APT潛伏攻擊的網(wǎng)絡(luò)可生存性模型與分析[J]. 電子學(xué)報, 2016, 44(10): 2415–2422. doi: 10.3969/j.issn.0372-2112.2016.10.020YAO Su, GUAN Jianfeng, PAN Hua, et al. Modeling and analysis for network survivability of APT latent attack[J]. Acta Electronsica Sinica, 2016, 44(10): 2415–2422. doi: 10.3969/j.issn.0372-2112.2016.10.020 -