基于被控物理对象监测的核电厂网络空间攻击的检测和响应

项目名称： 基于被控物理对象监测的核电厂网络空间攻击的检测和响应

项目编号： No.61502270

项目类型： 青年科学基金项目

立项/批准年度： 2016

项目学科： 自动化技术、计算机技术

项目作者： 李江海

作者单位： 清华大学

项目金额： 21万元

中文摘要： 采用数字化仪控系统的核电厂，面临着新的安全问题，即网络空间攻击通过计算机控制系统，导致反应堆等被控对象发生故障的问题。该问题有别于信息系统的安全问题，因为攻击的影响并不局限在虚拟的网络空间，而是会对现实物理世界造成实际破环，给人身健康安全和环境带来威胁。单纯的信息系统的安全方法，由于其安全目标、涵盖过程和应用场景的不同，无法完全适用于这类信息物理融合系统。我们利用网络空间攻击将引发被控物理对象行为与期望行为异常的特点，引入被控物理对象的信息进行网络空间攻击的检测和响应：1）针对反应堆为多变量耦合的时变动态系统的特性，采用动态模型结合数据学习的方法，估计被控对象的多个量测和控制的正常关系模型，以此为基础检测导致异常的攻击；2）在检测到攻击的基础上，研究主动容侵控制策略，运用核电厂控制系统安全分级、多样性冗余的特性，在遭受攻击时切换控制方案，在确保核电厂安全性的前提下提高可运行性。

中文关键词： 物理信息安全；异常检测；统计过程监测；容侵控制

英文摘要： The digital instrumentation and control systems (I&C systems) of nuclear power plants are facing a new security problem so called cyber-physical security, which refers to the problem that the physical entities are malfunctioned by the cyber-attacks. The consequence of cyber-attacks on the cyber-physical systems is not limited to the cyber space. It will cause substantial damage to the physical world and bring significant risk on health, safety and environment. Existing cyber security methods of IT systems are inadequate or inapplicable in addressing the challenges on cyber-physical systems due to the difference between the goals, the processes, and the scenarios of these two systems. By incorporating information of physical systems under control, we are able to detect the cyber-attacks that change the behavior of targeted controlled systems. First, we will detect cyber-attacks based on the relationship of sensor and controller data of the reactors which are multivariable-coupling, time-varying, dynamic systems. The relationship will be built by the system modeling as well as the machine learning of actual data. Second, when the cyber-attacks are detected, we will switch over the control schemes to maintain the availability of power plants. The safety classification and diverse redundancy of I&C systems of nuclear power plants could be utilized for the intrusion-tolerant control. The results will be verified on the control platform, which is the same as Shidaowan nuclear power plants in Shandong province.

英文关键词： cyber-physical security;Anomaly detection;Statistical processing monitoring;Intrusion-tolerant control