基于四蜜协同的能源系统主动防御安全体系研究

doi:10.3969/j.issn.1671-1122.2025.06.010

信息网络安全 ›› 2025, Vol. 25 ›› Issue (6): 955-966.doi: 10.3969/j.issn.1671-1122.2025.06.010

• 专题论文: 网络主动防御 • 上一篇下一篇

基于四蜜协同的能源系统主动防御安全体系研究

朱志成¹^,², 曹慧², 王寅生²()

1.北京交通大学网络空间安全学院，北京 100044
2.国家能源投资集团有限责任公司信息技术分公司，北京 100010

收稿日期:2025-02-20 出版日期:2025-06-10 发布日期:2025-07-11
通讯作者: 王寅生 12075872@ceic.com
作者简介:朱志成（1972—），男，黑龙江，高级工程师，硕士，主要研究方向为网络安全主动防御技术|曹慧（1987—），男，北京，工程师，本科，主要研究方向为能源系统安全防护|王寅生（1986—），男，河北，高级工程师，博士，主要研究方向为工控系统安全。
基金资助:
国家重点研发计划(2022YFB3103403)

Research on Active Defense Security System Based on Four-Honey Coordination for Energy Systems

ZHU Zhicheng¹^,², CAO Hui², WANG Yinsheng²()

1. School of Cyberspace Science and Technology, Beijing Jiaotong University, Beijing 100044, China
2. Information Technology Branch of National Energy Investment Group Co., Ltd., Beijing 100010, China

Received:2025-02-20 Online:2025-06-10 Published:2025-07-11

摘要/Abstract

摘要：

能源系统作为国家关键基础设施，面临高级持续性威胁（APT）和零日漏洞攻击的严峻挑战。文章针对当前能源系统安全防御方案主要依赖特征检测与边界防护，难以应对隐蔽性高、潜伏期长的APT攻击的安全挑战，引入新型基于诱捕的四蜜协同主动防御体系，通过在能源系统中部署蜜点、蜜庭、蜜洞和蜜阵构建威胁感知网络，结合欺骗防御与动态协同机制，形成面向能源系统的“护卫式”主动防御系统，实现对攻击者的早期感知、精准判别和溯源威慑。实验结果表明，该系统在应对能源系统复杂网络攻击时可有效捕获攻击行为，及时预警潜在威胁，为能源系统面向APT攻击提供安全防护的新思路。

关键词: 能源系统安全, 高级持续性威胁, 威胁感知, 协同防御, 动态诱捕

Abstract:

The energy system, as a critical national infrastructure, faces severe challenges from advanced persistent threats (APTs) and zero day vulnerability attacks. This paper focused on the current energy system security defense solutions that mainly rely on feature detection and boundary protection, making it difficult to cope with the security challenges of high concealment and long latency APT attacks. A new type of four honey collaborative active defense system based on trapping was introduced. By deploying honey points, honeypots, honeyholes, and honey arrays in the energy system to construct a threat perception network, combined with deception defense and dynamic collaboration mechanisms, a “protective” active defense system for the energy system was formed, achieving early perception, accurate discrimination, and traceability deterrence of attackers. The experimental results show that this system can effectively capture attack behaviors and provide timely warnings of potential threats when dealing with complex network attacks in energy systems, providing a new approach to security protection for energy systems against APT attacks.

Key words: energy system security, advanced persistent threat, threat perception, collaborative defense model, dynamic decoying

中图分类号:

TP309

朱志成, 曹慧, 王寅生. 基于四蜜协同的能源系统主动防御安全体系研究[J]. 信息网络安全, 2025, 25(6): 955-966.

ZHU Zhicheng, CAO Hui, WANG Yinsheng. Research on Active Defense Security System Based on Four-Honey Coordination for Energy Systems[J]. Netinfo Security, 2025, 25(6): 955-966.

图/表 14

图1

图2

图3

图4

图5

图6

图7

图8

表1

表2

表3

图9

图10

图11

参考文献 15

[1]	QIANXIN Threat Intelligence Center. Recoil Network Warfare: Analysis of Ukraine’s Second Power Failure Event[EB/OL]. (2019-09-26) [2024-11-12]. https://www.freebuf.com/articles/system/214591.html.
	奇安信威胁情报中心. 复盘网络战: 乌克兰二次断电事件分析[EB/OL]. (2019-09-26)[2024-11-12]. https://www.freebuf.com/articles/system/214591.html.
[2]	FENG Zhiwei. Research and Application of Network Security Equipment Linkage Strategy[D]. Baoding: North China Electric Power University, 2014.
	冯志伟. 网络安全设备联动策略的研究与应用[D]. 保定: 华北电力大学, 2014.
[3]	CHANDOLA V, BANERJEE A, KUMAR V. Anomaly Detection: A Survey[J]. ACM Computing Surveys, 2009, 41(3): 1-58.
[4]	VIGNESWARAN R, POORNACHANDRAN P, SOMAN K P. A Compendium on Network and Host Based Intrusion Detection Systems[C]// Springer. 1st International Conference on Data Science, Machine Learning and Applications. Heidelberg: Springer, 2020: 23-30.
[5]	CHAWLA A, LEE B, FALLON S, et al. Host Based Intrusion Detection System with Combined CNN/RNN Model[C]// Springer. Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Heidelberg: Springer, 2019: 149-158.
[6]	LI Daoquan, YANG Qianqian, LU Xiaofu. SDN Network Intrusion Classification Detection Model Based on Decision Tree[J]. Computer Engineering and Design, 2022, 43(8): 2146-2152.
	李道全, 杨乾乾, 鲁晓夫. 基于决策树的SDN网络入侵分类检测模型[J]. 计算机工程与设计, 2022, 43(8):2146-2152.
[7]	ZHANG Peiqing, TIAN Guangke, DONG Haiying. Research on Network Intrusion Detection Based on Whitening PCA and CNN[C]// IEEE. 7th International Conference on Smart Grid and Smart Cities. New York: IEEE, 2023: 232-237.
[8]	ZHUGE Jianwei, TANG Yong, HAN Xinhui, et al. Research and Application Progress of Honeypot Technology[J]. Journal of Software, 2013, 24(4): 825-842.
	诸葛建伟, 唐勇, 韩心慧, 等. 蜜罐技术研究与应用进展[J]. 软件学报, 2013, 24(4):825-842.
[9]	SHI Leyi, LI Yang, MA Mengfei. Latest Research Progress of Honeypot Technology[J]. Journal of Electronics & Information Technology, 2019, 41(2): 498-508.
	石乐义, 李阳, 马猛飞. 蜜罐技术研究新进展[J]. 电子与信息学报, 2019, 41(2):498-508.
[10]	KONIARIS I, PAPADIMITRIOU G, NICOPOLITIDIS P. Analysis and Visualization of SSH Attacks Using Honeypots[C]// IEEE. Eurocon 2013. New York: IEEE, 2013: 65-72.
[11]	WEGERER M, TJOA S. Defeating the Database Adversary Using Deception-A Mysql Database Honeypot[C]// IEEE. 2016 International Conference on Software Security and Assurance. New York: IEEE, 2016: 6-10.
[12]	FAN Wenjun, FERNÁNDEZ D, VILLAGRÁ V A. Technology Independent Honeynet Description Language[C]// IEEE. 2015 3rd International Conference on Model-Driven Engineering and Software Development. New York: IEEE, 2015: 303-311.
[13]	FAN Wenjun, DU Zhihui, SMITH-CREASEY M, et al. HoneyDOC: An Efficient Honeypot Architecture Enabling All-Round Design[J]. IEEE Journal on Selected Areas in Communications, 2019, 37(3): 683-697. doi: 10.1109/JSAC.2019.2894307
[14]	TIAN Zhihong, FANG Binxing, LIAO Qing, et al. Cybersecurity Assurance System in the New Era and Development Suggestions Thereof: from Self-Defense to Guard[J]. Strategic Study of CAE, 2023, 25(6): 96-105. doi: 10.15302/J-SSCAE-2023.06.007
	田志宏, 方滨兴, 廖清, 等. 从自卫到护卫:新时期网络安全保障体系构建与发展建议[J]. 中国工程科学, 2023, 25(6):96-105. doi: 10.15302/J-SSCAE-2023.06.007
[15]	CAO Yuhao, WANG Xinjian, WANG Yihang, et al. Analysis of Factors Affecting the Severity of Marine Accidents Using a Data-Driven Bayesian Network[EB/OL]. (2023-01-03) [2024-11-12]. https://doi.org/10.1016/j.oceaneng.2022.113563.

攻击源IP	当日蜜点告警/个	当日蜜庭告警/个	当日总告警 /个	历史总告警 /个
36.21.X.X	504	30	534	534
193.68.X.X	368	47	415	1418
60.205.X.X	0	204	204	204
141.98.X.X	144	21	165	240
193.200.X.X	92	0	92	92
183.137.X.X	90	0	90	90
180.184.X.X	70	0	70	516
185.224.X.X	68	0	68	102
109.236.X.X	67	0	67	92
103.7.X.X	63	0	63	63

攻击源IP	告警数/个	最近攻击时间	首次攻击时间
190.167.X.X	606	2025-02-10 08:02:37	2025-02-10 03:01:19
180.184.X.X	446	2025-02-10 11:51:42	2025-02-10 10:37:31
119.108.X.X	325	2025-02-10 07:50:59	2025-02-10 06:11:47
180.178.X.X	111	2025-02-10 14:25:16	2025-02-10 13:33:05
203.194.X.X	106	2025-02-10 01:46:12	2025-02-10 01:28:14
60.21.X.X	83	2025-02-10 21:50:44	2025-02-10 21:37:56
166.62.X.X	68	2025-02-10 14:41:16	2025-01-22 15:54:16
190.12.X.X	66	2025-02-10 15:28:34	2025-02-10 01:50:07
49.75.X.X	64	2025-02-10 15:00:07	2025-02-10 08:08:23
34.96.X.X	63	2025-02-10 17:54:21	2025-01-22 18:47:08

攻击源IP	本周期攻击次数/次	踩中蜜点个数/个	最近攻击时间
190.167.X.X	1612	1	2025-02-10 08:02:37
36.21.X.X	534	13	2025-02-10 16:17:03
180.184.X.X	516	1	2025-02-10 11:51:42
119.108.X.X	327	1	2025-02-10 07:50:59
60.205.X.X	204	3	2025-02-10 17:06:54

基于四蜜协同的能源系统主动防御安全体系研究

Research on Active Defense Security System Based on Four-Honey Coordination for Energy Systems

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 14

参考文献 15

相关文章 3

编辑推荐

Metrics

本文评价

[1]	曾颖明, 王斌, 郭敏. 基于群体智能的网络安全协同防御技术研究[J]. 信息网络安全, 2020, 20(9): 52-56.
[2]	褚维明, 黄进, 刘志乐. 网络空间安全态势感知数据收集研究[J]. 信息网络安全, 2016, 16(9): 202-207.
[3]	李凤海，李爽，张佰龙，宋衍. 高等级安全网络抗APT攻击方案研究[J]. 信息网络安全, 2014, 14(9): 109-114.