Qiuyu Lu , Jun'e Li , Zhao Peng , Libing Wu , Ming Ni , Jianbo Luo
{"title":"检测高密度可再生能源渗透智能电网中的网络-物理-社会合作 APT:威胁、当前工作和挑战","authors":"Qiuyu Lu , Jun'e Li , Zhao Peng , Libing Wu , Ming Ni , Jianbo Luo","doi":"10.1016/j.comnet.2024.110776","DOIUrl":null,"url":null,"abstract":"<div><p>Large-scale renewable distributed energy sources (DERs) penetrating into smart grids (SGs) is an inevitable trend. Such high-DER-penetrated SGs entail heavy reliance on information and communication technologies and increasing impact of social behaviors on system operation and management. In this sense, the SGs become cyber-physical-social systems. However, the deeply coupling of cyber networks, physical grids, and societies leads SGs more complex and openness, and therefore a higher possibility of facing to various threats, especially advanced persistent threats (APTs) that disrupt system operations at a large scale. To better study the threats, current APTs detection work and challenges of the SGs, we first analyze the key features of high-DER-penetrated SGs, and the vulnerabilities of devices, networks, and applications in the SGs introduced by system design, limitation of deployed security measures, and social behaviors. On this basis, we analyze APTs faced by the SGs and deem that the APTs are in the form of cyber-physical-social cooperated and multi-stage APTs. The possible attacking methods for each stage of the APTs, typically stealthy attacks at the early stages and coordinated attacks at the action stage, are also summarized. Thereafter, a review of current work on security architectures for APT detection and intelligent intrusion detection methods is provided. Finally, we discuss the key challenges, research needs, and potential solutions of future work for the SGs against the APTs from the aspects of threat modeling, threat detection, threat hunting, and implementation technology.</p></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detecting the cyber-physical-social cooperated APTs in high-DER-penetrated smart grids: Threats, current work and challenges\",\"authors\":\"Qiuyu Lu , Jun'e Li , Zhao Peng , Libing Wu , Ming Ni , Jianbo Luo\",\"doi\":\"10.1016/j.comnet.2024.110776\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Large-scale renewable distributed energy sources (DERs) penetrating into smart grids (SGs) is an inevitable trend. Such high-DER-penetrated SGs entail heavy reliance on information and communication technologies and increasing impact of social behaviors on system operation and management. In this sense, the SGs become cyber-physical-social systems. However, the deeply coupling of cyber networks, physical grids, and societies leads SGs more complex and openness, and therefore a higher possibility of facing to various threats, especially advanced persistent threats (APTs) that disrupt system operations at a large scale. To better study the threats, current APTs detection work and challenges of the SGs, we first analyze the key features of high-DER-penetrated SGs, and the vulnerabilities of devices, networks, and applications in the SGs introduced by system design, limitation of deployed security measures, and social behaviors. On this basis, we analyze APTs faced by the SGs and deem that the APTs are in the form of cyber-physical-social cooperated and multi-stage APTs. The possible attacking methods for each stage of the APTs, typically stealthy attacks at the early stages and coordinated attacks at the action stage, are also summarized. Thereafter, a review of current work on security architectures for APT detection and intelligent intrusion detection methods is provided. Finally, we discuss the key challenges, research needs, and potential solutions of future work for the SGs against the APTs from the aspects of threat modeling, threat detection, threat hunting, and implementation technology.</p></div>\",\"PeriodicalId\":50637,\"journal\":{\"name\":\"Computer Networks\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.4000,\"publicationDate\":\"2024-09-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S138912862400608X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S138912862400608X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
Detecting the cyber-physical-social cooperated APTs in high-DER-penetrated smart grids: Threats, current work and challenges
Large-scale renewable distributed energy sources (DERs) penetrating into smart grids (SGs) is an inevitable trend. Such high-DER-penetrated SGs entail heavy reliance on information and communication technologies and increasing impact of social behaviors on system operation and management. In this sense, the SGs become cyber-physical-social systems. However, the deeply coupling of cyber networks, physical grids, and societies leads SGs more complex and openness, and therefore a higher possibility of facing to various threats, especially advanced persistent threats (APTs) that disrupt system operations at a large scale. To better study the threats, current APTs detection work and challenges of the SGs, we first analyze the key features of high-DER-penetrated SGs, and the vulnerabilities of devices, networks, and applications in the SGs introduced by system design, limitation of deployed security measures, and social behaviors. On this basis, we analyze APTs faced by the SGs and deem that the APTs are in the form of cyber-physical-social cooperated and multi-stage APTs. The possible attacking methods for each stage of the APTs, typically stealthy attacks at the early stages and coordinated attacks at the action stage, are also summarized. Thereafter, a review of current work on security architectures for APT detection and intelligent intrusion detection methods is provided. Finally, we discuss the key challenges, research needs, and potential solutions of future work for the SGs against the APTs from the aspects of threat modeling, threat detection, threat hunting, and implementation technology.
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.