【摘要】：智能電網(wǎng)是一種全新的能源管理模式,發(fā)展智能電網(wǎng)是我國的國家戰(zhàn)略之一,而高級量測體系(AMI)是實施智能電網(wǎng)的第一步。AMI的一個重要特點是利用安全、可靠的通信網(wǎng)絡(luò)實現(xiàn)用戶與供電方之間的雙向數(shù)據(jù)交換,有效實施互動用電。低成本的無線傳感網(wǎng)絡(luò)(WSNs)是AMI中智能電表到數(shù)據(jù)集中器之間常用的無線通信技術(shù)。鑒于AMI在智能電網(wǎng)中所處的關(guān)鍵位置,保證WSNs通信的安全性是亟需解決的關(guān)鍵問題。安全防御技術(shù)是保證WSNs通信安全的常用手段。安全防御技術(shù)中以密鑰管理、加密技術(shù)等為代表的被動防御技術(shù)被稱為保證信息安全的第一道防線,而以入侵檢測為代表的主動防御技術(shù)是保證信息安全的第二道屏障。因此,本文圍繞高級量測體系WSNs中的密鑰管理、安全數(shù)據(jù)聚合、信任管理和入侵檢測等幾方面安全防御技術(shù)開展研究。在分析高級量測體系WSNs的網(wǎng)絡(luò)結(jié)構(gòu)和信息傳輸方式的基礎(chǔ)上,提出了一種基于改進(jìn)橢圓曲線Diffie-Hellman密鑰交換協(xié)議(ECDH)的密鑰管理方案,給出了一種節(jié)點公鑰、私鑰的分配、更新方法和基于哈希運算的認(rèn)證函數(shù)的數(shù)據(jù)完整性驗證方法。所提密鑰管理方案可解決WSNs單播通信和多播通信中會話密鑰的建立、分配和更新等問題。為驗證該方案會話密鑰的安全性和應(yīng)對中間人攻擊的能力,對該方案的安全性能進(jìn)行了分析。為驗證該方案能否應(yīng)用于智能電表和匯聚節(jié)點等硬件資源和計算能力有限的AMI裝置中,對所提方案的時間消耗和密鑰存儲消耗進(jìn)行了分析。為減少AMI中智能電表在數(shù)據(jù)傳輸時的資源開銷,并保證數(shù)據(jù)傳輸?shù)陌踩?提出了一種基于對稱同態(tài)加密的安全數(shù)據(jù)聚合算法(HECDA)。該算法通過加法同態(tài)加密算法保證數(shù)據(jù)聚合時的機(jī)密性,采用中國剩余定理(CRT)實現(xiàn)數(shù)據(jù)完整性驗證。針對在AMI中為實現(xiàn)客戶賬單的生成、電能質(zhì)量分析和優(yōu)化等功能需獲得每個智能電表的數(shù)據(jù)這一要求,提出了一種數(shù)據(jù)可恢復(fù)的安全數(shù)據(jù)聚合算法(ERCDA)。該算法通過采用一種有效的串零編碼方式首先將明文數(shù)據(jù)進(jìn)行編碼,并利用加法同態(tài)加密算法對編碼后的數(shù)據(jù)進(jìn)行加密。為驗證這兩種算法是否具有較好的數(shù)據(jù)機(jī)密性、完整性和新鮮性保護(hù)功能,對其安全性能進(jìn)行了分析。為展現(xiàn)AMI中各節(jié)點工作時的網(wǎng)絡(luò)狀態(tài)是否正常,提出了一種基于優(yōu)化Beta分布理論的信任管理機(jī)制。該機(jī)制以優(yōu)化的Beta分布理論為基礎(chǔ)實現(xiàn)對各節(jié)點信任值的計算,通過綜合考慮針對WSNs的典型網(wǎng)絡(luò)攻擊及其主要特征進(jìn)行信任屬性的定義,采用一種自適應(yīng)的方法進(jìn)行信任屬性的采集,基于馬氏距離對信任屬性是否異常進(jìn)行判斷,在信任值計算時對信任屬性連續(xù)異常和交替異常的情況采取懲罰措施。通過仿真分析以及與RFSN方案進(jìn)行對比,驗證了該機(jī)制的有效性。針對AMI工作環(huán)境中存在電磁干擾嚴(yán)重、多種無線通信并存,因此不能確定節(jié)點信任值的降低是由干擾還是攻擊引起這一問題,通過分析AMI中節(jié)點信任值具有時間相關(guān)性和空間相關(guān)性,提出了一種基于節(jié)點信任值異常的分級入侵檢測方案。該方案包括節(jié)點信任值的點異常檢測和序列異常檢測,提出了一種基于直推信度機(jī)和K近鄰相結(jié)合的算法(TCM-KNN)對節(jié)點信任值的點異常進(jìn)行檢測,提出了一種基于1/4超球體的單類支持向量機(jī)(QS-OCSVM)算法對節(jié)點信任值的序列異常進(jìn)行檢測。仿真分析表明,本文方案具有較好的檢測性能(包括較高的檢測率和較低的誤檢率)。
[Abstract]:The intelligent power grid is a brand-new energy management mode, and the development of the intelligent power grid is one of the national strategies of our country, and the advanced measurement system (AMI) is the first step to implement the intelligent power grid. An important feature of AMI is to use a secure and reliable communication network to realize the two-way data exchange between the user and the power supply, and to effectively implement the interactive power utilization. The low-cost wireless sensor network (WSNs) is a common wireless communication technology between the smart meter and the data concentrator in the AMI. In view of the critical position of AMI in the intelligent power grid, the security of WSNs communication is the key problem to be solved urgently. The security defense technology is a common means to guarantee the communication safety of WSNs. The passive defense technology, which is represented by key management and encryption technology, is called the first line of defense to guarantee the information security, while the active defense technology, which is represented by the intrusion detection, is the second barrier to guarantee the information security. Therefore, this paper studies the security defense technology in the aspects of key management, security data aggregation, trust management and intrusion detection in the high-level measurement system WSNs. On the basis of analyzing the network structure and the information transmission mode of the high-level measurement system WSNs, a key management scheme based on the improved elliptic curve Diffie-Hellman key exchange protocol (ECDH) is proposed, and the distribution of the public key and the private key of the node is given. The invention relates to an updating method and a data integrity verification method of an authentication function based on a hash operation. The proposed key management scheme can solve the problems of establishing, distributing and updating the session key in the WSNs unicast communication and multicast communication. In order to verify the security of the session key and the ability to deal with the man-in-the-middle attack, the security performance of the scheme is analyzed. In order to verify that the scheme can be applied to the hardware resources such as smart meter and sink node and the AMI device with limited computing capacity, the time consumption and key storage consumption of the proposed scheme are analyzed. In order to reduce the resource overhead of the smart meter in the data transmission, and to ensure the security of data transmission, a secure data aggregation algorithm (HECDA) based on symmetric homomorphic encryption is proposed. In this paper, the confidentiality of data aggregation is guaranteed by adding homomorphic encryption algorithm, and data integrity verification is realized by using the Chinese remainder theorem (CRT). A safe data aggregation algorithm (ERCDA) for data recovery is proposed in order to obtain the data of each smart meter for the function of the generation of the customer's bill in the AMI, the analysis of the quality of the electric energy and the optimization. In the method, the plaintext data is first coded by adopting an effective serial-zero coding method, and the coded data is encrypted by the addition homomorphic encryption algorithm. In order to verify whether these two algorithms have better data confidentiality, integrity and freshness protection, the security performance of the two algorithms is analyzed. In order to show whether the network state of each node in AMI is normal, a trust management mechanism based on the optimization of Beta distribution theory is proposed. based on the optimized Beta distribution theory, the mechanism realizes the calculation of the trust value of each node, and by comprehensively considering the definition of the trust attribute of the typical network attack and the main characteristic of the WSNs, the mechanism adopts an adaptive method to acquire the trust attribute, Judging whether the trust attribute is abnormal based on the Markov distance, and taking a punishment measure to the condition that the trust attribute is continuously abnormal and the alternate abnormality when the trust value is calculated. The effectiveness of this mechanism is verified by the simulation analysis and the comparison with the RFSN scheme. in ord to solve that problem of serious electromagnetic interference and multiple wireless communication in the working environment of the AMI, it is not possible to determine whether the decrease in the trust value of the node is caused by interference or attack, and the time dependence and the spatial correlation of the node trust value in the AMI are analyzed, A hierarchical intrusion detection scheme based on node trust value anomaly is proposed. The scheme includes the point anomaly detection and the sequence anomaly detection of the node trust value, and proposes a method (TCM-KNN) based on the combination of the direct-push reliability machine and the K-neighbor to detect the point anomaly of the node trust value, A single class support vector machine (QS-OCSVM) algorithm based on 1/4 supersphere is proposed to detect the sequence of the node trust value. The simulation analysis shows that the scheme has better detection performance (including higher detection rate and lower error rate).
【學(xué)位授予單位】：哈爾濱工業(yè)大學(xué)
【學(xué)位級別】：博士
【學(xué)位授予年份】：2016
【分類號】：TM76;TM73

【相似文獻(xiàn)】

相關(guān)期刊論文 前7條

1 劉彬;陳特放;張仁津;;基于屬性比較和信任傳遞的信任啟動[J];四川大學(xué)學(xué)報(工程科學(xué)版);2013年06期

2 龍雨;朱寧波;;網(wǎng)格任務(wù)調(diào)度中的信任值計算算法研究[J];科學(xué)技術(shù)與工程;2009年01期

3 吳銀鋒;周翔;馮仁劍;萬江文;許小豐;;基于節(jié)點信任值的無線傳感器網(wǎng)絡(luò)安全路由[J];儀器儀表學(xué)報;2012年01期

4 李治軍;廖明宏;;一種能快速收斂的對等網(wǎng)絡(luò)信任值計算算法[J];哈爾濱工業(yè)大學(xué)學(xué)報;2007年03期

5 巫冬;;無線傳感器網(wǎng)絡(luò)中節(jié)點信任值計算下的安全路由問題分析[J];科技視界;2014年25期

6 劉治來;石祥濱;;一種P2P環(huán)境下的信任值計算算法[J];沈陽航空工業(yè)學(xué)院學(xué)報;2009年05期

7 ;[J];;年期

相關(guān)會議論文 前2條

1 黃銀鋒;朱春鴿;谷利澤;楊義先;;網(wǎng)格環(huán)境中的一種基于推薦的信任值的計算方法[A];第一屆中國高校通信類院系學(xué)術(shù)研討會論文集[C];2007年

2 李鵬;李長云;饒居華;;基于信譽(yù)度的可信服務(wù)發(fā)現(xiàn)研究[A];2008年全國開放式分布與并行計算機(jī)學(xué)術(shù)會議論文集(上冊)[C];2008年

相關(guān)博士學(xué)位論文 前5條

1 梁建權(quán);高級量測體系WSNs安全防御技術(shù)研究[D];哈爾濱工業(yè)大學(xué);2016年

2 馮景瑜;開放式P2P網(wǎng)絡(luò)環(huán)境下的信任管理技術(shù)研究[D];西安電子科技大學(xué);2011年

3 鮑翊平;P2P環(huán)境下演化的信譽(yù)系統(tǒng)及其關(guān)鍵技術(shù)研究[D];國防科學(xué)技術(shù)大學(xué);2011年

4 左申正;基于機(jī)器學(xué)習(xí)的網(wǎng)絡(luò)異常分析及響應(yīng)研究[D];北京郵電大學(xué);2010年

5 蘇志遠(yuǎn);面向服務(wù)網(wǎng)絡(luò)環(huán)境中信任機(jī)制的研究[D];大連理工大學(xué);2014年

相關(guān)碩士學(xué)位論文 前10條

1 路浩;基于聲譽(yù)的電子商務(wù)動態(tài)信任研究[D];青島理工大學(xué);2015年

2 那超;P2P網(wǎng)絡(luò)中可信異地數(shù)據(jù)備份模型的研究與設(shè)計[D];大連海事大學(xué);2015年

3 龍雨;用于網(wǎng)格任務(wù)調(diào)度的信任值計算算法研究[D];湖南大學(xué);2008年

4 高磊;對等網(wǎng)絡(luò)中節(jié)點間推薦信任值的計算方法研究[D];北京郵電大學(xué);2013年

5 邢艷艷;P2P社區(qū)的形成及演化研究[D];西安電子科技大學(xué);2013年

6 馮真;P2P環(huán)境下文件共享的聲譽(yù)系統(tǒng)研究[D];解放軍信息工程大學(xué);2006年

7 陳海寶;基于忠誠度具有激勵機(jī)制的信任和信譽(yù)模型的研究[D];西南大學(xué);2007年

8 張明生;基于信任的訪問控制模型研究[D];哈爾濱理工大學(xué);2011年

9 賀銀慧;社會網(wǎng)絡(luò)中用戶信任關(guān)系的研究及其應(yīng)用[D];電子科技大學(xué);2011年

10 沈舫濤;面向云服務(wù)的信任演化仿真模型研究[D];南京大學(xué);2013年

，

本文編號：2505417