Keywords

1 Introduction

The large-scale development and utilization of renewable energy will become the development trend of global energy field. The emergence of energy Internet promotes the coupling of power, solar energy, natural gas and other energy net- work systems, and changes the traditional energy utilization mode [1, 2]. As an important part of renewable energy development and energy conservation and emission reduction of the whole society, energy Internet has the characteristics of complex structure, wide data sources, huge data scale and open data sharing, which brings great challenges to the security protection of energy Internet data. In the energy Internet, the security protection of data basically stays in the aspects of data encryption, access control, authorization and log audit. It is difficult to resist the increasingly complex network intrusion attacks only relying on these security means. At the same time, these security technologies are de- signed to maximize the avoidance of network attacks, and do not consider how to comprehensively assess the threat of data security risks to information systems and physical systems in the case of network intrusion. The existing quantitative calculation methods for data security in the energy Internet generally calculate the security risk value or its state value according to the confidentiality, integrity and availability of the data in the information and physical system, without considering the response of data under the incentive of intrusion attacks and the response mechanism of data after intrusion. Therefore, this paper analyzes and constructs the energy Internet data intrusion tolerance quantitative model from the perspective of data survival quantification principle, describes the data autonomous domain, the basic data security component chain corresponding to the attack scenario, and the evolution of data attack resistance, identifiability and data recoverability, so as to enrich the data security protection means of energy Internet [3, 4].

The traditional means of data security protection are to avoid the occurrence of intrusion attacks, but these technical means are difficult to truly avoid the occurrence of intrusion attacks and provide timely response after the occurrence of intrusion, and ultimately cannot provide normal business system data services in the energy Internet. Therefore, under the premise of considering attacks, this paper constructs an adaptive intrusion response game model for energy Internet data services from the perspective of data service effectiveness and response cost, so as to enhance the robustness of energy Internet data services.

The remaining of this paper is organized as follows. Section 2 analyzes related work. The energy Internet architecture and data security risk analysis under business scenarios is presented in Sect. 3. Section 4 introduces the quantitative calculation method of energy Internet data intrusion tolerance. And we conclude the whole paper in Sect. 5.

2 Related Work

The research on intrusion tolerance technology by foreign scholars was about 20 years earlier than that in China. The concept of intrusion tolerance was first proposed by Fraga and Powel [5]. Huimin LU et al. [6] propose the decentralized blockchain-based route registration framework-decentralized route registration system based on blockchain (DRRS-BC).Foreign scholars have achieved rich results in the research of this hot topic. Wang et al. [7] conducted intrusion detection on the system from various levels, and established a supervision system with functions such as policy reconfiguration and service monitoring. Liu et al. [8] proposed an intrusion tolerance technology based on incomplete information dynamic game, which combines game theory with intrusion tolerance technology, and determines the optimal strategy of both sides of the game by solving the Nash equilibrium. Mostefaoui et al. [9] proposed a digital signature protocol that is conditionally tolerant of intrusions against network attacks based on cryptographic systems to ensure that the system can still provide minimal authentication services when the system is under attack.

In recent years, domestic scholars have also done corresponding research on intrusion tolerance technology. Li et al. [10] combined threshold cryptography with intrusion tolerance technology, and proposed a threshold ECC-based intrusion-tolerant CA private key protection scheme, which ensured that even if the system is attacked. Wang et al. [11] proposed a network distance election calculation model that supports intrusion tolerance, which had a stronger predictive ability than traditional benchmark algorithms. Yu et al. [12] proposed an intrusion tolerant public key encryption scheme to reduce the harm of key leak- age to the encryption system. Zhao et al. [13] proposed a virtual machine-based intrusion tolerance system quantitative performance evaluation method, which improves the security of the computer compared with traditional methods. Wei et al. [14] used an improved semi-Markov process model to describe the process of normal and penetration attacks against the intrusion tolerance system in the data acquisition and monitoring (SCADA) system.

Energy Internet, as a research field that has only emerged in recent years, has been highly valued at home and abroad. Due to the open intercommunication of the Energy Internet, the interaction between various energy data is extremely vulnerable to intruders. As a newly developed field, quantitative calculation and adaptive intrusion response for energy Internet data intrusion tolerance technology are rarely involved.

3 Data Security Risk Analysis for Energy Internet

3.1 Energy Internet Architecture

The development of the Energy Internet not only breaks the shackles that the use and transmission of traditional energy can only rely on electric energy, so that various types of energy can be dispatched and transformed into each other in a unified manner, and the power system network is closely connected with the natural gas network and other types of energy networks. Combine to form an energy sharing network with multiple energy interoperability. Energy flow of Energy Internet is shown in Fig. 1.

The function of the energy center is mainly to realize the conversion between various types of energy, or to store the energy inside the energy center and use it for load consumption [15, 16]. It can be seen from Fig. 1 that the energy Internet is mainly composed of four parts: the primary energy side, the energy center, the power generation unit, and the load side. The primary energy side is mainly composed of the power grid, the natural gas grid, the cooling grid, and the heating grid. The power generation unit mainly includes wind power, solar power, thermal power, etc. The energy center is responsible for the conversion between various types of energy, as well as the input and output of energy, including energy storage equipment, refrigerators, fuel cells, boilers, etc. The load end corresponds to primary energy side input fully meets the diverse needs of users.

Fig. 1.
figure 1

Energy flow of energy internet.

Full size image

The complete life cycle of the Energy Internet can be described as the energy flow process from the generation of energy to the transmission and conversion of energy, as well as energy storage and energy use. Figure 2 summarizes the entire life cycle of energy input, conversion, transmission and output of the Energy Internet, including the energy supply layer, energy production control layer, energy consumption layer and energy storage layer. The energy supply layer is the energy source of the entire energy Internet, which mainly includes primary energy such as solar energy and petroleum. The energy production control layer is mainly responsible for receiving the collected primary energy, taking the primary energy as input, and converting the primary energy into electrical energy through the energy router and as the input of the next level. The energy consumption layer is the most frequent link of data interaction in the entire energy Internet, which mainly includes users’ inquiries on electric and thermal energy and trans- mission rights transactions. The energy storage layer is the “warehouse” of the entire energy Internet. When the physical system fails, it can ensure the normal operation of the business and improve the stability of the grid.

3.2 Data Security Risk Analysis

The information network of the Energy Internet has the characteristics of open- ness and sharing, and more levels of data sources, generally showing the characteristics of wide sources, large scale and complex types. Information in the Energy Internet accompanies the flow of energy, forming a wide-area distributed data application environment in all fields. However, the openness, interconnection and sharing mechanism of the Energy Internet will cause malicious network attacks to occur continuously. This section will analyze the various links of data flow in the Energy Internet, expounding possible data security risks from three aspects.

Fig. 2.
figure 2

The architecture of energy internet.

Full size image

The security of energy Internet-related business scenarios mainly includes infrastructure security, system and interaction security, and smart terminal se curity. The specific analysis is as follows:

  1. (1)

    The stable operation of infrastructure is inseparable from data transmission. The information transmission of the energy Internet usually uses traditional transmission methods such as optical fiber, local area network, and wire. Common data risks mainly include fiber-optic eavesdropping, tampering with status data and misoperation by operators.

  2. (2)

    With the development of the Energy Internet, business exchanges between users and systems are increasing. The gradual improvement of information ser vices enhances user experience and increases system data security risks. Typical data attacks include DOS attacks and fake data attacks.

  3. (3)

    The security threats of smart terminals mainly come from traditional devices such as mobile handheld terminals, energy Internet data collection terminals, and smart energy efficiency terminals. The information communication between the system and the terminal makes the security of the system inevitably threatened. The main threats are data loss, tampering, and Dos and DDos attacks initiated by intruders.

4 Quantitative Calculation Method of Data Intrusion Tolerance for Energy Internet

In order to carry out the quantitative analysis and calculation of the cyber- physical system data of each link of the Energy Internet after being attacked, what must be solved is to analyze the survival situation of the cyber-physical system of each link of the Energy Internet (that is, whether these systems can still provide external information. Service), this article draws on the traditional theory and methods of system intrusion tolerance to analyze the quantitative calculation method of data intrusion tolerance from the perspective of data sur vivability.

Definition 1.

Let Ai denote the source of energy Internet data collection, Ti denote the type and mode of transmission, Si and Pi denote the data storage and processing platforms, respectively, Ei denote the data interaction between energy Internet links, and Di denote the means of data destruction. Then we call ASi = {Ai, Ti, Pi, Si, Ei, Di} as the autonomous domain of energy Internet data securety {ASi = Ai, Ti, Pi, Si, Ei, Di}.N autonomous domains ASi form the autonomous domain set {ASi, i = 1, 2,…}.

Definition 2.

Let ASi denote the i-th autonomous domain and CSi denote the basic security logic components contained in the i-th autonomous domain, then we call{ CSi,i = 1, 2}, denotes the set of basic security components.

Based on the data location and environment in the energy Internet and the overall posture of the data security autonomous domains, N typical data attack scenarios against ASi are constructed to form a data attack scenario set Fi (e.g., virus and malware attacks, DoS, eavesdropping, tampering, etc.). The data attack flow formed by the whole data attack scenario \(Fi\) is mapped to the data logical components to form another security component set SCi, which finally forms the basic security component chain corresponding to the autonomous domain and attack scenarios as shown in Fig. 3.

4.1 Resistability Quantification Calculation

Resistance refers to the ability of the Energy Internet as a whole to provide data services normally when the system is under attack. The emphasis is on the overall system rather than the performance of individual components. This article constructs the criticality value of the event set {Eqn}of the data-attack damage level q from indicators such as autonomous domain and criticality weight, as shown in the following formula:

$${\omega }_{q}=\frac{\sum_{n=1}^{N}{\omega }_{qn}}{N}$$
(1)

where N is the number of data attack events and wqn is the harm value of the \(n\)-th data attack event.

Fig. 3.
figure 3

Basic security component chain corresponding to autonomous domain and attack scenario.

Full size image

On this basis, ASi constructs the data security domain to the data attack scenario set and the data security autonomy domain resistibility quantification formula respectively, as shown in formula (2) and (3):

On this basis, the resistibility quantification formulas of data security au- tonomous domain ASi to data attack scenario set Fij, and data security au- tonomous domain ASi are constructed respectively.

$$ Resis\_F_{ij} = \Sigma_k (\Sigma_k (W_q \times p\_res_q \times d_q ) \times m_{ijk} ). $$
(2)
$$ Resis\_AS_i = \Sigma_j (Resis\_F_{ij} \times f_{ij} ). $$
(3)

where p_resq is the resistance rate of data to attack events at this level, dq is the distribution rate of data attack events at all levels, mijk is the weighted value of logical relationship and attack scenario relationship among data sets in data security autonomous domain, and fij is the jeopardy weight value of Fij in data attack scenario.

If the importance of each data security domain ASi is represented by a weight si, then the resistibility of energy Internet is shown as follows:

$$ Resis = \Sigma_i (Resis\_AS_i \times s_i ). $$
(4)

4.2 Recognizability Quantification Calculation

Recognizability emphasizes the monitoring and identification of the data security status in the cyber-physical system of the entire energy Internet, not just for a certain event. This paper intends to construct the overall recognition time of the event set {Eqn} of the attack hazard level q by the data as shown as follows:

$${T}_{q}=\frac{\sum_{n=1}^{N}{t}_{qn}}{N}\times n.$$
(5)

where N is the number of data attack events, and tqn is the regularized value of the recognition time of the nth data attack event.

On this basis, the data attack scenario Fij and the data security autonomous domain ASi identifiable quantitative model are constructed respectively, as shown in Eqs. (6) and (7).

$$ Recog\_F_{ij} = \Sigma_k (\Sigma_q (W_q \times p\_recog_q \times d_q \times T_q ) \times m_{ijk} ). $$
(6)
$$ Recog\_AS_i = \Sigma_j (Recog\_F_{ij} \times f_{ij} ). $$
(7)

where p_recogq is the recognition rate of q level attack events in the attack scenario event set by data, dq is the distribution rate of data attack events at this level, and mijk is the weighted value of the logical relationship between each data set in the data security autonomous domain and the data attack scenario relationship, fij is the hazard weight of Fij in the data attack scenario.

The recognizability of the Energy Internet can be summarized as the weighting of the recognizability values of all data security autonomous domains, as shown in Eq. (8)

$$ Recog = \Sigma_i (Recog\_AS_i \times s_i ). $$
(8)

4.3 Recoverability Quantitative Calculation

The recoverability of data is defined as whether the impact on the data caused by a network attack is recoverable, and the extent to which the data autonomous domain can be recovered within a certain period of time.

This paper intends to construct the recoverability function model of each link Nik in the data security autonomous domain ASi, as shown in Eqs. (9) and (10), respectively.

$$ Recov\_N_{ik} = \Sigma_j [f_{ij} \times p\_recov_{kj} \times p\_recov_{kj} . \times recovT_{ik} /TureT_{kj} ]. $$
(9)
$$ Recov\_AS_i = \Sigma_k (Recov\_N_{ik} \times a_{ik} ). $$
(10)

where recovTik is the recovery time requirement of each link of the Nik in the data security autonomous domain ASi, TureTkj is the time interval from the start of the data attack scenario set Fij to the complete recovery of each link in the data security autonomous domain ASi, and p_recovkj is the data within the TureTkj time interval The degree of recovery of the Nik of each link in the security autonomous domain ASi, aik is the recoverability weight of each link of the Nik in the data security autonomous domain ASi.

On this basis, the formula for summarizing the recoverability of Energy Internet data is shown as follows:

$$ Recov = \Sigma_i (Recov\_AS_i \times s_i ). $$
(11)

5 Conclusions

This article gives a detailed introduction to the concept of data intrusion tolerance and its quantitative calculations in the context of the Energy Internet. On the basis of constructing the basic security component chain of the cyber- physical system data for each link of the Energy Internet, from the aspects of resistance, identifiability and The data intrusion tolerance is quantitatively calculated at three levels of recoverability, and the adaptive intrusion response based on game theory is theoretically deduced. Compared with other existing models, the adaptive intrusion response model based on game theory analyzes the cost of intrusion tolerance and the benefits obtained, and the decision made fully considers the gains and losses of both parties in the game and is reasonable.