针对传统入侵检测系统在资源受限的工业网络中部署时效率和稳定性表现不足的问题，首先提出了面向智能变电站的入侵检测系统，以及工业设备安全风险评估方法，建立了针对智能变电站结构的威胁风险评价模型，引入基于灰色模型的网络脆弱性节点主动预测方法用以平衡威胁来源的权重；其次提出基于信息安全三维度风险值计算算法，引入模糊一致判断矩阵进行风险值参数计算，最终实现可以直观判断攻击对系统的影响范围和程度的风险评价。通过相关实验，系统在部署环境中满足被动性、低负荷、实时性以及可靠性要求的同时，能够有效地检测工业网络面临的入侵威胁。

Due to the lack of efficiency and stability in the deployment of traditional intrusion detection systems in resource-limited industrial equipment, an intrusion detection system for intelligent substations was proposed to supplement the evaluation model of industrial equipment security risks. The system used a gray model-based network vulnerability node active prediction method to balance the weight of threat sources in the established threats and risk assessment model. A risk value calculation algorithm based on the three-dimensionality of information security is proposed. The algorithm used a fuzzy consistent judgment matrix to calculate the risk value parameters. Therefore, a risk evaluation that can intuitively determine the scope and extent of the attack on the system was completed. Through relevant experiments, the system can effectively detect intrusion attacks and have good performance while satisfying the passive, low load, real-time and reliability in the deployment environment.

TN914

国网四川省电力公司科技资助项目（52199717001P）；国网四川省电力公司电力科学研究院项目（SGSCDK00XTJS1800093）。