Sun Shoudao, Lu Yi, Wu Di, Zhang Guangyan
State Grid Liaoning Electric Power Co., Ltd., Shenyang Power Supply Company, Shenyang, China.
PLoS One. 2025 May 28;20(5):e0323357. doi: 10.1371/journal.pone.0323357. eCollection 2025.
With the application of new-generation information technologies such as big data, artificial intelligence, and the energy Internet in Power Internet of Things (IoT) systems, a large number of IoT terminals, acquisition terminals, and transmission devices have achieved integrated interconnection and comprehensive information interaction. However, this transformation also brings new challenges: the security risk of intrusions into power IoT systems has significantly increased, making the assurance of power system information security a research hotspot. Penetration testing, as an essential means of information security protection, is critical for identifying and fixing security vulnerabilities. Given the complexity of power IoT systems and the limitations of traditional manual testing methods, this paper proposes an automated penetration testing method that combines prior knowledge with deep reinforcement learning. It aims to intelligently explore optimal attack paths under conditions where the system state is unknown. By constructing an ontology knowledge model to fully utilize prior knowledge and introducing an attention mechanism to address the issue of varying state spaces, the efficiency of penetration testing can be improved. Experimental results show that the proposed method effectively optimizes path decision-making for penetration testing, providing support for the security protection of power IoT systems.
随着大数据、人工智能和能源互联网等新一代信息技术在电力物联网(IoT)系统中的应用,大量物联网终端、采集终端和传输设备实现了集成互联和全面信息交互。然而,这种转变也带来了新的挑战:电力物联网系统遭受入侵的安全风险显著增加,使得电力系统信息安全保障成为研究热点。渗透测试作为信息安全保护的重要手段,对于识别和修复安全漏洞至关重要。鉴于电力物联网系统的复杂性以及传统手动测试方法的局限性,本文提出一种将先验知识与深度强化学习相结合的自动化渗透测试方法。其目的是在系统状态未知的情况下智能探索最优攻击路径。通过构建本体知识模型充分利用先验知识,并引入注意力机制解决状态空间变化问题,可提高渗透测试效率。实验结果表明,所提方法有效优化了渗透测试的路径决策,为电力物联网系统的安全保护提供了支持。
