Visible to the public High-risk Problem of Penetration Testing of Power Grid Rainstorm Disaster Artificial Intelligence Prediction System and Its Countermeasures

TitleHigh-risk Problem of Penetration Testing of Power Grid Rainstorm Disaster Artificial Intelligence Prediction System and Its Countermeasures
Publication TypeConference Paper
Year of Publication2019
AuthorsYe, Yu, Guo, Jun, Xu, Xunjian, Li, Qinpu, Liu, Hong, Di, Yuelun
Conference Name2019 IEEE 3rd Conference on Energy Internet and Energy System Integration (EI2)
Date Publishednov
Keywordsapplication security, artificial intelligence, artificial storm prediction system, Companies, composability, disaster prediction information systems, disasters, electric power information system security defense work, electrical safety, energy Internet disaster safety, energy internet disaster security, host security, Information security, Information systems, Internet, Internet of Things, middleware, middleware security, Network security, password, Penetration Testing, PGRDAIPS, policy-based governance, power engineering computing, power grid rainstorm disaster artificial intelligence prediction system, power grid storm disasters, power grids, power Internet of Things, power meteorological service technology support, power system security, power transformer testing, program debugging, pubcrawl, resilience, Resiliency, security of data, SQL, SQL blind bug, SQL Injection, SQL injection attack behavior, SQL injection penetration test, Storms, system penetration testing, Vulnerability
AbstractSystem penetration testing is an important measure of discovering information system security issues. This paper summarizes and analyzes the high-risk problems found in the penetration testing of the artificial storm prediction system for power grid storm disasters from four aspects: application security, middleware security, host security and network security. In particular, in order to overcome the blindness of PGRDAIPS current SQL injection penetration test, this paper proposes a SQL blind bug based on improved second-order fragmentation reorganization. By modeling the SQL injection attack behavior and comparing the SQL injection vulnerability test in PGRDAIPS, this method can effectively reduce the blindness of SQL injection penetration test and improve its accuracy. With the prevalence of ubiquitous power internet of things, the electric power information system security defense work has to be taken seriously. This paper can not only guide the design, development and maintenance of disaster prediction information systems, but also provide security for the Energy Internet disaster safety and power meteorological service technology support.
Citation Keyye_high-risk_2019