CN107426225B - Electric power information network safety measurement method - Google Patents

Electric power information network safety measurement method Download PDF

Info

Publication number
CN107426225B
CN107426225B CN201710647496.5A CN201710647496A CN107426225B CN 107426225 B CN107426225 B CN 107426225B CN 201710647496 A CN201710647496 A CN 201710647496A CN 107426225 B CN107426225 B CN 107426225B
Authority
CN
China
Prior art keywords
parameter
security
setting
measurement index
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710647496.5A
Other languages
Chinese (zh)
Other versions
CN107426225A (en
Inventor
洪杰
皇甫伟钢
钱鑫
杜文一
韦钰
詹磊
於晓晖
邓文辉
徐榕拥
雷超
王飞
程铖
肖高远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Tonglu Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Tonglu Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd, Tonglu Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201710647496.5A priority Critical patent/CN107426225B/en
Publication of CN107426225A publication Critical patent/CN107426225A/en
Application granted granted Critical
Publication of CN107426225B publication Critical patent/CN107426225B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention aims to provide a power information network safety measurement method to solve the problem that safety early warning cannot be performed according to network safety measurement indexes in the prior art. In order to achieve the purpose, the invention provides a method for measuring the safety of the power information network according to each safety event D i Index parameter V of K Calculating a network security measurement index H through a calculation model of the network security measurement index, comparing the network security measurement index H with a measurement index threshold value Y, carrying out early warning according to a comparison result, and automatically adjusting the measurement index threshold value Y according to the comparison result; when the security level of the power information network is high to a certain extent, the metric threshold Y can be automatically adjusted according to the third step and the fourth step, and when the security level of the power information network is low to a certain extent, the metric threshold Y can be automatically adjusted according to the third step and the fourth step, so that the metric threshold Y can automatically adjust the reasonable value under the current network security environment.

Description

Electric power information network safety measurement method
Technical Field
The invention relates to the technical field of information security, in particular to a method for measuring the security of a power information network.
Background
The electric power system is an important infrastructure of national economy and people's life, and the safety of the network and the application system is the guarantee of safe operation of the electric power system and reliable power supply to the society, and is directly related to the development of various industries, the stability of the society and the living standard of people in China. The main targets of the security protection of the power system are to prevent data or information of a key service information system from being stolen or tampered, prevent a network from being maliciously infiltrated or monitored, ensure that power grid accidents and large-area power failure accidents caused by information security do not occur, and realize the controllable, controllable and in-control of information security risks. The information security of the power system is very important in China, a power system information security defense system is established, a plurality of safety protection measures are taken, and the generated safety effect and efficiency are often unknown. Therefore, the measurement of the information security level of the power system is receiving more and more attention, and it is very necessary to research the power system security measurement system.
According to the definition of the safety metric in ISO/IEC27004[2 ]: metrics are tools that are used to advance decisions and improve performance and accountability by collecting, analyzing, and reporting performance-related data. The safety measurement mainly solves the problems of whether an information system is safe enough, whether the information system is safer than before, whether the investment of information safety is moderate and balanced, whether the safety is qualified, the working effectiveness of the information safety, the working efficiency of the information safety and the like.
The invention with the publication number of CN104601567A creatively discloses an indexed security measurement method and device based on the mining of a power information network security event, the method and device collect the power information network heterogeneous security event in real time, normalize the heterogeneous security event according to a predefined template, collect the real-time data of the index parameter Vk of the normalized standard security event in real time, obtain the measurement value Ei of the dimension parameter Di and the overall network security measurement index H according to the data, calculate the deviation of each model index, and calculate and locate the network anomaly according to the deviation of each model index. The invention adopts the predefinable security measurement strategy to adapt to complex network requirements, and constructs an automatic, indexed and intelligent security measurement system based on the characteristics of real-time property and comprehensiveness of security event data, thereby accurately evaluating the state and effectiveness of network security. The method has the defects that the method positions network abnormality according to the deviation degree of each model index, but cannot perform safety early warning according to the overall network safety measurement index.
Disclosure of Invention
The invention aims to provide a power information network safety measurement method to solve the problem that safety early warning cannot be performed according to network safety measurement indexes in the prior art.
In order to achieve the purpose, the method for the safety measurement of the power information network comprises the steps of setting an initial value of a measurement index threshold value Y, setting an initial value of a parameter C, setting an initial value of a parameter F, setting an initialization parameter N to be 1, setting an initialization parameter M to be 1, setting an initialization parameter Z to be 1, and executing the following steps every hour:
step one, collecting each safety event D in a set time period T i Index parameter V of K
Step two, according to the calculation model of the network security measurement index and each security event D in the set time period T collected in the step one i Index parameter V of K Calculating to obtain a network security measurement index H;
wherein, the calculation model of the network security measurement index is as follows:
Figure BDA0001367195630000021
Figure BDA0001367195630000022
h is a network security measure, E i For a security event D i The value of (2), a security event D i Including attack intrusion type security events D 1 Number of information-revealing security events D 2 Safety event D of equipment failure type 3 Security event D of the illegitimate access type 4 Malicious code security event D 5 And violation and misoperation-like security event D 6
V K For each security event D i The index parameter V of K Including the amount of security events V 1 Number of source addresses V 2 Number of destination addresses V 3 And number of asset addresses V 4
Step three, comparing the network security measure index H obtained by calculation in the step two with a measure index threshold value Y;
if the network security measurement index H obtained by calculation in the step two is smaller than the measurement index threshold Y, adjusting the parameter N, the parameter M and the parameter F through the following formula;
N=N+1;
M=M+1;
F=F+1;
and if the network security measurement index H obtained by calculation in the step two is greater than or equal to the measurement index threshold value Y, carrying out security early warning, and adjusting the parameter N, the parameter Z and the parameter F through the following formula.
N=N-5;
Z=Z+1;
F=F+1;
Step four, adjusting the measurement index threshold value Y according to the parameter N, the parameter C, the parameter M, the parameter Z and the parameter F;
if N = C, adjusting a measurement index threshold value Y through the following formula, and setting a network security measurement index parameter N to be 1;
Figure BDA0001367195630000031
wherein C is a positive integer of 3 or more and 20 or less;
if it is not
Figure BDA0001367195630000041
Adjusting a measurement index threshold value Y through the following formula, and setting a parameter M and a parameter Z to be 1;
Figure BDA0001367195630000042
and step five, judging whether the parameter F is more than 100, and if the parameter F is more than 100, adjusting the parameter F according to the formula F = F-1.
Preferably, the initial value of the setting parameter F is set to 3.
Preferably, the initial value of the setting parameter F is set to 5.
Preferably, the initial value of the setting parameter C is set to 3.
Preferably, the initial value of the setting parameter C is set to 5.
Preferably, the initial value of the setting parameter C is 10.
Preferably, the starting point of the set time period T is 24 hours before the current time, and the end point of the set time period T is the current time.
Preferably, the starting point of the set time period T is 12 hours before the current time, and the ending point of the set time period T is the current time.
Preferably, the starting point of the set time period T is 1 hour before the current time, and the end point of the set time period T is the current time
Preferably, the metric threshold value Y has an initial value of 1000.
The invention can achieve the following beneficial technical effects: the invention relates to a power supplyThe force information network security measurement method is based on each security event D i Index parameter V of K Calculating a network security measurement index H through a calculation model of the network security measurement index, comparing the network security measurement index H with a measurement index threshold value Y, carrying out early warning according to a comparison result, and automatically adjusting the measurement index threshold value Y according to the comparison result; when the security level of the power information network is high to a certain degree, the threshold value Y of the measurement index can be automatically adjusted according to the third step and the fourth step, and when the security level of the power information network is low to a certain degree, the threshold value Y of the measurement index can be automatically adjusted according to the third step and the fourth step, so that the threshold value Y of the measurement index can automatically adjust a reasonable value under the current network security environment.
Detailed Description
To facilitate understanding of those skilled in the art, the present invention will be further described with reference to specific examples:
example 1:
the invention provides a method for measuring the safety of an electric power information network, which comprises the steps of setting an initial value of a measurement index threshold value Y, setting an initial value of a parameter C, setting an initial value of a parameter F, setting an initialization parameter N to be 1, setting an initialization parameter M to be 1, setting an initialization parameter Z to be 1, and executing the following steps every hour,
step one, collecting each safety event D in a set time period T i Index parameter V of K
Step two, according to the calculation model of the network security measurement index and each security event D in the set time period T collected in the step one i Index parameter V of K Calculating to obtain a network security measurement index H;
wherein, the calculation model of the network security measurement index is as follows:
Figure BDA0001367195630000051
Figure BDA0001367195630000052
h is a network security measure, E i For a security event D i The value of (2), a security event D i Including attack intrusion type security event D 1 Number of information-revealing security events D 2 Safety event D of equipment failure type 3 Security event D of the illegitimate access type 4 Malicious code type security event D 5 And violation and misoperation-like security event D 6
V K For each security event D i The index parameter V of K Including the amount of security events V 1 Source address number V 2 Number of destination addresses V 3 And number of asset addresses V 4
Step three, comparing the network security measure index H obtained by calculation in the step two with a measure index threshold value Y;
if the network security measurement index H obtained by calculation in the step two is smaller than the measurement index threshold value Y, adjusting the parameter N, the parameter M and the parameter F through the following formula;
N=N+1;
M=M+1;
F=F+1;
and if the network security measurement index H obtained by calculation in the step two is greater than or equal to the measurement index threshold value Y, performing security early warning, and adjusting the parameter N, the parameter Z and the parameter F through the following formula.
N=N-5;
Z=Z+1;
F=F+1;
Step four, adjusting a measurement index threshold value Y according to the parameter N, the parameter C, the parameter M, the parameter Z and the parameter F;
if N = C, adjusting the metric index threshold value Y through the following formula, and setting the network security metric index parameter N to 1;
Figure BDA0001367195630000061
wherein C is a positive integer of 3 or more and 20 or less;
n = C indicates that the number of times that the network security metric H is less than the metric threshold Y is more than 5 times the number of times that the network security metric H is greater than or equal to the metric threshold Y by C-1 times; by adopting the judgment mode, the problem that the measurement index threshold value Y is excessively reduced when the network security measurement indexes are all smaller than the measurement index threshold value Y in the initial comparison for several times can be solved.
If it is not
Figure BDA0001367195630000062
Adjusting a measurement index threshold value Y through the following formula, and setting a parameter M and a parameter Z to be 1;
Figure BDA0001367195630000071
Figure BDA0001367195630000072
indicating that the number of times that the network security metric H is less than the metric threshold Y is less than 1000 times the number of times that the network security metric H is greater than or equal to the metric threshold Y; through the judgment mode, the early warning probability can be ensured to be between 1 per thousand and 200 per thousand. When the early warning probability is guaranteed to be 1 per mill, early warning is basically carried out only once in 1 month, the safety of the whole network environment is probably very high basically at the moment, the index of the network safety needs to be correspondingly improved, and the measurement index threshold value Y needs to be reduced.
And step five, judging whether the parameter F is larger than 100, and if the parameter F is larger than 100, adjusting the parameter F according to the formula F = F-1.
The invention relates to a method for measuring the safety of a power information network, which is used for measuring the safety of each safety event D i Index parameter V of K Calculating a network security measurement index H through a calculation model of the network security measurement index, comparing the network security measurement index H with a measurement index threshold value Y, carrying out early warning according to a comparison result, and automatically adjusting the measurement index threshold value Y according to the comparison result; as technology evolves, power informationWhen the network security level is high to a certain degree, the metric index threshold Y can be automatically adjusted according to the third step and the fourth step, and when the power information network security level is low to a certain degree, the metric index threshold Y can be automatically adjusted according to the third step and the fourth step, so that the metric index threshold Y can automatically adjust the reasonable value under the current network security environment.
The initial value of the parameter F may be set to 3 or 5, and may specifically be set according to the coverage area of the power information network, and the larger the coverage area of the power information network is, the larger the initial value of the parameter F may be set to, and generally, one of positive integers between 3 and 50 may be selected as the initial value of the parameter F. The parameter F is increased by 1 every time step 3 is carried out, so that the measurement index threshold value Y is ensured to be more and more stable, and meanwhile, the measurement index threshold value Y is greatly changed only when the overall network environment is greatly changed.
The initial value of the parameter C may be set to 3 or 5 or 10 or 20, and generally one of positive integers between 3 and 20 may be selected as the initial value of the parameter C.
The set time period T may be set as needed, for example, the starting point of the set time period T is set to be 24 hours before the current time, and the ending point of the set time period T is the current time. And setting the starting point of the time period T to be 12 hours before the current time, and setting the end point of the time period T to be the current time. The starting point of the set time period T is 1 hour before the current time, and the end point of the set time period T is the current time.
The initial value of the metric threshold value Y can be set according to the coverage range of the power information network, generally 1000, 10000 or 20000, and the like.
The above description is only an embodiment of the present invention, but the technical features of the present invention are not limited thereto, and any changes or modifications within the technical field of the present invention by those skilled in the art are covered by the present invention.

Claims (10)

1. A method for measuring the safety of an electric power information network is characterized by comprising the steps of setting an initial value of a measurement index threshold value Y, setting an initial value of a parameter C, setting an initial value of a parameter F, setting an initialization parameter N to be 1, setting an initialization parameter M to be 1, setting an initialization parameter Z to be 1, and executing the following steps every hour:
step one, collecting each safety event D in a set time period T i Index parameter V of K
Step two, according to the calculation model of the network security measurement index and each security event D in the set time period T collected in the step one i Index parameter V of K Calculating to obtain a network security measurement index H;
wherein, the calculation model of the network security measurement index is as follows:
Figure QLYQS_1
Figure QLYQS_2
h is a network security measure, E i For a security event D i The value of (2), a security event D i Including attack intrusion type security event D 1 Number of information-revealing security events D 2 Safety event D of equipment failure type 3 Security event D of the illegal access type 4 Malicious code type security event D 5 And violation and misoperation-like security event D 6
V K For each security event D i The index parameter V of K Including the amount of security events V 1 Number of source addresses V 2 Number of destination addresses V 3 And number of asset addresses V 4
Step three, comparing the size between the network security measurement index H obtained by calculation in the step two and a measurement index threshold value Y;
if the network security measurement index H obtained by calculation in the step two is smaller than the measurement index threshold value Y, adjusting the parameter N, the parameter M and the parameter F through the following formula;
N=N+1;
M=M+1;
F=F+1;
if the network security measurement index H obtained by calculation in the step two is greater than or equal to the measurement index threshold value Y, carrying out security early warning, and adjusting the parameter N, the parameter Z and the parameter F through the following formula;
N=N-5;
Z=Z+1;
F=F+1;
step four, adjusting the measurement index threshold value Y according to the parameter N, the parameter C, the parameter M, the parameter Z and the parameter F;
if N = C, adjusting the metric index threshold value Y through the following formula, and setting the network security metric index parameter N to 1;
Figure QLYQS_3
wherein C is a positive integer of 3 or more and 20 or less;
if it is not
Figure QLYQS_4
Adjusting a measurement index threshold value Y through the following formula, and setting a parameter M and a parameter Z to be 1;
Figure QLYQS_5
and step five, judging whether the parameter F is larger than 100, and if the parameter F is larger than 100, adjusting the parameter F according to the formula F = F-1.
2. A method according to claim 1, wherein the initial value of the setting parameter F is set to 3.
3. A method according to claim 1, wherein the initial value of the setting parameter F is set to 5.
4. A method according to claim 1, wherein the initial value of the setting parameter C is set to 3.
5. A method according to claim 1, wherein the initial value of the setting parameter C is set to 5.
6. A method according to claim 1, wherein the initial value of the setting parameter C is 10.
7. The method as claimed in claim 1, wherein the starting point of the set time period T is 24 hours before the current time, and the end point of the set time period T is the current time.
8. The method as claimed in claim 1, wherein the starting point of the set time period T is 12 hours before the current time, and the end point of the set time period T is the current time.
9. The method as claimed in claim 1, wherein the starting point of the set time period T is 1 hour before the current time, and the end point of the set time period T is the current time.
10. A method according to claim 1, wherein the metric threshold Y is set to 1000 at its initial value.
CN201710647496.5A 2017-08-01 2017-08-01 Electric power information network safety measurement method Active CN107426225B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710647496.5A CN107426225B (en) 2017-08-01 2017-08-01 Electric power information network safety measurement method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710647496.5A CN107426225B (en) 2017-08-01 2017-08-01 Electric power information network safety measurement method

Publications (2)

Publication Number Publication Date
CN107426225A CN107426225A (en) 2017-12-01
CN107426225B true CN107426225B (en) 2023-04-18

Family

ID=60436541

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710647496.5A Active CN107426225B (en) 2017-08-01 2017-08-01 Electric power information network safety measurement method

Country Status (1)

Country Link
CN (1) CN107426225B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116566845B (en) * 2023-07-06 2023-11-17 北京阿帕科蓝科技有限公司 Network early warning method and computer storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104601567A (en) * 2015-01-12 2015-05-06 国家电网公司 Indexed security measurement system based on power information network security event mining

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9888024B2 (en) * 2015-09-30 2018-02-06 Symantec Corporation Detection of security incidents with low confidence security events

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104601567A (en) * 2015-01-12 2015-05-06 国家电网公司 Indexed security measurement system based on power information network security event mining

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
洪杰等.电力企业信息***风险与安全管理研究.《中国管理信息化》.2015,第18卷(第18期),第89-90页. *

Also Published As

Publication number Publication date
CN107426225A (en) 2017-12-01

Similar Documents

Publication Publication Date Title
CN106888205A (en) A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis
Zhe et al. DoS attack detection model of smart grid based on machine learning method
CN110868425A (en) Industrial control information safety monitoring system adopting black and white list for analysis
CN109784668B (en) Sample feature dimension reduction processing method for detecting abnormal behaviors of power monitoring system
CN113671909A (en) Safety monitoring system and method for steel industrial control equipment
CN112491849B (en) Power terminal vulnerability attack protection method based on flow characteristics
CN115499185A (en) Method and system for analyzing abnormal behavior of network security object of power monitoring system
CN107426225B (en) Electric power information network safety measurement method
CN104601567B (en) A kind of indexing security measure method excavated based on information network security of power system event
CN116015922A (en) Network security situation analysis method, device and equipment of electric power Internet of things
CN115049410A (en) Electricity stealing behavior identification method and device, electronic equipment and computer readable storage medium
Kumar et al. Cyber security issue in smart grid
CN108731731A (en) A kind of lighning proof type safety supervision system and lighning proof type safety supervision method
CN104239186A (en) Intelligent electric meter virus detection method based on load rate of CPU
CN116956148A (en) Power system data interaction security threat information analysis method
CN116248403A (en) Computer network security management method based on wireless communication system
CN113515786B (en) Method and device for detecting whether device fingerprints collide or not by combining wind control system
CN114839462A (en) Intelligent anti-electricity-stealing monitoring method and system
CN113296047A (en) Intelligent ammeter detection method
CN110390469B (en) Distribution transformer lightning damage risk assessment method
Li et al. Using power side-channel to implement anomaly-based intrusion detection on smart grid terminals
CN111107092A (en) Attack recognition method based on random forest algorithm and energy storage coordination control device
CN104144077B (en) Method for managing security and safety management platform with green energy conservation function
CN117715089B (en) BIM modeling-based communication base station energy consumption data management method
CN116192296B (en) 5G base station-based antenna evaluation method, storage medium and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant