CN111818048B - Safety protection authentication system and method based on distribution network automation - Google Patents

Safety protection authentication system and method based on distribution network automation Download PDF

Info

Publication number
CN111818048B
CN111818048B CN202010651144.9A CN202010651144A CN111818048B CN 111818048 B CN111818048 B CN 111818048B CN 202010651144 A CN202010651144 A CN 202010651144A CN 111818048 B CN111818048 B CN 111818048B
Authority
CN
China
Prior art keywords
identification
module
data information
encryption
distribution network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010651144.9A
Other languages
Chinese (zh)
Other versions
CN111818048A (en
Inventor
刘智勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Hongrui Information Technology Co Ltd
Original Assignee
Zhuhai Hongrui Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Hongrui Information Technology Co Ltd filed Critical Zhuhai Hongrui Information Technology Co Ltd
Priority to CN202010651144.9A priority Critical patent/CN111818048B/en
Publication of CN111818048A publication Critical patent/CN111818048A/en
Application granted granted Critical
Publication of CN111818048B publication Critical patent/CN111818048B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a safety protection authentication system and a method based on distribution network automation, which comprises a safety protection system and an authentication system, belongs to the technical field of safety protection, is scientific and reasonable, is safe and convenient to use, the safety protection system carries out encryption analysis on the identification, judges whether abnormal data information exists or not, the steps of calculating the matrix and calculating the contrast value are used for confirming whether abnormal data information exists, if the abnormal data information exists, the process of the distribution network user is stopped, the network connection is cut off, the configuration of the safety protection system is changed, a prompt is sent to a system administrator, when abnormal data information exists, the process of the distribution network user is stopped, the network connection is cut off, the configuration of the safety protection system is changed, a prompt is sent to a system administrator, and the position of the abnormal data information is positioned by the total-inclusion algorithm, so that the system administrator can conveniently process the abnormal data information.

Description

Safety protection authentication system and method based on distribution network automation
Technical Field
The invention relates to the technical field of safety protection authentication, in particular to a safety protection authentication system and a safety protection authentication method based on distribution network automation.
Background
Nowadays, with the rapid development of 5G technology and the widespread use of internet of things technology, a large number of physical devices access a network, so that the entire network is vulnerable to various security threats. Most of the existing network systems use a firewall for prevention, and a security protection authentication system is used as a second defense line. However, due to the diversity of the invading viruses, the security authentication system cannot fully take charge of the security maintenance of the system, so that a security authentication system and a security authentication method based on distribution network automation are urgently needed to solve the problems.
Disclosure of Invention
The invention aims to provide a security protection authentication system and a security protection authentication method based on distribution network automation, which aim to solve the problems in the prior art.
In order to achieve the purpose, the invention provides the following technical scheme: safety protection authentication system based on distribution network automation, its characterized in that: the method comprises a safety protection system and an authentication system:
the safety protection system comprises an information acquisition module, an information analysis module and a safety early warning module; the information acquisition module collects identification of an input system in the distribution network process, and carries out encryption analysis on the identification to judge whether abnormal data information exists or not; the information analysis module comprises a comparison unit, a detection unit and an initial unit, wherein the comparison unit is used for carrying out sequence comparison on data information input into the system in the distribution network process and virus or unsafe data information pre-stored in the system, the detection unit is used for collecting identification information of all software in the system according to time nodes, the time nodes are the time for inputting the data information into the system, and the initial unit is used for obtaining comparison results according to the identification information of the software in the system before and after the time nodes; the safety early warning module records the comparison result and generates judgment information according to the comparison result; the detection unit comprises a detector; the authentication system comprises a searching module, a control module, a verification module and a preference module; the searching module searches machine names and MAC addresses in the local area network, the control module carries out level division on machines corresponding to the machine names and makes different protective measures according to different levels, the verification module divides users according to IP addresses of distribution network users, and the priority selection module preferentially selects distribution network users with high levels for use when network bandwidth cannot be supplied to all distribution network users in the local area network;
the process of analyzing the identification comprises the following steps: the identification is divided into an identification needing encryption and an identification needing no encryption: if the required encryption identifier is b and the number of identifiers is s, the encryption identifier is represented as biI is more than 0 and less than or equal to s; the matrix x comprises a randomly generated sequence b of encrypted identifiers1,b2,...,bsAll of (b) };
identification generation sequence needing encryption b1,b2,...,bsAnd generating an identification matrix to be encrypted
Figure BDA0002575021500000021
The size of x is s × c;
the number of detectors is j, the number of detectors is c, the detector is denoted as jqQ is more than 0 and less than or equal to c, and q is an integer; the detector randomly generates a sequence j1,j2,...,jc}, generating a detector matrix
Figure BDA0002575021500000031
The size of y is c × c; matrix y includes randomly generated sequences of detectors j1,j2,...,jcAll of (1) };
x and y generate encryption matrices of size sxc
Figure BDA0002575021500000032
Encryption matrix hpqCorresponding to the identification bpAnd detector jqW is any integer from 1 to s, and q is any integer from 1 to c; the encryption matrix realizes the encryption of each identifier to be encrypted;
if d represents the mark which does not need to be encrypted and g represents the mark which does not need to be encryptedmM is more than 0 and less than or equal to g, and m is an integer; identification of randomly generated sequences without encryption d1,d2,...,dm};
Calculating a contrast value Q identifying neighborsxAnd non-adjacent contrast value Qf
Figure BDA0002575021500000033
Figure BDA0002575021500000034
Wherein u and v are any integer from 1 to p; q is any integer from 1 to c; calculating a contrast value Q identifying neighborsxAnd non-adjacent contrast value QfThe values of (A) can be seen as the magnitude of the adjacent and non-adjacent contrast values, if the adjacent contrast value QxGreater than non-adjacent contrast QfIf so, the abnormal data information exists.
Comparison Qx、QfThe size of (d);
if Qx>QfIf so, abnormal data information exists;
if Qx≤QfIf there is no abnormal data information, the next comparison Q is carried outj、QiThe size of (d);
if there is no abnormal data information, further comparing the adjacent comparison value Q of the encrypted identifierjAnd non-adjacent contrast value QiFurther determining whether abnormal data information exists in the encrypted identification;
calculating the comparison value Q of adjacent encrypted identifiersjAnd non-adjacent contrast value Qi
Figure BDA0002575021500000041
Figure BDA0002575021500000042
If Qj≥QiThe machines corresponding to the machine names are graded, and the bandwidth used by the distribution network users with high grades is preferentially selected;
if Qj<QiThen no ranking is required.
When abnormal data information exists, a system administrator positions the abnormal data information:
according to the formula:
Figure BDA0002575021500000043
wherein V (G) is a randomly selected comparison value of adjacent to-be-encrypted identifiers, i.e. randomly selected QjA value; v (G) traverse all QjValue, W ═ QfWhen n (v) (g) is 1, v (g) indicates that the selected position is the position of the abnormal data information.
S110: the comparison unit is used for comparing the data information input into the system in the distribution network process with the virus or unsafe data information prestored in the system in sequence;
s120: the detection unit assembles the identifications of all software in the system into identification information according to the time node;
s130: the initial unit obtains a comparison result according to the identification information of the software in the system before and after the time node;
s140: the safety early warning module records the comparison result and generates judgment information according to the comparison result;
s200: searching machine names and MAC addresses in the local area network;
s300: grading the machines corresponding to the machine names, and making different protective measures according to different grades;
s400: dividing users according to the IP addresses of the users of the distribution network;
s500: when the network bandwidth can not be used by all distribution network users in the local area network, the distribution network users with high level are preferentially selected for use.
Preferably, in step S100, when the system is abnormal, the process of the distribution network user is terminated, the network connection is cut off, the configuration of the security protection system is changed, and a prompt is sent to the system administrator.
Compared with the prior art, the invention has the beneficial effects that:
the method comprises the steps of carrying out encryption analysis on an identifier, judging whether abnormal data information exists or not, confirming whether the abnormal data information exists or not through the steps of matrix calculation and comparison value calculation, terminating a distribution network user process if the abnormal data information exists, cutting off network connection, changing safety protection system configuration, sending a prompt to a system administrator, terminating the distribution network user process, cutting off network connection, changing safety protection system configuration, sending a prompt to the system administrator when the abnormal data information exists, and positioning the position of the abnormal data information through a total inclusion algorithm, so that the system administrator can conveniently handle the abnormal data information.
Drawings
FIG. 1 is a schematic diagram of a module hierarchy of a security authentication system based on distribution network automation according to the present invention;
FIG. 2 is a schematic structural diagram of steps S100-S500 of a security authentication method based on distribution network automation according to the present invention;
FIG. 3 is a schematic structural diagram of steps S110-S140 of a security authentication method based on distribution automation according to the present invention;
fig. 4 is a schematic diagram of a module connection structure of the security authentication system based on distribution automation according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example (b): as shown in fig. 1-4, the security authentication system based on distribution network automation is characterized in that: the method comprises a safety protection system and an authentication system:
the safety protection system comprises an information acquisition module, an information analysis module and a safety early warning module; the information acquisition module collects the identification of an input system in the distribution network process, and carries out encryption analysis on the identification to judge whether abnormal data information exists or not; the information analysis module comprises a comparison unit, a detection unit and an initial unit, wherein the comparison unit is used for carrying out sequence comparison on data information input into the system in the distribution network process and virus or unsafe data information pre-stored in the system, the detection unit is used for collecting identification information of all software in the system according to time nodes, the time nodes are the time for inputting the data information into the system, and the initial unit is used for obtaining comparison results according to the identification information of the software in the system before and after the time nodes; the safety early warning module records the comparison result and generates judgment information according to the comparison result; the detection unit comprises a detector; the authentication system comprises a searching module, a control module, a verification module and a preference module; the searching module searches machine names and MAC addresses in the local area network, the control module carries out level division on machines corresponding to the machine names and formulates different protection measures according to different levels, the checking module divides users according to IP addresses of distribution network users, and the preference module preferentially selects distribution network users with high levels to use when network bandwidth cannot be supplied to all distribution network users in the local area network;
the process of analyzing the identification comprises the following steps: the identifiers are classified into encryption-required identifiers and non-required identifiersAnd (3) encryption identification: if the required encryption identifier is b and the number of identifiers is s, the encryption identifier is represented as biI is more than 0 and less than or equal to s; the matrix x comprises a randomly generated sequence b of encrypted identifiers1,b2,...,bsAll of (1) };
identification generation sequence needing encryption b1,b2,...,bsAnd generating an identification matrix to be encrypted
Figure BDA0002575021500000071
The size of x is s × c;
the number of detectors is j, and the number of detectors is c, the detector is denoted as jqQ is more than 0 and less than or equal to c, and q is an integer; the detector randomly generates a sequence j1,j2,...,jc}, generating a detector matrix
Figure BDA0002575021500000072
The size of y is c × c; matrix y includes randomly generated sequences of detectors j1,j2,...,jcAll of (1) };
x and y generate encryption matrices of size sxc
Figure BDA0002575021500000081
Encryption matrix hpqCorresponding to the identification bpAnd detector jqW is any integer from 1 to s, and q is any integer from 1 to c; the encryption matrix realizes the encryption of each identifier to be encrypted;
if d represents the mark which does not need to be encrypted and g represents the mark which does not need to be encryptedmM is more than 0 and less than or equal to g, and m is an integer; identification of randomly generated sequences without encryption d1,d2,...,dm};
Calculating a contrast value Q identifying neighborsxAnd non-adjacent contrast value Qf
Figure BDA0002575021500000082
Figure BDA0002575021500000083
Wherein u and v are any integer from 1 to p; q is any integer from 1 to c; calculating a contrast value Q identifying neighborsxAnd non-adjacent contrast value QfThe values of (A) can be seen as the magnitude of the adjacent and non-adjacent contrast values, if the adjacent contrast value QxGreater than non-adjacent contrast QfIf so, it indicates that the abnormal data information exists.
Comparison Qx、QfThe size of (d);
if Qx>QfIf so, abnormal data information exists;
if Qx≤QfIf there is no abnormal data information, the next comparison Q is carried outj、QiThe size of (d);
if there is no abnormal data information, further comparing the adjacent comparison value Q of the encrypted identifierjAnd non-adjacent contrast value QiFurther determining whether abnormal data information exists in the encrypted identification;
calculating the comparison value Q of adjacent encrypted identifiersjAnd non-adjacent contrast value Qi
Figure BDA0002575021500000091
Figure BDA0002575021500000092
If Qj≥QiThe machines corresponding to the machine names are graded, and the bandwidth used by the distribution network users with high grades is preferentially selected;
if Qj<QiThen no ranking is required.
When abnormal data information exists, a system administrator positions the abnormal data information:
according to the formula:
Figure BDA0002575021500000093
wherein V (G) is a randomly selected comparison value of adjacent to-be-encrypted identifiers, i.e. randomly selected QjA value; v (G) traverse all QjValue, W ═ QfWhen n (v) (g) is 1, v (g) indicates that the selected position is the position of the abnormal data information.
When the safety early warning module gives an alarm, the process of a distribution network user is stopped, the network connection is cut off, the configuration of a safety protection system is changed, and a prompt is sent to a system administrator;
the prompting modes comprise sending mails, sending short messages and other prompting modes;
the information acquisition module comprises a network adapter, and the network adapter is used for collecting all data information transmitted through a network in the process of distribution.
The information acquisition module also comprises an encryption unit, and the encryption unit is used for encrypting and collecting all data information transmitted through the network in the process of distribution of the network.
The output end of the information acquisition module is connected with the input ends of the information analysis module and the safety early warning module, the output end of the information analysis module is connected with the input end of the safety early warning module, the output end of the safety early warning module is connected with the input end of the searching module, the output end of the searching module is connected with the input end of the control module, the output end of the control module is connected with the input end of the verification module, and the output end of the verification module is connected with the input end of the preference module.
A safety protection authentication method based on distribution network automation is characterized in that: the method comprises the following steps:
s100: collecting identification of an input system in the distribution network process, and carrying out encryption analysis on the identification for judging whether abnormal data information exists or not;
when abnormal data information exists, a system administrator positions the abnormal data information:
according to the formula:
Figure BDA0002575021500000101
v (G) is a comparison value of randomly selected adjacent marks needing to be encrypted, a formula is used for solving the intersection of the current positioning information and the position parameters of different coordinates, and when the intersection is 1, Q is shownfV (G) is a relationship of all inclusion;
i.e. W ═ QfWhen n (v) (g) is equal to 1, indicating that v (g) selects the position where the abnormal data information is located;
s110: the comparison unit is used for comparing the data information input into the system in the distribution network process with the virus or unsafe data information prestored in the system in sequence;
s120: the detection unit assembles the identifications of all the software in the system into identification information according to the time node;
s130: the initial unit obtains a comparison result according to the identification information of the software in the system before and after the time node;
s140: the safety early warning module records the comparison result and generates judgment information according to the comparison result;
s200: searching machine names and MAC addresses in the local area network;
s300: grading the machines corresponding to the machine names, and making different protective measures according to different grades;
s400: dividing users according to the IP addresses of the users of the distribution network;
s500: when the network bandwidth can not be used by all distribution network users in the local area network, the distribution network users with high level are preferentially selected for use.
In step S100, when the system is abnormal, the process of the distribution network user is terminated, the network connection is cut off, the configuration of the security protection system is changed, and a prompt is sent to a system administrator.
The working principle is as follows: the system comprises a safety protection system and an authentication system, wherein the safety protection system comprises an information acquisition module, an information analysis module and a safety early warning module; the authentication system comprises a searching module, a control module, a verification module and a priority selection module, wherein the searching module searches machine names and MAC addresses in a local area network, the control module performs level division on machines corresponding to the machine names and formulates different protection measures according to different levels, the verification module divides users according to IP addresses of distribution network users, and the priority selection module preferentially selects distribution network users with high levels to use when network bandwidth cannot be supplied to all distribution network users in the local area network; the safety protection system carries out encryption analysis on the identification, judges whether abnormal data information exists or not, confirms whether the abnormal data information exists or not through the steps of matrix calculation and comparison value calculation, terminates the process of the distribution network user if the abnormal data information exists, cuts off network connection, changes the configuration of the safety protection system and sends a prompt to a system administrator, terminates the process of the distribution network user, cuts off network connection, changes the configuration of the safety protection system and sends a prompt to the system administrator when the abnormal data information exists, and positions the position of the abnormal data information through a total inclusion algorithm, so that the system administrator can conveniently handle the abnormal data information.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (9)

1. Safety protection authentication system based on distribution network automation, its characterized in that: comprises a safety protection system and an authentication system;
the safety protection system comprises an information acquisition module, an information analysis module and a safety early warning module;
the information acquisition module collects identification of an input system in the distribution network process, and carries out encryption analysis on the identification to judge whether abnormal data information exists or not; the information analysis module comprises a comparison unit, a detection unit and an initial unit, wherein the comparison unit is used for carrying out sequence comparison on data information input into the system in the distribution network process and virus or unsafe data information pre-stored in the system, the detection unit is used for collecting identification information of all software in the system according to time nodes, the time nodes are the time for inputting the data information into the system, and the initial unit is used for obtaining comparison results according to the identification information of the software in the system before and after the time nodes; the safety early warning module records the comparison result and generates judgment information according to the comparison result; the detection unit comprises a detector;
the authentication system comprises a searching module, a control module, a verification module and a priority selection module;
the searching module searches machine names and MAC addresses in the local area network, the control module carries out level division on machines corresponding to the machine names and makes different protective measures according to different levels, the verification module divides users according to IP addresses of distribution network users, and the priority selection module preferentially selects distribution network users with high levels for use when network bandwidth cannot be supplied to all distribution network users in the local area network;
the process of analyzing the identification comprises the following steps:
the identification is divided into an identification needing encryption and an identification needing no encryption:
if the required encryption identifier is b and the number of identifiers is s, the encryption identifier is represented as bi,0<i≤s;
Identification generation sequence needing encryption b1,b2,…,bsAnd generating an identification matrix to be encrypted
Figure FDA0003575319280000021
The size of x is s × c;
the number of detectors is j, the number of detectors is c, the detector is denoted as jq,0<q is not more than c, and q is an integer; the detector randomly generates a sequence j1,j2,…,jc}, generating a detector matrix
Figure FDA0003575319280000022
The size of y is c × c;
x and y generate encryption matrices of size sxc
Figure FDA0003575319280000023
Encryption matrix hpqCorresponding to the identification bpAnd detector jqP is any integer from 1 to s, and q is any integer from 1 to c;
if d represents the mark which does not need to be encrypted and g represents the mark which does not need to be encryptedm,0<m is not more than g, and m is an integer; identification of randomly generated sequences without encryption d1,d2,…,dm};
Calculating a contrast value Q identifying neighborsxAnd non-adjacent contrast value Qf
Figure FDA0003575319280000024
Figure FDA0003575319280000031
Wherein u and v are any integer from 1 to p, and r is any constant;
comparison Qx、QfThe size of (d);
if Qx>QfIf so, abnormal data information exists;
if Qx≤QfIf there is no abnormal data information, the next comparison Q is carried outj、QiThe size of (d);
calculating the comparison value Q of adjacent encrypted identifiersjAnd non-adjacent contrast value Qi
Figure FDA0003575319280000032
Figure FDA0003575319280000033
If Qj≥QiThe machines corresponding to the machine names are graded, and the bandwidth used by the distribution network users with high grades is preferentially selected;
if Qj<QiThen no ranking is required.
2. The distribution automation-based security certification system according to claim 1, wherein: and when the safety early warning module gives an alarm, the process of the distribution network user is stopped, the network connection is cut off, the configuration of the safety protection system is changed, and a prompt is sent to a system administrator.
3. The distribution automation-based security protection authentication system according to claim 1, wherein: the information acquisition module comprises a network adapter, and the network adapter is used for collecting all data information transmitted through a network in the process of distribution of the network.
4. The distribution automation-based security certification system according to claim 1, wherein: the information acquisition module also comprises an encryption unit, and the encryption unit is used for encrypting and collecting all data information transmitted through the network in the process of distribution of the network.
5. The distribution automation-based security certification system according to claim 1, wherein: the output of information acquisition module with the input of information analysis module and safety precaution module is connected, the output of information analysis module is connected with the input of safety precaution module, the output of safety precaution module is connected with the input of looking for the module, the output of looking for the module is connected with control module's input, control module's output and the input of verifying the module are connected, the output of verifying the module is connected with the input of preference module.
6. The distribution automation-based security certification system according to claim 1, wherein: when abnormal data information exists, a system administrator positions the abnormal data information:
according to the formula:
Figure FDA0003575319280000041
v (G) is a contrast value of randomly selecting adjacent identification needing encryption;
when W is QfWhen n (v) (g) is 1, v (g) indicates that the selected position is the position of the abnormal data information.
7. A safety protection authentication method based on distribution network automation is characterized in that: the method comprises the following steps:
s100: collecting identification of an input system in the distribution network process, and carrying out encryption analysis on the identification to judge whether abnormal data information exists;
s200: searching machine names and MAC addresses in the local area network;
s300: grading the machines corresponding to the machine names, and making different protective measures according to different grades;
s400: dividing users according to the IP addresses of the users of the distribution network;
s500: when the network bandwidth can not be used by all distribution network users in the local area network, the distribution network users with high level are preferentially selected for use;
the process of analyzing the identification comprises the following steps:
the identification is divided into an identification needing encryption and an identification needing no encryption:
if the required encryption identifier is b and the number of identifiers is s, the encryption identifier is represented as bi,0<i≤s;
Identification generation sequence needing encryption b1,b2,…,bsAnd generating an identification matrix to be encrypted
Figure FDA0003575319280000051
The size of x is s × c;
the number of detectors is j, the number of detectors is c, the detector is denoted as jq,0<q is not more than c, and q is an integer; the detector randomly generates a sequence j1,j2,…,jc}, generating a detector matrix
Figure FDA0003575319280000052
The size of y is c × c;
x and y generate encryption matrices of size sxc
Figure FDA0003575319280000053
Encryption matrix hpqCorresponding to the identification bpAnd detector jqP is any integer from 1 to s, and q is any integer from 1 to c;
if d represents the mark which does not need to be encrypted and g represents the mark which does not need to be encryptedm,0<m is not more than g, and m is an integer; randomly generated sequence d without encrypted identifier1,d2,…,dm};
Calculating a contrast value Q identifying neighborsxAnd non-adjacent contrast value Qf
Figure FDA0003575319280000061
Figure FDA0003575319280000062
Wherein u and v are any integer from 1 to p, and r is any constant;
comparison Qx、QfThe size of (d);
if Qx>QfIf so, abnormal data information exists;
if Qx≤QfIf there is no abnormal data information, the next comparison Q is carried outj、QiThe size of (d);
calculating the comparison value Q of adjacent encrypted identifiersjAnd non-adjacent contrast value Qi
Figure FDA0003575319280000063
Figure FDA0003575319280000064
If Qj≥QiThe machines corresponding to the machine names are graded, and the bandwidth used by the distribution network users with high grades is preferentially selected;
if Qj<QiThen no ranking is required.
8. The distribution automation-based security protection authentication method according to claim 7, wherein: the step S100 includes:
s110: comparing the data information input into the system in the process of the distribution network with the virus or unsafe data information prestored in the system in sequence;
s120: assembling the identifications of all software in the system into identification information according to the time nodes;
s130: obtaining a comparison result according to the identification information of the software in the system before and after the time node;
s140: and recording the comparison result, and generating judgment information according to the comparison result.
9. The distribution automation-based security protection authentication method according to claim 7, wherein: in step S100, when the system is abnormal, the process of the network user of the distribution network is terminated, the network connection is cut off, the configuration of the security protection system is changed, and a prompt is sent to the system administrator.
CN202010651144.9A 2020-07-08 2020-07-08 Safety protection authentication system and method based on distribution network automation Active CN111818048B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010651144.9A CN111818048B (en) 2020-07-08 2020-07-08 Safety protection authentication system and method based on distribution network automation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010651144.9A CN111818048B (en) 2020-07-08 2020-07-08 Safety protection authentication system and method based on distribution network automation

Publications (2)

Publication Number Publication Date
CN111818048A CN111818048A (en) 2020-10-23
CN111818048B true CN111818048B (en) 2022-05-27

Family

ID=72841611

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010651144.9A Active CN111818048B (en) 2020-07-08 2020-07-08 Safety protection authentication system and method based on distribution network automation

Country Status (1)

Country Link
CN (1) CN111818048B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1522020A2 (en) * 2002-05-20 2005-04-13 Airdefense, Inc. System and method for making managing wireless network activity
US7739497B1 (en) * 2001-03-21 2010-06-15 Verizon Corporate Services Group Inc. Method and apparatus for anonymous IP datagram exchange using dynamic network address translation
CN102222183A (en) * 2011-04-28 2011-10-19 奇智软件(北京)有限公司 Mobile terminal software package safety detection method and system thereof
CN104796383A (en) * 2014-01-20 2015-07-22 杭州华三通信技术有限公司 Method and device for preventing terminal information from being tempered
CN106209865A (en) * 2016-07-13 2016-12-07 杨林 A kind of big data platform system based on minimum spanning tree
CN106557402A (en) * 2016-10-31 2017-04-05 努比亚技术有限公司 Mobile terminal and abnormal information processing method
CN107390628A (en) * 2017-09-01 2017-11-24 国家电网公司 Distribution status monitoring and method for early warning and system
CN111049853A (en) * 2019-12-24 2020-04-21 南通理工学院 Security authentication system based on computer network

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7739497B1 (en) * 2001-03-21 2010-06-15 Verizon Corporate Services Group Inc. Method and apparatus for anonymous IP datagram exchange using dynamic network address translation
EP1522020A2 (en) * 2002-05-20 2005-04-13 Airdefense, Inc. System and method for making managing wireless network activity
CN102222183A (en) * 2011-04-28 2011-10-19 奇智软件(北京)有限公司 Mobile terminal software package safety detection method and system thereof
CN104796383A (en) * 2014-01-20 2015-07-22 杭州华三通信技术有限公司 Method and device for preventing terminal information from being tempered
CN106209865A (en) * 2016-07-13 2016-12-07 杨林 A kind of big data platform system based on minimum spanning tree
CN106557402A (en) * 2016-10-31 2017-04-05 努比亚技术有限公司 Mobile terminal and abnormal information processing method
CN107390628A (en) * 2017-09-01 2017-11-24 国家电网公司 Distribution status monitoring and method for early warning and system
CN111049853A (en) * 2019-12-24 2020-04-21 南通理工学院 Security authentication system based on computer network

Also Published As

Publication number Publication date
CN111818048A (en) 2020-10-23

Similar Documents

Publication Publication Date Title
CN107454109B (en) Network privacy stealing behavior detection method based on HTTP traffic analysis
CN108289088B (en) Abnormal flow detection system and method based on business model
US8166553B2 (en) Method and apparatus for detecting unauthorized-access, and computer product
CN106411562B (en) Electric power information network safety linkage defense method and system
US6775657B1 (en) Multilayered intrusion detection system and method
EP1212682B1 (en) System and method for quickly authenticating messages using sequence numbers
CN111031003B (en) Intelligent evaluation system of cross-network isolation safety system
US20050021683A1 (en) Method and apparatus for correlating network activity through visualizing network data
CN110086825B (en) Unmanned aerial vehicle power inspection data safety transmission system and method
CN112153047B (en) Block chain-based network security operation and maintenance and defense method and system
CN1705938A (en) Integrated emergency response system in information infrastructure and operating method therefor
CN108521408A (en) Resist method of network attack, device, computer equipment and storage medium
CN104135474B (en) Intrusion Detection based on host goes out the Network anomalous behaviors detection method of in-degree
CN106302450B (en) A kind of detection method and device based on malice address in DDOS attack
CN114553537A (en) Abnormal flow monitoring method and system for industrial Internet
CN116132989A (en) Industrial Internet security situation awareness system and method
CN111818048B (en) Safety protection authentication system and method based on distribution network automation
CN113839945A (en) Credible access control system and method based on identity
CN116232770B (en) Enterprise network safety protection system and method based on SDN controller
CN116055220B (en) Internet of things terminal safety protection management and control method and system
JP2004234401A (en) System for collecting security diagnostic information, and system for diagnosing security
CN112287252B (en) Method, device, equipment and storage medium for detecting website domain name hijacking
CN114338221A (en) Network detection system based on big data analysis
Kadam et al. Various approaches for intrusion detection system: an overview
CN114124376B (en) Data processing method and system based on network data acquisition

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant