CN113742720A - Network security situation perception method based on multistage linkage mode - Google Patents

Network security situation perception method based on multistage linkage mode Download PDF

Info

Publication number
CN113742720A
CN113742720A CN202110995822.8A CN202110995822A CN113742720A CN 113742720 A CN113742720 A CN 113742720A CN 202110995822 A CN202110995822 A CN 202110995822A CN 113742720 A CN113742720 A CN 113742720A
Authority
CN
China
Prior art keywords
safety
method based
network security
flow
behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110995822.8A
Other languages
Chinese (zh)
Other versions
CN113742720B (en
Inventor
左天才
高英
曾体健
谢志奇
宋尔进
李林
杜泽新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Wujiang Hydropower Development Co Ltd
Original Assignee
Guizhou Wujiang Hydropower Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Wujiang Hydropower Development Co Ltd filed Critical Guizhou Wujiang Hydropower Development Co Ltd
Priority to CN202110995822.8A priority Critical patent/CN113742720B/en
Publication of CN113742720A publication Critical patent/CN113742720A/en
Application granted granted Critical
Publication of CN113742720B publication Critical patent/CN113742720B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Computing Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network security situation perception method based on a multistage linkage mode, which comprises the following steps: collecting flow and safety logs of a region I and a region II of a power plant; preprocessing the acquired data and extracting key characteristic elements; establishing a baseline flow and log model through baseline learning based on the extracted key characteristic elements, and analyzing and detecting abnormal information in the baseline flow and log model in real time by using a safety detection model; and when abnormal information is detected, performing safety tracing analysis on the abnormal information by using safety expert knowledge to obtain a safety problem. The invention can analyze and early warn the potential safety hazard in real time in advance, thereby protecting the unsafe network problem in time.

Description

Network security situation perception method based on multistage linkage mode
Technical Field
The invention relates to the technical field of network security situation awareness, in particular to a network security situation awareness method based on a multi-level linkage mode.
Background
The electric power group comprises a plurality of power plants, the network security environment is complex, the types of network security equipment are various, the types of logs are more, a platform and a situation perception platform for collecting and analyzing unified information are lacked, and overall supervision and analysis are carried out on the global security problems.
Communication capacity between a power plant and a group is limited, full flow cannot be sent to a regional level, safety modeling analysis is carried out by using a large computing cluster on the side of the group, and a large amount of safety data cannot be utilized due to the fact that the power plant side lacks the large computing cluster and the safety modeling capacity.
Network security detection ability needs to be updated in real time, so how can the detection ability of updating in real time be transferred to each power plant and form unified management, how the security experts in the area level effectively guide and solve the safety problem of the power plant, and analyzing the potential safety hazard and early warning are problems to be solved urgently.
Disclosure of Invention
This section is for the purpose of summarizing some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. In this section, as well as in the abstract and the title of the invention of this application, simplifications or omissions may be made to avoid obscuring the purpose of the section, the abstract and the title, and such simplifications or omissions are not intended to limit the scope of the invention.
The present invention has been made in view of the above-mentioned conventional problems.
Therefore, the technical problem solved by the invention is as follows: the prior art can not analyze and early warn potential safety hazards in real time, so that the network safety protection is not timely.
In order to solve the technical problems, the invention provides the following technical scheme: collecting flow and safety logs of a region I and a region II of a power plant; preprocessing the acquired data and extracting key characteristic elements; establishing a baseline flow and log model through baseline learning based on the extracted key characteristic elements, and analyzing and detecting abnormal information in the baseline flow and log model in real time by using a safety detection model; and when abnormal information is detected, performing safety tracing analysis on the abnormal information by using safety expert knowledge to obtain a safety problem.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: and acquiring flow and safety logs of the I area and the II area of the power plant by using plant station level situation awareness equipment.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: preprocessing the acquired data and extracting key characteristic elements, including data cleaning, data integration, data transformation and data reduction of the acquired data; and extracting the key characteristic elements by using a principal component analysis strategy.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: constructing the baseline traffic and log model through baseline learning includes a session set: f. of1The communication starting time length of the communication starting time of the size of the uplink packet and the size of the downlink packet of the number of the uplink packets and the number of the downlink packets of the destination port destination IP address source IP address transmission protocol is set as { the communication starting time length of the communication starting time of the size of the uplink packet and the size of the downlink packet of the number of the uplink packets and the size of the destination port destination IP address source IP address transmission protocol }; protocol behavior aggregation: f. of2Protocol instruction parameter of communication starting time of size of uplink packet and size of downlink packet of destination port destination IP address source IP address transmission protocol.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: further comprising, constructing the baseline traffic and log model based on the session set and protocol behavior set:
Figure RE-GDA0003340928400000021
where E (Y | X ═ X) denotes a behavior matching degree output value, Y denotes an aggregate behavior, X denotes an input behavior, τ is1Denotes the number of extractions, τ2Representing the probability of behavior.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: judging whether abnormal flow or behavior exists according to the behavior matching degree output value, wherein the abnormal flow or behavior exists when E (Y | X ═ X) < 0.83 and is more than or equal to 0; when 0.83 ≦ E (Y | X ≦ 1), the flow or behavior is normal.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: the safety detection model is utilized to carry out real-time analysis and detection on abnormal information in the baseline flow and log model, and an abnormal information feature library is established according to historical information; adopting a deep learning network to construct the safety detection model, and carrying out data training to obtain a perfect safety detection model; and matching the abnormal information with the abnormal information feature library, and analyzing and detecting to obtain the final security vulnerability.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: the exception information includes exception traffic and logs.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: the inclusion of the security detection model may include,
Figure RE-GDA0003340928400000031
wherein [ a, b]Denotes a detection interval, xkDenotes the flow value, x, at a subinterval of kk-1Denotes the flow value, Δ x, at a subinterval of k-1k=xk-xk-1To representThe length of the subinterval k, N, indicates the number of iterations.
The invention has the beneficial effects that: the invention can analyze and early warn the potential safety hazard in real time in advance, thereby protecting the unsafe network problem in time.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise. Wherein:
fig. 1 is a schematic basic flow chart of a network security situation awareness method based on a multi-level linkage manner according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an area-level security situation awareness platform of a network security situation awareness method based on a multi-level linkage manner according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, specific embodiments accompanied with figures are described in detail below, and it is apparent that the described embodiments are a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making creative efforts based on the embodiments of the present invention, shall fall within the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways than those specifically described and will be readily apparent to those of ordinary skill in the art without departing from the spirit of the present invention, and therefore the present invention is not limited to the specific embodiments disclosed below.
Furthermore, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
The present invention will be described in detail with reference to the drawings, wherein the cross-sectional views illustrating the structure of the device are not enlarged partially in general scale for convenience of illustration, and the drawings are only exemplary and should not be construed as limiting the scope of the present invention. In addition, the three-dimensional dimensions of length, width and depth should be included in the actual fabrication.
Meanwhile, in the description of the present invention, it should be noted that the terms "upper, lower, inner and outer" and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of describing the present invention and simplifying the description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation and operate, and thus, cannot be construed as limiting the present invention. Furthermore, the terms first, second, or third are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The terms "mounted, connected and connected" in the present invention are to be understood broadly, unless otherwise explicitly specified or limited, for example: can be fixedly connected, detachably connected or integrally connected; they may be mechanically, electrically, or directly connected, or indirectly connected through intervening media, or may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Example 1
Referring to fig. 1 to 2, an embodiment of the present invention provides a network security situation awareness method based on a multi-level linkage manner, including:
s1: collecting flow and safety logs of a region I and a region II of a power plant; it should be noted that:
and acquiring flow and safety logs of the I area and the II area of the power plant by using plant station level situation awareness equipment.
S2: preprocessing the acquired data and extracting key characteristic elements; it should be noted that:
preprocessing the acquired data and extracting key feature elements comprises the following steps:
carrying out data cleaning, data integration, data transformation and data reduction on the acquired data;
extracting key characteristic elements by using a principal component analysis strategy; the principal component analysis strategy extracts the characteristic elements by using the following codes:
Figure RE-GDA0003340928400000041
Figure RE-GDA0003340928400000051
s3: establishing a baseline flow and log model through baseline learning based on the extracted key characteristic elements, and analyzing and detecting abnormal information in the baseline flow and log model in real time by using a safety detection model; it should be noted that:
constructing a baseline traffic and log model through baseline learning includes:
session aggregation:
f1the communication starting time length of the communication starting time of the size of the uplink packet and the size of the downlink packet of the number of the uplink packets and the number of the downlink packets of the destination port destination IP address source IP address transmission protocol is set as { the communication starting time length of the communication starting time of the size of the uplink packet and the size of the downlink packet of the number of the uplink packets and the size of the destination port destination IP address source IP address transmission protocol };
protocol behavior aggregation:
f2protocol instruction parameter of communication starting time of size of uplink packet and size of downlink packet of destination port destination IP address source IP address transmission protocol.
Establishing a baseline flow and log model based on the session set and the protocol behavior set:
Figure RE-GDA0003340928400000061
where E (Y | X ═ X) denotes a behavior matching degree output value, Y denotes an aggregate behavior, X denotes an input behavior, τ is1Denotes the number of extractions, τ2Representing the probability of behavior.
Judging whether abnormal flow or behavior exists according to the behavior matching degree output value, wherein the judging step comprises the following steps:
when 0 ≦ E (Y | X ═ X) < 0.83, there is abnormal flow or behavior;
when 0.83 ≦ E (Y | X ≦ 1), the flow or behavior is normal.
The real-time analysis and detection of abnormal information in the baseline flow and log model by using the safety detection model comprises the following steps:
establishing an abnormal information feature library according to the historical information;
a safety detection model is constructed by adopting a deep learning network, and data training is carried out to obtain a perfect safety detection model;
wherein, the safety detection model comprises a safety detection model,
Figure RE-GDA0003340928400000062
wherein [ a, b]Denotes a detection interval, xkDenotes the flow value, x, at a subinterval of kk-1Denotes the flow value, Δ x, at a subinterval of k-1k=xk-xk-1Denotes the length of the subinterval k and N denotes the number of iterations.
Matching the abnormal information with an abnormal information feature library, and analyzing and detecting to obtain a final security vulnerability;
the abnormal information comprises abnormal flow and logs.
S4: when abnormal information is detected, safety tracing analysis is carried out on the abnormal information by utilizing safety expert knowledge to obtain a safety problem; it should be noted that:
as shown in fig. 2, the regional situation awareness platform cooperates with a third-party security vendor through its security expert capability to continuously construct its security core security capability, which includes: a vulnerability library, an information library, a virus killing library, an intrusion detection library, an association rule analysis library, a model library based on behavior analysis, safety information and the like, and the core detection capabilities are issued to a plant-level situation perception platform; when security loopholes occur or abnormal flow possibly exists, the regional security experts can be directly connected to the plant station level situation awareness platform in a remote mode to conduct security source tracing and evidence obtaining.
Example 2
The embodiment is different from the first embodiment in that a verification test of a network security situation awareness method based on a multi-level linkage mode is provided, and in order to verify and explain the technical effects adopted in the method, the embodiment adopts a traditional technical scheme and the method of the invention to carry out a comparison test, and compares the test results by means of scientific demonstration to verify the real effect of the method.
The traditional technical scheme is as follows: the existing potential safety hazards cannot be analyzed and early warned in real time, so that the network safety protection is not timely. Compared with the traditional method, the method has higher real-time performance and analysis accuracy. In this embodiment, a traditional network security situation awareness method and a traditional network security situation awareness method are adopted to perform real-time measurement and comparison on the detection and analysis accuracy and speed of the simulated network security vulnerability problem.
And (3) testing environment: the host operating system: windows, solaris, aix, linux, sco, sgi; a database system: mssql, oracle, mysql, informix, sybase; the application system comprises the following steps: various applications provided by the target, such as www applications composed of asp, cgi, jsp, php, and the like; a network device: a firewall, a security detection system, and a network device; the safety events are issued every 1 hour according to the sequence of 10, 12, 15, 12 and 21 by using an automatic testing device, and simulation tests of the two methods are realized by using MATLB software programming, and simulation data are obtained according to experimental results. 1000 sets of data were tested for each method and the results of the two methods are shown in the table below.
Table 1: the experimental results are shown in a comparison table.
Experimental sample Conventional methods The method of the invention
Time delay 1.2min 0.4ms
Rate of accuracy 85% 98%
From the above table it can be seen that the process of the invention has good properties.
It should be noted that the above-mentioned embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, which should be covered by the claims of the present invention.

Claims (9)

1. A network security situation perception method based on a multi-level linkage mode is characterized by comprising the following steps:
collecting flow and safety logs of a region I and a region II of a power plant;
preprocessing the acquired data and extracting key characteristic elements;
establishing a baseline flow and log model through baseline learning based on the extracted key characteristic elements, and analyzing and detecting abnormal information in the baseline flow and log model in real time by using a safety detection model;
and when abnormal information is detected, performing safety tracing analysis on the abnormal information by using safety expert knowledge to obtain a safety problem.
2. The network security situation awareness method based on the multi-level linkage mode according to claim 1, wherein: and acquiring flow and safety logs of the I area and the II area of the power plant by using plant station level situation awareness equipment.
3. The network security situation awareness method based on the multi-level linkage mode according to claim 1 or 2, wherein: preprocessing the collected data and extracting key feature elements includes,
carrying out data cleaning, data integration, data transformation and data reduction on the acquired data;
and extracting the key characteristic elements by using a principal component analysis strategy.
4. The network security situation awareness method based on the multi-level linkage mode according to claim 3, wherein: constructing the baseline traffic and log model through baseline learning includes,
session aggregation:
f1the communication starting time length of the communication starting time of the size of the uplink packet of the downlink packet of the number of the uplink packets of the destination IP address source IP address transmission protocol of the destination port is set as { the communication starting time length of the size of the downlink packet of the number of the downlink packets of the destination IP address source IP address transmission protocol };
protocol behavior aggregation:
f2protocol instruction parameter of communication starting time of size of downlink packet of quantity of downlink packet of destination IP address source IP address transmission protocol of destination port.
5. The network security situation awareness method based on the multi-level linkage mode according to claim 4, wherein: also comprises the following steps of (1) preparing,
constructing the baseline traffic and log model based on the session set and the protocol behavior set:
Figure FDA0003233804690000011
where E (Y | X ═ X) denotes a behavior matching degree output value, Y denotes an aggregate behavior, X denotes an input behavior, τ is1Denotes the number of extractions, τ2Representing the probability of behavior.
6. The network security situation awareness method based on the multi-level linkage mode according to claim 5, wherein: judging whether abnormal flow or behavior exists according to the behavior matching degree output value, including,
when 0 ≦ E (Y | X ═ X) < 0.83, there is abnormal flow or behavior;
when 0.83 ≦ E (Y | X ≦ 1), the flow or behavior is normal.
7. The network security situation awareness method based on the multi-level linkage mode according to any one of claims 1, 5 and 6, wherein: the real-time analysis and detection of abnormal information in the baseline flow and log model by using the security detection model comprises,
establishing an abnormal information feature library according to the historical information;
adopting a deep learning network to construct the safety detection model, and carrying out data training to obtain a perfect safety detection model;
and matching the abnormal information with the abnormal information feature library, and analyzing and detecting to obtain the final security vulnerability.
8. The network security situation awareness method based on the multi-level linkage mode according to claim 7, wherein: the exception information includes exception traffic and logs.
9. The network security situation awareness method based on the multi-level linkage mode according to claim 7, wherein: the inclusion of the security detection model may include,
Figure FDA0003233804690000021
wherein [ a, b]Denotes a detection interval, xkDenotes the flow value, x, at a subinterval of kk-1Denotes the flow value, Δ x, at a subinterval of k-1k=xk-xk-1Denotes the length of the subinterval k and N denotes the number of iterations.
CN202110995822.8A 2021-08-27 2021-08-27 Network security situation perception method based on multistage linkage mode Active CN113742720B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110995822.8A CN113742720B (en) 2021-08-27 2021-08-27 Network security situation perception method based on multistage linkage mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110995822.8A CN113742720B (en) 2021-08-27 2021-08-27 Network security situation perception method based on multistage linkage mode

Publications (2)

Publication Number Publication Date
CN113742720A true CN113742720A (en) 2021-12-03
CN113742720B CN113742720B (en) 2022-11-25

Family

ID=78733451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110995822.8A Active CN113742720B (en) 2021-08-27 2021-08-27 Network security situation perception method based on multistage linkage mode

Country Status (1)

Country Link
CN (1) CN113742720B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245793A (en) * 2019-12-31 2020-06-05 西安交大捷普网络科技有限公司 Method and device for analyzing abnormity of network data
CN112612669A (en) * 2020-11-25 2021-04-06 中国大唐集团科学技术研究院有限公司 Infrastructure monitoring and early warning method and system based on situation awareness
CN112651006A (en) * 2020-12-07 2021-04-13 中国电力科学研究院有限公司 Power grid security situation perception platform framework
CN112653678A (en) * 2020-12-14 2021-04-13 国家电网有限公司信息通信分公司 Network security situation perception analysis method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245793A (en) * 2019-12-31 2020-06-05 西安交大捷普网络科技有限公司 Method and device for analyzing abnormity of network data
CN112612669A (en) * 2020-11-25 2021-04-06 中国大唐集团科学技术研究院有限公司 Infrastructure monitoring and early warning method and system based on situation awareness
CN112651006A (en) * 2020-12-07 2021-04-13 中国电力科学研究院有限公司 Power grid security situation perception platform framework
CN112653678A (en) * 2020-12-14 2021-04-13 国家电网有限公司信息通信分公司 Network security situation perception analysis method and device

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
***等: "一种基于流量与日志的专网用户行为分析方法", 《信息安全研究》 *
朱昊: "电力监控***信息安全管理***的研究与分析", 《科技创新导报》 *
李井泉等: "网络安全态势感知及主动预警技术研究", 《河北电力技术》 *
赖积保等: "基于多源异构传感器的网络安全态势感知***结构研究", 《计算机科学》 *

Also Published As

Publication number Publication date
CN113742720B (en) 2022-11-25

Similar Documents

Publication Publication Date Title
CN102340485B (en) Network security situation awareness system and method based on information correlation
CN112382064A (en) Power Internet of things fault early warning method and system based on digital twin technology
CN110188737B (en) Thermal runaway early warning method based on lithium battery safety valve opening acoustic signal detection
CN112087445A (en) Electric power Internet of things security vulnerability assessment method fusing business security
CN105354198A (en) Data processing method and apparatus
CN113645182B (en) Denial of service attack random forest detection method based on secondary feature screening
CN115086089B (en) Method and system for network security assessment prediction
CN111898647A (en) Clustering analysis-based low-voltage distribution equipment false alarm identification method
CN116366374B (en) Security assessment method, system and medium for power grid network management based on big data
CN112202718B (en) XGboost algorithm-based operating system identification method, storage medium and device
CN116342326B (en) Highway and bridge tunnel engineering measurement and control terminal
CN108183897A (en) A kind of information physical emerging system safety risk estimating method
CN111125895A (en) On-line assessment method for service power characteristics of complete wind driven generator
CN117172556A (en) Construction risk early warning method and system for bridge engineering
CN116862081A (en) Operation and maintenance method and system for pollution treatment equipment
CN111586608A (en) Intelligent health service system of power supply vehicle and data transmission method thereof
CN110956316A (en) Personnel level prediction model based on random forest
CN107977672A (en) SF6 equipment secondary failure diagnostic methods based on mass data concurrent operation
CN113742720B (en) Network security situation perception method based on multistage linkage mode
CN117526561A (en) Digital twinning-based transformer substation equipment abnormality monitoring and early warning method and system
CN114697230B (en) Zero trust-based energy station safety monitoring system and method
CN113794281B (en) Safety monitoring system for power network based on data analysis
CN115586402A (en) Power distribution network fault diagnosis and processing method
CN115801538A (en) Site server application asset deep identification method, system and equipment
CN111143622B (en) Fault data set construction method based on big data platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant