CN113890764A - Time synchronization system with prediction function and safety monitoring method and device thereof - Google Patents
Time synchronization system with prediction function and safety monitoring method and device thereof Download PDFInfo
- Publication number
- CN113890764A CN113890764A CN202111171269.2A CN202111171269A CN113890764A CN 113890764 A CN113890764 A CN 113890764A CN 202111171269 A CN202111171269 A CN 202111171269A CN 113890764 A CN113890764 A CN 113890764A
- Authority
- CN
- China
- Prior art keywords
- data
- time
- unit
- clock
- model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04J—MULTIPLEX COMMUNICATION
- H04J3/00—Time-division multiplex systems
- H04J3/02—Details
- H04J3/06—Synchronising arrangements
- H04J3/0635—Clock or time synchronisation in a network
- H04J3/0638—Clock or time synchronisation among nodes; Internode synchronisation
- H04J3/0644—External master-clock
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a time synchronization system with a prediction function and a safety monitoring method and a safety monitoring device thereof, wherein the time synchronization system comprises a master clock, a slave clock and a safety monitoring device, the master clock is used for providing a time reference and transmitting the time reference to the slave clock through a channel, the slave clock updates a local clock according to the time reference data transmitted by the master clock, and the safety monitoring device monitors possible attacks according to the time reference data transmitted by the master clock, the time measurement data and the historical value of the slave clock. The safety monitoring device comprises a data acquisition unit, a data storage unit, a model parameter updating unit, a prediction unit and a state judgment unit. The invention carries out safety monitoring parameter modeling on the time synchronization system, regresses the model parameters according to the historical data, and predicts the monitoring parameters according to the regressed model, thereby being capable of finding out potential attacks more quickly and effectively improving the safety of the optical fiber time synchronization system.
Description
Technical Field
The invention relates to the technical field of optical fiber time synchronization, in particular to a time synchronization system with a prediction function and a safety monitoring method and device thereof.
Background
Time is the basis for information perception, transmission and processing. After accurate time information is obtained through observation, the time information is delivered to a user through some means, and the system is called a time synchronization system. The method has wide application in the industries of electric power, traffic, communication and the like. The existing time synchronization system comprises schemes such as microwave time service, satellite time service, optical fiber time service and the like.
If the time synchronization is disturbed or attacked, the normal operation of the related equipment can be seriously influenced, and even the national economy can be greatly influenced. Among them, the delay attack is the biggest threat faced by the time synchronization system, because it directly affects the core indexes of the time synchronization system.
For the time delay attack, if the attack time delay is large in amplitude, the time synchronization system can judge the attack based on the threshold value, and the attack can be usually found quickly. In order to increase the secrecy of the attack, an attacker can adopt a gradual attack method for gradually increasing the delay, so that the conventional attack judgment method based on the threshold value needs a long time to discover the attack, and the time synchronization system has potential safety hazards.
Disclosure of Invention
The invention provides a time synchronization system with a prediction function and a safety monitoring method and device thereof aiming at the gradual time delay attack threat of the time synchronization system, which can predict the potential attack, can discover the potential attack more quickly, can perform early warning and improve the safety of the time synchronization system.
The technical scheme adopted by the invention is as follows:
a time synchronization system with a prediction function comprises a master clock, a slave clock and a safety monitoring device, wherein the master clock is used for providing a time reference and transmitting the time reference to the slave clock through a channel, the slave clock updates a local clock according to time reference data transmitted by the master clock, and the safety monitoring device monitors possible attacks according to the time reference data transmitted by the master clock, time measurement data and historical values of the slave clock;
the safety monitoring device comprises:
the data acquisition unit is connected with the slave clock and used for acquiring time data;
the data storage unit is used for storing the time data acquired by the data acquisition unit as historical data;
the model parameter updating unit is used for updating model parameters according to the historical data stored in the data storage unit and the current time data transmitted by the data acquisition unit;
the prediction unit is used for predicting the monitoring parameters according to the latest model transmitted by the model parameter updating unit;
and the state judgment unit is used for judging whether the monitoring parameter is greater than a threshold value at a certain future moment, and if so, judging that the channel has an attack.
Further, it is assumed that the monitored parameters satisfy the parameter equationAccording to the time data sequenceThe corresponding model parameters { a } can be calculated by regressioni}。
A=[a0,a1,...,an]T
The model parameters can be calculated as:
a security monitoring device comprising:
the data acquisition unit is connected with a slave clock and used for acquiring time data, and the slave clock acquires time reference data transmitted by a master clock through a channel;
the data storage unit is used for storing the time data acquired by the data acquisition unit as historical data;
the model parameter updating unit is used for updating model parameters according to the historical data stored in the data storage unit and the current time data transmitted by the data acquisition unit;
the prediction unit is used for predicting the monitoring parameters according to the latest model transmitted by the model parameter updating unit;
and the state judgment unit is used for judging whether the monitoring parameter is greater than a threshold value at a certain future moment, and if so, judging that the channel has an attack.
Further, it is assumed that the monitored parameters satisfy the parameter equationAccording to the time data sequenceThe corresponding model parameters { a } can be calculated by regressioni}。
A=[a0,a1,...,an]T
The model parameters can be calculated as:
a security monitoring method comprising the steps of:
s1, collecting and storing time data, wherein the time data comprises time reference data transmitted by a master clock, time measurement data of a slave clock and historical values;
s2, updating model parameters according to the collected and stored time data;
and S3, predicting the monitoring parameters according to the updated model, and if the monitoring parameters are larger than a threshold value at a certain future moment, judging that the channel has an attack.
Further, it is assumed that the monitored parameters satisfy the parameter equationAccording to the time data sequenceThe corresponding model parameters { a } can be calculated by regressioni}。
A=[a0,a1,...,an]T
The model parameters can be calculated as:
the invention has the beneficial effects that:
the invention carries out safety monitoring parameter modeling on the time synchronization system, regresses the model parameters according to the historical data, and predicts the monitoring parameters according to the regressed model, thereby being capable of finding out potential attacks more quickly and effectively improving the safety of the optical fiber time synchronization system.
Drawings
Fig. 1 is a schematic diagram of a time synchronization system with a prediction function according to embodiment 1 of the present invention.
Fig. 2 is a schematic view of a safety monitoring device according to embodiments 1 and 2 of the present invention.
Detailed Description
In order to more clearly understand the technical features, objects, and effects of the present invention, specific embodiments of the present invention will now be described. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment provides a time synchronization system with a prediction function, as shown in fig. 1, which includes a master clock, a slave clock and a security monitoring device, wherein the master clock is used for providing a time reference and transmitting the time reference to the slave clock through a channel, the slave clock updates a local clock according to time reference data transmitted by the master clock, and the security monitoring device monitors possible attacks according to the time reference data transmitted by the master clock, time measurement data of the slave clock and historical values.
As shown in fig. 2, the safety monitoring device includes a data acquisition unit, a data storage unit, a model parameter updating unit, a prediction unit, and a state judgment unit, wherein the data acquisition unit is used for connecting with a slave clock to acquire time data; the data storage unit is used for storing the time data acquired by the data acquisition unit as historical data; the model parameter updating unit is used for updating model parameters according to the historical data stored in the data storage unit and the current time data transmitted by the data acquisition unit; the prediction unit is used for predicting the monitoring parameters according to the latest model transmitted by the model parameter updating unit; the state judgment unit is used for judging whether the monitoring parameter is larger than a threshold value at a certain future moment, and if so, judging that the channel has an attack.
Without loss of generality, the parameter equation is assumed to be a pairLinear equation of historical dataOrder;
A=[a0,a1,...,an]T
The model parameters can be calculated as:
without loss of generality, assuming that the predicted value of the monitoring parameter exceeds the threshold within 10 seconds in the future, attack safety early warning is carried out.
Assuming that the current time is ith second, the calculation can be performed successively according to the above linear equationThe calculation is as follows:
…
of these 10 values, it is assumed that the security precaution threshold is exceeded from the kth, and it is determined that there is an attack.
Example 2
The embodiment provides a safety monitoring device, as shown in fig. 2, which includes a data acquisition unit, a data storage unit, a model parameter updating unit, a prediction unit, and a state judgment unit, where the data acquisition unit is used for connecting with a slave clock to acquire time data, and the slave clock acquires time reference data transmitted by a master clock through a channel; the data storage unit is used for storing the time data acquired by the data acquisition unit as historical data; the model parameter updating unit is used for updating model parameters according to the historical data stored in the data storage unit and the current time data transmitted by the data acquisition unit; the prediction unit is used for predicting the monitoring parameters according to the latest model transmitted by the model parameter updating unit; the state judgment unit is used for judging whether the monitoring parameter is larger than a threshold value at a certain future moment, and if so, judging that the channel has an attack.
Without loss of generality, the parameter equation is assumed to be a pairLinear equation of historical dataOrder:
A=[a0,a1,...,an]T
The model parameters can be calculated as:
without loss of generality, assuming that the predicted value of the monitoring parameter exceeds the threshold within 10 seconds in the future, attack safety early warning is carried out.
Assuming that the current time is ith second, the calculation can be performed successively according to the above linear equationThe calculation is as follows:
…
of these 10 values, it is assumed that the security precaution threshold is exceeded from the kth, and it is determined that there is an attack.
Example 3
The embodiment provides a safety monitoring method, which comprises the following steps:
s1, collecting and storing time data, wherein the time data comprises time reference data transmitted by a master clock, time measurement data of a slave clock and historical values;
s2, updating model parameters according to the collected and stored time data;
and S3, predicting the monitoring parameters according to the updated model, and if the monitoring parameters are larger than a threshold value at a certain future moment, judging that the channel has an attack.
Without loss of generality, the parameter equation is assumed to be a pairLinear equation of historical dataOrder:
A=[a0,a1,...,an]T
The model parameters can be calculated as:
without loss of generality, assuming that the predicted value of the monitoring parameter exceeds the threshold within 10 seconds in the future, attack safety early warning is carried out.
Assuming that the current time is ith second, the calculation can be performed successively according to the above linear equationThe calculation is as follows:
…
of these 10 values, it is assumed that the security precaution threshold is exceeded from the kth, and it is determined that there is an attack.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (9)
1. A time synchronization system with a prediction function is characterized by comprising a master clock, a slave clock and a safety monitoring device, wherein the master clock is used for providing a time reference and is transmitted to the slave clock through a channel, the slave clock updates a local clock according to the time reference data transmitted by the master clock, and the safety monitoring device monitors possible attacks according to the time reference data transmitted by the master clock, the time measurement data and the historical value of the slave clock;
the safety monitoring device comprises:
the data acquisition unit is connected with the slave clock and used for acquiring time data;
the data storage unit is used for storing the time data acquired by the data acquisition unit as historical data;
the model parameter updating unit is used for updating model parameters according to the historical data stored in the data storage unit and the current time data transmitted by the data acquisition unit;
the prediction unit is used for predicting the monitoring parameters according to the latest model transmitted by the model parameter updating unit;
and the state judgment unit is used for judging whether the monitoring parameter is greater than a threshold value at a certain future moment, and if so, judging that the channel has an attack.
4. a security monitoring device, comprising:
the data acquisition unit is connected with a slave clock and used for acquiring time data, and the slave clock acquires time reference data transmitted by a master clock through a channel;
the data storage unit is used for storing the time data acquired by the data acquisition unit as historical data;
the model parameter updating unit is used for updating model parameters according to the historical data stored in the data storage unit and the current time data transmitted by the data acquisition unit;
the prediction unit is used for predicting the monitoring parameters according to the latest model transmitted by the model parameter updating unit;
and the state judgment unit is used for judging whether the monitoring parameter is greater than a threshold value at a certain future moment, and if so, judging that the channel has an attack.
7. a security monitoring method, comprising the steps of:
s1, collecting and storing time data, wherein the time data comprises time reference data transmitted by a master clock, time measurement data of a slave clock and historical values;
s2, updating model parameters according to the collected and stored time data;
and S3, predicting the monitoring parameters according to the updated model, and if the monitoring parameters are larger than a threshold value at a certain future moment, judging that the channel has an attack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111171269.2A CN113890764B (en) | 2021-10-08 | 2021-10-08 | Time synchronization system with prediction function and safety monitoring method and device thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111171269.2A CN113890764B (en) | 2021-10-08 | 2021-10-08 | Time synchronization system with prediction function and safety monitoring method and device thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113890764A true CN113890764A (en) | 2022-01-04 |
CN113890764B CN113890764B (en) | 2023-05-09 |
Family
ID=79005414
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111171269.2A Active CN113890764B (en) | 2021-10-08 | 2021-10-08 | Time synchronization system with prediction function and safety monitoring method and device thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113890764B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114666001A (en) * | 2022-02-23 | 2022-06-24 | 中国电子科技集团公司第三十研究所 | Time synchronization system, multistage safety monitoring method, equipment and medium thereof |
CN115242346A (en) * | 2022-07-01 | 2022-10-25 | 中国电子科技集团公司第三十研究所 | Method for judging asymmetric delay attack and clock jitter of time synchronization system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102148652A (en) * | 2011-02-17 | 2011-08-10 | 上海奇微通讯技术有限公司 | System and method for measuring network clock synchronization |
CN108965035A (en) * | 2018-09-13 | 2018-12-07 | 南京信息工程大学 | A kind of attack path prediction technique based on attack gain |
CN111865469A (en) * | 2020-07-31 | 2020-10-30 | 江西师范大学 | Industrial Internet of things fault-tolerant time synchronization method and system based on block chain |
CN112637137A (en) * | 2020-12-08 | 2021-04-09 | 中国电子科技集团公司第三十研究所 | Optical fiber time synchronization monitoring method and system based on clock error dynamic model |
CN112711039A (en) * | 2021-03-26 | 2021-04-27 | 中国人民解放军国防科技大学 | Time synchronization attack detection and correction method and device based on optimal estimation |
US20210211360A1 (en) * | 2020-01-08 | 2021-07-08 | The United States Of America As Represented By The Secretary Of The Navy | Network Monitoring of Time Synchronization Protocols Using Convolutional Neural Networks |
CN113179256A (en) * | 2021-04-12 | 2021-07-27 | 中国电子科技集团公司第三十研究所 | Time information safety fusion method and system for time synchronization system |
-
2021
- 2021-10-08 CN CN202111171269.2A patent/CN113890764B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102148652A (en) * | 2011-02-17 | 2011-08-10 | 上海奇微通讯技术有限公司 | System and method for measuring network clock synchronization |
CN108965035A (en) * | 2018-09-13 | 2018-12-07 | 南京信息工程大学 | A kind of attack path prediction technique based on attack gain |
US20210211360A1 (en) * | 2020-01-08 | 2021-07-08 | The United States Of America As Represented By The Secretary Of The Navy | Network Monitoring of Time Synchronization Protocols Using Convolutional Neural Networks |
CN111865469A (en) * | 2020-07-31 | 2020-10-30 | 江西师范大学 | Industrial Internet of things fault-tolerant time synchronization method and system based on block chain |
CN112637137A (en) * | 2020-12-08 | 2021-04-09 | 中国电子科技集团公司第三十研究所 | Optical fiber time synchronization monitoring method and system based on clock error dynamic model |
CN112711039A (en) * | 2021-03-26 | 2021-04-27 | 中国人民解放军国防科技大学 | Time synchronization attack detection and correction method and device based on optimal estimation |
CN113179256A (en) * | 2021-04-12 | 2021-07-27 | 中国电子科技集团公司第三十研究所 | Time information safety fusion method and system for time synchronization system |
Non-Patent Citations (1)
Title |
---|
刘亮: "基于Kalman滤波的持续卫星时间同步攻击防护方法", 《电力***自动化》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114666001A (en) * | 2022-02-23 | 2022-06-24 | 中国电子科技集团公司第三十研究所 | Time synchronization system, multistage safety monitoring method, equipment and medium thereof |
CN114666001B (en) * | 2022-02-23 | 2024-04-02 | 中国电子科技集团公司第三十研究所 | Time synchronization system and multi-stage safety monitoring method, equipment and medium thereof |
CN115242346A (en) * | 2022-07-01 | 2022-10-25 | 中国电子科技集团公司第三十研究所 | Method for judging asymmetric delay attack and clock jitter of time synchronization system |
CN115242346B (en) * | 2022-07-01 | 2024-04-09 | 中国电子科技集团公司第三十研究所 | Method for discriminating asymmetric delay attack and clock jitter of time synchronization system |
Also Published As
Publication number | Publication date |
---|---|
CN113890764B (en) | 2023-05-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113890764A (en) | Time synchronization system with prediction function and safety monitoring method and device thereof | |
CN108429651B (en) | Flow data detection method and device, electronic equipment and computer readable medium | |
CN105069695A (en) | Intelligent substation real-time risk analysis system and analysis method | |
CN103312030A (en) | Electrical device monitoring system and method | |
CN116980958B (en) | Radio equipment electric fault monitoring method and system based on data identification | |
CN110601066A (en) | Transmission line safety monitoring management system | |
CN103763127A (en) | Device state alarm monitoring method and system | |
CN205610341U (en) | Bus duct monitored control system | |
CN111766815A (en) | Operation monitoring system of water affair equipment | |
CN117520096B (en) | Intelligent server safety monitoring system | |
CN103999316A (en) | Method for generating a signal indicating an oscillation in an electrical energy supply network | |
CN107645650B (en) | Security area monitoring method and security area monitoring system | |
CN117094852B (en) | Energy monitoring system and method for industrial and commercial energy storage | |
CN113829952A (en) | Battery control method and system of electric automobile and electric automobile | |
CN117176249A (en) | Intelligent monitoring system for optical fiber network | |
CN111948534A (en) | Generator state early warning method and system | |
CN115765151A (en) | Safe operation and maintenance management method and system for secondary power transformation equipment | |
CN114338221B (en) | Network detection system based on big data analysis | |
CN110719323A (en) | Data processing method, related device and product | |
CN106385384B (en) | Message sending method and network equipment | |
CN108924129A (en) | One kind being based on computer network instrument system of defense and intrusion prevention method | |
CN114844766A (en) | Method and device for building industrial information security guarantee system | |
CN112839075A (en) | Data transmission method applied to acquisition equipment and related device | |
CN111766790A (en) | Security protection system based on intelligent house | |
CN114546703B (en) | File handle monitoring and leakage analysis method and device and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |