CN114584405A - Electric power terminal safety protection method and system - Google Patents

Electric power terminal safety protection method and system Download PDF

Info

Publication number
CN114584405A
CN114584405A CN202210491285.8A CN202210491285A CN114584405A CN 114584405 A CN114584405 A CN 114584405A CN 202210491285 A CN202210491285 A CN 202210491285A CN 114584405 A CN114584405 A CN 114584405A
Authority
CN
China
Prior art keywords
power terminal
equipment
data
trust
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210491285.8A
Other languages
Chinese (zh)
Other versions
CN114584405B (en
Inventor
吕磅
孙歆
韩嘉佳
王文
戴桦
汪自翔
汪溢镭
陈正奎
孙昌华
李沁园
王译锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd filed Critical Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202210491285.8A priority Critical patent/CN114584405B/en
Publication of CN114584405A publication Critical patent/CN114584405A/en
Application granted granted Critical
Publication of CN114584405B publication Critical patent/CN114584405B/en
Priority to PCT/CN2023/070408 priority patent/WO2023216641A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a safety protection method and system for an electric power terminal, and belongs to the technical field of electric power terminal equipment. The existing protection technology only controls and isolates application services, and the network security problem of the existing power Internet of things cannot be really solved. According to the electric power terminal safety protection method, the zero trust module is constructed to carry out strong monitoring on the electric power terminal equipment, before data acquisition, the electric power terminal equipment needs to be subjected to trust scoring, and a mode of evaluating firstly and then acquiring is adopted, so that physical attack can be effectively reduced, the accuracy of data acquisition is ensured, and light-weight acquisition of terminal data information can be realized; meanwhile, a security situation perception module is constructed, situation perception is carried out on the collected data, and data security compliance is guaranteed; the real-time management and control module is further constructed, the sensing data are managed and controlled, safety instructions are generated, safety protection is carried out on the power terminal equipment, abnormal situations can be timely and efficiently dealt with, and emergency response is carried out.

Description

Electric power terminal safety protection method and system
Technical Field
The invention relates to a safety protection method and system for an electric power terminal, and belongs to the technical field of electric power terminal equipment.
Background
Aiming at the development requirement of novel power system service, the original enclosure type protection system with heavy boundary and strong protection is difficult to adapt.
In the aspect of terminals, massive power internet of things terminals are widely accessed, and the difficulty of safety control is further increased. If the distributed wind power and photovoltaic service terminals are in remote areas, the safety of the body is difficult to guarantee, and real-time sensing and handling means are lacked.
In the boundary aspect, firstly, unnecessary attack surfaces can be exposed in a mode of directly acquiring data, and the transverse movement of the platform side and the side end side is difficult to limit; and secondly, the new service has high cross-regional interaction frequency and large data volume, but the cross-regional data interaction efficiency is low at present, and boundary protection measures become service performance bottlenecks when large concurrent services such as power transaction and large video bandwidth services such as unmanned aerial vehicles interact across the large region.
In the aspect of services, firstly, part of related control services extend outwards, and the access requirements of wireless related control services are vigorous, so that the risk is increased; secondly, along with service expansion, all service systems are converged in a data center station and are continuously opened to the outside for shared utilization, the risk of data safety compliance is suddenly increased, for example, a low-voltage distributed power supply and a user energy storage large-scale access power distribution station area are added to source network charge storage cooperative control, and service data are accessed to an provincial public data platform.
In the aspect of safety control, novel business interaction demand and complexity are improved, safety emergency response is difficult to timely and efficient, if an intelligent terminal is invaded by physical means, access and communication of the intelligent terminal cannot be limited immediately, and safety events are enlarged.
Further, the chinese patent application (publication No. CN 112511618A) discloses an edge internet of things agent protection method and a dynamic security trusted system of power internet of things, relating to the technical field of security protection of power internet of things, wherein the edge internet of things agent protection method classifies terminal application services according to the trust, including trusted terminal services and common terminal services; performing parallel isolation control on the trusted terminal service and the common terminal service; the trusted terminal service is processed by creating the trusted service domain, and the common terminal service is processed by creating the common service domain.
According to the scheme, the terminal application services are classified, the terminal application services are divided into the credible terminal services and the common terminal services, the credible terminal services and the common terminal services are subjected to parallel isolation control, but no protective measures are provided for the terminal equipment, after the terminal equipment is invaded, false information, even Trojan and viruses, can not be uploaded, and cannot ensure that the collected information is not tampered, so that the network security problem of the existing power Internet of things can not be really solved only by controlling and isolating the application services.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a method for constructing a zero trust module to carry out strong monitoring on electric power terminal equipment, and the zero trust module can be used for collecting equipment information of the electric power terminal equipment; the trust score is carried out according to the collected equipment information, and a trust value is given, so that abnormal electric terminal equipment can be identified in time, further, the electric terminal equipment can be effectively prevented from uploading false information, trojans and viruses, and the collected information is guaranteed not to be tampered; by adopting a mode of evaluating and collecting firstly, on one hand, the safety information of the terminal can be actively and quickly checked, the management and control terminal can be accurately detected, physical attacks are reduced, on the other hand, the accuracy of data collection is ensured, and light-weight collection of terminal data information is realized; meanwhile, a security situation perception module is constructed, situation perception is carried out on the collected data, and data security compliance is guaranteed; the real-time management and control module is constructed, the sensing data are managed and controlled, the safety instruction is generated, the electric power terminal equipment is subjected to safety protection and safety reinforcement, abnormal situations can be dealt with efficiently in time, emergency response is carried out, and safety event expansion is avoided.
The invention aims to provide a zero trust device for assembling to carry out strong monitoring on the electric power terminal device, and the zero trust device can collect the device information of the electric power terminal device; the method of evaluating and collecting firstly, can identify abnormal power terminal equipment in time, can effectively reduce physical attacks, ensures the accuracy of data collection, further can effectively avoid the power terminal equipment from uploading false information, trojans and viruses, ensures that the collected information is not falsified, and can realize light-weight collection of terminal data information; the data platform is arranged, safety instructions can be generated according to the analytic data, safety protection and safety reinforcement are carried out on the electric power terminal equipment, abnormal situations can be responded efficiently in time, emergency response is carried out, and the electric power terminal safety protection system capable of avoiding safety event expansion is avoided.
In order to achieve one of the above objects, a first technical solution of the present invention is:
a safety protection method for an electric power terminal,
the method comprises the following steps:
the method comprises the following steps that firstly, a zero trust module is constructed, and equipment information of the electric power terminal equipment is collected; carrying out trust scoring according to the collected equipment information and giving a trust value;
evaluating the electric terminal equipment according to the trust value, and dividing the electric terminal equipment into trusted equipment and abnormal equipment;
step two, data acquisition is carried out on the trusted equipment in the step one, and acquired data are obtained;
step three, constructing a security situation perception module, and carrying out situation perception on the collected data in the step two;
when the perception is qualified, converting the acquired data into perception data;
the situation awareness comprises intrusion detection or/and vulnerability awareness or/and file integrity detection or/and log monitoring operation;
step four, a real-time management and control module is constructed, the perception data in the step four are managed and controlled, and a safety instruction is generated;
step five, the safety instruction in the step four is issued to the electric power terminal equipment, and safety protection and safety reinforcement are carried out on the electric power terminal equipment;
the security protection and the security reinforcement comprise security detection or/and security reinforcement or/and file authority management or/and security upgrade.
Through continuous exploration and tests, the zero-trust module is constructed to carry out strong monitoring on the power terminal equipment, the zero-trust module can collect equipment information of the power terminal equipment, meanwhile, trust scoring is carried out according to the collected equipment information, and a trust value is given, so that abnormal power terminal equipment can be identified in time, further, the power terminal equipment can be effectively prevented from uploading false information, trojans and viruses, and the collected information is guaranteed not to be tampered.
Furthermore, before data acquisition, the electric power terminal equipment needs to be subjected to trust scoring, and compared with a general passive authentication mode or a direct data acquisition mode, the method adopts a mode of evaluating before acquiring, so that on one hand, the accuracy of data acquisition can be ensured; on the other hand, the safety information of the terminal can be actively and quickly checked, the management and control terminal is accurately detected, physical attacks are effectively reduced, and light-weight acquisition of terminal data information can be achieved.
Therefore, the method and the device can be suitable for new services with high cross-regional interaction frequency and large data volume, and are particularly suitable for boundary protection measures when large concurrent services such as power transaction and the like and large video bandwidth services such as unmanned aerial vehicles and the like are interacted in a cross-regional manner.
Meanwhile, the invention constructs a security situation perception module, carries out situation perception on the collected data, carries out operations such as intrusion detection or/and vulnerability perception or/and file integrity detection or/and log monitoring operation on the collected data, ensures the data security compliance and further avoids the data from being tampered.
Furthermore, the real-time management and control module is constructed, the sensing data are managed and controlled, the safety instruction is generated, the safety protection and safety reinforcement are carried out on the electric power terminal equipment, the abnormal situation can be timely and efficiently responded, and the emergency response is carried out. Such as: when the electric power terminal equipment is invaded by physical means, the safety command can be issued in time, the electric power terminal equipment is controlled to immediately limit the access and communication of the electric power terminal equipment, and the expansion of safety events is avoided.
As a preferable technical measure:
in the first step, the flow of the zero trust module acquiring the device information is as follows: reading equipment data, reading a rule file, analyzing a rule base and collecting equipment information;
meanwhile, the zero trust module carries out continuous dynamic equipment identity authentication on the power terminal equipment so as to block the virtual standby information;
the trust value is an index of identity authentication, and comprehensive scoring is carried out according to basic attributes and access time delay of the equipment to obtain the trust value;
the maintenance of trust values includes the following:
(1) the maximum trust value is M, and the minimum trust value is N; m > N
(2) The threshold value of the trust value is H, if the threshold value is higher than or equal to H, the user is a legal user, and if the threshold value is lower than H, the user is an illegal user;
(3) adding T to the trust value after each successful verification;
(4) the trust value is decremented by T each time the verification fails.
Preferably, M =100, N =0, H =60, T = 1.
The trust value comprises a direct trust value, a time delay evaluation trust value and an abnormal behavior evaluation trust value, and the calculation formula is as follows:
Figure 100002_DEST_PATH_IMAGE001
Figure 100002_DEST_PATH_IMAGE002
in order to be a trust value, the device,
Figure 100002_DEST_PATH_IMAGE003
is a direct trust value,
Figure 100002_DEST_PATH_IMAGE004
Evaluating a trust value for a time delay,
Figure 100002_DEST_PATH_IMAGE005
Evaluating a trust value for the abnormal behavior;
the direct trust value is an S-type function SIGMOID, and the calculation formula is as follows:
Figure 100002_DEST_PATH_IMAGE006
wherein
Figure 100002_DEST_PATH_IMAGE007
In order to directly trust the value of the data,
Figure 100002_DEST_PATH_IMAGE008
constraining coefficients for direct trust values of different devices;
the time delay evaluation trust value and the abnormal behavior evaluation trust value form an indirect trust value;
the time delay evaluation trust value is evaluated according to the response time of the equipment, and the calculation formula is as follows:
Figure 100002_DEST_PATH_IMAGE009
wherein
Figure 100002_DEST_PATH_IMAGE010
The trust value is evaluated for the time delay,
Figure DEST_PATH_IMAGE011
in order for the device to answer the maximum allowed delay,
Figure DEST_PATH_IMAGE012
transmitting delay amount for information;
the evaluation trust value of the abnormal behavior is evaluated according to the proportion of the abnormal behavior and the normal behavior of the equipment, and the calculation formula is as follows:
Figure DEST_PATH_IMAGE013
wherein
Figure DEST_PATH_IMAGE014
A trust value is evaluated for the abnormal behavior,
Figure DEST_PATH_IMAGE015
in order to be the amount of the abnormal behavior,
Figure DEST_PATH_IMAGE016
is the normal behavior quantity.
As a preferable technical measure:
the abnormal situation of the electric terminal equipment comprises the following contents:
(1) the method comprises the steps that equipment information is uploaded at a certain time in a certain day by certain electric power terminal equipment, the uploading of the equipment information is delayed, a trust value of the electric power terminal equipment is calculated according to a time delay evaluation trust value calculation formula, and when the trust value is lower than a threshold value, abnormal equipment alarming is carried out;
(2) the electric terminal equipment carries out identity verification in a password mode, a verification failure trust value is deducted, a certain electric terminal equipment fails in verification for many times, the trust value is continuously deducted, and when the trust value of the electric terminal equipment is lower than a trust threshold value, abnormal equipment alarm is carried out;
(3) the method comprises the steps that the information interaction time of the electric power terminal equipment is fixed, the interaction information is fixed, the interaction time of certain electric power information is disordered, the interaction information is disordered, abnormal behaviors are obvious, the trust value of the electric power terminal equipment is calculated according to an abnormal behavior evaluation trust value calculation formula, and when the trust value of the electric power terminal equipment is lower than a threshold value, abnormal equipment alarming is carried out;
the device information comprises the kernel version of the operating system of the power terminal, the release version of the operating system and the like, the name of a CPU (Central processing Unit), the architecture of the CPU, the number of cores of the CPU, the size of a memory, the size of storage, the name of network card information, the address of the network card information, the state of the network card information, the type of the network card information and the size of network card information flow.
As a preferable technical measure:
in the third step, the intrusion detection is divided into abnormal detection and misuse detection;
the anomaly detection includes the following:
establishing a module with normal system access behavior, and determining that the behavior of the visitor which is not in accordance with the module is an intrusion;
the misuse detection comprises the following:
a plurality of unfavorable unacceptable behaviors are induced to establish a module, and all behaviors which are consistent with the module by a visitor are judged to be invasion;
the intrusion detection has the calculation formula:
Figure DEST_PATH_IMAGE017
(1)
Figure DEST_PATH_IMAGE018
(2)
wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE019
for expressing the intrusion detection result;
Figure DEST_PATH_IMAGE020
corresponding to the normal access and the access to be detected;
Figure DEST_PATH_IMAGE021
is the access speed difference;
Figure DEST_PATH_IMAGE022
is the access address difference;
Figure DEST_PATH_IMAGE023
is an access device difference;
α is a constraint coefficient for adjusting the access speed difference weight, and is usually 1;
beta is a constraint coefficient used for adjusting the difference weight of the access address, and is generally 1;
gamma is a constraint coefficient used to adjust the access device difference weight, and is usually 1;
a is a constraint coefficient of access speed attribute difference;
b is a constraint coefficient of the attribute difference of the access address;
c is a constraint coefficient of the attribute difference of the access device;
typically a is constant 6.5, b is constant 58.5, c is constant 29.25;
Figure DEST_PATH_IMAGE024
respectively corresponding to the speed average values of normal access and access to be detected;
Figure DEST_PATH_IMAGE025
address values corresponding to normal access and to-be-detected access respectively;
Figure DEST_PATH_IMAGE026
is a fixed information value of the access device.
As a preferable technical measure:
the vulnerability perception is used for detecting the connection condition of the related network nodes, and the calculation formula is as follows:
Figure DEST_PATH_IMAGE027
(3)
wherein
Figure DEST_PATH_IMAGE028
The value of the vulnerability is the value of the vulnerability,
Figure DEST_PATH_IMAGE029
the value is connected for the network node to be detected,
Figure DEST_PATH_IMAGE030
the values are connected for the neighboring network nodes,
Figure DEST_PATH_IMAGE031
and selecting corresponding values according to different terminal types for variable parameters to obtain the most suitable network node connection values.
As a preferable technical measure:
the file integrity check comprises the following steps:
continuously monitoring files and folders, monitoring specified directories in configuration files and capturing the changes;
monitoring events throughout the directory structure or in individual files and folders;
the events comprise creating, deleting or renaming files, folders and directories, accessing files and folders and changing the attributes of the files and the folders; changing security settings of files, folders, or directories;
the calculation formula of the file integrity detection is as follows:
Figure DEST_PATH_IMAGE032
(4)
wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE033
the integrity detection value is a true value when the current file is the same as the original file, and is a false value otherwise;
turejudging a function for a true value;
falsejudging a function for a false value;
newfileis a current file;
oldfileis an original file;
the log monitoring is to monitor and analyze important log files in the system in real time and detect the attack mode of an intruder on the system;
the attack mode comprises violent attack, right lifting and scanning.
As a preferable technical measure:
in the fifth step, the safety detection is that the abnormal behavior condition of the power terminal is monitored in real time according to the sensing data statistically analyzed by the safety situation sensing module;
the security reinforcement comprises password reinforcement and kernel virtual patch;
the file rights management includes the following:
continuously monitoring file authority, and finding out that authority change is abnormal, namely, finding out the occurrence of risk condition in advance and processing the risk condition in advance through the change of the integrity, structure and authority of the terminal file;
the security upgrade comprises the following contents:
remote upgrading and local upgrading, wherein the remote upgrading is performed through a safety monitoring center for rapid upgrading service, and meanwhile, online remote deployment of new equipment is supported; and local upgrading is performed through the power terminal.
As a preferable technical measure:
the system also comprises a data storage module and a data visualization module;
the data storage module is used for constructing a database and storing perception data and control data;
the data visualization module acquires data from the data storage module and can display the terminal type, the danger level, the network type and the security loophole of the power terminal equipment.
In order to achieve one of the above objects, a second technical solution of the present invention is:
a safety protection method for an electric power terminal,
the method comprises the following steps:
the method comprises the steps that firstly, a zero trust module is constructed, equipment information of the electric power terminal equipment is collected, meanwhile, a trust value is scored according to the collected equipment information, and the trust value is given;
when the trust value reaches the standard, trusting the electric power terminal equipment, and identifying the electric power terminal equipment as trustable equipment;
when the trust value does not reach the standard, the electric power terminal equipment is identified as abnormal equipment, and abnormal equipment alarm is carried out;
step two, carrying out data acquisition on the trusted equipment in the step one to obtain acquired data;
step three, a security situation perception module is constructed, intrusion detection, vulnerability perception, file integrity detection and log monitoring operation are carried out on the collected data in the step two, and the collected data are converted into perception data;
step four, a real-time management and control module is constructed, sensing data in the step three are detected and managed and controlled, and a safety instruction is generated;
and step five, the safety command in the step four is issued to the electric power terminal equipment, safety protection and safety reinforcement are carried out on the electric power terminal equipment, and safety detection, safety reinforcement, file authority management and safety upgrading of the electric power terminal equipment are achieved.
The zero trust module can collect the equipment information of the power terminal equipment, and meanwhile, trust scoring is carried out according to the collected equipment information to give a trust value, so that abnormal power terminal equipment can be identified in time, further, the power terminal equipment can be effectively prevented from uploading false information, trojans and viruses, and the collected information is guaranteed against being tampered.
Furthermore, before data acquisition, the electric power terminal equipment needs to be subjected to trust scoring, and a mode of evaluating before acquiring is adopted, so that physical attack can be effectively reduced, the accuracy of data acquisition is ensured, and light-weight acquisition of terminal data information can be realized; compared with a general passive authentication mode, the evaluation method can actively and quickly check the safety information of the terminal and accurately detect the control terminal, so that the method is suitable for new services with high cross-regional interaction frequency and large data volume, and particularly boundary protection measures when large concurrent services such as electric power transaction and large video bandwidth services such as unmanned aerial vehicles interact across large regions.
Meanwhile, the security situation sensing module is constructed, collected data are subjected to a series of operations such as intrusion detection, vulnerability sensing, file integrity detection and log monitoring, the collected data can be converted into sensing data, data security compliance is guaranteed, and data are further prevented from being tampered.
In addition, the real-time management and control module is constructed, the sensing data is managed and controlled, the safety instruction is generated, and the operations of safety detection, safety reinforcement, file authority management, safety upgrading and the like are performed on the electric power terminal equipment, so that the abnormal situation can be timely and efficiently coped with, and emergency response is performed. Such as: when a certain electric terminal device is invaded by physical means, a safety command can be issued in time, the electric terminal device is controlled to immediately limit access and communication, and safety events are prevented from being enlarged.
In order to achieve one of the above objects, a third technical solution of the present invention is:
a safety protection system for an electric power terminal is provided,
the electric power terminal safety protection method is applied, and comprises a zero trust terminal, a network probe, an edge Internet of things agent and a data platform;
the zero trust terminal collects equipment information of the power terminal to obtain an equipment data stream, and performs trust value grading according to the equipment information to give a trust value;
the network probe is used for acquiring safety information of the power terminal equipment to obtain a safety data stream;
the edge Internet of things agent reads and analyzes the equipment data stream and the safety data stream to obtain analysis data, and uploads the analysis data to the data platform;
the data platform is used for processing the analyzed data and generating a safety instruction;
and the safety command is issued to the power terminal equipment through the edge Internet of things agent, and safety protection and safety reinforcement are carried out on the power terminal equipment.
Through continuous exploration and tests, the zero-trust equipment is assembled to carry out strong monitoring on the power terminal equipment, the zero-trust equipment can collect equipment information of the power terminal equipment, meanwhile, trust scoring is carried out according to the collected equipment information, and a trust value is given, so that abnormal power terminal equipment can be identified in time, further, the power terminal equipment can be effectively prevented from uploading false information, trojans and viruses, and the collected information is guaranteed not to be tampered.
Furthermore, before data acquisition, the electric power terminal equipment needs to be subjected to trust scoring, and a mode of evaluating before acquiring is adopted, so that physical attack can be effectively reduced, the accuracy of data acquisition is ensured, and light-weight acquisition of terminal data information can be realized; compared with a general passive authentication mode, the protection system can actively and quickly check the safety information of the terminal and accurately detect the control terminal, so that the protection system is suitable for new services with high cross-regional interaction frequency and large data volume, and particularly suitable for boundary protection measures when large concurrent services such as power transaction and the like and large video bandwidth services such as unmanned aerial vehicles and the like are interacted in a cross-regional manner.
In addition, the data platform is arranged, so that a safety instruction can be generated according to the analysis data, the safety protection and the safety reinforcement can be performed on the electric power terminal equipment, the abnormal situation can be timely and efficiently coped with, and the emergency response can be performed. Such as: when the intelligent terminal is invaded by physical means, the intelligent terminal can issue a safety command in time, control the electric power terminal equipment to immediately limit the access and communication of the intelligent terminal equipment, and avoid the expansion of safety events.
Compared with the prior art, the invention has the following beneficial effects:
through continuous exploration and tests, the zero-trust module is constructed to carry out strong monitoring on the power terminal equipment, the zero-trust module can collect equipment information of the power terminal equipment, meanwhile, trust scoring is carried out according to the collected equipment information, and a trust value is given, so that abnormal power terminal equipment can be identified in time, further, the power terminal equipment can be effectively prevented from uploading false information, trojans and viruses, and the collected information is guaranteed not to be tampered.
Furthermore, before data acquisition, the electric power terminal equipment needs to be subjected to trust scoring, and a mode of evaluating before acquiring is adopted, so that physical attack can be effectively reduced, the accuracy of data acquisition is ensured, and light-weight acquisition of terminal data information can be realized; compared with a general passive authentication mode, the evaluation method can actively and quickly check the safety information of the terminal and accurately detect the control terminal, so that the method is suitable for new services with high cross-regional interaction frequency and large data volume, and particularly boundary protection measures when large concurrent services such as electric power transaction and large video bandwidth services such as unmanned aerial vehicles interact across large regions.
Meanwhile, the invention constructs a security situation perception module, carries out situation perception on the collected data, carries out operations such as intrusion detection or/and vulnerability perception or/and file integrity detection or/and log monitoring operation on the collected data, ensures the data security compliance and further avoids the data from being tampered.
Furthermore, the real-time management and control module is constructed, the sensing data are managed and controlled, the safety instruction is generated, the safety protection and safety reinforcement are carried out on the electric power terminal equipment, abnormal situations can be responded timely and efficiently, and emergency response can be carried out. Such as: when the intelligent terminal is invaded by physical means, the intelligent terminal can issue a safety command in time, control the electric power terminal equipment to immediately limit the access and communication of the intelligent terminal equipment, and avoid the expansion of safety events.
Drawings
FIG. 1 is a flow chart of a protection method of the present invention;
fig. 2 is a diagram of the protection system of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
On the contrary, the invention is intended to cover alternatives, modifications, equivalents and alternatives which may be included within the spirit and scope of the invention as defined by the appended claims. Furthermore, in the following detailed description of the present invention, certain specific details are set forth in order to provide a better understanding of the present invention. It will be apparent to one skilled in the art that the present invention may be practiced without these specific details.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "or/and" includes any and all combinations of one or more of the associated listed items.
As shown in fig. 1, a specific embodiment of the method for protecting a power terminal according to the present invention:
a safety protection method for an electric power terminal,
the method comprises the following steps:
the method comprises the steps that firstly, a zero trust module is constructed, equipment information of the electric power terminal equipment is collected, meanwhile, trust scoring is carried out according to the collected equipment information, and a trust value is given;
evaluating the electric terminal equipment according to the trust value, and dividing the electric terminal equipment into trusted equipment and abnormal equipment;
step two, data acquisition is carried out on the trusted equipment in the step one, and acquired data are obtained;
step three, constructing a security situation perception module, and carrying out situation perception on the collected data in the step two;
when the perception is qualified, converting the acquired data into perception data;
the situation awareness comprises intrusion detection or/and vulnerability awareness or/and file integrity detection or/and log monitoring operation;
step four, a real-time management and control module is constructed, the perception data in the step four are managed and controlled, and a safety instruction is generated;
step five, the safety instruction in the step four is issued to the electric power terminal equipment, and safety protection and safety reinforcement are carried out on the electric power terminal equipment;
the security protection and the security reinforcement comprise security detection or/and security reinforcement or/and file authority management or/and security upgrade.
The invention discloses a best embodiment of a safety protection method of an electric power terminal, which comprises the following steps:
a safety protection method for an electric power terminal,
the method comprises the following steps:
the method comprises the steps that firstly, a zero trust module is constructed, equipment information of the power terminal equipment is collected, meanwhile, trust value grading is carried out according to the collected equipment information, and a trust value is given;
when the trust value reaches the standard, trusting the electric power terminal equipment, and identifying the electric power terminal equipment as trustable equipment;
when the trust value does not reach the standard, the electric power terminal equipment is identified as abnormal equipment, and abnormal equipment alarm is carried out;
step two, carrying out data acquisition on the trusted equipment in the step one to obtain acquired data;
step three, a security situation perception module is constructed, intrusion detection, vulnerability perception, file integrity detection and log monitoring operation are carried out on the collected data in the step two, and the collected data are converted into perception data;
step four, a real-time management and control module is constructed, sensing data in the step three are detected and managed and controlled, and a safety instruction is generated;
and step five, the safety instruction in the step four is issued to the electric power terminal equipment, safety protection and safety reinforcement are carried out on the electric power terminal equipment, and safety detection, safety reinforcement, file authority management and safety upgrading of the electric power terminal equipment are achieved.
As shown in fig. 2, a specific embodiment of the power terminal safety protection system of the present invention:
a safety protection system for an electric power terminal is provided,
the electric power terminal safety protection method is applied, and comprises a zero trust terminal, a network probe, an edge Internet of things agent and a data platform;
the zero trust terminal collects equipment information of the power terminal to obtain an equipment data stream, and performs trust value grading according to the equipment information to give a trust value;
the network probe is used for acquiring safety information of the power terminal equipment to obtain a safety data stream;
the edge Internet of things agent reads and analyzes the equipment data stream and the safety data stream to obtain analysis data, and uploads the analysis data to the data platform;
the data platform is used for processing the analyzed data and generating a safety instruction;
and the safety command is issued to the power terminal equipment through the edge Internet of things agent, and safety protection and safety reinforcement are carried out on the power terminal equipment.
One specific embodiment of the application of the invention:
taking a certain power terminal device of a certain transformer substation as an example, the specific implementation process of the invention is shown, and specifically comprises hardware connection, system startup, identity verification, security perception, security protection and security visualization.
The hardware connections include the following:
the method comprises the steps that firstly, a zero trust terminal and a network probe are connected with a power terminal respectively, then, a 485 shielded twisted pair and a network cable are used for being connected with an edge Internet of things agent device, and the edge Internet of things agent device is connected with a data platform through the network cable, wherein the zero trust terminal, the network probe, the edge Internet of things agent device and the data platform are configured in the same local area network, so that the edge Internet of things agent device can access the zero trust terminal, the network probe and the data platform.
The system startup comprises the following contents:
respectively starting a zero trust terminal, a network probe, an edge Internet of things agent and a data platform, wherein the system is started up and started up automatically, and then a preset address is input to log in the data platform. The application of the data platform comprises a front end, a back end, a database and an MQTTbroker.
The identity verification comprises the following contents
The power terminal equipment requests identity verification, the zero trust terminal scores according to the equipment information equipment trust value, gives a trust value, and performs two operations according to a trust threshold value, if the trust value reaches the standard, the equipment is trusted, information can be normally acquired, otherwise, abnormal equipment alarm is performed.
The maintenance principle of the trust value is as follows:
(1) the maximum trust value is 100, and the minimum trust value is 0;
(2) the trust value threshold value is 60, the legal user is higher than or equal to 60, and the illegal user is lower than 60;
(3) adding 1 to the trust value after each successful verification;
(4) the trust value is decremented by 1 for each authentication failure.
Device trust value exception cases are exemplified by:
(1) the electric terminal equipment sets equipment information to be uploaded six times a week, uploads delay time of certain electric equipment information, and learns that the equipment trust value is lower than a threshold value according to a delay evaluation trust value evaluation method, so that abnormal equipment alarm is carried out.
(2) The power equipment carries out identity verification in a password mode, the verification failure trust value is deducted, if a certain power fails in multiple times of verification, the trust value is continuously deducted, and the trust value is lower than the trust threshold value, so that abnormal equipment alarm is carried out.
(3) The information interaction time of the power equipment is fixed, the interaction information is fixed, the interaction time of certain power information is disordered, the interaction information is disordered, abnormal behaviors are obvious, and the trust value of the equipment is judged to be lower than the threshold value according to the evaluation of the abnormal behaviors, so that the alarm of the abnormal equipment is carried out.
The security awareness includes the following:
in the system module, a zero trust terminal and a network probe are used for acquiring equipment information and safety information of the power terminal and uploading the equipment information and the safety information to an edge Internet of things agent; and the edge Internet of things agent is responsible for reading and analyzing the data stream uploaded by the zero trust terminal and the network probe and uploading the analyzed data to the data platform.
In the method module, a security situation sensing module collects data of the electric power terminal, performs operations such as intrusion detection, vulnerability sensing, file integrity detection and log monitoring, and sends the data to a real-time control module and a data storage module, and the data storage module further uploads the data to a data visualization module.
And (3) intrusion detection: (1) the characteristics of the event that violates the security policy are defined, such as certain header information of the network packet. Detection primarily discriminates whether such features are present in the collected data. (2) Defining a group of values of system 'normal' condition, such as CPU utilization rate, memory utilization rate, file checksum and the like (such data can be defined manually or obtained by observing the system and using a statistical method), and then comparing the values of the system in operation with the defined 'normal' condition to obtain whether the system has the sign of attack.
Vulnerability perception: known security holes possibly existing in the target are detected item by adopting a hacker attack simulation mode, and security hole detection can be performed on various objects such as a workstation, a server, a switch, a database and the like.
And (3) file integrity detection: continuously monitoring files, folders, and directories specified in their supervisory configuration files, which captures changes that have occurred, can monitor events throughout the directory structure or in individual files and folders, such as: create, delete or rename files, folders and directories; accessing files and folders; changing the file and folder attributes; changing security settings of files, folders or directories, such as permission changes, etc.
In the event of an intruder attack, the file integrity monitor can determine which files have been altered. With this information, damage can be quickly assessed and an event response initiated. If an employee or administrator often inadvertently modifies the file. Sometimes these changes are so subtle that they are ignored, but they may cause security holes or hinder business operations. File integrity monitoring may help files zero out changes so the files may be rolled back or other remedial action taken.
Log monitoring: the process of learning records generated by a host or device in real time. Extracting characteristic data of the system log, detecting the abnormity of the system log, feeding back the operation of increasing, deleting, modifying and checking the system log, and detecting whether the system log is tampered.
The safety protection comprises the following contents
On the basis of security perception, in a protection system, a data platform analyzes and processes equipment information and security information, issues security protection and security reinforcement instructions and alarms for abnormal terminal equipment; in the method module, a real-time management and control module carries out operations such as security detection, security reinforcement, file authority management, security audit and the like according to received security information sent by a security situation sensing module, relevant security instructions are issued to a power terminal, management and control data are sent to a data storage module, and the data storage module further uploads the management and control data to a data visualization module.
The security visualization includes the following
On the basis of safety protection, in a protection system, a data platform displays and sends data instead; in the method module, a data visualization module reads related data from a data storage module database, and shows the contents of terminal types, network information, security holes, danger levels and the like when the power terminal operates in a chart form.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (10)

1. A safety protection method for an electric power terminal is characterized in that,
the method comprises the following steps:
the method comprises the following steps that firstly, a zero trust module is constructed, and equipment information of the electric power terminal equipment is collected;
carrying out trust scoring according to the collected equipment information and giving a trust value;
evaluating the electric terminal equipment according to the trust value, and dividing the electric terminal equipment into trusted equipment and abnormal equipment;
step two, data acquisition is carried out on the trusted equipment in the step one, and acquired data are obtained;
step three, constructing a security situation perception module, and carrying out situation perception on the collected data in the step two;
when the perception is qualified, converting the acquired data into perception data;
the situation awareness comprises intrusion detection or/and vulnerability awareness or/and file integrity detection or/and log monitoring operation;
step four, a real-time control module is constructed, the sensing data in the step four are controlled, and a safety instruction is generated;
step five, the safety instruction in the step four is issued to the electric power terminal equipment, and safety protection and safety reinforcement are carried out on the electric power terminal equipment;
the security protection and the security reinforcement comprise security detection or/and security reinforcement or/and file authority management or/and security upgrade.
2. The power terminal safety protection method according to claim 1,
in the first step, the flow of the zero trust module acquiring the device information is as follows: reading equipment data, reading a rule file, analyzing a rule base and collecting equipment information;
meanwhile, the zero trust module carries out continuous dynamic equipment identity authentication on the power terminal equipment so as to block the virtual standby information;
the trust value is an index of identity authentication, and comprehensive scoring is obtained according to basic attributes and access time delay of the equipment;
the maintenance of trust values includes the following:
(1) the maximum trust value is M, and the minimum trust value is N; m > N
(2) The threshold value of the trust value is H, if the threshold value is higher than or equal to H, the user is a legal user, and if the threshold value is lower than H, the user is an illegal user;
(3) adding T to the trust value after each successful verification;
(4) subtracting T from the trust value in each verification failure;
the trust value comprises a direct trust value, a time delay evaluation trust value and an abnormal behavior evaluation trust value, and the calculation formula is as follows:
T=T d +T t +T a
Tin order to be a trust value, the device,T d is a direct trust value,T t Evaluating a trust value for a time delay,T a Evaluating a trust value for the abnormal behavior;
the direct trust value is an S-shaped function, and the calculation formula is as follows:
Figure DEST_PATH_IMAGE001
whereinT d In order to directly trust the value of the data,fconstraining coefficients for direct trust values of different devices;
the time delay evaluation trust value and the abnormal behavior evaluation trust value form an indirect trust value;
the time delay evaluation trust value is evaluated according to the response time of the equipment, and the calculation formula is as follows:
Figure DEST_PATH_IMAGE002
whereinT t The trust value is evaluated for the time delay,τin order for the device to answer the maximum allowed delay,Dtransmitting delay amount for information;
the evaluation trust value of the abnormal behavior is evaluated according to the proportion of the abnormal behavior and the normal behavior of the equipment, and the calculation formula is as follows:
Figure DEST_PATH_IMAGE003
whereinT a A trust value is evaluated for the abnormal behavior,A u in order to be the amount of the abnormal behavior,A n is the normal amount of behavior.
3. The power terminal safety protection method according to claim 2,
the abnormal situation of the power terminal equipment comprises the following contents:
(1) the method comprises the steps that equipment information is uploaded at a certain time in a certain day by certain electric power terminal equipment, the uploading of the equipment information is delayed, a trust value of the electric power terminal equipment is calculated according to a time delay evaluation trust value calculation formula, and when the trust value is lower than a threshold value, abnormal equipment alarming is carried out;
(2) the electric terminal equipment carries out identity verification in a password mode, a verification failure trust value is deducted, a certain electric terminal equipment fails in verification for many times, the trust value is continuously deducted, and when the trust value of the electric terminal equipment is lower than a trust threshold value, abnormal equipment alarm is carried out;
(3) the method comprises the steps that the information interaction time of the electric power terminal equipment is fixed, the interaction information is fixed, the interaction time of certain electric power information is disordered, the interaction information is disordered, abnormal behaviors are obvious, the trust value of the electric power terminal equipment is calculated according to an abnormal behavior evaluation trust value calculation formula, and when the trust value of the electric power terminal equipment is lower than a threshold value, abnormal equipment alarming is carried out;
the device information comprises the kernel version of the operating system of the power terminal, the release version of the operating system and the like, the name of a CPU (Central processing Unit), the architecture of the CPU, the number of cores of the CPU, the size of a memory, the size of storage, the name of network card information, the address of the network card information, the state of the network card information, the type of the network card information and the size of network card information flow.
4. The power terminal safety protection method according to claim 1,
in the third step, the intrusion detection is divided into abnormal detection and misuse detection;
the anomaly detection includes the following:
establishing a module with normal system access behavior, and determining that the behavior of the visitor which is not in accordance with the module is an intrusion;
the misuse detection comprises the following:
a plurality of unfavorable unacceptable behaviors are induced to establish a module, and all behaviors which are consistent with the module by a visitor are judged to be invasion;
the intrusion detection has the calculation formula:
Figure DEST_PATH_IMAGE004
wherein the content of the first and second substances,Value(I 1 ,I 2 )for expressing the intrusion detection result;
I 1 、I 2corresponding to the normal access and the access to be detected;
L(I 1 ,I 2 )is the access speed difference;
C(I 1 ,I 2 )is the access address difference;
S(I 1 ,I 2 )is an access device difference;
αa constraint coefficient for adjusting the access speed difference weight;
βconstraint coefficients for adjusting access address difference weights;
γa constraint coefficient for adjusting the access device difference weight;
a is a constraint coefficient of access speed attribute difference;
b is a constraint coefficient of the attribute difference of the access address;
c is a constraint coefficient of the attribute difference of the access device;
u 1 、u 2respectively corresponding to the speed average values of normal access and access to be detected;
Figure DEST_PATH_IMAGE005
Figure DEST_PATH_IMAGE006
address values corresponding to normal access and to-be-detected access respectively;
Figure DEST_PATH_IMAGE007
is a fixed information value of the access device.
5. The power terminal safety protection method according to claim 4,
the vulnerability perception is used for detecting the connection condition of the related network nodes, and the calculation formula is as follows:
Figure DEST_PATH_IMAGE008
wherein
Figure DEST_PATH_IMAGE009
The value of the vulnerability is the value of the vulnerability, n i for the network node connection values to be detected,n j the values are connected for the neighboring network nodes,λand selecting corresponding values according to different terminal types for variable parameters so as to obtain the most suitable network node connection value.
6. The power terminal safety protection method according to claim 5,
the file integrity check comprises the following steps:
continuously monitoring files and folders, monitoring specified directories in configuration files and capturing the changes;
monitoring events throughout the directory structure or in individual files and folders;
the events comprise creating, deleting or renaming files, folders and directories, accessing files and folders and changing the attributes of the files and the folders; changing security settings of files, folders, or directories;
the calculation formula of the file integrity detection is as follows:
Figure DEST_PATH_IMAGE010
wherein the content of the first and second substances,testingfor integrity checksMeasuring the value, wherein the true value is the same as the original file when the current file is the same as the original file, and the false value is not the same;
turejudging a function for a true value;
falsejudging a function for a false value;
newfileis a current file;
oldfileis an original file;
the log monitoring is to monitor and analyze important log files in the system in real time and detect the attack mode of an intruder on the system; the attack mode comprises violent attack, right lifting and scanning.
7. The power terminal safety protection method according to claim 1,
in the fifth step, the safety detection is that the abnormal behavior condition of the power terminal is monitored in real time according to the sensing data statistically analyzed by the safety situation sensing module;
the security reinforcement comprises password reinforcement and kernel virtual patch;
the file rights management includes the following:
continuously monitoring file authority, and finding out that authority change is abnormal, namely, finding out the occurrence of risk condition in advance and processing the risk condition in advance through the change of the integrity, structure and authority of the terminal file;
the security upgrade comprises the following contents:
remote upgrading and local upgrading, wherein the remote upgrading is performed through a safety monitoring center for rapid upgrading service, and meanwhile, online remote deployment of new equipment is supported; and local upgrading is performed through the power terminal.
8. The power terminal security protection method according to any one of claims 1 to 7,
the system also comprises a data storage module and a data visualization module;
the data storage module is used for constructing a database and storing perception data and control data;
the data visualization module acquires data from the data storage module and can display the terminal type, the danger level, the network type and the security loophole of the power terminal equipment.
9. A safety protection method for an electric power terminal is characterized in that,
the method comprises the following steps:
the method comprises the steps that firstly, a zero trust module is constructed, equipment information of the power terminal equipment is collected, meanwhile, trust value grading is carried out according to the collected equipment information, and a trust value is given;
when the trust value reaches the standard, trusting the electric power terminal equipment, and identifying the electric power terminal equipment as trustable equipment;
when the trust value does not reach the standard, the electric power terminal equipment is identified as abnormal equipment, and abnormal equipment alarm is carried out;
step two, carrying out data acquisition on the credible equipment in the step one to obtain acquired data;
step three, a security situation perception module is constructed, intrusion detection, vulnerability perception, file integrity detection and log monitoring operation are carried out on the collected data in the step two, and the collected data are converted into perception data;
step four, a real-time control module is constructed, sensing data in the step three are detected and controlled, and a safety instruction is generated;
and step five, the safety instruction in the step four is issued to the electric power terminal equipment, safety protection and safety reinforcement are carried out on the electric power terminal equipment, and safety detection, safety reinforcement, file authority management and safety upgrading of the electric power terminal equipment are achieved.
10. A safety protection system of an electric power terminal is characterized in that,
the electric power terminal safety protection method applied to any one of claims 1 to 9, wherein the electric power terminal safety protection method comprises a zero-trust terminal, a network probe, an edge internet of things agent and a data platform;
the zero trust terminal collects equipment information of the power terminal to obtain an equipment data stream, and performs trust value grading according to the equipment information to give a trust value;
the network probe is used for acquiring safety information of the power terminal equipment to obtain a safety data stream;
the edge Internet of things agent reads and analyzes the equipment data stream and the safety data stream to obtain analysis data, and uploads the analysis data to the data platform;
the data platform is used for processing the analyzed data and generating a safety instruction;
and the safety command is issued to the power terminal equipment through the edge Internet of things agent, and safety protection and safety reinforcement are carried out on the power terminal equipment.
CN202210491285.8A 2022-05-07 2022-05-07 Electric power terminal safety protection method and system Active CN114584405B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210491285.8A CN114584405B (en) 2022-05-07 2022-05-07 Electric power terminal safety protection method and system
PCT/CN2023/070408 WO2023216641A1 (en) 2022-05-07 2023-01-04 Security protection method and system for power terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210491285.8A CN114584405B (en) 2022-05-07 2022-05-07 Electric power terminal safety protection method and system

Publications (2)

Publication Number Publication Date
CN114584405A true CN114584405A (en) 2022-06-03
CN114584405B CN114584405B (en) 2022-08-02

Family

ID=81767795

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210491285.8A Active CN114584405B (en) 2022-05-07 2022-05-07 Electric power terminal safety protection method and system

Country Status (2)

Country Link
CN (1) CN114584405B (en)
WO (1) WO2023216641A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115426200A (en) * 2022-11-03 2022-12-02 北京数盾信息科技有限公司 Data acquisition processing method and system
CN115987579A (en) * 2022-12-07 2023-04-18 南京鼎山信息科技有限公司 Data processing method and data processing system based on big data and Internet of things communication
CN116545890A (en) * 2023-04-26 2023-08-04 苏州维格纳信息科技有限公司 Information transmission management system based on block chain
WO2023216641A1 (en) * 2022-05-07 2023-11-16 国网浙江省电力有限公司电力科学研究院 Security protection method and system for power terminal
CN117235326A (en) * 2023-11-16 2023-12-15 国网山东省电力公司泰安供电公司 Visual display system of district equipment based on district portrait
CN117354343A (en) * 2023-10-10 2024-01-05 国网河南省电力公司濮阳供电公司 Intelligent information safety communication system and method for power grid power
CN117235326B (en) * 2023-11-16 2024-05-31 国网山东省电力公司泰安供电公司 Visual display system of district equipment based on district portrait

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117640258B (en) * 2024-01-25 2024-04-26 远江盛邦(北京)网络安全科技股份有限公司 Protection method, device, equipment and storage medium for network asset mapping
CN117692257B (en) * 2024-02-02 2024-04-30 数盾信息科技股份有限公司 High-speed encryption method and device for service data of electric power Internet of things
CN117792798B (en) * 2024-02-27 2024-05-14 常州银杉信息技术有限公司 Instant messaging information interaction system and method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100251370A1 (en) * 2009-03-26 2010-09-30 Inventec Corporation Network intrusion detection system
WO2018032372A1 (en) * 2016-08-13 2018-02-22 深圳市樊溪电子有限公司 Trusted power grid transaction platform based on block chain technology
US20200236112A1 (en) * 2019-01-18 2020-07-23 Cisco Technology, Inc. Machine learning-based application posture for zero trust networking
CN112118102A (en) * 2020-10-21 2020-12-22 国网天津市电力公司 Dedicated zero trust network system of electric power
CN112511618A (en) * 2020-11-25 2021-03-16 全球能源互联网研究院有限公司 Edge Internet of things agent protection method and power Internet of things dynamic security trusted system
CN112596984A (en) * 2020-12-30 2021-04-02 国家电网有限公司大数据中心 Data security situation sensing system under weak isolation environment of service
CN113901499A (en) * 2021-10-18 2022-01-07 北京八分量信息科技有限公司 Zero-trust access authority control system and method based on trusted computing

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3140979A4 (en) * 2014-05-09 2017-12-27 Veritaseum Inc. Devices, systems, and methods for facilitating low trust and zero trust value transfers
CN113542291A (en) * 2021-07-21 2021-10-22 国网浙江省电力有限公司电力科学研究院 Internet of things security access control strategy
CN114584405B (en) * 2022-05-07 2022-08-02 国网浙江省电力有限公司电力科学研究院 Electric power terminal safety protection method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100251370A1 (en) * 2009-03-26 2010-09-30 Inventec Corporation Network intrusion detection system
WO2018032372A1 (en) * 2016-08-13 2018-02-22 深圳市樊溪电子有限公司 Trusted power grid transaction platform based on block chain technology
US20200236112A1 (en) * 2019-01-18 2020-07-23 Cisco Technology, Inc. Machine learning-based application posture for zero trust networking
CN112118102A (en) * 2020-10-21 2020-12-22 国网天津市电力公司 Dedicated zero trust network system of electric power
CN112511618A (en) * 2020-11-25 2021-03-16 全球能源互联网研究院有限公司 Edge Internet of things agent protection method and power Internet of things dynamic security trusted system
CN112596984A (en) * 2020-12-30 2021-04-02 国家电网有限公司大数据中心 Data security situation sensing system under weak isolation environment of service
CN113901499A (en) * 2021-10-18 2022-01-07 北京八分量信息科技有限公司 Zero-trust access authority control system and method based on trusted computing

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘增明等: "《基于零信任框架的能源互联网安全防护架构设计》", 《电力信息与通信技术》 *
袁勇等: "《构建"端管云"联动的物联网安全防护***》", 《电信工程技术与标准化》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023216641A1 (en) * 2022-05-07 2023-11-16 国网浙江省电力有限公司电力科学研究院 Security protection method and system for power terminal
CN115426200A (en) * 2022-11-03 2022-12-02 北京数盾信息科技有限公司 Data acquisition processing method and system
CN115426200B (en) * 2022-11-03 2023-03-03 北京数盾信息科技有限公司 Data acquisition processing method and system
CN115987579A (en) * 2022-12-07 2023-04-18 南京鼎山信息科技有限公司 Data processing method and data processing system based on big data and Internet of things communication
CN115987579B (en) * 2022-12-07 2023-09-15 南京鼎山信息科技有限公司 Data processing method and data processing system based on big data and Internet of things communication
CN116545890A (en) * 2023-04-26 2023-08-04 苏州维格纳信息科技有限公司 Information transmission management system based on block chain
CN117354343A (en) * 2023-10-10 2024-01-05 国网河南省电力公司濮阳供电公司 Intelligent information safety communication system and method for power grid power
CN117354343B (en) * 2023-10-10 2024-04-16 国网河南省电力公司濮阳供电公司 Intelligent information safety communication system and method for power grid power
CN117235326A (en) * 2023-11-16 2023-12-15 国网山东省电力公司泰安供电公司 Visual display system of district equipment based on district portrait
CN117235326B (en) * 2023-11-16 2024-05-31 国网山东省电力公司泰安供电公司 Visual display system of district equipment based on district portrait

Also Published As

Publication number Publication date
CN114584405B (en) 2022-08-02
WO2023216641A1 (en) 2023-11-16

Similar Documents

Publication Publication Date Title
CN114584405B (en) Electric power terminal safety protection method and system
US10140453B1 (en) Vulnerability management using taxonomy-based normalization
CN107579956B (en) User behavior detection method and device
EP4111370A2 (en) Treating data flows differently based on level of interest
KR20040035572A (en) Integrated Emergency Response System in Information Infrastructure and Operating Method therefor
US9961047B2 (en) Network security management
CN106101130A (en) A kind of network malicious data detection method, Apparatus and system
CN110830467A (en) Network suspicious asset identification method based on fuzzy prediction
CN113794276A (en) Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence
CN115001934A (en) Industrial control safety risk analysis system and method
Elfeshawy et al. Divided two-part adaptive intrusion detection system
Zuo et al. Power information network intrusion detection based on data mining algorithm
CN109344042A (en) Recognition methods, device, equipment and the medium of abnormal operation behavior
CN117478433B (en) Network and information security dynamic early warning system
CN112596984B (en) Data security situation awareness system in business weak isolation environment
CN117478403A (en) Whole scene network security threat association analysis method and system
CN115632884B (en) Network security situation perception method and system based on event analysis
CN114938300A (en) Industrial control system situation perception method and system based on equipment behavior analysis
Kadam et al. Various approaches for intrusion detection system: an overview
CN113726810A (en) Intrusion detection system
Tafazzoli et al. Security operation center implementation on OpenStack
Wang et al. Structure and key technologies of nuclear power plant network security situational awareness platform
WO2020255512A1 (en) Monitoring system and monitoring method
CN118101250A (en) Network security detection method and system
Huang Control Mechanism and Evaluation of Network Information Security in the Web-based Big Data Era

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant