CN116055448A - Identification data management platform for electric power operation - Google Patents

Identification data management platform for electric power operation Download PDF

Info

Publication number
CN116055448A
CN116055448A CN202211644134.8A CN202211644134A CN116055448A CN 116055448 A CN116055448 A CN 116055448A CN 202211644134 A CN202211644134 A CN 202211644134A CN 116055448 A CN116055448 A CN 116055448A
Authority
CN
China
Prior art keywords
identification
data
analysis
protocol
electric power
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211644134.8A
Other languages
Chinese (zh)
Inventor
杜伟
王佳颖
杨国柱
李玉容
吴建雄
郭晓冰
孟小前
程海涛
邹彪
李源源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Power Space Technology Co ltd
Original Assignee
State Grid Power Space Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Power Space Technology Co ltd filed Critical State Grid Power Space Technology Co ltd
Priority to CN202211644134.8A priority Critical patent/CN116055448A/en
Publication of CN116055448A publication Critical patent/CN116055448A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S10/00Systems supporting electrical power generation, transmission or distribution
    • Y04S10/50Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an identification data management platform for electric power operation, which comprises a terminal equipment identification system related to electric power field cruising operation and a method for analyzing message data of terminal equipment, wherein the whole terminal equipment identification system and composition modules are introduced, and an analysis method is provided for a message data module. The invention has the advantages of undisturbed acquisition and deep protocol analysis of the industrial Internet terminal data, and extraction of the semantic features of the message and the information, and solves the problem that the data aggregation and access capability of the traditional system platform are difficult to automatically manage the equipment identification.

Description

Identification data management platform for electric power operation
Technical Field
The invention relates to the technical field of electric power operation, in particular to an identification data management platform for electric power operation.
Background
In recent years, the integration of the industrial internet and the electric power internet of things is continuously developed, and in the process of electric power cruising operation, the requirements of mass data acquisition, high-performance equipment access and the like are also related, so that the research on the related technologies of a terminal equipment identification system and the like related to related business scenes is particularly important for meeting the requirements of mass access of electric power internet of things terminals, analysis, management and control of terminal equipment and the like in an electric power operation system.
With development of communication technologies such as 5G, 5G base station communication devices and the like are often installed on a power tower, so as to improve use efficiency of resources such as communication and power on the basis of lower cost, and a scene of cruising operation involves a large number of devices such as power towers, unmanned aerial vehicles and helicopters. The industrial internet of the power system is facing the requirements of mass data acquisition, high-performance equipment access and the like, and has higher requirements on the data convergence and access capability of a system platform. The power industry has wide service range and numerous enterprises, terminal equipment manufacturers are different, and automatic equipment identification management is difficult to carry out. Under the current situation, research on a power system data management platform system integrating industrial Internet identification is urgently needed.
In view of the situation, the invention provides an identification data management platform for electric power operation, which mainly comprises a terminal equipment identification system related to electric power field cruising operation, a terminal equipment message data analysis method and the like, and provides an efficient management scheme system for terminal equipment identifications possibly accessed into the electric power operation, and a method for analyzing the terminal equipment messages, so that massive terminal equipment identification management and identification are more operable.
Disclosure of Invention
In order to solve the problems in the background art, the invention aims to provide an identification data management platform for electric power operation, which has the advantages of message format and information semantic feature extraction of undisturbed acquisition and protocol deep analysis of industrial internet terminal data, and solves the problem that the data convergence and access capability of the existing system platform are difficult to automatically perform equipment identification management.
In order to achieve the above purpose, the present invention provides the following technical solutions: the utility model provides an identification data management platform of electric power operation, includes the relevant terminal equipment identification system of electric power scene cruising operation, and terminal equipment message data's analytical method, introduces whole terminal equipment identification system and composition module, and has provided an analytical method to message data module, this identification system mainly comprises electric power thing allies oneself with terminal layer, identification analysis layer, industry internet platform layer, identification analysis intermediate level, identification registration intermediate level;
electric power thing allies oneself with terminal layer: end-side-oriented standard and protocol-oriented stock terminal equipment and various novel inlets of electric power Internet of things mass terminals;
the identification analysis layer: based on an identification analysis technology, services such as identification registration, distribution, analysis, association, identity authentication and the like are provided, and unique identification management is carried out on equipment;
identification resolution middle layer: providing an open interface for identifying codes to perform object name discovery and corresponding information resource positioning;
industrial internet platform layer: providing computing, data storage and network resources for processing an identification system for intelligent identification of the electric power internet of things terminal;
identification resolution middle layer: providing an open interface for identifying codes to perform object name discovery and corresponding information resource positioning;
the identification registration middle layer: providing an open interface for applying, distributing and recycling the representation codes in full life cycle;
the identification system function system providing construction for the intelligent identification of the electric power internet of things terminal mainly comprises identification registration management, identification analysis management, identification agent management, data synchronization management, service comprehensive management and the like;
the method for analyzing the message data of the terminal equipment comprises a protocol deep analysis method based on a message format and information semantics and an industrial Internet terminal message deep analysis method for reverse analysis of an unknown protocol by multi-sequence comparison;
the method mainly comprises the steps of carrying out undisturbed acquisition on various message data, carrying out deep analysis on a message data packet of an electric power industrial Internet terminal after undisturbed acquisition by adopting a multi-mode matching algorithm, and providing an unknown private protocol reverse scheme; designing a specific protocol deep analysis scheme and extracting data from an application layer of the data packet; the overall analysis scheme is divided into a protocol deep analysis module and an unknown protocol reverse module.
As the preferable selection of the invention, the identification registration management mainly refers to the functions of planning, applying and distributing, feeding back the service condition, managing the life cycle, managing the effectiveness of the identification, collecting the information of the service condition of the identification distribution, collecting the information of the identification association and the like aiming at the identification system code which is oriented to the intelligent identification of the electric power internet of things terminal; in addition, the identifier registration can also provide service functions such as enterprise identifier prefix, registration change of product and equipment identifiers, real name auditing, financial management, data inquiry, operation statistics and the like;
the system can support the identification registration capability, including the registration change of enterprise prefix and product/equipment identification, real name audit, data query and other services, and simultaneously provides the API interface for each enterprise, so that the enterprise can conveniently realize the development of mobile terminal identification management/query software.
As the preferable method, the identification analysis function of the identification system for the intelligent identification of the electric power internet of things terminal is mainly to provide public analysis service for the allocated identification; for the distributed identification codes, configuring the corresponding route information of the distributed identifications in the identification analysis function; when receiving the identification analysis request, if the information such as the route corresponding to the identification code is stored, directly replying the information such as the service node communication address corresponding to the identification code; if the information such as the route corresponding to the identification is not available, the return information is null.
As the preferable data synchronization system of the invention comprises an identification analysis service, wherein the identification analysis service is one of key basic services of the industrial Internet identification system, uninterrupted and rapid analysis service is required to be provided for a user in the actual operation process of the system, a plurality of servers are required to be provided for ensuring high reliability and high performance, and the risk that analysis service cannot be provided due to single-point failure is prevented; data synchronization between these servers requires the use of a data synchronization system.
As the invention is preferable, the business comprehensive management mainly refers to the functions of user management, financial management, auditing and the like related to identification registration and identification analysis of an identification system for intelligent identification of an electric power internet of things terminal, wherein the user management comprises a platform manager, enterprise users and auditors; the financial management is mainly used for recording and settling the fees generated in the identification registering and resolving process; the auditing is mainly used for ensuring the validity of the enterprise registration identifier, namely whether the product and the equipment corresponding to the identifier exist truly or not, and the identifier needs to be audited.
As a preferred embodiment of the present invention, the protocol deep parsing is to parse and extract application layer data, and perform deep parsing of the protocol based on a message format and information semantics, when a message data stream passes through a parsing module, parse layer by layer according to an OSI seven-layer network model, extract payload content of each data packet, and store parsed data according to a hierarchical format;
the depth of deep packet inspection of the method is different from that of general message analysis, and is mainly embodied in all analysis aspects of an application layer of a protocol data packet: under the condition of analyzing 32-bit source/destination IP addresses and 16-bit source/destination TCP port data of a network layer and a transmission layer, further analyzing and extracting operation instructions and industrial process data of application layer data;
the rule granularity of the method can extract all data of the data packet, and the instruction semantics and the process numerical value level analysis of the data packet are realized by carrying out deep analysis on the instruction operation and the industrial process data of the application layer;
in the process of multi-mode matching, the engineering protocol tree and the analysis rule are constructed, in order to complete analysis of various protocols, an analysis rule base is required to be called, in order to complete the protocol analysis rule base, the concept of the protocol tree is introduced, and after the data receiving buffer receives the collected original data packet, the following processing is carried out:
(1) firstly, carrying out a program of package integrity checking and package filtering, wherein the complete filtering rule attribute comprises: the physical address, the communication address, the port and the protocol are checked and filtered according to the length of the data packet and the functional code of the data packet in the preprocessing stage;
(2) constructing a hierarchical relation of a protocol tree according to different realization protocols of each layer of a TCP/IP model;
(3) in order to realize packet depth detection, the analysis of the levels of instructions, industrial process values and the like is completed, and the application layer data extraction rules of various protocols are defined.
As a preferred aspect of the present invention, the protocol deep parsing of the AC multimode matching is mainly divided into two steps:
1) In the preprocessing stage, character strings in the analysis rule base are sequentially processed into a finite state machine, and the hierarchical relation and the positions of a plurality of protocols in a protocol tree are subjected to data structuring.
2) Further, searching and finding are carried out, the data packets are subjected to cross comparison through three defined algorithm functions, and the positions of protocol analysis rule fields in the target data packets are accurately positioned according to the sequence.
As a preferred embodiment of the present invention, the unknown protocol reverse parsing extracts the syntax (including field separator, protocol keyword, protocol identifier) and the protocol semantic rule (meaning of the operation instruction generated in the communication process, including the instruction on the equipment behavior and the payload data) of the unknown protocol data packet generated in the communication process by the protocol reverse engineering, thereby implementing the reverse of the unknown protocol;
the reverse scheme provided by the method mainly comprises the following steps of:
1) Texting the network data;
2) Furthermore, frame length clustering is carried out, in the same type of protocol communication process, the format consistency of the data messages with the same length is relatively high, and the complexity of a comparison algorithm can be reduced after clustering;
3) Further, performing multi-section multi-sequence comparison to segment out a sample subset;
4) Further, field segmentation is performed;
5) Further, based on the statistics of key fields, the number of pairs is large;
6) Finally, semantic inference is carried out, and an operation instruction set of the device control instruction is used as priori knowledge by combining a process database of the system and an unknown protocol, so that an application layer grammar format of the protocol is further inferred.
As the invention is preferable, the prior knowledge is reverse to the semantic combined with the statistical method, the reverse semantic is further inferred according to the statistical results such as the change rate, the mean value, the variance, the dominant data and the like of the field, and the process database is used as the manual prior knowledge to be in decorrelation inference;
the division result is verified and checked through the characteristics of specific semantic fields, and the following characteristics are mainly considered in combination with the basic characteristics of the protocol:
1) According to the characteristic that a source address and a destination address in a communication protocol are mutually exchanged in an operation and response return data packet, the intersection field can be reversely identified as a communication address;
2) The general protocol characteristics show that two bytes are usually preferably selected for calculation as the optimal mode, the length difference value of the data packet between the double sequences is calculated, and if the difference value of a certain continuous byte is equal to the length difference value, the length field is reversely analyzed;
3) Temporarily defining an identification code field of the unknown protocol for the fixed field;
4) If the change rate of the value of a field is close to 100%, the field is reversely analyzed to be a check field, and the primary mark with the small change rate but stable value within a certain range is a data area field.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention provides a high-efficiency management scheme system for terminal equipment identifications possibly connected with power operation through a terminal equipment identification system related to the power field cruising operation, a terminal equipment message data analysis method and the like, and provides a method for analyzing terminal equipment messages, so that massive terminal equipment identification management and identification are more operable, the problem that automatic equipment identification management is difficult to be carried out on data gathering and access capacity of the traditional system platform is solved, and the effects of undisturbed acquisition and deep protocol analysis of industrial Internet terminal data on message formats and information semantic feature extraction are achieved.
Drawings
FIG. 1 is a block diagram of an identification architecture of a terminal of an electrical Internet of things device of the present invention;
FIG. 2 is a diagram of a protocol tree hierarchy building model of the present invention;
FIG. 3 is a basic flow chart of the deep parsing of the present invention;
FIG. 4 is a flow chart of protocol format extraction based on multi-sequence alignment according to the present invention;
FIG. 5 is a flow chart of reverse parsing of a process data format according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Wherein noun interpretation and term definition:
1. CAN: a controller area network (Controller Area Network, CAN).
2. OSI: seven-layer network model (Open System Interconnection).
3. TCP/IP: transmission control protocol/internet protocol (Transmission Control Protocol/Internet Protocol).
4. DPI: deep packet inspection techniques (Deep Packet Inspection).
5. AC automaton algorithm: the method is a typical and widely applied multimode matching algorithm, has high matching speed, can match a plurality of mode strings after traversing the text once, and can meet the requirement of an electric control system on analysis instantaneity.
6. Protocol reverse engineering: refers to the process of extracting protocol grammar, semantics and synchronization information by monitoring and analyzing network input and output, system behavior and instruction execution flow of protocol entities without depending on protocol descriptions.
7. The industrial Internet (Industrial Internet) is a novel infrastructure, application mode and industrial ecology for deep integration of a new generation of information communication technology and industrial economy, and a brand new manufacturing and service system which covers a full industrial chain and a full value chain is constructed by comprehensively connecting people, machines, objects, systems and the like, so that an implementation way is provided for the digital, networked and intelligent development of the industry and even the industry, and the industrial Internet is an important foundation stone of the fourth industrial revolution.
As shown in fig. 1 to 5, the identification data management platform for electric power operation provided by the invention comprises a terminal equipment identification system related to electric power field cruising operation and an analysis method of terminal equipment message data, introduces the whole terminal equipment identification system and composition modules, and provides an analysis method for the message data modules, wherein the identification system mainly comprises an electric power internet of things terminal layer, an identification analysis layer, an industrial internet platform layer, an identification analysis middle layer and an identification registration middle layer;
electric power thing allies oneself with terminal layer: end-side-oriented standard and protocol-oriented stock terminal equipment and various novel inlets of electric power Internet of things mass terminals;
the identification analysis layer: based on an identification analysis technology, services such as identification registration, distribution, analysis, association, identity authentication and the like are provided, and unique identification management is carried out on equipment;
identification resolution middle layer: providing an open interface for identifying codes to perform object name discovery and corresponding information resource positioning;
industrial internet platform layer: providing computing, data storage and network resources for processing an identification system for intelligent identification of the electric power internet of things terminal;
identification resolution middle layer: providing an open interface for identifying codes to perform object name discovery and corresponding information resource positioning;
the identification registration middle layer: providing an open interface for applying, distributing and recycling the representation codes in full life cycle;
the identification system function system providing construction for the intelligent identification of the electric power internet of things terminal mainly comprises identification registration management, identification analysis management, identification agent management, data synchronization management, service comprehensive management and the like;
the method for analyzing the message data of the terminal equipment comprises a protocol deep analysis method based on a message format and information semantics and an industrial Internet terminal message deep analysis method for reverse analysis of an unknown protocol by multi-sequence comparison;
the method mainly comprises the steps of carrying out undisturbed acquisition on various message data, carrying out deep analysis on a message data packet of an electric power industrial Internet terminal after undisturbed acquisition by adopting a multi-mode matching algorithm, and providing an unknown private protocol reverse scheme; designing a specific protocol deep analysis scheme and extracting data from an application layer of the data packet; the overall analysis scheme is divided into a protocol deep analysis module and an unknown protocol reverse module.
Referring to fig. 1, the identification registration management mainly refers to functions of planning, applying and distributing, feeding back service conditions, life cycle management, identification validity management, information collection of identification distribution service conditions, collection of identification related information and the like aiming at identification system codes for intelligent identification of the electric power internet of things terminal; in addition, the identifier registration can also provide service functions such as enterprise identifier prefix, registration change of product and equipment identifiers, real name auditing, financial management, data inquiry, operation statistics and the like;
the system can support the identification registration capability, including the registration change of enterprise prefix and product/equipment identification, real name audit, data query and other services, and simultaneously provides the API interface for each enterprise, so that the enterprise can conveniently realize the development of mobile terminal identification management/query software.
Referring to fig. 1, the identification analysis function of the identification system for intelligent identification of the electric power internet of things terminal is mainly to provide public analysis service for the allocated identification; for the distributed identification codes, configuring the corresponding route information of the distributed identifications in the identification analysis function; when receiving the identification analysis request, if the information such as the route corresponding to the identification code is stored, directly replying the information such as the service node communication address corresponding to the identification code; if the information such as the route corresponding to the identification is not available, the return information is null.
Referring to fig. 1, the data synchronization system includes an identification analysis service, where the identification analysis service is one of key basic services of an industrial internet identification system, and in an actual operation process of the system, it is required to provide uninterrupted and rapid analysis service for a user, and multiple servers are required to be provided to ensure high reliability and high performance, so that a risk that analysis service cannot be provided due to a single point of failure is prevented; data synchronization between these servers requires the use of a data synchronization system.
Referring to fig. 1, the service integrated management mainly refers to functions of user management, financial management, auditing and the like related to identification registration and identification analysis of an identification system for intelligent identification of an electric power internet of things terminal, wherein the user management comprises a platform manager, enterprise users and auditors; the financial management is mainly used for recording and settling the fees generated in the identification registering and resolving process; the auditing is mainly used for ensuring the validity of the enterprise registration identifier, namely whether the product and the equipment corresponding to the identifier exist truly or not, and the identifier needs to be audited.
Referring to fig. 2, the protocol deep parsing is to parse and extract application layer data, perform deep parsing of the protocol based on a message format and information semantics, parse layer by layer according to an OSI seven-layer network model when a message data stream passes through a parsing module, extract payload content of each data packet, and store parsed data according to a hierarchical format;
the depth of deep packet inspection of the method is different from that of general message analysis, and is mainly embodied in all analysis aspects of an application layer of a protocol data packet: under the condition of analyzing 32-bit source/destination IP addresses and 16-bit source/destination TCP port data of a network layer and a transmission layer, further analyzing and extracting operation instructions and industrial process data of application layer data;
the rule granularity of the method can extract all data of the data packet, and the instruction semantics and the process numerical value level analysis of the data packet are realized by carrying out deep analysis on the instruction operation and the industrial process data of the application layer;
in the process of multi-mode matching, the engineering protocol tree and the analysis rule are constructed, in order to complete analysis of various protocols, an analysis rule base is required to be called, in order to complete the protocol analysis rule base, the concept of the protocol tree is introduced, and after the data receiving buffer receives the collected original data packet, the following processing is carried out:
(1) firstly, carrying out a program of package integrity checking and package filtering, wherein the complete filtering rule attribute comprises: the physical address, the communication address, the port and the protocol are checked and filtered according to the length of the data packet and the functional code of the data packet in the preprocessing stage;
(2) constructing a hierarchical relation of a protocol tree according to different realization protocols of each layer of a TCP/IP model;
(3) in order to realize packet depth detection, the analysis of the levels of instructions, industrial process values and the like is completed, and the application layer data extraction rules of various protocols are defined.
Referring to fig. 3, the AC multi-mode matching protocol deep parsing is mainly divided into two steps:
1) In the preprocessing stage, character strings in the analysis rule base are sequentially processed into a finite state machine, and the hierarchical relation and the positions of a plurality of protocols in a protocol tree are subjected to data structuring.
2) Further, searching and finding are carried out, the data packets are subjected to cross comparison through three defined algorithm functions, and the positions of protocol analysis rule fields in the target data packets are accurately positioned according to the sequence.
Referring to fig. 4, the unknown protocol reverse parsing extracts the grammar (including field separator, protocol keyword, protocol identifier) and the protocol semantic rule (meaning of the operation instruction generated in the communication process, including the instruction on the device behavior and the payload data) of the unknown protocol data message generated in the communication process by the protocol reverse engineering (noun term 6), so as to realize the reverse of the unknown protocol;
the reverse scheme provided by the method mainly comprises the following steps of:
1) Texting the network data;
2) Furthermore, frame length clustering is carried out, in the same type of protocol communication process, the format consistency of the data messages with the same length is relatively high, and the complexity of a comparison algorithm can be reduced after clustering;
3) Further, performing multi-section multi-sequence comparison to segment out a sample subset;
4) Further, field segmentation is performed;
5) Further, based on the statistics of key fields, the number of pairs is large;
6) Finally, semantic inference is carried out, and an operation instruction set of the device control instruction is used as priori knowledge by combining a process database of the system and an unknown protocol, so that an application layer grammar format of the protocol is further inferred.
Referring to fig. 5, the prior knowledge is reverse to the semantic combined with the statistical method, the reverse semantic is further inferred according to the statistical results of the change rate, the mean value, the variance, the dominant data and the like of the field, and the process database is used as the manual prior knowledge to be in decorrelation inference;
the division result is verified and checked through the characteristics of specific semantic fields, and the following characteristics are mainly considered in combination with the basic characteristics of the protocol:
1) According to the characteristic that a source address and a destination address in a communication protocol are mutually exchanged in an operation and response return data packet, the intersection field can be reversely identified as a communication address;
2) The general protocol characteristics show that two bytes are usually preferably selected for calculation as the optimal mode, the length difference value of the data packet between the double sequences is calculated, and if the difference value of a certain continuous byte is equal to the length difference value, the length field is reversely analyzed;
3) Temporarily defining an identification code field of the unknown protocol for the fixed field;
4) If the change rate of the value of a field is close to 100%, the field is reversely analyzed to be a check field, and the primary mark with the small change rate but stable value within a certain range is a data area field.
To sum up: the identification data management platform of the electric power operation provides a high-efficiency management scheme system for the terminal equipment identifications possibly connected with the electric power operation through a terminal equipment identification system related to the electric power field cruising operation, a terminal equipment message data analysis method and the like, and provides a method for analyzing the terminal equipment messages, so that massive terminal equipment identification management and identification are more operable, and the problem that automatic equipment identification management is difficult to perform on the data aggregation and access capability of the traditional system platform is solved.
It should be noted that, on the basis of the terminal equipment identification system related to the electric power operation provided by the scheme, expansion of other architecture modules can be performed according to actual conditions; the different types of internet of things device protocols may be automatically parsed for protocols involved in different industrial internet terminals, and relational terms such as first and second, and the like are used herein solely to distinguish one entity or operation from another entity or operation without necessarily requiring or implying any actual such relationship or order between such entities or operations. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (9)

1. The utility model provides an identification data management platform of electric power operation, includes the relevant terminal equipment identification system of electric power scene cruising operation and terminal equipment message data's analytical method, introduces whole terminal equipment identification system and composition module to provide an analytical method to message data module, its characterized in that: the identification system mainly comprises an electric power Internet of things terminal layer, an identification analysis layer, an industrial Internet platform layer, an identification analysis middle layer and an identification registration middle layer;
electric power thing allies oneself with terminal layer: end-side-oriented standard and protocol-oriented stock terminal equipment and various novel inlets of electric power Internet of things mass terminals;
the identification analysis layer: based on an identification analysis technology, services such as identification registration, distribution, analysis, association, identity authentication and the like are provided, and unique identification management is carried out on equipment;
identification resolution middle layer: providing an open interface for identifying codes to perform object name discovery and corresponding information resource positioning;
industrial internet platform layer: providing computing, data storage and network resources for processing an identification system for intelligent identification of the electric power internet of things terminal;
identification resolution middle layer: providing an open interface for identifying codes to perform object name discovery and corresponding information resource positioning;
the identification registration middle layer: providing an open interface for applying, distributing and recycling the representation codes in full life cycle;
the identification system function system providing construction for the intelligent identification of the electric power internet of things terminal mainly comprises identification registration management, identification analysis management, identification agent management, data synchronization management, service comprehensive management and the like;
the method for analyzing the message data of the terminal equipment comprises a protocol deep analysis method based on a message format and information semantics and an industrial Internet terminal message deep analysis method for reverse analysis of an unknown protocol by multi-sequence comparison;
the method mainly comprises the steps of carrying out undisturbed acquisition on various message data, carrying out deep analysis on a message data packet of an electric power industrial Internet terminal after undisturbed acquisition by adopting a multi-mode matching algorithm, and providing an unknown private protocol reverse scheme; designing a specific protocol deep analysis scheme and extracting data from an application layer of the data packet; the overall analysis scheme is divided into a protocol deep analysis module and an unknown protocol reverse module.
2. An identification data management platform for electric power jobs as claimed in claim 1, wherein: the identification registration management mainly aims at the functions of planning, applying and distributing, feeding back the service condition, managing the life cycle, managing the effectiveness of the identification, collecting the information of the service condition of the identification distribution, collecting the related information of the identification and the like of the identification system code for the intelligent identification of the electric power internet of things terminal; in addition, the identifier registration can also provide service functions such as enterprise identifier prefix, registration change of product and equipment identifiers, real name auditing, financial management, data inquiry, operation statistics and the like;
the system can support the identification registration capability, including the registration change of enterprise prefix and product/equipment identification, real name audit, data query and other services, and simultaneously provides the API interface for each enterprise, so that the enterprise can conveniently realize the development of mobile terminal identification management/query software.
3. An identification data management platform for electric power jobs as claimed in claim 1, wherein: the identification analysis function of the identification system for the intelligent identification of the electric power internet of things terminal is mainly to provide public analysis service for the allocated identification; for the distributed identification codes, configuring the corresponding route information of the distributed identifications in the identification analysis function; when receiving the identification analysis request, if the information such as the route corresponding to the identification code is stored, directly replying the information such as the service node communication address corresponding to the identification code; if the information such as the route corresponding to the identification is not available, the return information is null.
4. An identification data management platform for electric power jobs as claimed in claim 1, wherein: the data synchronization system comprises an identification analysis service, wherein the identification analysis service is one of key basic services of the industrial Internet identification system, uninterrupted and rapid analysis service is required to be provided for a user in the actual operation process of the system, a plurality of servers are required to be provided for ensuring high reliability and high performance, and the risk that analysis service cannot be provided due to single-point faults is prevented; data synchronization between these servers requires the use of a data synchronization system.
5. An identification data management platform for electric power jobs as claimed in claim 1, wherein: the business comprehensive management mainly refers to functions of user management, financial management, auditing and the like related to identification registration and identification analysis of an identification system for intelligent identification of an electric power internet of things terminal, wherein the user management comprises a platform manager, enterprise users and auditors; the financial management is mainly used for recording and settling the fees generated in the identification registering and resolving process; the auditing is mainly used for ensuring the validity of the enterprise registration identifier, namely whether the product and the equipment corresponding to the identifier exist truly or not, and the identifier needs to be audited.
6. An identification data management platform for electric power jobs as claimed in claim 1, wherein: the protocol deep analysis is to analyze and extract application layer data, and to analyze the protocol deep based on message format and information semantic, when the message data flow passes through the analysis module, the analysis is conducted layer by layer according to the OSI seven-layer network model, the load content of each data packet is extracted, and the analyzed data is stored according to the hierarchical format;
the depth of deep packet inspection of the method is different from that of general message analysis, and is mainly embodied in all analysis aspects of an application layer of a protocol data packet: under the condition of analyzing 32-bit source/destination IP addresses and 16-bit source/destination TCP port data of a network layer and a transmission layer, further analyzing and extracting operation instructions and industrial process data of application layer data;
the rule granularity of the method can extract all data of the data packet, and the instruction semantics and the process numerical value level analysis of the data packet are realized by carrying out deep analysis on the instruction operation and the industrial process data of the application layer;
in the process of multi-mode matching, the engineering protocol tree and the analysis rule are constructed, in order to complete analysis of various protocols, an analysis rule base is required to be called, in order to complete the protocol analysis rule base, the concept of the protocol tree is introduced, and after the data receiving buffer receives the collected original data packet, the following processing is carried out:
(1) firstly, carrying out a program of package integrity checking and package filtering, wherein the complete filtering rule attribute comprises: the physical address, the communication address, the port and the protocol are checked and filtered according to the length of the data packet and the functional code of the data packet in the preprocessing stage;
(2) constructing a hierarchical relation of a protocol tree according to different realization protocols of each layer of a TCP/IP model;
(3) in order to realize packet depth detection, the analysis of the levels of instructions, industrial process values and the like is completed, and the application layer data extraction rules of various protocols are defined.
7. An identification data management platform for electric power jobs as claimed in claim 1, wherein: the protocol deep analysis of the AC multimode matching is mainly divided into two steps:
1) In the preprocessing stage, character strings in the analysis rule base are sequentially processed into a finite state machine, and the hierarchical relation and the positions of a plurality of protocols in a protocol tree are subjected to data structuring.
2) Further, searching and finding are carried out, the data packets are subjected to cross comparison through three defined algorithm functions, and the positions of protocol analysis rule fields in the target data packets are accurately positioned according to the sequence.
8. An identification data management platform for electric power jobs as claimed in claim 1, wherein: the unknown protocol reverse analysis extracts grammar (including field separator, protocol key word, protocol identification word) and protocol semantic rule (operation instruction meaning generated in communication process, including equipment behavior instruction and effective load data) of unknown protocol data message generated in communication process by protocol reverse engineering, thereby realizing reverse of unknown protocol;
the reverse scheme provided by the method mainly comprises the following steps of:
1) Texting the network data;
2) Furthermore, frame length clustering is carried out, in the same type of protocol communication process, the format consistency of the data messages with the same length is relatively high, and the complexity of a comparison algorithm can be reduced after clustering;
3) Further, performing multi-section multi-sequence comparison to segment out a sample subset;
4) Further, field segmentation is performed;
5) Further, based on the statistics of key fields, the number of pairs is large;
6) Finally, semantic inference is carried out, and an operation instruction set of the device control instruction is used as priori knowledge by combining a process database of the system and an unknown protocol, so that an application layer grammar format of the protocol is further inferred.
9. An identification data management platform for electric power jobs as claimed in claim 1, wherein: the prior knowledge is reverse to the semantic combined with the statistical method, reverse semantics are further inferred according to the statistical results such as the change rate, the mean value, the variance and the dominant data of the field, and the process database is used as the manual prior knowledge to be in decorrelation inference;
the division result is verified and checked through the characteristics of specific semantic fields, and the following characteristics are mainly considered in combination with the basic characteristics of the protocol:
1) According to the characteristic that a source address and a destination address in a communication protocol are mutually exchanged in an operation and response return data packet, the intersection field can be reversely identified as a communication address;
2) The general protocol characteristics show that two bytes are usually preferably selected for calculation as the optimal mode, the length difference value of the data packet between the double sequences is calculated, and if the difference value of a certain continuous byte is equal to the length difference value, the length field is reversely analyzed;
3) Temporarily defining an identification code field of the unknown protocol for the fixed field;
4) If the change rate of the value of a field is close to 100%, the field is reversely analyzed to be a check field, and the primary mark with the small change rate but stable value within a certain range is a data area field.
CN202211644134.8A 2022-12-15 2022-12-15 Identification data management platform for electric power operation Pending CN116055448A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211644134.8A CN116055448A (en) 2022-12-15 2022-12-15 Identification data management platform for electric power operation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211644134.8A CN116055448A (en) 2022-12-15 2022-12-15 Identification data management platform for electric power operation

Publications (1)

Publication Number Publication Date
CN116055448A true CN116055448A (en) 2023-05-02

Family

ID=86115470

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211644134.8A Pending CN116055448A (en) 2022-12-15 2022-12-15 Identification data management platform for electric power operation

Country Status (1)

Country Link
CN (1) CN116055448A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116939063A (en) * 2023-07-17 2023-10-24 山东未来网络研究院(紫金山实验室工业互联网创新应用基地) Active identification terminal, method and medium
CN117640664A (en) * 2024-01-25 2024-03-01 中国信息通信研究院 Identification data synchronization method, system, electronic equipment and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116939063A (en) * 2023-07-17 2023-10-24 山东未来网络研究院(紫金山实验室工业互联网创新应用基地) Active identification terminal, method and medium
CN116939063B (en) * 2023-07-17 2024-04-05 山东未来网络研究院(紫金山实验室工业互联网创新应用基地) Active identification terminal, method and medium
CN117640664A (en) * 2024-01-25 2024-03-01 中国信息通信研究院 Identification data synchronization method, system, electronic equipment and storage medium
CN117640664B (en) * 2024-01-25 2024-05-28 中国信息通信研究院 Identification data synchronization method, system, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN116055448A (en) Identification data management platform for electric power operation
CN106354765B (en) Log analysis system and method based on distributed acquisition
CN106982150B (en) Hadoop-based mobile internet user behavior analysis method
US20110029657A1 (en) Tracking high-level network transactions
CN109670843A (en) Data processing method, device, computer equipment and the storage medium of complaint business
CN110011962A (en) A kind of recognition methods of car networking business datum
CN109710767B (en) Multilingual big data service platform
CN106126383A (en) A kind of log processing method and device
CN103036910B (en) A kind of user's web access Behavior-Based control method and device
CN114157502A (en) Terminal identification method and device, electronic equipment and storage medium
CN117201646A (en) Deep analysis method for electric power Internet of things terminal message
CN110085299B (en) Image identification dryness removal method and system and image library
CN115333966A (en) Nginx log analysis method, system and equipment based on topology
CN102932179A (en) Comprehensive inter-network multi-protection reliability analysis method for power communication services
CN112822121A (en) Traffic identification method, traffic determination method and knowledge graph establishment method
CN109559121A (en) Transaction path calls exception analysis method, device, equipment and readable storage medium storing program for executing
CN110830416A (en) Network intrusion detection method and device
WO2012040999A1 (en) Method for locating resource in distributed environment and system thereof
CN113297148B (en) Method, device and equipment for collecting service log data and readable storage medium
CN113037551B (en) Quick identification and positioning method for sensitive-related services based on traffic slice
CN115767601A (en) 5GC network element automatic nanotube method and device based on multidimensional data
CN112799155B (en) Environment monitoring method based on big data
CN115510116A (en) Data directory construction method, device, medium and equipment
CN115437874A (en) Information security risk analysis and monitoring system based on network assets
CN114296785A (en) Log data modeling method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication