CN102970188B - A kind of 110kV digital transformer substation secure network - Google Patents
A kind of 110kV digital transformer substation secure network Download PDFInfo
- Publication number
- CN102970188B CN102970188B CN201210517720.6A CN201210517720A CN102970188B CN 102970188 B CN102970188 B CN 102970188B CN 201210517720 A CN201210517720 A CN 201210517720A CN 102970188 B CN102970188 B CN 102970188B
- Authority
- CN
- China
- Prior art keywords
- network
- module
- security
- information
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to a kind of 110kV digital transformer substation secure network, comprising: network security assessment system, described network security assessment system is for knowing the safe condition that network is current; Active Defending System Against, described Active Defending System Against is used for initiatively defending and stops the data of invasion network; Power network security system, described power network security system is used for the communications network security of 110kV digital transformer substation.Adopt technical scheme of the present invention, network safety situation accurately predicting can be realized, in order to improve network safety situation precision of prediction.
Description
Technical field
The present invention relates to a kind of net control, be specifically related to a kind of 110kV digital transformer substation secure network.
Background technology
The reason in Weihai is caused to have the following aspects to network security
1, system self reason
The opening of network: the opening of network system and wide regional coverage design make the secret difficulty of data strengthen.Wherein also comprise the wiring of network self and communication quality and the safety problem caused.The leak of software: communication protocol and communication software system imperfection, leave hidden danger to the invasion of various unsafe factor.The electromagnetic exposure of radio communication: the data in wireless communication system are aloft propagated in the form of an electromagnetic wave, there is electromagnetic wave easily may by what intercept and capture.
2, human factor
Internal staff divulges a secret: have shortage awareness of safety, the unconscious personnel divulged a secret; Also utilize legal identity to enter network, carry out the personnel having object to destroy.Network hacker: the hackers invading network is stolen, distorted and corrupt data, forms great threat to network.Also have Internet-related crimes personnel to the illegal use of network and destruction.Computer virus: the propagation that the computer virus emerged in multitude is exceedingly fast on the net, brings huge disaster to network security.
3, other reasons
Also have the unsound of such as security precautions technology, integrity problem and management system, the carelessness of safety legislation, and the infringement etc. of irresistible natural calamity and contingency.
Communications network security generally includes bearer network safety and service network safety, and network service safety and information transmit safety.Bearer network safety and service network rescue bag includes network reliability and survivability, network reliability and survivability rely on the aspect such as Environmental security, physical security, node security, link safety, topological safety, system safety to ensure; Network service comprises safely service availability and service controllability.Service availability is relevant with service network reliability and the ability of maintenance etc. to bearer network.Service controllability relies on service access security, and service is prevented denying, serving the aspects such as attack protection to ensure; Information transmission comprises safely information integrity, confidentiality and non-repudiation.Information integrity can rely on Package authentication mechanism to ensure; Information confidentiality can rely on encryption mechanism and key distribution etc. to ensure, information non-repudiation can rely on the technical guarantees such as digital signature.
Therefore, prior art existing defects, needs to improve.
Summary of the invention
The object of the invention is to overcome above-mentioned deficiency, a kind of 110kV digital transformer substation secure network is provided.
Realize the technical measures of above-mentioned purpose:
A kind of 110kV digital transformer substation secure network, wherein, comprising: network security assessment system, described network security assessment system is for knowing the safe condition that network is current; Active Defending System Against, described Active Defending System Against is used for initiatively defending and stops the data of invasion network; Power network security system, described power network security system is used for the communications network security of 110kV digital transformer substation.
Described 110kV digital transformer substation secure network, wherein, described network security assessment system is also provided with Network Situation prediction unit, and described Network Situation prediction unit at least comprises statistical module, for the number of frequencies statistics that network safety event occurs; The predetermined value module be connected with described statistical module, for the predetermined value of setting network threated degree; The comparison module be connected with described predetermined value module, for drawing the concrete data of network threated degree more afterwards with described predetermined value module; The computing module be connected with described comparison module, calculate network operation situation situation value be sent to feedback module for being weighted process to the concrete data of network threated degree in the number of frequencies in described statistical module and described comparison module, described feedback module respectively with described statistical module, described predetermined value module, described comparison module, described computing module connect respectively, for feeding back the data in modules, and provide the feedback report of future network Security Trend prediction according to the network operation situation situation value received.
Described 110kV digital transformer substation secure network, wherein, described Network Situation prediction unit is also provided with logging modle, and utilize NSS to record current goal security status, the data occurrence of described NSS is NSSV.
Described 110kV digital transformer substation secure network, wherein, described network security assessment system is also provided with network management and safety monitoring device, described network management and safety monitoring device comprise statistical module, for statistics network link information and or system management messages and or system monitoring information and or application service information; Computing module, for by entropy assessment and or analytic hierarchy process (AHP) calculate security postures index weights; Comparison module, draws network safety situation value for carrying out assessment to described security postures index; Analog module, draws network safety situation figure for simulating.
Described 110kV digital transformer substation secure network, wherein, described Active Defending System Against is also provided with detection module, for unknown attack information, the Zero-day Attack information of Sampling network; Setting module, when described detection module detect described unknown attack information and or Zero-day Attack information time setting Initiative Defense.
Described 110kV digital transformer substation secure network, wherein, described power network security system is also provided with detection module, for Sampling network communication security threat information; When detection module, safety guarantee module, for detecting that described Network Communicate Security threat information provides Networked RAID.
Described 110kV digital transformer substation secure network, wherein, described Network Communicate Security threat information at least comprises acquisition of information, interrupting information, distorts information, rogue program information one of them.
Described 110kV digital transformer substation secure network, wherein, described safety guarantee module comprises digital signature submodule, requires digital signature when described Network Communicate Security threat information being detected for described detection module.
Described 110kV digital transformer substation secure network, wherein, described safety guarantee module also comprises multiple agent submodule, and when detecting that monitored node is attacked for setting, corresponding agent side first performs defence.
Described 110kV digital transformer substation secure network, wherein, described safety guarantee module also comprises fire compartment wall submodule, for building fire compartment wall between different network security territories.
Adopt technical scheme of the present invention, network safety situation accurately predicting can be realized, in order to improve network safety situation precision of prediction.And can realize the network safety situation value of various discrete time supervision point being configured to the relevant multiple regression data sequence of partial linear, be input to improvement generalized regression nerve networks with it as sample set to be trained, and then obtain network safety situation forecast model.
Accompanying drawing explanation
Fig. 1 is Network Situation prediction unit schematic diagram in the present invention.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described in detail, can be easier to make advantages and features of the invention be readily appreciated by one skilled in the art, thus more explicit defining is made to protection scope of the present invention.
Embodiment one
Network security assessment system, in order to effectively know the safe condition that communication network is current, determines the weak link in network, and then selects suitable Networked RAID measure.Particularly when the communication performance of network requires to contradict with some Networked RAID measure, can accept or reject according to the result of network security assessment, ensure the unobstructed and safety of communication network.Network security assessment mainly from physical security, study carefully full control, managing secure data safety and the several level of technical security and assess.
Network Situation prediction unit is the number of frequencies occurred according to network safety event, and the difference of network threated degree, by weighting process, become by the network security information fusion of magnanimity one can show network operation situation situation value, then according to history with current network safety situation value to future network Security Trend prediction network safety situation by attack.
Network attack of a great variety, its realization mechanism and harm are also not quite similar, and are thus difficult to directly use the intrusion detection result of the Network Security Device such as fire compartment wall and intruding detection system to describe current network security situation.Common method utilizes NSS to describe the safe condition of current goal network.NSS refers in monitoring point sometime, if the whole network current safe state that in objective network, the factor such as various equipment operation condition, network behavior and user behavior is formed and variation tendency can the variation tendencies of accurately predicting NSS, then effectively can evade and guarding network attack, reduce network risks.NSSV is the embodiment that quantizes of NSS, is also the Data Source of NSSF.
Network management and safety monitoring device, by the research to trusted network connect framework (TNC) and network situation awareness system (CSA), for multi-data source certainty and probabilistic feature in trustable network safety, propose the networks security situation assessment based on Set Pair Analysis and Forecasting Methodology SPSAF.First SPSAF adopts method auditing the network link information system management messages system monitoring information and the application service information in feature based storehouse, then the entropy assessment of synthesis improvement and analytic hierarchy process (AHP) extract security postures index weights, recycling Method of Set Pair Analysis carries out assessment to security postures index and obtains network safety situation value, and then draw network safety situation figure, finally adopt Box-Jenkin model based on security postures value prediction network security trend. the simulation experiment result shows that SPSAF can reflect the current and following network safety situation accurately and effectively, contribute to keeper and effectively formulate network security policy, and energy Timeliness coverage risk, adjustable strategies and enforcement counter-measure quickly and accurately, reliable Networked RAID is more comprehensively provided.
Active Defending System Against, the mode that existing intrusion detection, firewall technology take security strategy to configure mostly carrys out the fail safe of protecting network.But these static Passive Defence technology, when unknown attack in network, Zero-day Attack, cannot complete dynamic safety guarantee effectively.Arrange the mechanism that some resist an invasion in systems in which, these mechanism carry out active defence when invading network and entering internal system, stop the transmission of invasion data, thus the invasion of the person of resisting an invasion.
Power network security system, the network architecture set up based on IEC61850 is consistent on upper-layer protocol, which greatly enhances the interoperability of power transformation station equipment.
To the external network that the attack of transformer station may connect from substation, the inside of transformer station also may be come from.These security threats mainly comprise:
(1) intercept and capture.The information transmitted between illegal acquisition transformer station and other system or illegally obtain the information stored in substation network.This often substation network system suffer the beginning of security violation.Under Electricity Market Operation environment, avoid information acquisition very important.
(2) interrupt.Make transformer station inner or and other system between communication disruption, make scheduling station cannot understand the operating condition of transformer station, the control command of main website also cannot correctly perform.
(3) distort.Guidance command in the information transmitted or transformer station between change transformer station and other system, revise definite value order etc., make scheduling station obtain wrong operating condition, or cause accident in transformer station.
(4) rogue program.Comprise the computer viruses such as computer worm, Trojan Horse, logic bomb, have a strong impact on correctness, real-time and reliability that transformer substation system runs, and may systemic breakdown be made.
The Networked RAID measure module of digital transformer substation comprises:
One is the strategy employing digital signature submodule based on digital signature, and first transmit leg imposes mathematic(al) manipulation to information, and the information of gained is only corresponding with prime information; Then recipient carries out inverse transformation, obtains raw information.As long as mathematic(al) manipulation method is excellent, the information after conversion just has very strong fail safe in the transmission, is difficult to be decrypted, distort.
Two is based on virtual net submodule, just effectively can realize the Secure isolation of information based on the vlan technology of stipulations by dividing different application (and not needing corresponding physical port) at logical layer.
Three is based on multiple agent submodule, multiple agent is the Disciplinary Frontiers that distributed artificial intelligence DA I (Distributed Arti2ficial Intelligence) studies, the system be made up of multiple intelligent body, be based upon on distributed environment basis to the application study of multiple agent, the key character that digital transformer substation embodies is exactly that electric substation automation system is rendered as layered distribution type, information interaction between various IED equipment is realized by the network communications technology, on this technical characteristic, digital transformer substation LAN backbone is very suitable for the application of multiple agent.
Based on the adaptive network safety of multiple agent, be characterized in the corresponding intelligent body of each monitored node.When detecting that monitored node is attacked, corresponding A gent first performs corresponding strategy.If this intelligent body can not be dealt with problems, then ask Harmony evaluation.Harmony evaluation by analysis, with reference to Security Policy Database, can be coordinated multiple intelligent body and jointly solves.If all can't resolve, then do same process by Harmony evaluation request upper level Harmony evaluation.Major advantage is: 1. on-line study system can be summed up the feature of invader and formulate corresponding countermeasure, and prevent other equipment from suffering to attack 2. offered load light, operating efficiency is high, and most intelligent body can solve safety problem in locality.In load-center substation, can consider to install the network security management system based on multiple agent additional, the attack through fire compartment wall is detected in real time and takes Corresponding Countermeasures, to improve the security performance of network further.
Four is based on fire compartment wall submodule, fire compartment wall constructs one safety curtain between heterogeneous networks or network security territory, it, by refusing illegal port selectively, allows legal TCP/IP data flow to pass through, can not flow to illegal place with the data and resource that ensure in-house network.The Different factor combination such as IP address, agreement, application port number, application protocol, message direction of firewall security technical support message.According to the difference of place of safety Business Nature, arranging of firewall security policy can be distinguished to some extent.Generally speaking, the work of fire compartment wall is general all very effective, adventurous Internet can be stoped to access and enter in-house network.
Embodiment two
As shown in Figure 1, a kind of 110kV digital transformer substation secure network, wherein, comprising: network security assessment system, and described network security assessment system is for knowing the safe condition that network is current; Active Defending System Against, described Active Defending System Against is used for initiatively defending and stops the data of invasion network; Power network security system, described power network security system is used for the communications network security of 110kV digital transformer substation.
In above-described embodiment, described network security assessment system is also provided with Network Situation prediction unit, and described Network Situation prediction unit at least comprises statistical module, for the number of frequencies statistics that network safety event occurs; The predetermined value module be connected with described statistical module, for the predetermined value of setting network threated degree; The comparison module be connected with described predetermined value module, for drawing the concrete data of network threated degree more afterwards with described predetermined value module; The computing module be connected with described comparison module, calculate network operation situation situation value be sent to feedback module for being weighted process to the concrete data of network threated degree in the number of frequencies in described statistical module and described comparison module, described feedback module respectively with described statistical module, described predetermined value module, described comparison module, described computing module connect respectively, for feeding back the data in modules, and provide the feedback report of future network Security Trend prediction according to the network operation situation situation value received.
In above-described embodiment, described Network Situation prediction unit is also provided with logging modle, and utilize NSS to record current goal security status, the data occurrence of described NSS is NSSV.
In above-described embodiment, described network security assessment system is also provided with network management and safety monitoring device, described network management and safety monitoring device comprise statistical module, for statistics network link information and or system management messages and or system monitoring information and or application service information; Computing module, for by entropy assessment and or analytic hierarchy process (AHP) calculate security postures index weights; Comparison module, draws network safety situation value for carrying out assessment to described security postures index; Analog module, draws network safety situation figure for simulating.
In above-described embodiment, described Active Defending System Against is also provided with detection module, for unknown attack information, the Zero-day Attack information of Sampling network; Setting module, when described detection module detect described unknown attack information and or Zero-day Attack information time setting Initiative Defense.
In above-described embodiment, described power network security system is also provided with detection module, for Sampling network communication security threat information; When detection module, safety guarantee module, for detecting that described Network Communicate Security threat information provides Networked RAID.
In above-described embodiment, described Network Communicate Security threat information at least comprises acquisition of information, interrupting information, distorts information, rogue program information one of them.
In above-described embodiment, described safety guarantee module comprises digital signature submodule, requires digital signature when described Network Communicate Security threat information being detected for described detection module.
In above-described embodiment, described safety guarantee module also comprises multiple agent submodule, and when detecting that monitored node is attacked for setting, corresponding agent side first performs defence.
In above-described embodiment, described safety guarantee module also comprises fire compartment wall submodule, for building fire compartment wall between different network security territories.
Above embodiment, just the present invention's more preferably one of embodiment, the usual change of those skilled in the art within the scope of the solution of the present invention and replacing all should be included in protection scope of the present invention.
Claims (5)
1. a 110kV digital transformer substation secure network, is characterized in that, comprising: network security assessment system, and described network security assessment system is for knowing the safe condition that network is current; Active Defending System Against, described Active Defending System Against is used for initiatively defending and stops the data of invasion network; Power network security system, described power network security system is used for the communications network security of 110kV digital transformer substation; Described network security assessment system is also provided with Network Situation prediction unit, and described Network Situation prediction unit at least comprises statistical module, for the number of frequencies statistics that network safety event occurs; The predetermined value module be connected with described statistical module, for the predetermined value of setting network threated degree; The comparison module be connected with described predetermined value module, for drawing the concrete data of network threated degree more afterwards with described predetermined value module; The computing module be connected with described comparison module, calculate network operation situation situation value be sent to feedback module for being weighted process to the concrete data of network threated degree in the number of frequencies in described statistical module and described comparison module, described feedback module respectively with described statistical module, described predetermined value module, described comparison module, described computing module connect respectively, for feeding back the data in modules, and provide the feedback report of future network Security Trend prediction according to the network operation situation situation value received; Described Network Situation prediction unit is also provided with logging modle, and utilize NSS to record current goal security status, the data occurrence of described NSS is NSSV; Described network security assessment system is also provided with network management and safety monitoring device, described network management and safety monitoring device comprise statistical module, for statistics network link information and or system management messages and or system monitoring information and or application service information; Computing module, for by entropy assessment and or analytic hierarchy process (AHP) calculate security postures index weights; Comparison module, draws network safety situation value for carrying out assessment to described security postures index; Analog module, draws network safety situation figure for simulating; Described Active Defending System Against is also provided with detection module, for unknown attack information, the Zero-day Attack information of Sampling network; Setting module, when described detection module detect described unknown attack information and or Zero-day Attack information time setting Initiative Defense; Described power network security system is also provided with detection module, for Sampling network communication security threat information; When detection module, safety guarantee module, for detecting that described Network Communicate Security threat information provides Networked RAID.
2. 110kV digital transformer substation secure network as claimed in claim 1, is characterized in that, described Network Communicate Security threat information at least comprises acquisition of information, interrupting information, distorts information, rogue program information one of them.
3. 110kV digital transformer substation secure network as claimed in claim 2, it is characterized in that, described safety guarantee module comprises digital signature submodule, requires digital signature when described Network Communicate Security threat information being detected for described detection module.
4. 110kV digital transformer substation secure network as claimed in claim 2, it is characterized in that, described safety guarantee module also comprises multiple agent submodule, and when detecting that monitored node is attacked for setting, corresponding agent side first performs defence.
5. 110kV digital transformer substation secure network as claimed in claim 2, it is characterized in that, described safety guarantee module also comprises fire compartment wall submodule, for building fire compartment wall between different network security territories.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210517720.6A CN102970188B (en) | 2012-12-06 | 2012-12-06 | A kind of 110kV digital transformer substation secure network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210517720.6A CN102970188B (en) | 2012-12-06 | 2012-12-06 | A kind of 110kV digital transformer substation secure network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102970188A CN102970188A (en) | 2013-03-13 |
| CN102970188B true CN102970188B (en) | 2015-09-09 |
Family
ID=47800079
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210517720.6A Active CN102970188B (en) | 2012-12-06 | 2012-12-06 | A kind of 110kV digital transformer substation secure network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102970188B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763562B (en) * | 2016-04-15 | 2019-04-09 | 全球能源互联网研究院 | Power Information Network method for establishing model and system towards electric power CPS risk assessment |
| CN106960035A (en) * | 2017-03-22 | 2017-07-18 | 东莞职业技术学院 | A kind of enterprise's cloud computing is served by system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| CN101562537A (en) * | 2009-05-19 | 2009-10-21 | 华中科技大学 | Distributed self-optimized intrusion detection alarm associated system |
| CN103749000B (en) * | 2010-06-09 | 2012-02-08 | 北京理工大学 | A kind of internal network monitoring system based on multi-level information fusion |
-
2012
- 2012-12-06 CN CN201210517720.6A patent/CN102970188B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| CN101562537A (en) * | 2009-05-19 | 2009-10-21 | 华中科技大学 | Distributed self-optimized intrusion detection alarm associated system |
| CN103749000B (en) * | 2010-06-09 | 2012-02-08 | 北京理工大学 | A kind of internal network monitoring system based on multi-level information fusion |
Non-Patent Citations (1)
| Title |
|---|
| 数字化变电站信息安全分析及其防范措施研究;杨文征等;《机电工程》;20070930;第24卷(第9期);第94-97页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102970188A (en) | 2013-03-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Radoglou-Grammatikis et al. | Securing the smart grid: A comprehensive compilation of intrusion detection and prevention systems | |
| Sun et al. | Cyber security of a power grid: State-of-the-art | |
| Yaacoub et al. | Cyber-physical systems security: Limitations, issues and future trends | |
| Goel et al. | Security challenges in smart grid implementation | |
| Fan et al. | Overview of cyber-security of industrial control system | |
| Taylor et al. | Security challenges and methods for protecting critical infrastructure cyber-physical systems | |
| Hussain et al. | Vulnerabilities and countermeasures in electrical substations | |
| CN107276983A (en) | A kind of the traffic security control method and system synchronous with cloud based on DPI | |
| Abouzakhar | Critical infrastructure cybersecurity: A review of recent threats and violations | |
| Ryu et al. | Reducing security vulnerabilities for critical infrastructure | |
| Saxena et al. | Impact evaluation of malicious control commands in cyber-physical smart grids | |
| Yang et al. | Attack and defence methods in cyber‐physical power system | |
| Rekik et al. | A cyber-physical threat analysis for microgrids | |
| Zheng et al. | Smart grid: Cyber attacks, critical defense approaches, and digital twin | |
| Wang et al. | A new model approach of electrical cyber physical systems considering cyber security | |
| Yu et al. | A faramework for cyber–physical system security situation awareness | |
| Hasan et al. | DDoS: Distributed denial of service attack in communication standard vulnerabilities in smart grid applications and cyber security with recent developments | |
| Jumani et al. | Fog computing security: A review | |
| CN102970188B (en) | A kind of 110kV digital transformer substation secure network | |
| Adeyanju et al. | Digital industrial control systems: vulnerabilities and security technologies | |
| Maw et al. | An adaptive access control model with privileges overriding and behaviour monitoring in wireless sensor networks | |
| Johnson et al. | Physical security and cybersecurity of energy storage systems | |
| CN202949452U (en) | 110kV digital substation security network | |
| Kamal et al. | Identifying and scoring vulnerability in scada environments | |
| Rencelj Ling et al. | Securing Communication and Identifying Threats in RTUs: A Vulnerability Analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |