CN111598268B - Power plant equipment detection method, system, equipment and computer storage medium - Google Patents
Power plant equipment detection method, system, equipment and computer storage medium Download PDFInfo
- Publication number
- CN111598268B CN111598268B CN202010443923.XA CN202010443923A CN111598268B CN 111598268 B CN111598268 B CN 111598268B CN 202010443923 A CN202010443923 A CN 202010443923A CN 111598268 B CN111598268 B CN 111598268B
- Authority
- CN
- China
- Prior art keywords
- power plant
- target operation
- maintenance terminal
- plant equipment
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/20—Administration of product repair or maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/06—Electricity, gas or water supply
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/50—Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications
Abstract
The application discloses a power plant equipment detection method, a system, equipment and a computer storage medium, wherein virus searching and killing are carried out on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining power plant equipment; judging whether the target operation terminal carries viruses or not based on the virus searching and killing result; if the target operation and maintenance terminal is judged to not carry viruses, allowing the target operation and maintenance terminal to be connected with the power plant equipment, and judging the safety of the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, allowing the target operation and maintenance terminal to operate the power plant equipment, and if the operation information is judged to be dangerous, prohibiting the target operation and maintenance terminal from operating the power plant equipment; and if the target operation and maintenance terminal is judged to carry viruses, the target operation and maintenance terminal is forbidden to be connected with the power plant equipment. In the application, the threat of the target operation terminal to the power plant equipment is avoided, and the safety protection of the power plant equipment is improved.
Description
Technical Field
The present disclosure relates to the field of power plant detection technology, and more particularly, to a power plant detection method, system, device, and computer storage medium.
Background
With the gradual maturity of the technology of the internet of things and the arrival of industry 4.0, a new revolution is raised worldwide, the technical revolution of industrial safety network protection is raised, the problem of the network safety (industrial control safety for short) of the traditional industrial control system becomes a serious challenge facing the safety of enterprises and countries, and the industrial control system is concerned by more and more enterprises and governments, and particularly, a few large industrial equipment attack events occur worldwide. The existing power plant control system mainly aims at some patch repair and disinfection functions of some discovered loopholes, can ensure the safety of power plant equipment to a certain extent, but still has the condition that the power plant equipment is attacked, and has low strength of protecting the safety of the power plant equipment.
In summary, how to improve the safety of power plant equipment is a problem to be solved by those skilled in the art.
Disclosure of Invention
The purpose of the application is to provide a power plant equipment detection method, which can solve the technical problem of how to improve the power plant equipment safety protection degree to a certain extent. The application also provides a power plant equipment detection system, equipment and a computer readable storage medium.
In order to achieve the above object, the present application provides the following technical solutions:
a power plant equipment detection method, comprising:
performing virus checking and killing on a target operation and maintenance terminal to obtain a virus checking and killing result, wherein the target operation and maintenance terminal is used for operating and maintaining the power plant equipment;
judging whether the target operation terminal carries viruses or not based on the virus searching and killing result;
allowing the target operation and maintenance terminal to be connected with the power plant equipment if the target operation and maintenance terminal is judged to not carry viruses, and judging the safety of the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, allowing the target operation and maintenance terminal to operate the power plant equipment if the operation information is judged to be safe, and prohibiting the target operation and maintenance terminal from operating the power plant equipment if the operation information is judged to be dangerous;
and if the target operation and maintenance terminal is judged to carry viruses, the target operation and maintenance terminal is forbidden to be connected with the power plant equipment.
Preferably, the performing security judgment on the operation information of the target operation terminal to operate the power plant device includes:
carrying out protocol analysis on the operation information to obtain an analysis result;
and carrying out safety judgment on the operation information based on the analysis result.
Preferably, the allowing the target operation terminal to connect to the power plant device includes:
judging whether the target operation terminal has the authority to access the power plant equipment or not;
and if the target operation and maintenance terminal has the authority to access the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
Preferably, after the allowing the target operation and maintenance terminal to connect to the power plant device, before the performing security judgment on the operation information of the target operation and maintenance terminal to operate the power plant device, the method further includes:
transmitting a target list to the target operation and maintenance terminal so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list comprises a device list, a protocol list and a port list of power plant devices which are allowed to be accessed by the target operation and maintenance terminal.
Preferably, after the target operation and maintenance terminal is allowed to connect with the power plant equipment, the method further comprises:
recording the target operation terminal on a screen to obtain recording information;
and storing the recording information.
Preferably, after the target operation and maintenance terminal is allowed to connect with the power plant equipment, the method further comprises:
and recording and storing the behavior log of the target operation and maintenance terminal.
Preferably, the virus searching and killing process for the target operation and maintenance terminal to obtain a virus searching and killing result includes:
and carrying out virus searching and killing on the target operation terminal based on a preset U shield to obtain a virus searching and killing result.
A power plant equipment detection system, comprising:
the first searching and killing module is used for searching and killing viruses on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining the power plant equipment;
the first judging module is used for judging whether the target operation terminal carries viruses or not based on the virus searching and killing result;
the first execution module is used for allowing the target operation and maintenance terminal to be connected with the power plant equipment if the target operation and maintenance terminal does not carry viruses, and carrying out safety judgment on the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, allowing the target operation and maintenance terminal for operating the power plant equipment if the operation information is judged to be safe, and prohibiting the target operation and maintenance terminal from operating the power plant equipment if the operation information is judged to be dangerous;
and the second execution module is used for prohibiting the target operation and maintenance terminal from being connected with the power plant equipment if the target operation and maintenance terminal is judged to carry viruses.
A power plant equipment detection apparatus, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the power plant detection method as described in any one of the above when executing the computer program.
A computer readable storage medium having stored therein a computer program which when executed by a processor implements the steps of the power plant detection method as described in any of the above.
According to the power plant equipment detection method, virus searching and killing are carried out on the target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining power plant equipment; judging whether the target operation terminal carries viruses or not based on the virus searching and killing result; if the target operation and maintenance terminal is judged to not carry viruses, allowing the target operation and maintenance terminal to be connected with the power plant equipment, and judging the safety of the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, allowing the target operation and maintenance terminal to operate the power plant equipment, and if the operation information is judged to be dangerous, prohibiting the target operation and maintenance terminal from operating the power plant equipment; and if the target operation and maintenance terminal is judged to carry viruses, the target operation and maintenance terminal is forbidden to be connected with the power plant equipment. In the method, after the fact that the target operation and maintenance terminal does not carry viruses is judged based on virus checking and killing results, the target operation and maintenance terminal is allowed to be connected with the power plant equipment, in the process that the target operation and maintenance terminal operates the power plant equipment, safety judgment needs to be carried out on operation information of the target operation and maintenance terminal to operate the power plant equipment, if the operation information is judged to be safe, the target operation and maintenance terminal is allowed to operate the power plant equipment, if the operation information is judged to be dangerous, the target operation and maintenance terminal is forbidden to operate the power plant equipment, threat brought by the target operation and maintenance terminal to the power plant equipment is avoided, and safety protection force of the power plant equipment is improved. The power plant equipment detection system, the power plant equipment detection equipment and the computer readable storage medium also solve the corresponding technical problems.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flowchart of a power plant equipment detection method provided in an embodiment of the present application;
FIG. 2 is a schematic connection diagram of an execution body of a power plant equipment detection method according to an embodiment of the present application;
FIG. 3 is a schematic structural diagram of a power plant equipment detection system according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a power plant equipment detection device according to an embodiment of the present application;
fig. 5 is another schematic structural diagram of a power plant equipment detection device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
With the gradual maturity of the technology of the internet of things and the arrival of industry 4.0, a new revolution is raised worldwide, the technical revolution of industrial safety network protection is raised, the problem of the network safety (industrial control safety for short) of the traditional industrial control system becomes a serious challenge facing the safety of enterprises and countries, and the industrial control system is concerned by more and more enterprises and governments, and particularly, a few large industrial equipment attack events occur worldwide. Because of the relatively closed and lagged environment of some industrial control systems, most of industrial control systems only pay attention to the functional implementation of the industrial systems, and the safety protection of the industrial systems is relatively lack of technology and management experience, so that the current state of industrial control safety is in a state of 'congenital deficiency, acquired malnutrition and future worry'. The protocol and design of the industrial control system are biased to the real-time and reliable realization of functions during research and development, and lack of early design and effective defense methods for security attacks. In addition, because the industrial control system worry about the problem of system compatibility, patches are not updated generally, even some workstation suppliers explicitly require users to upgrade the system by themselves, and a large number of security holes can be accumulated after the system operates for a long time; in addition, the operation and maintenance process lacks scientific safety consciousness, management and technical scheme, and the defects make an industrial control system extremely fragile when facing network safety attack, so that great hidden danger is brought to safety production. The existing power plant control system mainly aims at some patch repair and disinfection functions of some discovered loopholes, can ensure the safety of power plant equipment to a certain extent, but still has the condition that the power plant equipment is attacked, and has low strength of protecting the safety of the power plant equipment. The power plant equipment detection method can improve the power of protecting the safety of the power plant equipment.
Referring to fig. 1, fig. 1 is a flowchart of a power plant equipment detection method according to an embodiment of the present application.
The power plant equipment detection method provided by the embodiment of the application can comprise the following steps:
step S101: and carrying out virus checking and killing on the target operation and maintenance terminal to obtain a virus checking and killing result, wherein the target operation and maintenance terminal is used for operating and maintaining power plant equipment.
In practical application, virus searching and killing can be performed on the target operation and maintenance terminal to obtain a corresponding virus searching and killing result. The method for checking and killing the viruses of the target operation and maintenance terminal can be determined according to actual needs, for example, the method can be used for checking and killing the viruses of the target operation and maintenance terminal through a virus checking and killing engine; in addition, the type of the target operation and maintenance terminal may be determined according to the operation and maintenance type of the power plant, for example, may be a computer or the like that performs network operation and maintenance on the power plant. It should be noted that, since the virus killing result carries virus detection information of the target operation and maintenance terminal, it is possible to determine whether the target operation and maintenance terminal carries a virus by means of the virus killing result.
Step S102: judging whether the target operation terminal carries viruses or not based on the virus searching and killing result; if the target operation and maintenance terminal is judged not to carry virus, executing step S103; if it is determined that the target operation and maintenance terminal carries a virus, step S104 is executed.
Step S103: and allowing the target operation and maintenance terminal to be connected with the power plant equipment, judging the safety of the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, allowing the target operation and maintenance terminal to operate the power plant equipment if the operation information is judged to be safe, and prohibiting the target operation and maintenance terminal from operating the power plant equipment if the operation information is judged to be dangerous.
Step S104: and prohibiting the target operation terminal from being connected with the power plant equipment.
In practical application, after the virus searching and killing result is obtained, whether the target operation and maintenance terminal carries viruses can be judged based on the virus searching and killing result; if the target operation and maintenance terminal is judged to not carry viruses, allowing the target operation and maintenance terminal to be connected with the power plant equipment, and judging the safety of the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, allowing the target operation and maintenance terminal to operate the power plant equipment, and if the operation information is judged to be dangerous, prohibiting the target operation and maintenance terminal from operating the power plant equipment; and if the target operation and maintenance terminal is judged to carry viruses, the target operation and maintenance terminal is forbidden to be connected with the power plant equipment. The target operation and maintenance terminal is allowed to operate the power plant equipment only under the condition that the target operation and maintenance terminal does not carry viruses and the operation information of the target operation and maintenance terminal is safe, so that the safety risk brought by the target operation and maintenance terminal to the power plant equipment can be reduced, and the safety of the power plant equipment is improved.
According to the power plant equipment detection method, virus searching and killing are carried out on the target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining power plant equipment; judging whether the target operation terminal carries viruses or not based on the virus searching and killing result; if the target operation and maintenance terminal is judged to not carry viruses, allowing the target operation and maintenance terminal to be connected with the power plant equipment, and judging the safety of the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, allowing the target operation and maintenance terminal to operate the power plant equipment, and if the operation information is judged to be dangerous, prohibiting the target operation and maintenance terminal from operating the power plant equipment; and if the target operation and maintenance terminal is judged to carry viruses, the target operation and maintenance terminal is forbidden to be connected with the power plant equipment. In the method, after the target operation and maintenance terminal is judged to not carry viruses based on virus searching and killing results, the target operation and maintenance terminal is allowed to be connected with the power plant equipment, in the process of operating the power plant equipment by the target operation and maintenance terminal, safety judgment is needed to be carried out on the operation information of the power plant equipment operated by the target operation and maintenance terminal, if the operation information is judged to be safe, the target operation and maintenance terminal is allowed to operate the power plant equipment, if the operation information is judged to be dangerous, the target operation and maintenance terminal is forbidden to operate the power plant equipment, threat brought by the target operation and maintenance terminal to the power plant equipment is avoided, safety protection force of the power plant equipment is improved,
in the method for detecting the power plant equipment provided by the embodiment of the application, in the process of performing security judgment on the operation information of the power plant equipment operated by the target operation and maintenance terminal, the security judgment can be performed on the operation information by means of a protocol analysis method, namely, the protocol analysis can be performed on the operation information, for example, SSH protocol analysis, RDP protocol analysis, TELNET protocol analysis, FTP protocol analysis, SFTP protocol analysis, rlogic protocol analysis and the like are performed on the operation information to obtain analysis results; and carrying out safety judgment on the operation information based on the analysis result.
In the power plant equipment detection method provided by the embodiment of the present application, in order to further determine the security of the target operation and maintenance equipment, the power plant equipment that can be accessed by each operation and maintenance terminal may be preset, and the step of determining whether the operation and maintenance terminal can be connected with the power plant equipment by means of the authority of the operation and maintenance terminal to access the power plant equipment, that is, allowing the target operation and maintenance terminal to connect with the power plant equipment may specifically be: judging whether the target operation terminal has the authority for accessing the power plant equipment or not; and if the target operation and maintenance terminal has the authority to access the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
In practical application, after allowing the target operation and maintenance terminal to connect with the power plant equipment, before performing security judgment on the operation information of the target operation and maintenance terminal for operating the power plant equipment, the target list can be sent to the target operation and maintenance terminal, so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list may include a device list, a protocol list, a port list, etc. of the power plant devices that the target operation and maintenance terminal is allowed to access.
In practical application, in order to facilitate the follow-up tracking and backtracking of the process of operating the power plant equipment of the target operation and maintenance terminal, after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, the target operation and maintenance terminal can be recorded on a screen to obtain recording information; and storing the recording information so as to judge whether the safety risk exists in the operation and maintenance process of the target operation and maintenance terminal on the power plant equipment according to the recording information.
In practical application, in order to facilitate subsequent tracking and backtracking of operation information of the target operation and maintenance terminal for operating the power plant equipment, after judging that the target operation and maintenance terminal is allowed to be connected with the power plant equipment, a behavior log of the target operation and maintenance terminal can be recorded and stored, so that whether safety risks exist in the operation process of the target operation and maintenance terminal on the power plant equipment or not can be judged according to the behavior log.
In the power plant equipment detection method provided by the embodiment of the application, when virus searching and killing are performed on the target operation and maintenance terminal to obtain the virus searching and killing result, in order to quickly obtain the virus searching and killing result, the virus searching and killing can be performed on the target operation and maintenance terminal by means of the U shield, namely, the virus searching and killing can be performed on the target operation and maintenance terminal based on the preset U shield to obtain the virus searching and killing result.
It should be noted that, the execution main body of the power plant equipment detection method according to the present application may be flexibly determined according to needs, for example, the execution main body may be an equipment safety protection device independent of the target operation and maintenance terminal and the power plant equipment, and at this time, the connection manner among the equipment safety protection device, the target operation and maintenance terminal, the power plant equipment, and the U shield may be as shown in fig. 2, and the equipment safety protection device may serve the target operation and maintenance terminal based on the transparent proxy technology.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a power plant equipment detection system according to an embodiment of the present application.
The power plant equipment detection system provided by the embodiment of the application may include:
the first checking and killing module 101 is used for checking and killing viruses on a target operation and maintenance terminal to obtain a virus checking and killing result, wherein the target operation and maintenance terminal is used for operating and maintaining power plant equipment;
the first judging module 102 is configured to judge whether the target operation and maintenance terminal carries a virus based on a virus killing result;
the first execution module 103 is configured to allow the target operation and maintenance terminal to connect to the power plant if the target operation and maintenance terminal does not carry virus, and perform security judgment on operation information of the target operation and maintenance terminal to operate the power plant in the process of operating the power plant by the target operation and maintenance terminal, if the operation information is determined to be safe, allow the target operation and maintenance terminal to operate the power plant, and if the operation information is determined to be dangerous, prohibit the target operation and maintenance terminal from operating the power plant;
and the second execution module 104 is used for prohibiting the target operation and maintenance terminal from being connected with the power plant equipment if the target operation and maintenance terminal is judged to carry viruses.
The embodiment of the application provides a power plant equipment detecting system, a first execution module may include:
the first analysis unit is used for carrying out protocol analysis on the operation information to obtain an analysis result;
and the first judging unit is used for judging the safety of the operation information based on the analysis result.
The embodiment of the application provides a power plant equipment detecting system, a first execution module may include:
the second judging unit is used for judging whether the target operation and maintenance terminal has the authority for accessing the power plant equipment; and if the target operation and maintenance terminal has the authority to access the power plant equipment, executing the process of allowing the target operation and maintenance terminal to be connected with the power plant equipment.
The power plant equipment detection system provided by the embodiment of the application may further include:
the first sending module is used for sending a target list to the target operation and maintenance terminal after the first execution module allows the target operation and maintenance terminal to be connected with the power plant equipment and before safety judgment is carried out on operation information of the target operation and maintenance terminal for operating the power plant equipment, so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list includes a device list, a protocol list, and a port list of the power plant devices that the target operation and maintenance terminal is allowed to access.
The power plant equipment detection system provided by the embodiment of the application may further include:
the first recording module is used for carrying out screen recording on the target operation and maintenance terminal after the first execution module allows the target operation and maintenance terminal to be connected with the power plant equipment, so as to obtain recording information;
and the first storage module is used for storing the recording information.
The power plant equipment detection system provided by the embodiment of the application may further include:
and the first recording module is used for recording and storing the behavior log of the target operation and maintenance terminal after the first execution module allows the target operation and maintenance terminal to be connected with the power plant equipment.
The embodiment of the application provides a power plant equipment detecting system, the first module of killing can include:
the first searching and killing unit is used for searching and killing viruses on the target operation and maintenance terminal based on a preset U shield to obtain a virus searching and killing result.
The application also provides a power plant equipment detection device and a computer readable storage medium, which have the corresponding effects of the power plant equipment detection method. Referring to fig. 4, fig. 4 is a schematic structural diagram of a power plant equipment detection device according to an embodiment of the present application.
The power plant equipment detection equipment provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 realizes the following steps when executing the computer program:
virus checking and killing are carried out on the target operation and maintenance terminal to obtain a virus checking and killing result, and the target operation and maintenance terminal is used for operating and maintaining power plant equipment;
judging whether the target operation terminal carries viruses or not based on the virus searching and killing result;
if the target operation and maintenance terminal is judged to not carry viruses, allowing the target operation and maintenance terminal to be connected with the power plant equipment, and judging the safety of the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, allowing the target operation and maintenance terminal to operate the power plant equipment, and if the operation information is judged to be dangerous, prohibiting the target operation and maintenance terminal from operating the power plant equipment;
and if the target operation and maintenance terminal is judged to carry viruses, the target operation and maintenance terminal is forbidden to be connected with the power plant equipment.
The power plant equipment detection equipment provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 realizes the following steps when executing the computer program: carrying out protocol analysis on the operation information to obtain an analysis result; and carrying out safety judgment on the operation information based on the analysis result.
The power plant equipment detection equipment provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 realizes the following steps when executing the computer program: judging whether the target operation terminal has the authority for accessing the power plant equipment or not; and if the target operation and maintenance terminal has the authority to access the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
The power plant equipment detection equipment provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 realizes the following steps when executing the computer program: after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, before safety judgment is carried out on the operation information of the target operation and maintenance terminal for operating the power plant equipment, a target list is sent to the target operation and maintenance terminal, so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list includes a device list, a protocol list, and a port list of the power plant devices that the target operation and maintenance terminal is allowed to access.
The power plant equipment detection equipment provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 realizes the following steps when executing the computer program: allowing the target operation and maintenance terminal to be connected with power plant equipment, and then recording a screen of the target operation and maintenance terminal to obtain recording information; and storing the recording information.
The power plant equipment detection equipment provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 realizes the following steps when executing the computer program: and after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, recording and storing the behavior log of the target operation and maintenance terminal.
The power plant equipment detection equipment provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 realizes the following steps when executing the computer program: and carrying out virus checking and killing on the target operation terminal based on a preset U shield to obtain a virus checking and killing result.
Referring to fig. 5, another power plant detection apparatus provided in an embodiment of the present application may further include: an input port 203 connected to the processor 202 for transmitting an externally input command to the processor 202; a display unit 204 connected to the processor 202, for displaying the processing result of the processor 202 to the outside; and the communication module 205 is connected with the processor 202 and is used for realizing the communication between the power plant equipment detection equipment and the outside. The display unit 204 may be a display panel, a laser scanning display, or the like; communication means employed by the communication module 205 include, but are not limited to, mobile high definition link technology (HML), universal Serial Bus (USB), high Definition Multimedia Interface (HDMI), wireless connection: wireless fidelity (WiFi), bluetooth communication, bluetooth low energy communication, ieee802.11s based communication.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented:
virus checking and killing are carried out on the target operation and maintenance terminal to obtain a virus checking and killing result, and the target operation and maintenance terminal is used for operating and maintaining power plant equipment;
judging whether the target operation terminal carries viruses or not based on the virus searching and killing result;
if the target operation and maintenance terminal is judged to not carry viruses, allowing the target operation and maintenance terminal to be connected with the power plant equipment, and judging the safety of the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, allowing the target operation and maintenance terminal to operate the power plant equipment, and if the operation information is judged to be dangerous, prohibiting the target operation and maintenance terminal from operating the power plant equipment;
and if the target operation and maintenance terminal is judged to carry viruses, the target operation and maintenance terminal is forbidden to be connected with the power plant equipment.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: carrying out protocol analysis on the operation information to obtain an analysis result; and carrying out safety judgment on the operation information based on the analysis result.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: judging whether the target operation terminal has the authority for accessing the power plant equipment or not; and if the target operation and maintenance terminal has the authority to access the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, before safety judgment is carried out on the operation information of the target operation and maintenance terminal for operating the power plant equipment, a target list is sent to the target operation and maintenance terminal, so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list includes a device list, a protocol list, and a port list of the power plant devices that the target operation and maintenance terminal is allowed to access.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: allowing the target operation and maintenance terminal to be connected with power plant equipment, and then recording a screen of the target operation and maintenance terminal to obtain recording information; and storing the recording information.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: and after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, recording and storing the behavior log of the target operation and maintenance terminal.
The embodiment of the application provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: and carrying out virus checking and killing on the target operation terminal based on a preset U shield to obtain a virus checking and killing result.
The computer readable storage medium referred to in this application includes Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The description of the relevant parts in the power plant equipment detection system, the power plant equipment detection equipment and the computer readable storage medium provided in the embodiments of the present application is referred to in the detailed description of the corresponding parts in the power plant equipment detection method provided in the embodiments of the present application, and will not be repeated here. In addition, the parts of the above technical solutions provided in the embodiments of the present application, which are consistent with the implementation principles of the corresponding technical solutions in the prior art, are not described in detail, so that redundant descriptions are avoided.
It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (9)
1. A power plant equipment detection method, characterized by comprising:
performing virus checking and killing on a target operation and maintenance terminal to obtain a virus checking and killing result, wherein the target operation and maintenance terminal is used for operating and maintaining the power plant equipment;
judging whether the target operation terminal carries viruses or not based on the virus searching and killing result;
allowing the target operation and maintenance terminal to be connected with the power plant equipment if the target operation and maintenance terminal is judged to not carry viruses, and judging the safety of the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, allowing the target operation and maintenance terminal to operate the power plant equipment if the operation information is judged to be safe, and prohibiting the target operation and maintenance terminal from operating the power plant equipment if the operation information is judged to be dangerous;
if the target operation and maintenance terminal is judged to carry viruses, the target operation and maintenance terminal is forbidden to be connected with the power plant equipment;
the step of performing security judgment on the operation information of the target operation terminal for operating the power plant equipment includes:
carrying out protocol analysis on the operation information to obtain analysis results, wherein the protocol analysis comprises SSH protocol analysis, RDP protocol analysis, TELNET protocol analysis, FTP protocol analysis, SFTP protocol analysis and Rlogic protocol analysis;
and carrying out safety judgment on the operation information based on the analysis result.
2. The method of claim 1, wherein the allowing the target operation terminal to connect to the power plant device comprises:
judging whether the target operation terminal has the authority to access the power plant equipment or not;
and if the target operation and maintenance terminal has the authority to access the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
3. The method according to claim 1, wherein after the allowing the target operation and maintenance terminal to connect to the power plant device, before the performing security judgment on the operation information of the target operation and maintenance terminal to operate the power plant device, further comprises:
transmitting a target list to the target operation and maintenance terminal so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list comprises a device list, a protocol list and a port list of power plant devices which are allowed to be accessed by the target operation and maintenance terminal.
4. A method according to any one of claims 1 to 3, wherein after said allowing said target operation and maintenance terminal to connect to said power plant, further comprising:
recording the target operation terminal on a screen to obtain recording information;
and storing the recording information.
5. The method of claim 4, wherein after allowing the target operation terminal to connect to the power plant, further comprising:
and recording and storing the behavior log of the target operation and maintenance terminal.
6. The method of claim 1, wherein the performing virus killing on the target operation terminal to obtain a virus killing result comprises:
and carrying out virus searching and killing on the target operation terminal based on a preset U shield to obtain a virus searching and killing result.
7. A power plant detection system, comprising:
the first searching and killing module is used for searching and killing viruses on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining the power plant equipment;
the first judging module is used for judging whether the target operation terminal carries viruses or not based on the virus searching and killing result;
the first execution module is used for allowing the target operation and maintenance terminal to be connected with the power plant equipment if the target operation and maintenance terminal does not carry viruses, and carrying out safety judgment on the operation information of the target operation and maintenance terminal for operating the power plant equipment in the process of operating the power plant equipment by the target operation and maintenance terminal, allowing the target operation and maintenance terminal for operating the power plant equipment if the operation information is judged to be safe, and prohibiting the target operation and maintenance terminal from operating the power plant equipment if the operation information is judged to be dangerous;
the second execution module is used for prohibiting the target operation and maintenance terminal from being connected with the power plant equipment if the target operation and maintenance terminal is judged to carry viruses;
wherein the first execution module includes:
the first analysis unit is used for carrying out protocol analysis on the operation information to obtain analysis results, wherein the protocol analysis comprises SSH protocol analysis, RDP protocol analysis, TELNET protocol analysis, FTP protocol analysis, SFTP protocol analysis and Rlogic protocol analysis;
and the first judging unit is used for judging the safety of the operation information based on the analysis result.
8. A power plant equipment detection apparatus, characterized by comprising:
a memory for storing a computer program;
a processor for implementing the steps of the power plant detection method according to any one of claims 1 to 6 when executing the computer program.
9. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when executed by a processor, implements the steps of the power plant detection method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010443923.XA CN111598268B (en) | 2020-05-22 | 2020-05-22 | Power plant equipment detection method, system, equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010443923.XA CN111598268B (en) | 2020-05-22 | 2020-05-22 | Power plant equipment detection method, system, equipment and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111598268A CN111598268A (en) | 2020-08-28 |
| CN111598268B true CN111598268B (en) | 2023-07-07 |
Family
ID=72186394
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010443923.XA Active CN111598268B (en) | 2020-05-22 | 2020-05-22 | Power plant equipment detection method, system, equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111598268B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008158862A (en) * | 2006-12-25 | 2008-07-10 | Nec Fielding Ltd | Log information collection system and method for maintenance object device, information server and program |
| CN104460657A (en) * | 2014-11-14 | 2015-03-25 | 北京网御星云信息技术有限公司 | Method, device and system for achieving protection of mobile operation and maintenance of industrial control system |
| CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
| CN108564181A (en) * | 2018-04-10 | 2018-09-21 | 国家电网公司 | Electrical equipment fault detects and method for maintaining and terminal device |
| CN110233758A (en) * | 2019-06-10 | 2019-09-13 | 广东电网有限责任公司 | A kind of safety encryption of service system, device and relevant device |
| CN110414227A (en) * | 2018-08-09 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of information output method and its equipment, storage medium, electronic equipment |
| CN110705726A (en) * | 2019-09-30 | 2020-01-17 | 杭州安恒信息技术股份有限公司 | Operation and maintenance auditing method, system and device for industrial equipment |
| CN110765461A (en) * | 2019-11-08 | 2020-02-07 | 杭州安恒信息技术股份有限公司 | Safety protection method and device for equipment maintenance process |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3693244B2 (en) * | 2001-10-31 | 2005-09-07 | 株式会社日立製作所 | E-mail system, mail server and mail terminal |
| US20040255167A1 (en) * | 2003-04-28 | 2004-12-16 | Knight James Michael | Method and system for remote network security management |
| CN101022459B (en) * | 2007-03-05 | 2010-05-26 | 华为技术有限公司 | System and method for preventing virus invading network |
| WO2017014823A2 (en) * | 2015-05-04 | 2017-01-26 | Hasan Syed Kamran | Method and device for managing security in a computer network |
| IL243426A0 (en) * | 2015-12-31 | 2016-04-21 | Asaf Shabtai | Platform for protecting small and medium enterprises from cyber security threats |
| CN108370459B (en) * | 2017-04-20 | 2021-12-03 | 北京小米移动软件有限公司 | Equipment management method and device |
-
2020
- 2020-05-22 CN CN202010443923.XA patent/CN111598268B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008158862A (en) * | 2006-12-25 | 2008-07-10 | Nec Fielding Ltd | Log information collection system and method for maintenance object device, information server and program |
| CN104460657A (en) * | 2014-11-14 | 2015-03-25 | 北京网御星云信息技术有限公司 | Method, device and system for achieving protection of mobile operation and maintenance of industrial control system |
| CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
| CN108564181A (en) * | 2018-04-10 | 2018-09-21 | 国家电网公司 | Electrical equipment fault detects and method for maintaining and terminal device |
| CN110414227A (en) * | 2018-08-09 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of information output method and its equipment, storage medium, electronic equipment |
| CN110233758A (en) * | 2019-06-10 | 2019-09-13 | 广东电网有限责任公司 | A kind of safety encryption of service system, device and relevant device |
| CN110705726A (en) * | 2019-09-30 | 2020-01-17 | 杭州安恒信息技术股份有限公司 | Operation and maintenance auditing method, system and device for industrial equipment |
| CN110765461A (en) * | 2019-11-08 | 2020-02-07 | 杭州安恒信息技术股份有限公司 | Safety protection method and device for equipment maintenance process |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111598268A (en) | 2020-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108369625B (en) | Dual memory introspection for protecting multiple network endpoints | |
| US10237296B2 (en) | Automated penetration testing device, method and system | |
| CN102868694B (en) | Control the detection method of client-access network, device and system | |
| CN104468632A (en) | Loophole attack prevention method, device and system | |
| KR101414084B1 (en) | System and for Malicious Application Detection on Mobile Device and Method thereof | |
| CN113660296B (en) | Method and device for detecting anti-attack performance of industrial control system and computer equipment | |
| CN111881460B (en) | Vulnerability exploitation detection method, system, equipment and computer storage medium | |
| CN113014571B (en) | Method, device and storage medium for processing access request | |
| CN114257413B (en) | Reaction blocking method and device based on application container engine and computer equipment | |
| CN112202704A (en) | Block chain intelligent contract safety protection system | |
| Kim et al. | STRIDE‐based threat modeling and DREAD evaluation for the distributed control system in the oil refinery | |
| RU2739864C1 (en) | System and method of correlating events for detecting information security incident | |
| CN112398829A (en) | Network attack simulation method and system for power system | |
| CN111598268B (en) | Power plant equipment detection method, system, equipment and computer storage medium | |
| CN113206761A (en) | Application connection detection method and device, electronic equipment and storage medium | |
| CN105262777A (en) | Local area network (LAN)-based security detection method and device | |
| CN109729089B (en) | Container-based intelligent network security function management method and system | |
| CN111092886B (en) | Terminal defense method, system, equipment and computer readable storage medium | |
| CN114760151A (en) | Method and device for acquiring authority of upper computer through PLC | |
| Sindhwad et al. | Exploiting Control Device Vulnerabilities: Attacking Cyber-Physical Water System | |
| Carr | Development of a tailored methodology and forensic toolkit for industrial control systems incident response | |
| CN109255243B (en) | Method, system, device and storage medium for repairing potential threats in terminal | |
| CN113709130A (en) | Risk identification method and device based on honeypot system | |
| CN112422501A (en) | Forward and reverse tunnel protection method, device, equipment and storage medium | |
| Sawada | Model-based cybersecurity for control systems: Modeling, design and control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |