CN214900923U - Transformer substation based on message identification and abnormal flow analysis and network safety system thereof - Google Patents
Transformer substation based on message identification and abnormal flow analysis and network safety system thereof Download PDFInfo
- Publication number
- CN214900923U CN214900923U CN202120905415.9U CN202120905415U CN214900923U CN 214900923 U CN214900923 U CN 214900923U CN 202120905415 U CN202120905415 U CN 202120905415U CN 214900923 U CN214900923 U CN 214900923U
- Authority
- CN
- China
- Prior art keywords
- module
- message
- control system
- transformer substation
- substation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000005206 flow analysis Methods 0.000 title claims abstract description 18
- 230000002159 abnormal effect Effects 0.000 title claims description 20
- 230000010354 integration Effects 0.000 claims abstract description 12
- 238000012544 monitoring process Methods 0.000 claims abstract description 9
- 238000001514 detection method Methods 0.000 claims description 39
- 230000017525 heat dissipation Effects 0.000 claims description 2
- 238000007689 inspection Methods 0.000 abstract description 2
- 238000004458 analytical method Methods 0.000 description 14
- 238000000034 method Methods 0.000 description 9
- 230000005856 abnormality Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000006399 behavior Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000001816 cooling Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000012850 discrimination method Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E60/00—Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/16—Electric power substations
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Alarm Systems (AREA)
Abstract
The utility model relates to a safe fortune of transformer substation maintains technical field, discloses a transformer substation and network safety coefficient based on message discernment and unusual flow analysis, including the safety inspection device: a message monitoring module; one end of the data integration module is connected with the message monitoring module; the first end of the message abnormity identification module is connected with the other end of the data integration module; one end of the message data output module is connected with the second end of the message abnormity identification module, one end of the message attack module is connected with the third end of the message abnormity identification module, and the other end of the message attack module is connected with the second end of the message data output module; the first end of the control system is connected with the third end of the message data output module; the first end of the safety early warning device is connected with the second end of the control system; and the first end of the statistical module is connected with the second end of the safety early warning device, and the second end of the statistical module is connected with the third end of the control system. The transformer substation and the network safety system thereof can guarantee the safe operation of the transformer substation.
Description
Technical Field
The utility model relates to a safe fortune of transformer substation maintains technical field, specifically relates to a transformer substation and network safety coefficient based on message discernment and unusual flow analysis.
Background
The transformer substation network and the information system are used as main function carriers of power flow, service flow and information flow in the transformer substation, and the real-time performance, the reliability and the safety of the transformer substation network and the information system have high requirements. The safety protection of the transformer substation in China adopts measures such as network isolation, encryption authentication and the like, but the transformer substation also has the defects or safety defects, and has the problems of insufficient diagnosis, insufficient network abnormal flow, insufficient network attack and other safety problem analysis and discovery capabilities, deficiency of real-time integrated detection capability and cooperative protection capability of the power real-time control system, incapability of timely discovering and early warning abnormal attack behaviors of the power engineering control system and the like aiming at the power production control network attack characteristics.
SUMMERY OF THE UTILITY MODEL
The utility model aims at providing a transformer substation and network safety coefficient thereof based on message discernment and unusual flow analysis, this network safety coefficient can ensure the safe operation of transformer substation.
In order to achieve the above object, an aspect of the present invention provides a network security system of a transformer substation based on message identification and abnormal flow analysis, including:
a security detection apparatus comprising:
the message monitoring module is arranged at a network port of the transformer substation and used for acquiring message information of the network port;
one end of the data integration module is connected with the message monitoring module;
the first end of the message abnormity identification module is connected with the other end of the data integration module;
a message data output module, one end of the message data output module is connected with the second end of the message abnormity identification module,
one end of the message attack module is connected with the third end of the message abnormity identification module, and the other end of the message totalization module is connected with the second end of the message data output module;
the first end of the control system is connected with the third end of the message data output module;
the first end of the safety early warning device is connected with the second end of the control system; and
and the first end of the statistical module is connected with the second end of the safety early warning device, and the second end of the statistical module is connected with the third end of the control system.
Optionally, the network security system includes a memory, a first end of the memory is connected to a fourth end of the message data output module, a second end of the memory is connected to a third end of the security early warning device, and the fourth end of the memory is connected to a third end of the statistics module.
Optionally, the safety detection device includes a flow detection module, and the flow detection module includes:
the traffic acquisition unit is arranged at the network port and used for acquiring traffic information of the network port;
the first end of the flow analysis unit is connected with the flow acquisition unit;
a first end of the result output unit is connected with a second end of the flow analysis unit, and a second end of the result output unit is connected with the control system;
and one end of the flow attack detection unit is connected with the third end of the flow analysis unit, and the other end of the flow attack detection unit is connected with the third end of the result output unit.
Optionally, the safety detection device includes a sensor detection module, where the sensor detection module includes a temperature sensor, and the temperature sensor is disposed near each device of the substation and is used for measuring the temperature of each device;
and the control system is connected with the temperature sensor and the heat dissipation air conditioner of the transformer substation.
Optionally, the safety detection device includes a sensor detection module, where the sensor detection module includes a humidity sensor, and the humidity sensor is disposed near each device of the substation and is used for measuring the ambient humidity of each device;
and the control system is connected with the humidity sensor and the dehumidifier of the transformer substation.
On the other hand, the utility model also provides a transformer substation based on message identification and abnormal flow analysis, the transformer substation includes as above-mentioned arbitrary network security system and transformer substation body.
Through the technical scheme, the utility model provides a pair of transformer substation and network safety system based on message discernment and unusual flow analysis acquires the message information of transformer substation through setting up the safety detection module, carries out integration on the chronogenesis through setting up data integration module based on message information, and rethread message unusual identification module confirms whether current message appears unusually, and final definite result by control system based on message unusual discernment confirms whether start safety precaution module. When the transformer substation is abnormal, such as message attack, the network security system can send out early warning in time through the security early warning module, so that the safe operation of the transformer substation is guaranteed.
Drawings
Fig. 1 is a block diagram of a network security system of a substation based on message recognition and abnormal traffic analysis according to an embodiment of the present invention;
fig. 2 is a block diagram of a network security system of a substation based on message recognition and abnormal traffic analysis according to an embodiment of the present invention;
fig. 3 is a block diagram of a flow detection module according to an embodiment of the present invention;
FIG. 4 is a block diagram of a sensor detection module according to an embodiment of the present invention; and
fig. 5 is a block diagram of a sensor detection module according to an embodiment of the present invention.
Detailed Description
In the embodiments of the present invention, unless otherwise specified, the use of directional terms such as "upper, lower, top, and bottom" is generally used with respect to the orientation shown in the drawings or the positional relationship between the components in the vertical, or gravitational direction.
In addition, if there is a description in the embodiments of the present invention referring to "first", "second", etc., the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions in the embodiments can be combined with each other, but it must be based on the realization of those skilled in the art, and when the technical solutions are contradictory or can not be realized, the combination of the technical solutions should not be considered to exist, and is not within the protection scope of the present invention.
Fig. 1 is a block diagram of a network security system of a substation based on message recognition and abnormal traffic analysis according to an embodiment of the present invention. In fig. 1, the network security system may include a security detection device 10, a control system 20, and a security pre-warning system 30. Specifically, the security detection apparatus 10 may further include a message monitoring module 11, a data integration module 12, a message anomaly identification module 13, a message data output module 14, and a message attack module 15.
The message monitoring module 11 may be disposed at a network port of the substation, and is configured to obtain message information of the network port. One end of the data integration module 12 may be connected to the message monitoring module 11. The data integration module 12 may integrate the message information in time sequence, for example, so as to obtain complete message data. The first end of the message anomaly identification module 13 may be connected to the other end of the data integration module 12, and is configured to analyze the integrated message information to determine whether an anomaly occurs. The method for analyzing the message information by the message anomaly identification module 13 may be a variety of methods known by those skilled in the art, such as conventional data comparison, machine learning, and the like. One end of the message data output module 14 may be connected to a second end of the message anomaly identification module 13. One end of the message attack module 15 may be connected to the third end of the message anomaly identification module 13, and the other end of the message totalization module 15 may be connected to the second end of the message data output module 14. When the network security system works, if the message abnormality recognition module 13 recognizes that the current message information is abnormal, the message information can be sent to the message attack recognition module 15. The message attack recognition module 15 further recognizes the message information, thereby determining whether a message attack action occurs in the current substation, and sends the recognition result to the message data output module 14. If the message abnormality recognition module 13 recognizes that there is no abnormality in the current message information, it can directly send an indication signal without abnormal information to the message data output module 14. Because the message anomaly identification module 13 executes only the identification algorithm with simpler logic and does not need to execute the identification of the message attack behavior, the identification efficiency is higher, and the system load is relatively lighter under the condition of no anomaly state. When abnormal message information occurs, the message abnormality recognition module 13 sends the abnormal message information to the message attack recognition module 15, and the message attack recognition module 15 further recognizes the abnormal message information. The setting mode enables the message attack recognition module 15 executing the complex algorithm to be started only when abnormal message information occurs, and therefore the overall load of the system is increased. The message data output module 14 may send out corresponding status signals according to the received status information.
The first terminal of the control system 20 may be connected to the third terminal of the message data output module 14, and is configured to receive the status signal sent by the message data output module 14. A first end of the safety precaution device 30 may be connected to a second end of the control system 20. A first terminal of the statistics module 40 may be connected to a second terminal of the safety precaution device 30, and a second terminal of the statistics module 40 may be connected to a third terminal of the control system 20. When the control system 20 receives the abnormal state signal, the control system 20 may send a security early warning signal through the security early warning device 30, so as to prompt a worker that a message attack occurs at the current substation; on the other hand, the statistical module 40 may perform statistics on time domain and space domain (spatial distribution of each device) for the security early warning signals and the status signals in different periods, so as to count modules that are easily attacked in the network security system. The specific algorithm for the statistics performed by the statistics module 40 may be a variety of methods known to those skilled in the art, including but not limited to a Statistical Failure Rate (SFR) method, a curve statistics method, etc.
In one embodiment of the present invention, the data is stored periodically in consideration of the network security system. Then the network security system may further include a memory 50, as shown in fig. 2. A first end of the memory 50 may be connected to a fourth end of the message data output module 14, a second end of the memory 50 may be connected to a third end of the safety precaution device 30, and a fourth end of the memory 50 may be connected to a third end of the statistics module 40.
In one embodiment of the present invention, as shown in fig. 3, the safety inspection device 10 may include a flow detection module 16. Specifically, the traffic detection module 16 may include a traffic collection unit 16a, a traffic analysis unit 16b, a result output unit 16c, and a traffic attack detection unit 16 d. The traffic collection unit 16a may be disposed at a network port of the substation, and is configured to obtain traffic information of the network port. A first end of the flow analysis unit 16b may be connected with the flow collection unit 16 a. A first end of the result output unit 16c may be connected to a second end of the flow rate analysis unit 16b, and a second end of the result output unit may be connected to the control system 20 (not shown in the drawings). One end of the traffic attack detection unit 16d may be connected to the third end of the traffic analysis unit 16b, and the other end of the traffic attack detection unit 16d may be connected to the third end of the result output unit 16 c. The traffic analysis unit 16b may perform a preliminary analysis on the traffic information collected by the traffic collection unit 16a, so as to determine whether a traffic abnormality occurs currently. When the traffic acquisition unit 16b determines that traffic abnormality occurs at present, the current traffic information may be sent to the traffic attack recognition unit 16 d. The traffic attack recognition unit 16d may further analyze the received traffic information to determine whether a traffic attack action is currently occurring, and send the result of the analysis to the result output unit 16 c. Among them, the method of analysis performed by the flow rate analysis unit 16b may be a simple method of preliminary analysis, such as a threshold discrimination method or the like known to those skilled in the art. The judgment logic is relatively simple, and the execution efficiency is high. The method for analyzing by the traffic attack recognition unit 16d may be a relatively complex method for analyzing attack behavior, such as a machine learning algorithm known to those skilled in the art. The steps of the executed method are complex, and the execution efficiency of the algorithm is relatively low. Through the matching judgment of the traffic analysis unit 16b and the traffic attack unit 16d, the traffic attack unit 16d executing the complex algorithm is started only under the condition that abnormal behaviors are likely to occur, and the energy consumption of the system and the load of the equipment are reduced.
The result output unit 16c may output corresponding status information according to the received information, and finally transmit the status information to the control system 20, and the control system 20 controls the start and stop of the safety precaution device 30 and the start and stop of the statistics module 40 according to the transmitted information. In addition, in the network security system incorporating the traffic detection device 16 shown in fig. 3, the information storage operation may be performed in conjunction with the memory 50 shown in fig. 2. The specific operation is similar to that of the memory 50 shown in fig. 2, and thus will not be described herein.
In an embodiment of the present invention, as shown in fig. 4, the safety detecting device 10 may further include a sensor detecting module 17. The sensor detection module 17 may include a temperature sensor 17 a. The temperature sensor 17a may be provided near each device of the substation for measuring the temperature of each device. The control system 20 may be connected to the temperature sensor 17a, the radiating air conditioner 61 of the substation. The control system 20 may determine the start and stop of the cooling air conditioner 61 according to the temperature actually measured by the temperature sensor 17a, thereby ensuring stable operation of each device.
Similarly, in an embodiment of the present invention, as shown in fig. 5, the safety detection device 10 may further include a sensor detection module 17. The sensor detection module 17 may include a humidity sensor 17 b. The humidity sensor 17b may be disposed near each device of the substation for measuring the ambient humidity of each device. The control system 20 may be connected to a humidity sensor 17b and a dehumidifier 62 of the substation. The control system 20 can determine the start and stop of the dehumidifier 62 according to the humidity actually measured by the humidity sensor 17b, thereby ensuring the stable operation of each device.
On the other hand, the utility model also provides a transformer substation based on message identification and abnormal flow analysis, the transformer substation includes as above-mentioned arbitrary network security system and transformer substation body.
The preferred embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited thereto. The technical idea of the utility model within the scope, can be right the utility model discloses a technical scheme carries out multiple simple variant, the utility model discloses no longer explain separately to various possible compound modes. These simple variations and combinations should also be considered as disclosed in the present invention, all falling within the scope of protection of the present invention.
Claims (6)
1. A network security system of a transformer substation based on message identification and abnormal flow analysis is characterized by comprising:
a security detection apparatus comprising:
the message monitoring module is arranged at a network port of the transformer substation and used for acquiring message information of the network port;
one end of the data integration module is connected with the message monitoring module;
the first end of the message abnormity identification module is connected with the other end of the data integration module;
a message data output module, one end of the message data output module is connected with the second end of the message abnormity identification module,
one end of the message attack module is connected with the third end of the message abnormity identification module, and the other end of the message totalization module is connected with the second end of the message data output module;
the first end of the control system is connected with the third end of the message data output module;
the first end of the safety early warning device is connected with the second end of the control system; and
and the first end of the statistical module is connected with the second end of the safety early warning device, and the second end of the statistical module is connected with the third end of the control system.
2. The network security system of claim 1, wherein the network security system comprises a memory, a first end of the memory is connected to the fourth end of the message data output module, a second end of the memory is connected to the third end of the security pre-warning device, and a fourth end of the memory is connected to the third end of the statistics module.
3. The network security system of claim 1, wherein the security detection device comprises a traffic detection module, the traffic detection module comprising:
the traffic acquisition unit is arranged at the network port and used for acquiring traffic information of the network port;
the first end of the flow analysis unit is connected with the flow acquisition unit;
a first end of the result output unit is connected with a second end of the flow analysis unit, and a second end of the result output unit is connected with the control system;
and one end of the flow attack detection unit is connected with the third end of the flow analysis unit, and the other end of the flow attack detection unit is connected with the third end of the result output unit.
4. The network security system of claim 1, wherein the security detection device comprises a sensor detection module comprising a temperature sensor disposed proximate to each device of the substation for measuring a temperature of each device;
and the control system is connected with the temperature sensor and the heat dissipation air conditioner of the transformer substation.
5. The network security system of claim 1, wherein the security detection device comprises a sensor detection module comprising a humidity sensor disposed proximate to each device of the substation for measuring an ambient humidity of each device;
and the control system is connected with the humidity sensor and the dehumidifier of the transformer substation.
6. A substation based on message identification and abnormal flow analysis, characterized in that the substation comprises the network security system and the substation body according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202120905415.9U CN214900923U (en) | 2021-04-28 | 2021-04-28 | Transformer substation based on message identification and abnormal flow analysis and network safety system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202120905415.9U CN214900923U (en) | 2021-04-28 | 2021-04-28 | Transformer substation based on message identification and abnormal flow analysis and network safety system thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN214900923U true CN214900923U (en) | 2021-11-26 |
Family
ID=78947745
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202120905415.9U Active CN214900923U (en) | 2021-04-28 | 2021-04-28 | Transformer substation based on message identification and abnormal flow analysis and network safety system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN214900923U (en) |
-
2021
- 2021-04-28 CN CN202120905415.9U patent/CN214900923U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101691559B1 (en) | Remote monitoring system and method for charging infrastructure of electrical vehicles | |
| CN203481890U (en) | Lithium battery management system used for communication | |
| CN101782629A (en) | Battery system monitoring method and device based on OBD-II | |
| CN110738289A (en) | Multi-dimensional linkage comprehensive studying and judging device for electric power operation standardization and using method thereof | |
| CN107908173B (en) | A kind of electric appliance supervisory systems | |
| CN104463411A (en) | Operating state monitoring device and method for respirators | |
| CN110989476A (en) | Monitoring system for remotely monitoring environment of electric power cabinet | |
| CN110943916A (en) | Gateway system with multiple power supply modes | |
| CN103743436A (en) | Remote control environment monitoring system, and method for realizing environment and system inspection | |
| CN111341063A (en) | Intelligent control system, method and device for safety early warning and monitoring of electric equipment and terminal equipment | |
| CN111896161A (en) | Method for monitoring spring elasticity value on line | |
| CN214900923U (en) | Transformer substation based on message identification and abnormal flow analysis and network safety system thereof | |
| CN114454774A (en) | Battery pack thermal runaway early warning system and method | |
| CN213715353U (en) | Fault detection system for high-voltage distribution board | |
| CN212433949U (en) | Electric energy meter with working environment detection function | |
| CN210626508U (en) | Motor turns to wireless recognition device | |
| CN108008679A (en) | A kind of air-conditioning real-time monitoring system with automatic control function | |
| CN104102194A (en) | Home appliance multidimensional information integrated management method | |
| CN106371387A (en) | Remote intelligent monitoring and alarming prompting system for full-automatic boiler | |
| CN109470981B (en) | Method and system for studying and judging faults of power protection and distribution network | |
| CN110381462A (en) | A kind of power cable partial discharge monitoring system | |
| CN215580538U (en) | Intelligent operation and maintenance terminal device based on power distribution room | |
| CN115374958A (en) | Online management system for operation supervision informatization of electric power professional equipment | |
| CN212256337U (en) | Complete set of electrical equipment thing networking intelligent acquisition system | |
| CN113098132A (en) | Improved machine learning fault diagnosis system based on group intelligent optimization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: No. 397, Tongcheng South Road, Baohe District, Hefei City, Anhui Province 230061 Patentee after: Super high voltage branch of State Grid Anhui Electric Power Co.,Ltd. Address before: No. 397, Tongcheng South Road, Baohe District, Hefei City, Anhui Province 230061 Patentee before: STATE GRID ANHUI POWER SUPPLY COMPANY OVERHAUL BRANCH |