CN104135475A - Safety protection method of electric power information for mobile Internet - Google Patents
Safety protection method of electric power information for mobile Internet Download PDFInfo
- Publication number
- CN104135475A CN104135475A CN201410344556.2A CN201410344556A CN104135475A CN 104135475 A CN104135475 A CN 104135475A CN 201410344556 A CN201410344556 A CN 201410344556A CN 104135475 A CN104135475 A CN 104135475A
- Authority
- CN
- China
- Prior art keywords
- data
- safety
- user
- security
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a safety protection method of electric power information for mobile Internet. The safety protection method is characterized in that safety protection is enhanced from two aspects: service resource safety protection and active defense, through utilizing safety protection mechanisms, such as a safety sandbox, an isolation region, a one-way access channel and a content filtering, data safety interaction of the mobile Internet is implemented, and the network security level is improved and perfected. According to the safety protection method, personal privacy of an electricity customer under the environment of the mobile Internet is effectively protected, the active defense is implemented based on a user behavior model, the integral level of mobile marketing service is improved, and a safe and reliable ecological environment for electricity service is built.
Description
Technical field
The invention belongs to electrical network in mobile internet environment safety protection field, specifically a kind of security information for power system means of defence towards mobile Internet.
Background technology
Along with the development of mobile Internet and popularizing of mobile application, the demand that user obtains power information by mobile network increases severely day by day, more and more higher for the requirement of mobile Internet network safety.At present the structure of grid company a set of basic network framework, build information Intranet and information outer net by the safety protection facility such as fire compartment wall, spacer assembly, information Intranet store data storehouse, information outer net has been built the bridge of Intranet and internet data exchange.Information outer net is divided into DMZ district and place of safety, disposes respectively fire compartment wall in information Intranet and information outer net, DMZ district and place of safety, in place of safety application deployment, and DMZ district configuration front-end server.Although current network design is safer; existing network configuration has met basic security protection requirement; but lack the security protection system of application layer; as lack application programs safety verification; the protection of information outer net Service Source; easily cause Service Source information leakage, cause occurring the network security accidents such as Denial of Service attack.
Summary of the invention
The object of this invention is to provide a kind of security information for power system means of defence towards mobile Internet, the method is by utilizing the Security mechanisms such as security sandbox, isolated area, unidirectional access path, information filtering, realize mobile Internet data secure interactive, promote and improve network security level.
Object of the present invention is achieved through the following technical solutions:
Towards a security information for power system means of defence for mobile Internet, it is characterized in that: the method strengthens security protection from Service Source security protection and two aspects of Initiative Defense, and concrete grammar is as follows:
1) Service Source safety protecting method:
(1-1) application program runs on security sandbox, deposit data isolated area
Based on Sandbox design concept, set up security sandbox, realize application program operation container, this security sandbox encapsulates all system interfaces, avoids applying the safety problem of directly calling and cause; Set up Virtual File System, all application separate, stored, use independently data space, restriction application access path, and application only can be accessed the path of own place file, and application and data are storage encryption respectively, prevents from maliciously distorting;
(1-2) based on Handshake Protocol, transferring content is encrypted, build Security Data Transmission passage
Between client and server, adopt symmetry and asymmetric two kinds of Hybrid Encryption modes to realize mutual safety; The use asymmetric-key encryption that connects, after connecting, adopts symmetric key encryption; The PKI of client storage unsymmetrical key, server is preserved asymmetric privacy keys;
(1-3) resolve http request content, filter non-security request, protection Service Source
By the mode of defined instruction collection, system is only processed request and the addressable Service Source of this application in this instruction set; Utilize regular expression to filter spcial character, prevent cross site scripting network attack;
(1-4) utilize unidirectional access path, effectively ensure Service Source
Unidirectional access path can dwindle network attack scope, the Service Source of effective guarantee place of safety.Place of safety is by initiatively connecting DMZ district, DMZ district is connected and monitors with outer net place of safety, DangDMZ district listens to after user's request, request is carried out to http protocol analysis, control between socket DMZ district and place of safety and connect, resolve request msg place of safety, connects intranet data, and carry out transfer of data;
2) active defense method:
(2-1) extract User action log, set up user behavior data storehouse and user's abnormal behaviour model
Apply the key point such as frequency of utilization, user's mobile device replacement frequency and device location information change of download, user application for user and carry out log recording, and filter web crawlers visit data in journal file, extract user behavior valid data, set up user behavior data storehouse.By using the data mining algorithms such as decision Tree algorithms, neural network algorithm, the data in user behavior data storehouse are carried out to degree of depth excavation, identification abnormal behaviour, extracts abnormal access rule, sets up abnormal access and finds model;
(2-2) real-time analysis user behavior, realizes Initiative Defense
Utilize multi-level buffer, user's real time data is carried out to record, and by abnormal behaviour model, user behavior is monitored, the attack that notes abnormalities early, and reponse system administrative staff and user.
The present invention, by utilizing the Security mechanisms such as security sandbox, isolated area, unidirectional access path, information filtering, realizes mobile Internet data secure interactive, promotes and improve network security level.The present invention can effectively protect the individual privacy of electricity consumption client under mobile internet environment, and based on user behavior model, realizes Initiative Defense, promotes marketing Information Mobile Service integral level, builds the electricity consumption service biological environment of " safe and reliable ".
Brief description of the drawings
Fig. 1 is Service Source security protection figure.
Embodiment
Taking the Service Source request process operating procedure concrete as example illustrates:
Towards a security information for power system means of defence for mobile Internet, concrete grammar is as follows:
1) apply by security sandbox to server request resource
Application program runs on security sandbox, deposit data isolated area; Based on Sandbox design concept, set up security sandbox, realize application program operation container, this security sandbox encapsulates all system interfaces, avoids applying the safety problem of directly calling and cause; Set up Virtual File System, all application separate, stored, use independently data space, restriction application access path, and application only can be accessed the path of own place file, and application and data are storage encryption respectively, prevents from maliciously distorting;
2) security sandbox connects by Security Data Transmission passage and service end resource, and transmits data.
Based on Handshake Protocol, transferring content is encrypted, build Security Data Transmission passage; Between client and server, adopt symmetry and asymmetric two kinds of Hybrid Encryption modes to realize mutual safety; The use asymmetric-key encryption that connects, after connecting, adopts symmetric key encryption; The PKI of client storage unsymmetrical key, server is preserved asymmetric privacy keys;
3) DMZ district service end is carried out application authorization and information filtering, and passes to place of safety application service by unidirectional access path.
Resolve http request content, filter non-security request, protection Service Source; By the mode of defined instruction collection, system is only processed request and the addressable Service Source of this application in this instruction set; Utilize regular expression to filter spcial character, prevent cross site scripting network attack;
Utilize unidirectional access path, effectively ensure Service Source; Unidirectional access path can dwindle network attack scope, the Service Source of effective guarantee place of safety.Place of safety is by initiatively connecting DMZ district, DMZ district is connected and monitors with outer net place of safety, DangDMZ district listens to after user's request, request is carried out to http protocol analysis, control between socket DMZ district and place of safety and connect, resolve request msg place of safety, connects intranet data, and carry out transfer of data;
4), according to the service request of current accessed and this user's historical operation record, based on abnormal behaviour model and confidence level space, determine whether abnormal operation.
Extract User action log, set up user behavior data storehouse and user's abnormal behaviour model; Apply the key point such as frequency of utilization, user's mobile device replacement frequency and device location information change of download, user application for user and carry out log recording, and filter web crawlers visit data in journal file, extract user behavior valid data, set up user behavior data storehouse.By using the data mining algorithms such as decision Tree algorithms, neural network algorithm, the data in user behavior data storehouse are carried out to degree of depth excavation, identification abnormal behaviour, extracts abnormal access rule, sets up abnormal access and finds model;
5) if this request is normal running, obtain intranet data by spacer assembly, and be back to mobile client application according to the former road of above process.
If this request is abnormal operation, carries out early warning, and inform user.
Claims (2)
1. towards a security information for power system means of defence for mobile Internet, it is characterized in that: the method strengthens security protection from Service Source security protection and two aspects of Initiative Defense, and concrete grammar is as follows:
1) Service Source safety protecting method:
(1-1) application program runs on security sandbox, deposit data isolated area
Based on Sandbox design concept, set up security sandbox, realize application program operation container, this security sandbox encapsulates all system interfaces, avoids applying the safety problem of directly calling and cause; Set up Virtual File System, all application separate, stored, use independently data space, restriction application access path, and application only can be accessed the path of own place file, and application and data are storage encryption respectively, prevents from maliciously distorting;
(1-2) based on Handshake Protocol, transferring content is encrypted, build Security Data Transmission passage
Between client and server, adopt symmetry and asymmetric two kinds of Hybrid Encryption modes to realize mutual safety; The use asymmetric-key encryption that connects, after connecting, adopts symmetric key encryption; The PKI of client storage unsymmetrical key, server is preserved asymmetric privacy keys;
(1-3) resolve http request content, filter non-security request, protection Service Source
By the mode of defined instruction collection, system is only processed request and the addressable Service Source of this application in this instruction set; Utilize regular expression to filter spcial character, prevent cross site scripting network attack;
(1-4) utilize unidirectional access path, effectively ensure Service Source
Unidirectional access path can dwindle network attack scope, the Service Source of effective guarantee place of safety;
Place of safety is by initiatively connecting DMZ district, DMZ district is connected and monitors with outer net place of safety, DangDMZ district listens to after user's request, request is carried out to http protocol analysis, control between socket DMZ district and place of safety and connect, resolve request msg place of safety, connects intranet data, and carry out transfer of data;
2) active defense method:
(2-1) extract User action log, set up user behavior data storehouse and user's abnormal behaviour model
Apply frequency of utilization, user's mobile device replacement frequency and the device location information change of download, user's application for user and carry out log recording, and filter web crawlers visit data in journal file, extract user behavior valid data, set up user behavior data storehouse; By usage data mining algorithm, the data in user behavior data storehouse are carried out to degree of depth excavation, identification abnormal behaviour, extracts abnormal access rule, sets up abnormal access and finds model;
(2-2) real-time analysis user behavior, realizes Initiative Defense
Utilize multi-level buffer, user's real time data is carried out to record, and by abnormal behaviour model, user behavior is monitored, the attack that notes abnormalities early, and reponse system administrative staff and user.
2. the security information for power system means of defence towards mobile Internet according to claim 1, is characterized in that: in step (2-1), data mining algorithm comprises decision Tree algorithms, neural network algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410344556.2A CN104135475B (en) | 2014-07-18 | 2014-07-18 | Safety protection method of electric power information for mobile Internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410344556.2A CN104135475B (en) | 2014-07-18 | 2014-07-18 | Safety protection method of electric power information for mobile Internet |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104135475A true CN104135475A (en) | 2014-11-05 |
| CN104135475B CN104135475B (en) | 2017-05-24 |
Family
ID=51807997
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410344556.2A Active CN104135475B (en) | 2014-07-18 | 2014-07-18 | Safety protection method of electric power information for mobile Internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104135475B (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104484444A (en) * | 2014-12-24 | 2015-04-01 | 北京奇虎科技有限公司 | Indexing method and indexing device of off-limit files |
| WO2016106510A1 (en) * | 2014-12-29 | 2016-07-07 | 华为技术有限公司 | Security protection method and device |
| CN105991568A (en) * | 2015-02-09 | 2016-10-05 | 苏州精易会信息技术有限公司 | Proxy realizing device |
| CN107147637A (en) * | 2017-05-05 | 2017-09-08 | 腾讯科技(深圳)有限公司 | A kind of tasks carrying request processing method, device and computer-readable storage medium |
| CN107196968A (en) * | 2017-07-12 | 2017-09-22 | 深圳市活力天汇科技股份有限公司 | A kind of reptile recognition methods |
| CN107239573A (en) * | 2017-06-28 | 2017-10-10 | 环球智达科技(北京)有限公司 | Data filtering method |
| CN108021806A (en) * | 2017-11-24 | 2018-05-11 | 北京奇虎科技有限公司 | A kind of recognition methods of malice installation kit and device |
| CN108040110A (en) * | 2017-12-11 | 2018-05-15 | 国网宁夏电力有限公司信息通信公司 | A kind of mobile data safety means of defence based on security sandbox |
| CN108449351A (en) * | 2018-03-27 | 2018-08-24 | 许昌学院 | A kind of information security Initiative Defense and monitoring system |
| CN108737332A (en) * | 2017-04-17 | 2018-11-02 | 南京邮电大学 | A kind of man-in-the-middle attack prediction technique based on machine learning |
| CN109033851A (en) * | 2018-07-02 | 2018-12-18 | 北京科东电力控制系统有限责任公司 | The mobile application protecting information safety method and apparatus of electric power transaction platform |
| CN109917761A (en) * | 2019-03-13 | 2019-06-21 | 浙江浙能长兴天然气热电有限公司 | A kind of method and system improving DCS of Power Plant security protection |
| CN110311901A (en) * | 2019-06-21 | 2019-10-08 | 南京尓嘉网络科技有限公司 | A kind of lightweight network sandbox setting method based on container technique |
| CN111509850A (en) * | 2020-04-23 | 2020-08-07 | 广东电网有限责任公司东莞供电局 | Power grid dispatching information interaction method, platform and system |
| CN113407990A (en) * | 2021-05-26 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Data circulation processing method, device, system, electronic device and storage medium |
| CN114363092A (en) * | 2022-03-17 | 2022-04-15 | 万商云集(成都)科技股份有限公司 | Gateway and method for cloud container engine micro-service deployment |
| CN114661114A (en) * | 2022-05-24 | 2022-06-24 | 四川华东电气集团有限公司 | Real-time monitoring device for electric power operation and maintenance service based on cloud service platform |
| CN116722970A (en) * | 2023-08-09 | 2023-09-08 | 中国科学院长春光学精密机械与物理研究所 | Anti-attack gateway security system based on hardware implementation |
| CN117857158A (en) * | 2023-12-25 | 2024-04-09 | 慧之安信息技术股份有限公司 | Data isolation method and system based on container technology |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107644165A (en) * | 2017-08-29 | 2018-01-30 | 国家电网公司 | Security protection platform and safety protecting method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127454A (en) * | 2006-08-18 | 2008-02-20 | 北京国智恒电力管理科技有限公司 | Power monitoring information security access device |
| CN101355427A (en) * | 2008-07-22 | 2009-01-28 | 中国移动通信集团江苏有限公司 | Internally-control safety method for information gateway-service support system |
| CN101854269A (en) * | 2010-04-06 | 2010-10-06 | 珠海市鸿瑞信息技术有限公司 | Information safety operation and maintenance supervising platform of electric power secondary system |
| US20110085816A1 (en) * | 2009-10-12 | 2011-04-14 | Samsung Electronics Co., Ltd. | Electric power relaying unit and image forming apparatus having the same |
| CN102333022A (en) * | 2011-05-31 | 2012-01-25 | 广东省电力调度中心 | Method for interacting cross-safety protection region information in power communication network and protection system |
-
2014
- 2014-07-18 CN CN201410344556.2A patent/CN104135475B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127454A (en) * | 2006-08-18 | 2008-02-20 | 北京国智恒电力管理科技有限公司 | Power monitoring information security access device |
| CN101355427A (en) * | 2008-07-22 | 2009-01-28 | 中国移动通信集团江苏有限公司 | Internally-control safety method for information gateway-service support system |
| US20110085816A1 (en) * | 2009-10-12 | 2011-04-14 | Samsung Electronics Co., Ltd. | Electric power relaying unit and image forming apparatus having the same |
| CN101854269A (en) * | 2010-04-06 | 2010-10-06 | 珠海市鸿瑞信息技术有限公司 | Information safety operation and maintenance supervising platform of electric power secondary system |
| CN102333022A (en) * | 2011-05-31 | 2012-01-25 | 广东省电力调度中心 | Method for interacting cross-safety protection region information in power communication network and protection system |
Non-Patent Citations (1)
| Title |
|---|
| 赵江华,杨双吉,贾海锋: "县级供电企业信息网络安全的探讨", 《华北水利水电学院学报》 * |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104484444A (en) * | 2014-12-24 | 2015-04-01 | 北京奇虎科技有限公司 | Indexing method and indexing device of off-limit files |
| WO2016106510A1 (en) * | 2014-12-29 | 2016-07-07 | 华为技术有限公司 | Security protection method and device |
| CN105991568A (en) * | 2015-02-09 | 2016-10-05 | 苏州精易会信息技术有限公司 | Proxy realizing device |
| CN108737332A (en) * | 2017-04-17 | 2018-11-02 | 南京邮电大学 | A kind of man-in-the-middle attack prediction technique based on machine learning |
| CN107147637A (en) * | 2017-05-05 | 2017-09-08 | 腾讯科技(深圳)有限公司 | A kind of tasks carrying request processing method, device and computer-readable storage medium |
| CN107239573A (en) * | 2017-06-28 | 2017-10-10 | 环球智达科技(北京)有限公司 | Data filtering method |
| CN107196968A (en) * | 2017-07-12 | 2017-09-22 | 深圳市活力天汇科技股份有限公司 | A kind of reptile recognition methods |
| CN108021806A (en) * | 2017-11-24 | 2018-05-11 | 北京奇虎科技有限公司 | A kind of recognition methods of malice installation kit and device |
| CN108040110A (en) * | 2017-12-11 | 2018-05-15 | 国网宁夏电力有限公司信息通信公司 | A kind of mobile data safety means of defence based on security sandbox |
| CN108040110B (en) * | 2017-12-11 | 2020-10-27 | 国网宁夏电力有限公司信息通信公司 | Mobile data security protection method based on security sandbox |
| CN108449351A (en) * | 2018-03-27 | 2018-08-24 | 许昌学院 | A kind of information security Initiative Defense and monitoring system |
| CN109033851A (en) * | 2018-07-02 | 2018-12-18 | 北京科东电力控制系统有限责任公司 | The mobile application protecting information safety method and apparatus of electric power transaction platform |
| CN109917761A (en) * | 2019-03-13 | 2019-06-21 | 浙江浙能长兴天然气热电有限公司 | A kind of method and system improving DCS of Power Plant security protection |
| CN110311901A (en) * | 2019-06-21 | 2019-10-08 | 南京尓嘉网络科技有限公司 | A kind of lightweight network sandbox setting method based on container technique |
| CN110311901B (en) * | 2019-06-21 | 2022-03-08 | 北京雅客云安全科技有限公司 | Lightweight network sandbox setting method based on container technology |
| CN111509850A (en) * | 2020-04-23 | 2020-08-07 | 广东电网有限责任公司东莞供电局 | Power grid dispatching information interaction method, platform and system |
| CN113407990A (en) * | 2021-05-26 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Data circulation processing method, device, system, electronic device and storage medium |
| CN114363092A (en) * | 2022-03-17 | 2022-04-15 | 万商云集(成都)科技股份有限公司 | Gateway and method for cloud container engine micro-service deployment |
| CN114363092B (en) * | 2022-03-17 | 2022-05-17 | 万商云集(成都)科技股份有限公司 | Gateway and method for cloud container engine micro-service deployment |
| CN114661114A (en) * | 2022-05-24 | 2022-06-24 | 四川华东电气集团有限公司 | Real-time monitoring device for electric power operation and maintenance service based on cloud service platform |
| CN114661114B (en) * | 2022-05-24 | 2022-08-23 | 四川华东电气集团有限公司 | Real-time monitoring device for electric power operation and maintenance service based on cloud service platform |
| CN116722970A (en) * | 2023-08-09 | 2023-09-08 | 中国科学院长春光学精密机械与物理研究所 | Anti-attack gateway security system based on hardware implementation |
| CN116722970B (en) * | 2023-08-09 | 2023-11-14 | 中国科学院长春光学精密机械与物理研究所 | Anti-attack gateway security system based on hardware implementation |
| CN117857158A (en) * | 2023-12-25 | 2024-04-09 | 慧之安信息技术股份有限公司 | Data isolation method and system based on container technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104135475B (en) | 2017-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104135475A (en) | Safety protection method of electric power information for mobile Internet | |
| Gou et al. | Construction and strategies in IoT security system | |
| CN102857486B (en) | Application firewall system of future generation and defence method | |
| CN111431862B (en) | Network security deep protection method and system for threat-driven power monitoring system | |
| Ghorbani et al. | Security challenges in internet of things: survey | |
| CN104184735A (en) | Electric marketing mobile application safe protection system | |
| Al-Salman et al. | A review Cyber of Industry 4.0 (Cyber-Physical Systems (CPS), the Internet of Things (IoT) and the Internet of Services (IoS)): Components, and Security Challenges. | |
| CN104539598A (en) | Tor-improved safety anonymous network communication system and method | |
| Lu et al. | A new multilevel framework for cyber-physical system security | |
| Tyagi et al. | A review on security and privacy issues in internet of things | |
| CN103942637A (en) | Electric-micro-grid power distribution method based on cloud computation | |
| CN106295323A (en) | Senior measuring system malware detection method based on cloud security | |
| CN205354036U (en) | Data encryption cloud storage system based on multimode biological identification technique | |
| CN102404324A (en) | System for sensing safety of node data of Internet of things | |
| Mathias | The Smart Grid and Its Security Challenges | |
| Ajiboye et al. | Privacy and security of advanced metering infrastructure (AMI) data and network: a comprehensive review | |
| Mani Sekhar et al. | Security and privacy in 5G-enabled internet of things: a data analysis perspective | |
| Lu et al. | Safety Risk Analysis and Safety Protection Measures of Power Distribution Internet of Things | |
| Chaudhary | Privacy and security issues in Internet of Things | |
| CN109450644A (en) | Home energy source management system protecting information safety scheme Internet-based | |
| CN110233735A (en) | A kind of grid-connected power station industrial control system comprehensive safety protecting method and system | |
| Purohit et al. | Cybersecurity Investment Analysis for Electric Vehicle Charging Infrastructures | |
| CN107360141A (en) | Big data cloud platform safety protecting method for electric power private data | |
| Sun et al. | A security scheme research of the Internet of Things based on the SA/NIA architecture | |
| CN117217848B (en) | Energy storage transaction method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |