CN105049403B - The safety protecting method and system of distribution network control system - Google Patents

The safety protecting method and system of distribution network control system Download PDF

Info

Publication number
CN105049403B
CN105049403B CN201510261055.2A CN201510261055A CN105049403B CN 105049403 B CN105049403 B CN 105049403B CN 201510261055 A CN201510261055 A CN 201510261055A CN 105049403 B CN105049403 B CN 105049403B
Authority
CN
China
Prior art keywords
message
distribution network
network communication
stipulations
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510261055.2A
Other languages
Chinese (zh)
Other versions
CN105049403A (en
Inventor
江泽鑫
梁智强
陈炯聪
胡朝辉
黄曙
林丹生
李闯
伍晓泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Original Assignee
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of Guangdong Power Grid Co Ltd filed Critical Electric Power Research Institute of Guangdong Power Grid Co Ltd
Priority to CN201510261055.2A priority Critical patent/CN105049403B/en
Publication of CN105049403A publication Critical patent/CN105049403A/en
Application granted granted Critical
Publication of CN105049403B publication Critical patent/CN105049403B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a kind of safety protecting method and system of distribution network control system, by the data type for judging message, when the data type of message is application data type, the message for possessing Distribution Network Communication stipulations protocol number is filtered out, abandons the message for not possessing the Distribution Network Communication stipulations protocol number.Further stipulations detection is carried out to the message for possessing Distribution Network Communication stipulations protocol number filtered out again, filter out the message for meeting Distribution Network Communication stipulations, the message for being unsatisfactory for the Distribution Network Communication stipulations is abandoned, then forwards the message for meeting communication protocol.The message filtered out is safe, ensure distribution terminal and main website will not receive other any messages outside Distribution Network Communication stipulations, avoid whole distribution network control system from causing the risk of large-area power-cuts by assault, ensure that the information security of distribution network control system.

Description

The safety protecting method and system of distribution network control system
Technical field
The present invention relates to Industry Control safety protection technique, more particularly to a kind of security protection of distribution network control system Method and system.
Background technology
From Iranian nuclear power station in 2010 by " Stuxnet " virus attack, and cause nuclear power station centrifuge visual plant Permanent damage, the safety problem of industrial control field are progressively valued by the people, wherein, the safety of distribution network control system Increasingly it is taken seriously.Distribution network control system mainly includes main website and terminal, and main website and terminal are led to by communication network Letter, terminal report remote signalling and the telemetry-acquisition data of distribution line to main website, and telecommand is assigned with control line to terminal by main website Road break-make, realize the Fault Isolation and fast power restoration of distribution line.Distribution network control system is once likely to result in by attack Large-area power-cuts, the inconvenience of life and production is brought to the country and people.
The application layer of conventional internet information system is based primarily upon hyper text protocol (HTTP) or the hyper text protocol of encryption (HTTPS) carry out data transmission.Due to the versatility of the communication protocol of conventional internet, wide application, conventional internet is prevented The safety protection techniques such as wall with flues and equipment development are rapid, form the skills such as packet filter firewall, status firewall, WEB fire walls The safety protection technique and equipment of art.
However, the industrial control system of production control class is compared to conventional internet information such as electric power, railway, chemical industry System, have on communication protocol and be very different.The communication protocol of industrial control system has " fixed because of various application scenarios System " feature, different application scenarios, communication protocol is different, for example, tobacco, the communication of chemical industry, railway, electric control system Stipulations are different, or even the stipulations of the sub-control system such as power plant in electric control system, distribution, transmission of electricity, metering, scheduling It is all different.Industrial control system is not because more than communication protocol and general, there is not yet being applicable the rule of various Industry Control scenes About filtration grade safety protection equipment effectively can carry out security protection to various industrial control systems, also have no for distribution network control The stipulations filtration grade safety protection equipment of system processed, so that power distribution network industrial control system security cannot be effectively ensured.
The content of the invention
Based on this, it is necessary to for power distribution network industrial control system security it is low the problem of, there is provided one kind improve security Distribution network control system safety protecting method and system.
A kind of safety protecting method of distribution network control system, including step:
Receive message;
Whether the data type for judging the message is application data type;
If so, then filtering out the message for possessing Distribution Network Communication stipulations protocol number, discarding does not possess the Distribution Network Communication The message of stipulations protocol number;
Stipulations detection is carried out to the message for possessing Distribution Network Communication stipulations protocol number filtered out, filters out and meets institute The message of Distribution Network Communication stipulations is stated, abandons the message for being unsatisfactory for the Distribution Network Communication stipulations;
What is filtered out described in forwarding meets the message of the Distribution Network Communication stipulations.
The present invention also provides a kind of security protection system of distribution network control system, including:
Receiving module, for receiving message;
Main control module, for judging whether the data type of the message is application data type, if so, screening is provided The message of standby Distribution Network Communication stipulations protocol number, abandon the report for the application type for not possessing the Distribution Network Communication stipulations protocol number Text;
Stipulations detection module, for the report for possessing Distribution Network Communication stipulations protocol number filtered out to the main control module Text carries out stipulations detection, filters out the message for meeting the Distribution Network Communication stipulations, and discarding is unsatisfactory for the Distribution Network Communication rule Message about;
Sending module, for forwarding the message for meeting communication protocol filtered out.
The safety protecting method and system of above-mentioned distribution network control system, by judging the data type of message, work as message Data type when being application data type, filter out the message for possessing Distribution Network Communication stipulations protocol number, discarding does not possess institute State the message of Distribution Network Communication stipulations protocol number.The message for possessing Distribution Network Communication stipulations protocol number filtered out is entered again The further stipulations detection of row, filters out the message for meeting Distribution Network Communication stipulations, and discarding is unsatisfactory for the Distribution Network Communication rule Message about, then the message for meeting communication protocol is forwarded.Screening and filtering is carried out to message, the message filtered out is safety , it is ensured that distribution terminal and main website will not receive other any messages outside Distribution Network Communication stipulations, avoid entirely matching somebody with somebody Grid control system causes the risk of large-area power-cuts by assault, ensures that the information of distribution network control system Safety.
Brief description of the drawings
Fig. 1 is the flow chart of the safety protecting method of the distribution network control system of an embodiment;
Fig. 2 is the flow chart of the safety protecting method of the distribution network control system of another embodiment;
Fig. 3 is the sub-process figure in the safety protecting method of the distribution network control system of another embodiment;
Fig. 4 is the sub-process figure in the safety protecting method of the distribution network control system of another embodiment;
Fig. 5 is the module diagram of the security protection system of the distribution network control system of an embodiment;
Fig. 6 is the module diagram of the security protection system of the distribution network control system of another embodiment;
Fig. 7 is the submodule schematic diagram of the security protection system of the distribution network control system of another embodiment;
Fig. 8 is the submodule schematic diagram of the security protection system of the distribution network control system of another embodiment.
Embodiment
In power distribution network Industry Control, the major function of distribution terminal is gathered data and is sent to main website.Distribution terminal With real-time data base, the data of collection are forwarded to main website with Distribution Network Communication rule schemata, while also receive and come from main website The message issued.Main website is communicated by Distribution Network Communication stipulations with distribution terminal, receives the data that distribution terminal reports.
Referring to Fig. 1, a kind of safety protecting method of the distribution network control system of embodiment is provided, including step:
S100:Receive message.
Specifically, when the message of reception is the message that main website issues, in order to ensure the safety of distribution network control system, docking The message of receipts is screened, and filters out unsafe message, passes through network transmission to prevent being unsatisfactory for unsafe message of condition To distribution terminal, distribution terminal is caused to be attacked.Similarly, when the message of reception is that distribution terminal sends message, to receiving Message screened, be transmitted through the network to main website to prevent being unsatisfactory for unsafe message of condition, cause main website to be attacked Hit.In this specific embodiment, message is received by RJ45 Ethernet interfaces.
S200:Whether the data type for judging message is application data type.
If so, then perform:
S300:The message for possessing Distribution Network Communication stipulations protocol number is filtered out, discarding does not possess Distribution Network Communication stipulations association The message of view number.
In the present embodiment, Distribution Network Communication stipulations include IEC60870-5-101 communication protocols or IEC60870-5-104 Communication protocol, IEC60870-5-101 communication protocols and IEC60870-5-104 communication protocols are International Electrotechnical Commission (IEC) The international standard for electric substation automation system formulated.When the data type of message is application data type, it is necessary to right Message carries out preliminary screening, that is, judges whether message possesses Distribution Network Communication stipulations protocol number, if it is determined that being yes, illustrates preliminary It is the message for meeting Distribution Network Communication stipulations to judge the message, then filters out the message, if it is determined that being no, illustrates that preliminary judgement should Message is unsatisfactory for the message of Distribution Network Communication stipulations, then abandons the message.
S400:Stipulations detection is carried out to the message for possessing Distribution Network Communication stipulations protocol number filtered out, filters out satisfaction The message of Distribution Network Communication stipulations, abandon the message for being unsatisfactory for Distribution Network Communication stipulations.
If message possesses Distribution Network Communication stipulations protocol number, depth detection will be carried out to the message, that is, judge that the message is It is no further to meet Distribution Network Communication stipulations, if it is determined that being yes, then the message is filtered out, if it is determined that being no, abandon the message.
S500:Forward the message for meeting Distribution Network Communication stipulations filtered out.
When the message that the message of receiving issues for main website, by further whether meeting Distribution Network Communication to the message Stipulations are detected, and what is filtered out meets that the message of Distribution Network Communication stipulations is considered as safe, forwards and sieves to distribution terminal That selects meets the message of Distribution Network Communication stipulations.When the message that the message of receiving sends for distribution terminal, by further Whether ground meets that Distribution Network Communication stipulations detect to the message, and the message for meeting Distribution Network Communication stipulations filtered out is recognized To be safe, the message for meeting Distribution Network Communication stipulations filtered out is forwarded to main website.In this specific embodiment, pass through The message for meeting Distribution Network Communication stipulations that the forwarding of RJ45 Ethernet interfaces filters out.
The safety protecting method of above-mentioned distribution network control system, by judging the data type of message, when the data of message When type is application data type, the message for possessing Distribution Network Communication stipulations protocol number is filtered out, discarding does not possess distribution Netcom Believe the message of stipulations protocol number.Further stipulations are carried out to the message for possessing Distribution Network Communication stipulations protocol number filtered out again Detection, the message for meeting Distribution Network Communication stipulations is filtered out, abandon the message for being unsatisfactory for Distribution Network Communication stipulations, then will met The message forwarding of communication protocol.By being filtered to message, the message filtered out is safe, it is ensured that distribution terminal and main website Other any messages outside Distribution Network Communication stipulations will not be received, avoid whole distribution network control system by assault And the risk of large-area power-cuts is caused, ensure that the information security of distribution network control system.
In one of the embodiments, the safety protecting method of above-mentioned distribution network control system also includes step:
Message and the forwarding that main website issues are received by GPRS communications;
Receiving the step S100 of message includes:
The message of forwarding is received by RS-232 interface;
Forwarding the step S500 of the message for meeting Distribution Network Communication stipulations filtered out includes:
The message for meeting Distribution Network Communication stipulations filtered out by RS-232 interface to distribution terminal forwarding.
Wherein, GPRS (General Packet Radio Service) is general packet radio service technology.
In another embodiment, receiving the step S100 of message includes:
The message of distribution terminal transmission is received by RS-232 interface;
Forwarding the step S500 of the message for meeting Distribution Network Communication stipulations filtered out includes:
The message for meeting Distribution Network Communication stipulations filtered out by RS-232 interface forwarding;
The safety protecting method of above-mentioned distribution network control system also includes step:
The message for meeting Distribution Network Communication stipulations filtered out is sent to main website by GPRS communications.
In yet another embodiment, the safety protecting method of above-mentioned distribution network control system also includes step:
Message and the forwarding that main website issues are received by LTE communications;
Receiving the step S100 of message includes:
The message forwarded by RJ45 interfaces;
Forwarding the step S500 of the message for meeting Distribution Network Communication stipulations filtered out includes:
The message for meeting Distribution Network Communication stipulations filtered out by RS-232 interface to distribution terminal forwarding.
Wherein, LTE (Long Term Evolution, Long Term Evolution) is 3G technology (3rd generation mobile communication technology) Evolution, delay can be effectively reduced, improve traffic rate.
In another embodiment, receiving the step S100 of message includes:
The message of distribution terminal transmission is received by RS-232 interface;
Forwarding the step S500 of the message for meeting Distribution Network Communication stipulations filtered out includes:
The message for meeting Distribution Network Communication stipulations filtered out by the forwarding of RJ45 interfaces;
The safety protecting method of above-mentioned distribution network control system also includes step:
The message for meeting Distribution Network Communication stipulations filtered out is sent to main website by LTE communications.
In one of the embodiments, if judging that the data type of message is non-application data type by step S200, Then perform:
S600:Forward the message of non-application data type.
Because the message of non-application data type does not carry data message, without being screened and being detected to it, directly Connect and be forwarded.For example, send ARP (address resolution protocol, an Address Resolution Protocol) message Or ping orders, ping orders are DOS (Disk Operating System, disc operating system) orders, are generally used for detecting Network is logical with obstructed, not including data message, without being screened and being detected to it, main website to distribution terminal send the order or Distribution terminal sends the order to main website, to detect whether network between main website and distribution terminal connects.
Referring to Fig. 2, in one of the embodiments, the message for possessing Distribution Network Communication stipulations protocol number is filtered out, is lost Abandon the step S300 for the message for not possessing Distribution Network Communication stipulations protocol number includes step afterwards:
S310:The message for not possessing Distribution Network Communication stipulations protocol number that record and storage abandon.
Stipulations detection is carried out to the message for possessing Distribution Network Communication stipulations protocol number filtered out, selection meets distribution Netcom Believe the message of stipulations, abandon the step S400 for the message for being unsatisfactory for Distribution Network Communication stipulations includes step afterwards:
S410:The message for being unsatisfactory for Distribution Network Communication stipulations that record and storage abandon.
The message of discarding is recorded, time of operation, message data content will be abandoned, operation etc. is abandoned and remembered Record, so as to follow-up security audit.
Referring to Fig. 3, in one of the embodiments, the message for meeting Distribution Network Communication stipulations filtered out is matched somebody with somebody to meet The message of the supervisory frame of communication system of power grids stipulations, feature without coded frame or information frame.
Specifically, stipulations detection is carried out to the message for possessing Distribution Network Communication stipulations protocol number filtered out, filtered out full The message of sufficient Distribution Network Communication stipulations, abandoning the step S400 for the message for being unsatisfactory for Distribution Network Communication stipulations includes step:
S401:Whether the message that detection possesses Distribution Network Communication stipulations protocol number meets the monitoring of Distribution Network Communication stipulations Frame, the feature without coded frame or information frame;
If so, then perform step:
S403:Screening meets the supervisory frame of Distribution Network Communication stipulations, the message of feature without coded frame or information frame.
The message filtered out meets Distribution Network Communication stipulations.
If it is not, then perform step:
S405:Abandon the supervisory frame for not meeting Distribution Network Communication stipulations, the message of feature without coded frame or information frame.
The message of discarding is unsatisfactory for Distribution Network Communication stipulations.
Information frame is for data information.Supervisory frame is used for transmitting flow control information and error control information.Nothing Coded frame transmitting link road control information, for the control to link.Supervisory frame and frame length without coded frame are fixed, have and open Beginning attribute field and end mark field, judge whether message meets supervisory frame or the feature without coded frame, and first choice judges report Whether text has and supervisory frame or without coded frame identical opening flag field and end mark field, the frame length of message whether with Supervisory frame or frame length without coded frame are consistent.Meanwhile the function code of supervisory frame and the function code without coded frame be it is different, according to The function code of message, it can be determined that outgoing packet meets the feature of supervisory frame or meets the feature of no coded frame.Information frame is same Sample has opening flag field and end mark field, also the length mark position with marking data information length, the long scale Knowledge position is 2 bytes, judges whether message meets information frame and be characterized in whether having and supervisory frame by judging message Or without coded frame identical opening flag field and end mark field, and judge the length of the length mark bit identification of message Whether consistent with the length of actual data information, if judging, consistent and message has and supervisory frame or started without coded frame identical Attribute field and end mark field, represent to meet the feature of information frame, if judging, inconsistent or message does not have and supervisory frame Or without coded frame identical opening flag field and end mark field, represent the feature for meeting information frame.As long as message meets The feature of one of which frame in above-mentioned three kinds of frames, represents that the message meets Distribution Network Communication stipulations, then forwards the message, no Then, the message is abandoned.
Referring to Fig. 4, in another embodiment, the message for possessing Distribution Network Communication stipulations protocol number filtered out is entered The step of professional etiquette about detects, and selection meets the message of Distribution Network Communication stipulations, and discarding is unsatisfactory for the message of Distribution Network Communication stipulations S400 includes step:
S402:Judge with the presence or absence of a kind of original state with possessing to match somebody with somebody in the various states machine of default power distribution communication stipulations The state machine of the state consistency of the message of communication system of power grids stipulations protocol number;
If so, then perform step:
S404:According to original state and the state machine of the state consistency of the message, a state machine instance is created;
S406:The character string identification state machine instance spliced using the main website IP address of message and port;
S408:Screen outgoing packet;
If it is not, then perform step:
S410:Detect whether that the character string for the main website IP address and port splicing that message be present is real for the state machine of mark Example;
If testing result is no, step is performed:
S4102:Dropping packets;
If testing result is yes, step is performed:
S4104:Judge whether the state of message is consistent with the current state of the state machine instance detected;
If it is determined that it is consistent, then perform step S408.
If it is determined that it is inconsistent, then perform step S4102.
The message filtered out meets Distribution Network Communication stipulations.When sending message to main website from distribution terminal, the message of transmission Including main website IP address, while, it is necessary to which selection port, is sent message by port when sending message.Similarly, main website issues During message to distribution terminal, the message issued equally includes main website IP address and sends the port of message, passes through the end of selection Mouth sends message.
Distribution Network Communication stipulations are attributed to multiple business subpattern, a kind of corresponding specific function of each pattern, Mei Zhongmo Formula is described using a finite state machine, finite state machine represent limited individual state and transfer between these states and The mathematical modeling of the behaviors such as action.Various states machine is preset to power distribution communication stipulations, in the present embodiment, state machine includes more Kind, for example, starting state machine, halted state machine, clock synchronous state machine, remote state machine, calling state machine are medium, wherein, Every kind of state machine can be instantiated, and carry out instantiation mark, i.e., a kind of state machine can correspond to multiple state machine instances, each State machine instance has different marks.Instantiation is the example of creation state machine, the object of definition status machine, for example, in advance A variety of people are defined, there is white man, Black people and yellow, each people can be instantiated, i.e. the object of founder, such as, root According to predefined white man, Xiao Ming and small red can be melted into example, Xiao Ming and it is small it is red be white man specific object.In one state machine Corresponding limited multiple states, state machine instance state machine corresponding to are established, and equally correspond to limited multiple states, identical The state included by each state machine instance in species is the same.After task corresponding to a state has been performed, transfer To next state, after last state of state machine instance is performed, the state machine instance of mark is discharged.
Judge whether the state of message meets the original state of any one state machine in default state machine, if state machine Middle a kind of original state of state machine to be present identical with the state of message, and the message is sent to distribution terminal.Instantiation one The state identical state machine of above-mentioned original state and message, corresponding state machine instance is obtained, and utilize distribution network master station IP Address and the character string identification state machine instance of port splicing, the current state of the state machine instance are transferred to by original state Next state.The splicing character string corresponding to the message of different IP address or port is also different, causes a kind of state machine There can be a variety of marks, i.e., a kind of state machine can be corresponding with multiple state machine instances.If a kind of state machine is not present in state machine Original state it is identical with the state of message, then the character string of the main website IP address for detecting whether to have message and port splicing is The state machine instance of mark, if detecting the presence of, then judge state and the main website IP address with message and the port of the message Whether the character string of splicing is consistent for the current state of the state machine instance of mark, if unanimously, then it represents that the message meets distribution Network Communication stipulations, it is believed that it is safe, is the message for meeting communication protocol, can send it to distribution terminal.
Wherein, starting state machine describes to start transfer function between main website and distribution terminal, and main website is by distribution terminal Send and start transmitting message, to activate the user data transmission in connection, distribution terminal loopback one starts confirmation message, and After sending data, main website to receive the information frame in active in the form of information frame, acknowledgement frame is sent to distribution terminal.
Halted state machine describes to stop transfer function between main website and distribution terminal, and main website transmits one in effective connection Stop data transfer message, distribution terminal returns to a stopping confirmation after receiving stopping data transfer message, and main website receives The stopping can close the connection after confirming.
Clock synchronous state machine describes main website and distribution terminal time adjustment function, main website to distribution terminal send pair when message, Update system clock when distribution terminal receives this pair after message, and confirmation message during one pair of loopback.
Control function of the main website to distribution terminal is described by remote state machine, main website issues a telecommand, distribution Loopback one confirms to instruct after terminal receives telecommand, after main website receives confirmation instruction, send one to hold to distribution terminal Go and instruct, distribution terminal confirms to instruct after receiving the execute instruction to one execution of main website transmission, when distribution terminal has performed Bi Hou, return and terminate order.
Calling is the actual value of main website request distribution terminal transmission all processes variable, to refresh the database of main website.Call together The content called out includes the information such as remote signalling and remote measurement in distribution terminal, utilizes the transfer called between state different in state machine Calling function is described.Main website sends calling command frame to distribution terminal, after distribution terminal receives the calling command frame of main website transmission, If busy, loopback hurry frame, the end of transmission, if be not in a hurry, distribution terminal loopback calling acknowledgement frame, waits main website to call data, Acknowledgement frame includes the information such as main website IP address and port.Main website sends calling data command, and distribution terminal is with information frame to master Stand data information, data message includes main website IP address and the information of port, in addition to telemetry intelligence (TELINT) and remote signalling letter Breath etc., after data message all transmission, distribution terminal sends calling end frame to main website, and calling terminates.According to message In field can determine that the state of message.
Said process is illustrated with specific embodiment below:
A message is received, message status is consistent with calling the original state of state machine, i.e., current with calling state machine Calling command frame state consistency, then instantiate one calling state machine, obtain call state machine instance, utilize the main website of message IP and the character string identification calling state machine instance of port splicing, call the current state of state machine instance to be updated to next shape State, i.e. acknowledgement state.After distribution terminal receives the message, an acknowledgement frame is sent, has been detected with main website in the acknowledgement frame IP and the character string of port splicing are the calling state machine instance of mark, judge the state of the acknowledgement frame with calling state machine instance Whether current acknowledgement state is consistent, if so, then sending the acknowledgement frame to main website, calls the current state of state machine instance more New is calling data mode.Main website sends calling data command after receiving acknowledgement frame, has detected with the calling data command Middle main website IP and port splicing character string for mark calling state machine instance, judge the calling data command state whether It is consistent with the calling data mode that calling state machine instance is current, if unanimously, the calling data command is forwarded into distribution end End, the current state for calling state machine instance is updated to data information transmission status.Distribution terminal receives the calling data After order, data message is sent, judges the state of data message with calling the current state of state machine instance whether consistent, if one Cause, data message is sent to main website, the current state for calling state machine instance is updated to done state.Distribution terminal is by number It is believed that breath sends end frame after transferring, the state of end frame is judged with calling the done state of state machine instance whether consistent, If consistent, terminate this calling.After calling terminates, that is, call state in state machine instance to be finished, discharge the calling state The calling state machine using the character string that main website IP and port are spliced as mark of machine example, i.e. release instantiation.
Referring to Fig. 5, a kind of security protection system of the distribution network control system of embodiment is provided, including:
Receiving module 100, for receiving message.
Specifically, when the message of reception is the message that main website issues, in order to ensure the safety of power distribution network industrial control system, The message of reception is screened, distribution terminal is transmitted through the network to prevent being unsatisfactory for unsafe message of condition, causes Distribution terminal is attacked.Similarly, when the message of reception is that distribution terminal sends message, the message of reception is screened, Main website is transmitted through the network to prevent being unsatisfactory for unsafe message of condition, causes main website to be attacked.In this specific implementation In example, receiving module 100 receives message by RJ45 Ethernet interfaces.
Main control module 200, for judging whether the data type of message is application data type, if so, screening is provided The message of standby Distribution Network Communication stipulations protocol number, abandon the report for the application data type for not possessing Distribution Network Communication stipulations protocol number Text.
In the present embodiment, Distribution Network Communication stipulations include IEC60870-5-101 communication protocols or IEC60870-5-104 Communication protocol, IEC60870-5-101 communication protocols and IEC60870-5-104 communication protocols are International Electrotechnical Commission (IEC) The international standard for electric substation automation system formulated.When the data type of message is application data type, it is necessary to right Message carries out preliminary screening, that is, judges whether message possesses Distribution Network Communication stipulations protocol number, if it is determined that being yes, illustrates preliminary It is the message for meeting Distribution Network Communication stipulations to judge the message, then filters out the message, if it is determined that being no, illustrates that preliminary judgement should Message is unsatisfactory for the message of Distribution Network Communication stipulations, then abandons the message.
Stipulations detection module 300, possesses Distribution Network Communication stipulations protocol number for what is filtered out to main control module 200 Message carries out stipulations detection, filters out the message for meeting Distribution Network Communication stipulations, abandons the report for being unsatisfactory for Distribution Network Communication stipulations Text.
If message possesses Distribution Network Communication stipulations protocol number, depth detection will be carried out to the message, that is, judge that the message is It is no further to meet Distribution Network Communication stipulations, if it is determined that being yes, then the message is filtered out, if it is determined that being no, abandon the message.
Sending module 400, for forwarding the message for meeting Distribution Network Communication stipulations filtered out.
When the message that the message of receiving issues for main website, by further whether meeting Distribution Network Communication to the message Stipulations are detected, and what is filtered out meets that the message of Distribution Network Communication stipulations is considered as safe, forwards and sieves to distribution terminal That selects meets the message of Distribution Network Communication stipulations.When the message that the message of receiving sends for distribution terminal, by further Whether ground meets that Distribution Network Communication stipulations detect to the message, and the message for meeting Distribution Network Communication stipulations filtered out is recognized To be safe, the message for meeting Distribution Network Communication stipulations filtered out is forwarded to main website.In this specific embodiment, mould is sent The message for meeting Distribution Network Communication stipulations that block 400 is filtered out by the forwarding of RJ45 Ethernet interfaces.
The security protection system of above-mentioned distribution network control system, the data type of message is judged by main control module 200, When the data type of message is application data type, the message for possessing Distribution Network Communication stipulations protocol number is filtered out, is abandoned not Possesses the message of Distribution Network Communication stipulations protocol number.Possesses Distribution Network Communication to what is filtered out by stipulations detection module 300 again The message of stipulations protocol number carries out further stipulations detection, filters out the message for meeting Distribution Network Communication stipulations, abandons discontented The message of sufficient Distribution Network Communication stipulations.Then the message for meeting communication protocol is forwarded by sending module 400.The report filtered out Text is safe, it is ensured that distribution terminal and main website will not receive other any messages outside Distribution Network Communication stipulations, keep away Exempt from the risk that whole distribution network control system causes large-area power-cuts by assault, ensure that power distribution network control system The information security of system.
In one of the embodiments, the security protection system of above-mentioned distribution network control system also includes:
Daily record memory module 500, for recording and storing the message of the discarding of main control module 200, and for recording and depositing Store up the message that stipulations detection module 300 abandons.
The message of discarding is recorded, time of operation, message data content will be abandoned, operation etc. is abandoned and remembered Record, so as to follow-up security audit.
Referring to Fig. 6, in one of the embodiments, receiving module 100 includes the first receiving module 110 and second and received Module 120;Sending module 400 includes the first sending module 410 and the second sending module 420.
First receiving module 110, the message issued for receiving main website.
First sending module 410, after the message that main website issues is received for the first receiving module 110, turn to distribution terminal Send out the message for meeting Distribution Network Communication stipulations filtered out.
Second receiving module 120, for receiving the message of distribution terminal transmission.
Second sending module 420, after the message that distribution terminal is sent is received for the second receiving module 120, turn to main website Send out the message for meeting Distribution Network Communication stipulations filtered out.
Power distribution network in the above-mentioned embodiment of security protection system of distribution network control system in another embodiment Module included by the security protection system of control system is roughly the same, and the main distinction is, the distribution network control of present embodiment The security protection system of system processed also includes wireless communication module 600, and wireless communication module 600 is used to receive the report that main website issues Text simultaneously forwards, and the first receiving module 110 receives the message that communication module 600 forwards.
In one of the embodiments, wireless communication module 600 is additionally operable to receive the satisfaction of the first sending module 120 forwarding The message of Distribution Network Communication stipulations, and it is transmitted to main website.
In one of the embodiments, wireless communication module 600 is GPRS wireless communication modules, GPRS wireless communication modules The message that main website issues and forwarding are received, the first receiving module 110 receives GPRS wireless communication modules by RS-232 interface and turned The message of hair, the first sending module 410 meet that Distribution Network Communication is advised by RS-232 interface to what distribution terminal forwarding filtered out Message about.Second receiving module 120 receives the message of power distribution network transmission by RS-232 interface, and the second sending module 420 is logical The message for meeting distribution terminal communication protocol that RS-232 interface forwarding filters out is crossed, GPRS wireless communication modules receive the second hair Send meeting the message of Distribution Network Communication stipulations and sending the message to main website for the transmission of module 420.Wherein, GPRS (General Packet Radio Service) it is general packet radio service technology.
In another embodiment, wireless communication module 600 is LET wireless communication modules, and LET wireless communication modules receive The message and forwarding, the first receiving module 110 that main website issues receive the report of LET communication modules forwarding by RJ45 Ethernet interfaces Text, the first sending module 410 send the message for meeting Distribution Network Communication stipulations by RS-232 interface to distribution terminal.Second connects The message that module 120 receives distribution terminal transmission by RS-232 interface is received, the second sending module 420 is forwarded by RJ45 interfaces What is filtered out meets the message of Distribution Network Communication stipulations, and LTE wireless communication modules receive the satisfaction that the second sending module 420 is sent The message of Distribution Network Communication stipulations simultaneously sends the message to main website.Wherein, LTE (Long Term Evolution, Long Term Evolution) It is the evolution of 3G technology (3rd generation mobile communication technology), can effectively reduces delay, improves traffic rate.
In one of the embodiments, sending module 400, it is additionally operable to when main control module 200 judges the data class of message When type is non-application data type, the message of non-application data type is forwarded.
Because the message of non-application data type does not carry data message, without being screened and being detected to it, directly Connect and be forwarded.For example, one ARP of transmission (address resolution protocol, Address Resolution Protocol) report Text or ping orders, ping orders are DOS (Disk Operating System, disc operating system) orders, are generally used for examining Survey grid network is logical with obstructed, and not including data message, without being screened and being detected to it, main website sends the order to distribution terminal Or distribution terminal sends the order to main website, to detect whether network between main website and distribution terminal connects.
Referring to Fig. 7, in one of the embodiments, stipulations detection module 300 includes the He of feature mode detection module 310 First screening module 320.
Whether feature mode detection module 310, the message for possessing Distribution Network Communication stipulations protocol number for detecting meet and match somebody with somebody The supervisory frame of communication system of power grids stipulations, the feature without coded frame or information frame.
First screening module 320, for when the testing result of feature mode detection module 310 is to be, filtering out to meet and matching somebody with somebody The message of the supervisory frame of communication system of power grids stipulations, feature without coded frame or information frame;Tied when feature mode detection module 310 detects Fruit for it is no when, abandon the supervisory frame for not meeting Distribution Network Communication stipulations, the message of feature without coded frame or information frame.First sieve The message that modeling block 320 filters out meets Distribution Network Communication stipulations, and the message of discarding is unsatisfactory for Distribution Network Communication stipulations.
Information frame is for data information.Supervisory frame is used for transmitting flow control information and error control information.Nothing Coded frame transmitting link road control information, for the control to link.Supervisory frame and frame length without coded frame are fixed, have and open Beginning attribute field and end mark field, judge whether message meets supervisory frame or the feature without coded frame, and first choice judges report Whether text has and supervisory frame or without coded frame identical opening flag field and end mark field, the frame length of message whether with Supervisory frame or frame length without coded frame are consistent.Meanwhile the function code of supervisory frame and the function code without coded frame be it is different, according to The function code of message, it can be determined that outgoing packet meets the feature of supervisory frame or meets the feature of no coded frame.Information frame is same Sample has opening flag field and end mark field, also the length mark position with marking data information length, the long scale Knowledge position is 2 bytes, judges whether message meets information frame and be characterized in whether having and supervisory frame by judging message Or without coded frame identical opening flag field and end mark field, and judge the length of the length mark bit identification of message Whether consistent with the length of actual data information, if judging, consistent and message has and supervisory frame or started without coded frame identical Attribute field and end mark field, represent to meet the feature of information frame, if judging, inconsistent or message does not have and supervisory frame Or without coded frame identical opening flag field and end mark field, represent the feature for meeting information frame.As long as message meets The feature of one of which frame in above-mentioned three kinds of frames, represents that the message meets Distribution Network Communication stipulations, then forwards the message, no Then, the message is abandoned.
Referring to Fig. 8, in one of the embodiments, stipulations detection module 300 includes the first judge module 330, created Module 340, mark module 350, detection module 360, the second judge module 370 and the second screening module 380.
First judge module 330, with the presence or absence of one kind in the various states machine for judging default power distribution communication stipulations Original state and the state machine for possessing the state consistency of the message of Distribution Network Communication stipulations protocol number.
Creation module 340, when being judged to being for first judge module, according to original state and the shape of the message The consistent state machine of state, create a state machine instance.
Mark module 350, for the main website IP address using message and the character string identification state machine instance of port splicing.
Detection module 360, when being determined as no for the first judge module 330, the main website IP that detects whether to have message The character string of location and port splicing is the state machine instance of mark.
Second judge module 370, it is when being, to judge the state of message with detecting for the testing result of detection module 360 State machine instance current state it is whether consistent.
Second screening module 380, for when the first judge module 330 is judged to being, screening outgoing packet;It is additionally operable to when inspection When survey module 360 testing result is no, dropping packets;It is additionally operable to, when the second judge module 370 judges consistent, filter out report Text, when the second judge module 370 judges inconsistent, dropping packets.
The message filtered out meets Distribution Network Communication stipulations.When sending message to main website from distribution terminal, the message of transmission Including main website IP address, while, it is necessary to which selection port, is sent message by port when sending message.Similarly, main website issues During message to distribution terminal, the message issued equally includes main website IP address and sends the port of message, passes through the end of selection Mouth sends message.
Distribution Network Communication stipulations are attributed to multiple business subpattern, a kind of corresponding specific function of each pattern, Mei Zhongmo Formula is described using a finite state machine, finite state machine represent limited individual state and transfer between these states and The mathematical modeling of the behaviors such as action.Various states machine is preset to power distribution communication stipulations, in the present embodiment, state machine includes more Kind, for example, starting state machine, halted state machine, clock synchronous state machine, remote state machine, calling state machine are medium, wherein, Every kind of state machine can be instantiated, and carry out instantiation mark, i.e., a kind of state machine can correspond to multiple state machine instances, each State machine instance has different marks.Instantiation is the example of creation state machine, the object of definition status machine, for example, first A variety of people are first predefined, has white man, Black people and yellow, each people can be instantiated, i.e. the object of founder, than Such as, according to default white man, Xiao Ming and small red can be melted into example, Xiao Ming and it is small it is red be white man specific object.One state Limited multiple states are corresponded in machine, state machine instance state machine corresponding to is established, and equally corresponds to limited multiple states, The state included by each state machine instance in identical type is the same.After task corresponding to a state has been performed, Next state is transferred to, after last state of state machine instance is performed, discharges the state machine instance of mark.
Judge whether the state of message meets the original state of any one state machine in default state machine, if state machine Middle a kind of original state of state machine to be present identical with the state of message, and the message is sent to distribution terminal.Instantiation one The state identical state machine of above-mentioned original state and message, corresponding state machine instance is obtained, and utilize distribution network master station IP Address and the character string identification state machine instance of port splicing, the current state of the state machine instance are transferred to by original state Next state.The splicing character string corresponding to the message of different IP address or port is also different, causes a kind of state machine There can be a variety of marks, i.e., a kind of state machine can be corresponding with multiple state machine instances.If a kind of state machine is not present in state machine Original state it is identical with the state of message, then the character string of the main website IP address for detecting whether to have message and port splicing is The state machine instance of mark, if detecting the presence of, then judge state and the main website IP address with message and the port of the message Whether the character string of splicing is consistent for the current state of the state machine instance of mark, if unanimously, then it represents that the message meets distribution Network Communication stipulations, it is believed that it is safe, is the message for meeting communication protocol, can send it to distribution terminal.
Wherein, starting state machine describes to start transfer function between main website and distribution terminal, and main website is by distribution terminal Send and start transmitting message, to activate the user data transmission in connection, distribution terminal loopback one starts confirmation message, and After sending data, main website to receive the information frame in active in the form of information frame, acknowledgement frame is sent to distribution terminal.
Halted state machine describes to stop transfer function between main website and distribution terminal, and main website transmits one in effective connection Stop data transfer message, distribution terminal returns to a stopping confirmation after receiving stopping data transfer message, and main website receives The stopping can close the connection after confirming.
Clock synchronous state machine describes main website and distribution terminal time adjustment function, main website to distribution terminal send pair when message, Update system clock when distribution terminal receives this pair after message, and confirmation message during one pair of loopback.
Control function of the main website to distribution terminal is described by remote state machine, main website issues a telecommand, distribution Loopback one confirms to instruct after terminal receives telecommand, after main website receives confirmation instruction, send one to hold to distribution terminal Go and instruct, distribution terminal confirms to instruct after receiving the execute instruction to one execution of main website transmission, when distribution terminal has performed Bi Hou, return and terminate order.
Calling is the actual value of main website request distribution terminal transmission all processes variable, to refresh the database of main website.Call together The content called out includes the information such as remote signalling and remote measurement in distribution terminal, utilizes the transfer called between state different in state machine Calling function is described.Main website sends calling command frame to distribution terminal, after distribution terminal receives the calling command frame of main website transmission, If busy, loopback hurry frame, the end of transmission, if be not in a hurry, distribution terminal loopback calling acknowledgement frame, waits main website to call data, Acknowledgement frame includes the information such as main website IP address and port.Main website sends calling data command, and distribution terminal is with information frame to master Stand data information, data message includes main website IP address and the information of port, in addition to telemetry intelligence (TELINT) and remote signalling letter Breath etc., after data message all transmission, distribution terminal sends calling end frame to main website, and calling terminates.According to message In field can determine that the state of message.
Said process is illustrated with specific embodiment below:
A message is received, message status is consistent with calling the original state of state machine, i.e., current with calling state machine Calling command frame state consistency, then instantiate one calling state machine, obtain call state machine instance, utilize the main website of message IP and the character string identification calling state machine instance of port splicing, call the current state of state machine instance to be updated to next shape State, i.e. acknowledgement state.After distribution terminal receives the message, an acknowledgement frame is sent, has been detected with main website in the acknowledgement frame IP and the character string of port splicing are the calling state machine instance of mark, judge the state of the acknowledgement frame with calling state machine instance Whether current acknowledgement state is consistent, if so, then sending the acknowledgement frame to main website, calls the current state of state machine instance more New is calling data mode.Main website sends calling data command after receiving acknowledgement frame, has detected with the calling data command Middle main website IP and port splicing character string for mark calling state machine instance, judge the calling data command state whether It is consistent with the calling data mode that calling state machine instance is current, if unanimously, the calling data command is forwarded into distribution end End, the current state for calling state machine instance is updated to data information transmission status.Distribution terminal receives the calling data After order, data message is sent, judges the state of data message with calling the current state of state machine instance whether consistent, if one Cause, data message is sent to main website, the current state for calling state machine instance is updated to done state.Distribution terminal is by number It is believed that breath sends end frame after transferring, the state of end frame is judged with calling the done state of state machine instance whether consistent, If consistent, terminate this calling.After calling terminates, that is, call state in state machine instance to be finished, discharge the calling state The calling state machine using the character string that main website IP and port are spliced as mark of machine example, i.e. release instantiation.
Each technical characteristic of above example can be combined arbitrarily, to make description succinct, not to above-described embodiment In each technical characteristic it is all possible combination be all described, as long as however, lance is not present in the combination of these technical characteristics Shield, all it is considered to be the scope of this specification record.
Above example only expresses the several embodiments of the present invention, and its description is more specific and detailed, but can not Therefore it is construed as limiting the scope of the patent.It should be pointed out that for the person of ordinary skill of the art, On the premise of not departing from present inventive concept, various modifications and improvements can be made, these belong to protection scope of the present invention. Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims (8)

1. a kind of safety protecting method of distribution network control system, it is characterised in that including step:
Receive message;
Whether the data type for judging the message is application data type;
If so, then filtering out the message for possessing Distribution Network Communication stipulations protocol number, discarding does not possess the Distribution Network Communication stipulations The message of protocol number;
Stipulations detection is carried out to the message for possessing Distribution Network Communication stipulations protocol number filtered out, filters out and matches somebody with somebody described in satisfaction The message of communication system of power grids stipulations, abandon the message for being unsatisfactory for the Distribution Network Communication stipulations;
What is filtered out described in forwarding meets the message of the Distribution Network Communication stipulations;
It is described that stipulations detection is carried out to the message for possessing Distribution Network Communication stipulations protocol number filtered out, select described in satisfaction The message of Distribution Network Communication stipulations, abandoning the step of being unsatisfactory for the message of the Distribution Network Communication stipulations includes step:
Judge possess described match somebody with somebody with described with the presence or absence of a kind of original state in the various states machine of default power distribution communication stipulations The state machine of the state consistency of the message of communication system of power grids stipulations protocol number;
If so, then a state machine instance is created, utilizes institute according to original state and the state machine of the state consistency of the message State state machine instance described in the main website IP address of message and the character string identification of port splicing;
Filter out the message;
If it is not, then detect whether that the character string for the main website IP address and port splicing that the message be present is real for the state machine of mark Example;
If testing result is no, the message is abandoned;
If testing result is yes, judge the state of the message and the state machine instance detected current state whether Unanimously;
If it is determined that it is consistent, filter out the message;
If it is determined that it is inconsistent, abandon the message.
2. the safety protecting method of distribution network control system according to claim 1, it is characterised in that
When the message that the message of the reception issues for main website, meet the distribution to what is filtered out described in distribution terminal forwarding The message of Network Communication stipulations;
When the message that the message of the reception sends for distribution terminal, meet the distribution to what is filtered out described in main website forwarding The message of Network Communication stipulations.
3. the safety protecting method of distribution network control system according to claim 1, it is characterised in that
Described to filter out the message for possessing Distribution Network Communication stipulations protocol number, discarding does not possess the Distribution Network Communication stipulations agreement Number message the step of after include step:Record and the described of storage discarding do not possess the Distribution Network Communication stipulations protocol number Message;
Include step after the step of discarding is unsatisfactory for the message of the Distribution Network Communication stipulations:What record and storage abandoned The message for being unsatisfactory for the Distribution Network Communication stipulations.
4. the safety protecting method of distribution network control system according to claim 1, it is characterised in that
The message for meeting the Distribution Network Communication stipulations that filters out be meet the Distribution Network Communication stipulations supervisory frame, The message of feature without coded frame or information frame.
A kind of 5. security protection system of distribution network control system, it is characterised in that including:
Receiving module, for receiving message;
Main control module, for judging whether the data type of the message is application data type, is matched somebody with somebody if so, filtering out and possessing The message of communication system of power grids stipulations protocol number, abandon the message for the application type for not possessing the Distribution Network Communication stipulations protocol number;
Stipulations detection module, the message for possessing Distribution Network Communication stipulations protocol number for being filtered out to the main control module enter Professional etiquette about detects, and filters out the message for meeting the Distribution Network Communication stipulations, and discarding is unsatisfactory for the Distribution Network Communication stipulations Message;
Sending module, for forwarding the message for meeting communication protocol filtered out;
The stipulations detection module includes the first judge module, creation module, mark module, detection module, the second judge module And second screening module;
First judge module, with the presence or absence of a kind of initial in the various states machine for judging default power distribution communication stipulations State and the state machine of the state consistency of the message for possessing the Distribution Network Communication stipulations protocol number;
The creation module, when being judged to being for first judge module, according to original state and the state of the message Consistent state machine, create a state machine instance;
The mark module, for state machine described in the main website IP address using the message and the character string identification of port splicing Example;
The detection module, when being determined as no for first judge module, detect whether the main website IP that the message be present The character string of address and port splicing is the state machine instance of mark;
Second judge module, it is when being, to judge state and the detection of the message for the detection module testing result Whether the current state of the state machine instance arrived is consistent;
Second screening module, for when first judge module is judged to being, filtering out the message;It is additionally operable to work as When the detection module testing result is no, the message is abandoned;It is additionally operable to when second judge module judges consistent, sieve The message is selected, when second judge module judges inconsistent, abandons the message.
6. the security protection system of distribution network control system according to claim 5, it is characterised in that receiving module includes First receiving module and the second receiving module;The sending module includes the first sending module and the second sending module;
First receiving module, the message issued for receiving main website;
First sending module, after the message that the main website issues is received for first receiving module, to distribution terminal What is filtered out described in forwarding meets the message of the Distribution Network Communication stipulations;
Second receiving module, for receiving the message of distribution terminal transmission;
Second sending module, after the message that the distribution terminal is sent is received for second receiving module, to main website What is filtered out described in forwarding meets the message of the Distribution Network Communication stipulations.
7. the security protection system of distribution network control system according to claim 5, it is characterised in that including:
Daily record memory module, the message abandoned for recording and storing the main control module, and it is described for recording and storing The message that stipulations detection module abandons.
8. the security protection system of distribution network control system according to claim 5, it is characterised in that the stipulations detection Module includes feature mode detection module and the first screening module;
The feature mode detection module, for detecting whether the message for possessing Distribution Network Communication stipulations protocol number meets institute State the supervisory frame of Distribution Network Communication stipulations, the feature without coded frame or information frame;
First screening module, for when feature mode detection module calibrating is is, filtering out described in described meet The message of the supervisory frame of Distribution Network Communication stipulations, feature without coded frame or information frame;When the feature mode detection module is examined When being set to no, the supervisory frame for not meeting the Distribution Network Communication stipulations, the message of feature without coded frame or information frame are abandoned.
CN201510261055.2A 2015-05-20 2015-05-20 The safety protecting method and system of distribution network control system Active CN105049403B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510261055.2A CN105049403B (en) 2015-05-20 2015-05-20 The safety protecting method and system of distribution network control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510261055.2A CN105049403B (en) 2015-05-20 2015-05-20 The safety protecting method and system of distribution network control system

Publications (2)

Publication Number Publication Date
CN105049403A CN105049403A (en) 2015-11-11
CN105049403B true CN105049403B (en) 2018-01-30

Family

ID=54455614

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510261055.2A Active CN105049403B (en) 2015-05-20 2015-05-20 The safety protecting method and system of distribution network control system

Country Status (1)

Country Link
CN (1) CN105049403B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105491018B (en) * 2015-11-24 2019-02-12 北京中电普华信息技术有限公司 A kind of network data security analysis method based on DPI technology
CN105791271A (en) * 2016-02-23 2016-07-20 梅照付 Safety protection control method for power grid
CN109194490B (en) * 2018-09-21 2021-09-03 南京蓝途电力自动化有限公司 Power distribution network communication security authentication system and method
CN110334507A (en) * 2019-06-18 2019-10-15 北京中科物联安全科技有限公司 A kind of method, apparatus and electronic equipment detecting network system safety
CN110516442A (en) * 2019-08-29 2019-11-29 南方电网科学研究院有限责任公司 A kind of power distribution network safety defense system, method, apparatus, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101662359A (en) * 2009-08-17 2010-03-03 珠海市鸿瑞信息技术有限公司 Security protection method of communication data of special electricity public network
CN103730959A (en) * 2013-12-19 2014-04-16 广东电网公司电力科学研究院 Method for testing communication protocols of power distribution network equipment
CN103929423A (en) * 2014-04-15 2014-07-16 广东电网公司电力科学研究院 IPSec VPN safety forwarding method and system for handling power protocols

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8259708B2 (en) * 2006-10-17 2012-09-04 Generonix, Inc. Wireless access point network system supported through existing transmission lines
CN102647026B (en) * 2012-04-24 2014-04-09 上海毅昊自动化有限公司 System for visually dynamically monitoring running state of relay protector

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101662359A (en) * 2009-08-17 2010-03-03 珠海市鸿瑞信息技术有限公司 Security protection method of communication data of special electricity public network
CN103730959A (en) * 2013-12-19 2014-04-16 广东电网公司电力科学研究院 Method for testing communication protocols of power distribution network equipment
CN103929423A (en) * 2014-04-15 2014-07-16 广东电网公司电力科学研究院 IPSec VPN safety forwarding method and system for handling power protocols

Also Published As

Publication number Publication date
CN105049403A (en) 2015-11-11

Similar Documents

Publication Publication Date Title
CN105049403B (en) The safety protecting method and system of distribution network control system
CN108848067B (en) OPC protocol safety protection method for intelligently learning and presetting read-only white list rule
CN102317876B (en) There is the communication module of Network Isolation and the filtrator that communicates
CN110401624A (en) The detection method and system of source net G system mutual message exception
CN106168757A (en) Configurable robustness agency in factory safety system
CN108063753A (en) A kind of information safety monitoring method and system
CN101888658B (en) GPRS (General Packet Radio Service) core network simulation and test system
CN105812387A (en) Unidirectional safe data exchange device
CN106850568B (en) Session aging method and device of multi-channel protocol
CN110311990A (en) A kind of configurable internet of things data acquisition system and configuration method
KR101083925B1 (en) Apparatus and Method for defending against security threats, and Recording medium thereof
WO2018233030A1 (en) Transmission duration-based internet of things data reporting control method and forwarding node
US20100031273A1 (en) method of supervising a plurality of units in a communications network
CN113225342B (en) Communication abnormality detection method and device, electronic equipment and storage medium
CN106301994B (en) Network communication abnormity testing method and device
CN104914328A (en) Substation online monitoring device fault automatic diagnosis method
CN107426014A (en) A kind of management system of EOC equipment
CN110113222A (en) A kind of link bandwidth utilization rate acquisition methods and device and terminal
CN112543123A (en) Safety protection and early warning system of industrial automatic control system
US10338544B2 (en) Communication configuration analysis in process control systems
CN111698168A (en) Message processing method, device, storage medium and processor
CN108174399B (en) Data processing method, system and equipment of terminal equipment
CN101431435B (en) Connection-oriented service configuration and management method
CN107294804B (en) Method and equipment for controlling data filtering of Internet of things based on transmission duration
CN103874106A (en) Method for self-adaptively closing base station radio frequency in wireless communication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant