CN105449863B - A kind of intelligent substation Network Communicate Security antihunt means - Google Patents
A kind of intelligent substation Network Communicate Security antihunt means Download PDFInfo
- Publication number
- CN105449863B CN105449863B CN201510940760.5A CN201510940760A CN105449863B CN 105449863 B CN105449863 B CN 105449863B CN 201510940760 A CN201510940760 A CN 201510940760A CN 105449863 B CN105449863 B CN 105449863B
- Authority
- CN
- China
- Prior art keywords
- communication
- network
- security
- intelligent substation
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00006—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment
- H02J13/00007—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment using the power network as support for the transmission
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E60/00—Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/16—Electric power substations
Abstract
A kind of intelligent substation Network Communicate Security antihunt means, for real-time monitoring and defence of the intelligent substation based on the IEC61850 device network securities to communicate and stability.The network communication that the intelligent substation Network Communicate Security antihunt means are realized to intelligent substation equipment by security audit, abnormal audit, communication defence is based on that Security Audit Strategy real-time auditing, defence be illegal and abnormal conditions, and real-time early warning.Pass through the use of this method, intelligent substation equipment is made to may refrain from and filter illegal and exceptional communication in bottom communication link, so as to improve the safety and stability of functions of the equipments and operation, this method can reach significantly effective effect and important meaning especially when substation network is linked into common network.
Description
Technical field
The present invention relates to a kind of intelligent substation Network Communicate Security antihunt means, belong to technical field of electric power automation,
Particularly for real-time monitoring and defence of the intelligent substation based on the IEC61850 device network securities to communicate and stability.
Background technology
Intelligent substation uses IEC61850 standard traffics, defines the 3 layer network knot such as station level, wall and network layer
Structure, the acquisition of data, the control of functions of the equipments etc. is all realized by network communication mode, therefore there are the safety such as network intrusions is hidden
Suffer from, than substation's local area network of relatively isolated closing especially when intelligent substation is linked into common network communications facility
It is more susceptible to network attack.
At present in intelligent substation to IEC61850's in use, including station level MMS (manufacture message specification) communication,
Process layer GOOSE (traffic model object transformer substation case) and SV (sampled value) communications, all could be used without any Prevention-Security and arrange
The basic communication mechanism applied.On the other hand, as many novel devices occurs in intelligent substation development, such as combining unit, intelligence
Energy terminal etc., in addition to the various exceptional communications that may occur in operation, the application of novel device is improved and can also deposited in the process
The exceptional communication caused by some defects, all these exceptional communications can all cause the unpredictable behavior of functions of the equipments, drop
The low stability of equipment.
From the point of view of Network Communicate Security and equipment stable operation, it is necessary to intelligent substation device network communication
Safety and stability monitor and defend in real time, make equipment may refrain from and filtered in bottom communication link it is illegal and abnormal logical
Letter, so as to promote the safety and stability of intelligent substation operation.
The content of the invention
In order to overcome the shortcomings of above-mentioned prior art, the present invention provides a kind of intelligent substation Network Communicate Security stabilizations
Method.
The technical solution adopted in the present invention is:
A kind of intelligent substation Network Communicate Security antihunt means pass through security audit module, abnormal Audit Module, communication
Link is defendd to realize the real-time auditing to intelligent substation device network communication, defends illegal and abnormal conditions, it is illegal in appearance
And during abnormal conditions, real-time early warning function is realized, which is characterized in that the Network Communicate Security antihunt means include following step
Suddenly:
(1) all network communication messages into intelligent substation equipment are accessed by network communication monitoring module, and will
Network communication message submits to abnormal Audit Module and security audit module simultaneously;
(2) abnormal Audit Module divides MMS, GOOSE, SV network communication message according to IEC61850 communication specifications
After analysis, the network communication message i.e. exception message for not meeting specification is directly abandoned, and auditing result is recorded with log mode, carry
Give real-time early warning module;
(3) security audit module audits to network communication message, will clearly be forbidden or not in the net of allowed band
Network communication message further carries out the invalid packet by the defense module that communicates as the invalid packet for influencing communication security
Communication service refusal, communication disconnection process, the security audit module is by the auditing result of invalid packet and treatment measures with day
Will mode records, and submits to real-time early warning module;
(4) intelligent substation is submitted to the warning information of audit finding in step (2) and (3) by real-time early warning module
The information management module of equipment.
Acceptable further preferred following technical scheme of the invention:
In step (3), Security Audit Strategy is according to the default communication security plan of intelligent substation equipment service requirement
It omits, including:Communication access policies, communication control strategy;If network communication message is clear and definite in the communication access policies
Forbid or not in the network communication message of allowed band, as influence the invalid packet of secure communication, then according further to described
Communication control strategy determines to handle the invalid packet;It specifically includes:
3.1 communication access policies are that the communications access for allowing and forbidding configures, including communication message type, communicatedly
Location, communication service type;Communication message type is the existing protocol type of ICP/IP protocol stack specification;Lead to for GOOSE and SV
Letter, mailing address are application ID, that is, APPID;It communicates for TCP/UDP, mailing address is IP address;Communication service type only pin
To MMS communication, the Abstract Common Service Interface ACSI defined for IEC61850 specifications.
The 3.2 communication control strategies include communication service refusal, communication disconnects.The communication service refusal is for net
The negative response of network communication services request.The communication disconnects the disconnection linked to communication session request.
Communication defense module is responsible for sending message to the network monitored, is disconnected including communication service refusal message, communication
Message.
Compared with the prior art, the beneficial effects of the invention are as follows:Intelligent substation equipment is made just to press down in bottom communication link
Illegal and exceptional communication is made and filtered, so as to improve the safety and stability of functions of the equipments and operation, especially works as power transformation
Network insertion of standing can reach effective obvious action and important meaning to this method during common network.
Description of the drawings
Fig. 1 is the intelligent substation Network Communicate Security antihunt means flow chart of the present invention;
Specific embodiment
The present invention is further described with reference to the accompanying drawings and examples.
In Fig. 1, intelligent substation Network Communicate Security antihunt means of the invention comprise the following steps:(1) network leads to
Believe entrance of the monitoring module 10 as communication links in equipment, it is responsible to monitor the network communication message for being linked into equipment, simultaneously will
Message is submitted to abnormal Audit Module 20 and security audit module 30 respectively, carries out the audit processing of Different Logic.
(2) in abnormal Audit Module 20 to step (1) submit MMS, GOOSE, SV network communication message according to
IEC61850 communication specifications are analyzed, the legitimacy including message format, coding correctness, the correctness of communication mechanism.Its
In, the correctness emphasis of communication mechanism is analyzed for GOOSE and SV communications, and trapezoidal temporal is sent in the variation including GOOSE
Mechanism, GOOSE bursts and the empty change of repeat mechanism, GOOSE and anomalous variation, GOOSE time-out, SV time-out, SV data jumps.For
The communication message of specification, i.e. exception message are not met, as auditing result with log mode complete documentation original message and time
Afterwards, the exception message is directly abandoned in order to avoid being further processed by functions of the equipments, reduce influence of the exception message to functions of the equipments, from
And the stability of lifting means function.
(3) MMS, GOOSE, SV network communication message the foundation safety submitted in security audit module 30 to step (1)
Audit strategy 31 carries out security audit.Security Audit Strategy 31 has preset the auditing objectives of equipment operational safety requirement, that is, communicates
The measure taken, i.e. communication control strategy are needed when access strategy and discovery safety problem.If network communication message is logical
Clearly forbidden in letter access strategy or not in the illegal report of the network communication message of allowed band, as influence communication security
Text is then further determined the treatment measures to the invalid packet by communication control strategy.The invalid packet and the processing are arranged
It applies and original message and time is recorded with log mode for auditing result.
Communication access policies are from flexibly and easily arrangement angles being divided into and allowing and the communications access forbidden configures, each way
It may comprise mailing address, communication message type, communication service type.It communicates for GOOSE and SV, mailing address APPID,
It is not related to communication service type.For MMS communication, mailing address is IP address, and communication service type is determined for IEC61850 specifications
The ACSI of justice, it is main to include control service, definite value service, write the larger various services of security threats such as service.Communication message class
Type is the existing protocol type of ICP/IP protocol stack specification, in addition to MMS, GOOSE, SV communication that IEC61850 specifications define,
Common also has FTP, HTTP, TELNET etc., if equipment does not allow or forbids some communication message types, can be included in logical
Believe in access strategy configuration.
Communication control strategy be after security audit module 30 is audited according to communication access policies to clearly being forbidden or not
In the treatment measures of the network communication message of allowed band, disconnected including communication service refusal, communication.Communication service refusal is used for
Negative response to network communication service requests is such as forbidden being found that on network pair in the case of control service and definite value service
The equipment control operation or definite value operation, then Security Audit Strategy 31 carry out negative response, so as to refuse accordingly operation with
Ensure the security of equipment.Communication disconnects the disconnection linked to communication session request, available for the communication service quilt forbidden
It was found that when disconnect communication session link, it can also be used to the session rejection of the communication message type forbidden or link disconnect, such as when peace
Full audit strategy 31, which is configured with, forbids FTP to communicate, then is disconnected in the network communication of equipment if FTP any communication messages are found
Corresponding link.
Communication defense module 40 is the specific execution to the treatment measures of invalid packet, i.e., is sent to monitored network specific
Communication message, including communication service refusal message, communication disconnect message.
(4) in step (2) and (3), if abnormal Audit Module 20 or security audit module 30 pass through audit finding
Exception message or invalid packet then record the details of these messages and submit to real-time early warning module 50.Real-time early warning mould
Block 50 is responsible for the management and forwarding of warning information, is such as forwarded to the information management module 60 of equipment, can pass through information management module
60 are further forwarded to the other systems such as monitoring system outside equipment.
Example given above is illustrating the present invention and its practical application, and the hence technology of this field
Personnel can realize or use the present invention, or else those of ordinary skill in the art can depart from the situation of the invention thought of the present invention
Under, various modifications or variation are made to above-described embodiment, thus the present invention is not limited by above-described embodiment, and should meet
The maximum magnitude for the innovative features that claims are mentioned.
Claims (4)
1. a kind of intelligent substation Network Communicate Security antihunt means, anti-by security audit module, abnormal Audit Module, communication
Imperial module realizes the real-time auditing to intelligent substation device network communication, and defence is illegal and abnormal conditions, occur it is illegal and
During abnormal conditions, real-time early warning function is realized, which is characterized in that the Network Communicate Security antihunt means comprise the following steps:
(1) all network communication messages into intelligent substation equipment are accessed by network communication monitoring module, and by network
Communication message submits to abnormal Audit Module and security audit module simultaneously;
(2) abnormal Audit Module analyzes MMS, GOOSE, SV network communication message according to IEC61850 communication specifications, will
After the network communication message i.e. exception message for not meeting specification directly abandons, and auditing result is recorded with log mode, submit to
Real-time early warning module;
(3) security audit module audits to network communication message, will clearly be forbidden or not led in the network of allowed band
Believe that message as the invalid packet for influencing communication security, further communicates to the invalid packet by the defense module that communicates
Service-denial, communication disconnection process, the security audit module is by the auditing result of invalid packet and treatment measures with daily record side
Formula records, and submits to real-time early warning module;Security Audit Strategy is default logical according to intelligent substation equipment service requirement
Believe security strategy, including:Communication access policies, communication control strategy;If network communication message is the communication access policies
It is middle clearly to be forbidden or not in the network communication message of allowed band, the invalid packet of secure communication is as influenced, then further
It determines to handle the invalid packet according to the communication control strategy;
(4) intelligent substation equipment is submitted to the warning information of audit finding in step (2) and (3) by real-time early warning module
Information management module.
2. intelligent substation Network Communicate Security antihunt means according to claim 1, it is characterised in that:
In step (3), Security Audit Strategy specifically includes:
3.1 communication access policies are to allow and the communications access forbidden configures, including communication message type, mailing address,
Communication service type;
The 3.2 communication control strategies include communication service refusal, communication disconnects.
3. intelligent substation Network Communicate Security antihunt means according to claim 2, it is characterised in that:
In 3.1, communication message type is the existing protocol type of ICP/IP protocol stack specification;It communicates, leads to for GOOSE and SV
Letter address is application ID, that is, APPID;It communicates for TCP/UDP, mailing address is IP address;Communication service type is only for MMS
Communication, the Abstract Common Service Interface ACSI defined for IEC61850 specifications.
4. intelligent substation Network Communicate Security antihunt means according to claim 2, it is characterised in that:
In 3.2, the communication service refusal is for the negative response to network communication service requests;The communication, which disconnects, to be used for
The disconnection of communication session link is asked.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510940760.5A CN105449863B (en) | 2015-12-16 | 2015-12-16 | A kind of intelligent substation Network Communicate Security antihunt means |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510940760.5A CN105449863B (en) | 2015-12-16 | 2015-12-16 | A kind of intelligent substation Network Communicate Security antihunt means |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105449863A CN105449863A (en) | 2016-03-30 |
CN105449863B true CN105449863B (en) | 2018-05-25 |
Family
ID=55559768
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510940760.5A Active CN105449863B (en) | 2015-12-16 | 2015-12-16 | A kind of intelligent substation Network Communicate Security antihunt means |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105449863B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981812A (en) * | 2019-03-13 | 2019-07-05 | 深圳供电局有限公司 | A kind of interior communication method and device thereof, the computer equipment of multiple substations |
CN113467345B (en) * | 2021-08-11 | 2022-06-14 | 中电积至(海南)信息技术有限公司 | Intelligent home security gateway system with simulation module |
CN114301621A (en) * | 2021-11-17 | 2022-04-08 | 北京智芯微电子科技有限公司 | Intelligent substation and network communication safety control method and device thereof |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101316051A (en) * | 2008-07-03 | 2008-12-03 | 绍兴电力局 | Internetwork communication log analysis system and method based on IEC61850 transforming plant automatization system |
CN101728869A (en) * | 2009-11-10 | 2010-06-09 | 重庆大学 | Power station automation system data network security monitoring method |
CN104052640A (en) * | 2014-07-09 | 2014-09-17 | 西安丙坤电气有限公司 | Self-adaptation detection method for digital substation process level network messages |
CN104065160A (en) * | 2014-06-06 | 2014-09-24 | 武汉中元华电科技股份有限公司 | Method for processing abnormal message in electric power system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ATE518329T1 (en) * | 2008-08-18 | 2011-08-15 | Abb Technology Ag | ANALYSIS OF COMMUNICATION CONFIGURATION IN A PROCESS CONTROL SYSTEM |
-
2015
- 2015-12-16 CN CN201510940760.5A patent/CN105449863B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101316051A (en) * | 2008-07-03 | 2008-12-03 | 绍兴电力局 | Internetwork communication log analysis system and method based on IEC61850 transforming plant automatization system |
CN101728869A (en) * | 2009-11-10 | 2010-06-09 | 重庆大学 | Power station automation system data network security monitoring method |
CN104065160A (en) * | 2014-06-06 | 2014-09-24 | 武汉中元华电科技股份有限公司 | Method for processing abnormal message in electric power system |
CN104052640A (en) * | 2014-07-09 | 2014-09-17 | 西安丙坤电气有限公司 | Self-adaptation detection method for digital substation process level network messages |
Also Published As
Publication number | Publication date |
---|---|
CN105449863A (en) | 2016-03-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106982235B (en) | IEC 61850-based electric power industry control network intrusion detection method and system | |
Yang et al. | Multidimensional intrusion detection system for IEC 61850-based SCADA networks | |
EP2721801B1 (en) | Security measures for the smart grid | |
CN103457791B (en) | A kind of intelligent substation network samples and the self-diagnosing method of control link | |
CN103036733B (en) | Unconventional network accesses monitoring system and the monitoring method of behavior | |
CN105449863B (en) | A kind of intelligent substation Network Communicate Security antihunt means | |
CN105488396B (en) | A kind of intelligent grid service security gateway system based on data stream association analytical technology | |
CN106168757A (en) | Configurable robustness agency in factory safety system | |
CN110401624A (en) | The detection method and system of source net G system mutual message exception | |
CN106911529A (en) | Power network industry control safety detecting system based on protocol analysis | |
CN107395570A (en) | Cloud platform auditing system based on big data administrative analysis | |
CN104104558B (en) | A kind of method that network storm suppresses in transformer station process layer communication | |
CN103546488A (en) | Active security defense system and method of power secondary system | |
CN108270600A (en) | A kind of processing method and associated server to malicious attack flow | |
CN109510841A (en) | A kind of security isolation gateway of control device and system | |
Matoušek et al. | Increasing visibility of iec 104 communication in the smart grid | |
Mai et al. | IEC 60870-5-104 network characterization of a large-scale operational power grid | |
KR100758796B1 (en) | Realtime service management system for enterprise and a method thereof | |
TW201141155A (en) | Alliance type distributed network intrusion prevention system and method thereof | |
CN111565167B (en) | Generalized remote operation information safety device and safety operation and maintenance method for intelligent substation | |
KR102145421B1 (en) | Digital substation with smart gateway | |
CN110138773B (en) | Protection method for goose attack | |
CN109150888A (en) | A method of network security mould group operating mode is controlled by physical switch | |
CN105827630A (en) | Botnet attribute identification method, defense method and device | |
Eslava | An algorithm for optimal firewall placement in iec61850 substations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20190320 Address after: 100085 9, four street, Shang Di information industry base, Haidian District, Beijing. Co-patentee after: Beijing Sifang Jibao Engineering Technology Co., Ltd. Patentee after: Beijing Sifang Jibao Automation Co., Ltd. Address before: 100085 9, four street, Shang Di information industry base, Haidian District, Beijing. Patentee before: Beijing Sifang Jibao Automation Co., Ltd. |