CN106209869A - A kind of intelligent power equipment data handling system based on classification safety - Google Patents
A kind of intelligent power equipment data handling system based on classification safety Download PDFInfo
- Publication number
- CN106209869A CN106209869A CN201610562845.9A CN201610562845A CN106209869A CN 106209869 A CN106209869 A CN 106209869A CN 201610562845 A CN201610562845 A CN 201610562845A CN 106209869 A CN106209869 A CN 106209869A
- Authority
- CN
- China
- Prior art keywords
- network node
- cloud
- network
- power equipment
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
A kind of intelligent power equipment data handling system based on classification safety, including power equipment data acquisition unit, for being acquired the state parameter of power equipment, described state parameter includes transformator high and low side on off state, transformator oneself state parameter, chopper and isolation switch state parameter;Data, for receiving the status of electric power parameter collected by described power equipment data acquisition unit, are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide human-computer exchange port simultaneously by remote scheduling center;Cloud Internet, for calculating the state parameter of power equipment and store, it is assumed that its total m network node and n bar link;Firewall box, is connected between remote scheduling center and cloud Internet, and the data at remote scheduling center could enter cloud Internet after firewall box.
Description
Technical field
The present invention relates to electric apparatus monitoring platform field, be specifically related to a kind of intelligent power equipment based on classification safety
Data handling system.
Background technology
Along with popularizing of cloud computing, increasing power system uses cloud network to carry out the process of power equipment data
And storage.But using while cloud network, how to ensure the security performance of power equipment data, be one highly important
Problem, if malicious third parties obtains the relevant parameter of key equipment by cloud network, consequence is hardly imaginable.
Summary of the invention
For the problems referred to above, the present invention provides a kind of intelligent power equipment data handling system based on classification safety.
The purpose of the present invention realizes by the following technical solutions:
A kind of intelligent power equipment data handling system based on classification safety, is characterized in that, including power equipment data
Collecting unit, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs shape
State, transformator oneself state parameter, chopper and isolation switch state parameter;
Remote scheduling center, for receiving the status of electric power ginseng collected by described power equipment data acquisition unit
Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide man-machine simultaneously by number
Switching port;
Device identification module, provides a special mark for each equipment, will be stored by the parameter in same mark source
In the corresponding storage area of cloud Internet;
Cloud Internet, for calculating the state parameter of power equipment and store, it is assumed that its total m network node
With n bar link;
Report to the police and interlocking modules, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules
Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit
Time send alarm signal to operations staff;
Security protection system, for providing protection for network node and link, it includes cloud network node safety classification
System, security protection configuration subsystem, network security monitoring subsystem and cloud service subsystem.
Preferably, also including firewall box, it is connected between remote scheduling center and cloud Internet, in remote scheduling
The data of the heart could enter cloud Internet after firewall box;
Preferably, also including authentication module and mobile information acquisition end, the user through authentication can pass through
Mobile information acquisition end remotely obtains the state parameter of relevant device in cloud network;Described mobile information acquisition end include mobile phone,
Flat board IPAD and laptop computer.
This power equipment data handling system have the beneficial effect that the calculating being reduced remote scheduling center by cloud network
And storage capacity, ensure the transmission safety between this locality and cloud network by fire wall, ensure cloud by security protection system
The safety of network itself, and it is provided with identity verifier thereof and mobile information acquisition end makes the user having permission to obtain safely
Obtain equipment real time information.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention
System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings
Other accompanying drawing.
Fig. 1 is the structured flowchart of a kind of intelligent power equipment data handling system based on classification safety;
Fig. 2 is the structured flowchart of security protection system.
Reference: power equipment data acquisition unit-1;Remote scheduling center-2;Firewall box-3;Cloud Internet-
4;Security protection system-5;Device identification module-6;Report to the police and interlocking modules-7;Authentication module-8;Mobile information acquisition
End-9;Cloud network node safety classification subsystem-10;Security protection configuration subsystem-20;Network security monitoring subsystem-30;
Cloud service subsystem-40;Incidence matrix generation module-11;Minimum spanning tree module-12;Diversity module-13;Replacement module-
14。
Detailed description of the invention
The invention will be further described with the following Examples.
Application scenarios 1:
A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number
According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs
State, transformator oneself state parameter, chopper and isolation switch state parameter;
Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1
Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter
Machine switching port;
Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint
Point and n bar link;
Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules
Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit
Time send alarm signal to operations staff;
Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source
In the corresponding storage area of cloud Internet 4;
Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification
System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.
The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall
And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity
Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.
Preferably, firewall box 3, it is connected between remote scheduling center 2 and cloud Internet 4, remote scheduling center 2
Data could enter cloud Internet 4 after firewall box 3;
Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to
Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4;Described mobile information acquisition end 9 wraps
Include mobile phone, flat board IPAD and laptop computer.
Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node
Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node
The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class
Cryptographic services;Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole
Individual security protection cloud system provides cloud to support.
(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12,
Diversity module 13 and replacement module 14:
The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing
Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained
The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.
A, incidence matrix generation module 11:
A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G1, V2... Vm, E=
{E1, E2... En, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n
A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R
The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node;Such as,
If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association;
B. minimum spanning tree module 12:
With (i j) represents connection network node V in non-directed graph GiWith network node VjLink, ω (Vi, Vj) represent this chain
The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T
Minimum spanning tree sum τ (G)=det (RR in GT), wherein det (.) represents determinant generating function,;
C. diversity module 13:
Node V is obtained by following formulaiImportance values ri:Wherein τ (G) is for be generated by minimum
The minimum spanning tree sum that tree computing module obtains;K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R
The new matrix obtained after the nonzero element column of i row and the i-th row, det (Zi) represent the determinant of Z;riValue the biggest,
I.e. node demonstrates the highest importance, works as riValue when take 1, then it represents that ViIt is most important network node in this network,
Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt;By with
Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 > T2 > T3, as
Really ri> T1, then be labeled as important node by this network node, if T1 is > ri> T2, then be labeled as time weight by this network node
Want node, if T2 is > ri> T3, then be labeled as intermediate node by this network node, if riLess than T3, then by this network node
It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively
Grade 1, grade 2, grade 3 and class 4;T3=0.25, fringe node number is not over the 30% of overall network nodes;
D. replacement module 14:
When network node quantity or node location change, automatically recalculate the important of each network node
Property value, and re-start safety classification and labelling;
(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet
It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique
For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate
Full service;Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information
Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique,
Following cipher mode is used to be encrypted specifically:
A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B
During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1;
Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu
RD2;By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out
Encryption, is sent to B by encrypted result;Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class
For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class
For, n1-n2=0, do not carry out the operation of matrix encryption;When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over
Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES
Amount of calculation reduces accordingly, has stronger adaptivity.
C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 '
Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned;
(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould
Block and transport module:
Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not
Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations
Relation, positions network node location;
(4) cloud service subsystem 40, including cloud storage module and cloud computing module:
Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud
Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule
Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication;
Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing
Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem
Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually
End program obtains high in the clouds data.
In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall
Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set
Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely;Network system
System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less
Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.25, and edge saves
Count not over the 30% of overall network nodes;Security protection configuration subsystem 20 to the network node of different safety class it
Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add
Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES
Should reduce, have stronger adaptivity;Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time
Cost.
Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:
With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless
Sensor receives the signal intensity of this network node and corresponds to qi, i=1,2 ..., n;
The position of network node (x, y) as follows:
Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.
Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.
Application scenarios 2:
A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number
According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs
State, transformator oneself state parameter, chopper and isolation switch state parameter;
Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1
Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter
Machine switching port;
Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint
Point and n bar link;
Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules
Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit
Time send alarm signal to operations staff;
Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source
In the corresponding storage area of cloud Internet 4;
Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification
System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.
The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall
And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity
Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.
Preferably, also include firewall box 3, be connected between remote scheduling center 2 and cloud Internet 4, remote scheduling
The data at center 2 could enter cloud Internet 4 after firewall box 3;
Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to
Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4;Described mobile information acquisition end 9 wraps
Include mobile phone, flat board IPAD and laptop computer.
Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node
Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node
The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class
Cryptographic services;Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole
Individual security protection cloud system provides cloud to support.
(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12,
Diversity module 13 and replacement module 14:
The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing
Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained
The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.
A, incidence matrix generation module 11:
A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G1, V2... Vm, E=
{E1, E2... En, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n
A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R
The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node;Such as,
If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association;
B. minimum spanning tree module 12:
With (i j) represents connection network node V in non-directed graph GiWith network node VjLink, ω (Vi, Vj) represent this chain
The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T
Minimum spanning tree sum τ (G)=det(RR in GT), wherein det (.) represents determinant generating function,;
C. diversity module 13:
Node V is obtained by following formulaiImportance values ri:Wherein τ (G) is for be generated by minimum
The minimum spanning tree sum that tree computing module obtains;K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R
The new matrix obtained after the nonzero element column of i row and the i-th row, det (Zi) represent the determinant of Z;riValue the biggest,
I.e. node demonstrates the highest importance, works as riValue when take 1, then it represents that ViIt is most important network node in this network,
Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt;By with
Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 > T2 > T3, as
Really ri> T1, then be labeled as important node by this network node, if T1 is > ri> T2, then be labeled as time weight by this network node
Want node, if T2 is > ri> T3, then be labeled as intermediate node by this network node, if riLess than T3, then by this network node
It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively
Grade 1, grade 2, grade 3 and class 4;T3=0.28, fringe node number is not over the 27% of overall network nodes;
D. replacement module 14:
When network node quantity or node location change, automatically recalculate the important of each network node
Property value, and re-start safety classification and labelling;
(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet
It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique
For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate
Full service;Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information
Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique,
Following cipher mode is used to be encrypted specifically:
A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B
During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1;
Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu
RD2;By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out
Encryption, is sent to B by encrypted result;Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class
For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class
For, n1-n2=0, do not carry out the operation of matrix encryption;When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over
Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES
Amount of calculation reduces accordingly, has stronger adaptivity.
C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 '
Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned;
(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould
Block and transport module:
Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not
Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations
Relation, positions network node location;
(4) cloud service subsystem 40, including cloud storage module and cloud computing module:
Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud
Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule
Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication;
Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing
Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem
Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually
End program obtains high in the clouds data.
In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall
Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set
Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely;Network system
System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less
Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.28, and edge saves
Count not over the 27% of overall network nodes;Security protection configuration subsystem 20 to the network node of different safety class it
Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add
Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES
Should reduce, have stronger adaptivity;Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time
Cost.
Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:
With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless
Sensor receives the signal intensity of this network node and corresponds to qi, i=1,2 ..., n;
The position of network node (x, y) as follows:
Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.
Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.
Application scenarios 3:
A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number
According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs
State, transformator oneself state parameter, chopper and isolation switch state parameter;
Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1
Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter
Machine switching port;
Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint
Point and n bar link;
Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules
Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit
Time send alarm signal to operations staff;
Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source
In the corresponding storage area of cloud Internet 4;
Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification
System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.
The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall
And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity
Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.
Preferably, also include firewall box 3, be connected between remote scheduling center 2 and cloud Internet 4, remote scheduling
The data at center 2 could enter cloud Internet 4 after firewall box 3;
Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to
Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4;Described mobile information acquisition end 9 wraps
Include mobile phone, flat board IPAD and laptop computer.
Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node
Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node
The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class
Cryptographic services;Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole
Individual security protection cloud system provides cloud to support.
(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12,
Diversity module 13 and replacement module 14:
The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing
Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained
The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.
A, incidence matrix generation module 11:
A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G1, V2... Vm, E=
{E1, E2... En, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n
A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R
The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node;Such as,
If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association;
B. minimum spanning tree module 12:
With (i j) represents connection network node V in non-directed graph GiWith network node VjLink, ω (Vi, Vj) represent this chain
The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T
Minimum spanning tree sum τ (G)=det (RR in GT), wherein det (.) represents determinant generating function,;
C. diversity module 13:
Node V is obtained by following formulaiImportance values ri:Wherein τ (G) is for be generated by minimum
The minimum spanning tree sum that tree computing module obtains;K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R
The new matrix obtained after the nonzero element column of i row and the i-th row, det (Zi) represent the determinant of Z;riValue the biggest,
I.e. node demonstrates the highest importance, works as riValue when take 1, then it represents that ViIt is most important network node in this network,
Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt;By with
Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 > T2 > T3, as
Really ri> T1, then be labeled as important node by this network node, if T1 is > ri> T2, then be labeled as time weight by this network node
Want node, if T2 is > ri> T3, then be labeled as intermediate node by this network node, if riLess than T3, then by this network node
It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively
Grade 1, grade 2, grade 3 and class 4;T3=0.30, fringe node number is not over the 32% of overall network nodes;
D. replacement module 14:
When network node quantity or node location change, automatically recalculate the important of each network node
Property value, and re-start safety classification and labelling;
(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet
It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique
For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate
Full service;Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information
Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique,
Following cipher mode is used to be encrypted specifically:
A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B
During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1;
Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu
RD2;By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out
Encryption, is sent to B by encrypted result;Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class
For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class
For, n1-n2=0, do not carry out the operation of matrix encryption;When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over
Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES
Amount of calculation reduces accordingly, has stronger adaptivity.
C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 '
Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned;
(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould
Block and transport module:
Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not
Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations
Relation, positions network node location;
(4) cloud service subsystem 40, including cloud storage module and cloud computing module:
Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud
Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule
Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication;
Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing
Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem
Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually
End program obtains high in the clouds data.
In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall
Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set
Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely;Network system
System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less
Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.30, and edge saves
Count not over the 32% of overall network nodes;Security protection configuration subsystem 20 to the network node of different safety class it
Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add
Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES
Should reduce, have stronger adaptivity;Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time
Cost.
Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:
With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless
Sensor receives the signal intensity of this network node and corresponds to qi, i=1,2 ..., n;
The position of network node (x, y) as follows:
Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.
Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.
Application scenarios 4:
A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number
According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs
State, transformator oneself state parameter, chopper and isolation switch state parameter;
Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1
Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter
Machine switching port;
Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint
Point and n bar link;
Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules
Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit
Time send alarm signal to operations staff;
Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source
In the corresponding storage area of cloud Internet 4;
Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification
System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.
The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall
And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity
Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.
Preferably, also include firewall box 3, be connected between remote scheduling center 2 and cloud Internet 4, remote scheduling
The data at center 2 could enter cloud Internet 4 after firewall box 3;
Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to
Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4;Described mobile information acquisition end 9 wraps
Include mobile phone, flat board IPAD and laptop computer.
Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node
Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node
The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class
Cryptographic services;Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole
Individual security protection cloud system provides cloud to support.
(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12,
Diversity module 13 and replacement module 14:
The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing
Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained
The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.
A, incidence matrix generation module 11:
A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G1, V2... Vm, E=
{E1, E2... En, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n
A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R
The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node;Such as,
If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association;
B. minimum spanning tree module 12:
With (i j) represents connection network node V in non-directed graph GiWith network node VjLink, ω (Vi, Vj) represent this chain
The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T
Minimum spanning tree sum τ (G)=det (RR in GT), wherein det (.) represents determinant generating function,;
C. diversity module 13:
Node V is obtained by following formulaiImportance values ri:Wherein τ (G) is for be generated by minimum
The minimum spanning tree sum that tree computing module obtains;K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R
The new matrix obtained after the nonzero element column of i row and the i-th row, det (Zi) represent the determinant of Z;riValue the biggest,
I.e. node demonstrates the highest importance, works as riValue when take 1, then it represents that ViIt is most important network node in this network,
Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt;By with
Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 > T2 > T3, as
Really ri> T1, then be labeled as important node by this network node, if T1 is > ri> T2, then be labeled as time weight by this network node
Want node, if T2 is > ri> T3, then be labeled as intermediate node by this network node, if riLess than T3, then by this network node
It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively
Grade 1, grade 2, grade 3 and class 4;T3=0.33, fringe node number is not over the 35% of overall network nodes;
D. replacement module 14:
When network node quantity or node location change, automatically recalculate the important of each network node
Property value, and re-start safety classification and labelling;
(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet
It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique
For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate
Full service;Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information
Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique,
Following cipher mode is used to be encrypted specifically:
A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B
During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1;
Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu
RD2;By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out
Encryption, is sent to B by encrypted result;Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class
For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class
For, n1-n2=0, do not carry out the operation of matrix encryption;When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over
Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES
Amount of calculation reduces accordingly, has stronger adaptivity.
C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 '
Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned;
(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould
Block and transport module:
Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not
Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations
Relation, positions network node location;
(4) cloud service subsystem 40, including cloud storage module and cloud computing module:
Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud
Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule
Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication;
Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing
Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem
Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually
End program obtains high in the clouds data.
In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall
Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set
Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely;Network system
System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less
Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.33, and edge saves
Count not over the 35% of overall network nodes;Security protection configuration subsystem 20 to the network node of different safety class it
Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add
Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES
Should reduce, have stronger adaptivity;Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time
Cost.
Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:
With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless
Sensor receives the signal intensity of this network node and corresponds to qi, i=1,2 ..., n;
The position of network node (x, y) as follows:
Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.
Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.
Application scenarios 5:
A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number
According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs
State, transformator oneself state parameter, chopper and isolation switch state parameter;
Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1
Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter
Machine switching port;
Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint
Point and n bar link;
Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules
Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit
Time send alarm signal to operations staff;
Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source
In the corresponding storage area of cloud Internet 4;
Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification
System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.
The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall
And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity
Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.
Preferably, also include firewall box 3, be connected between remote scheduling center 2 and cloud Internet 4, remote scheduling
The data at center 2 could enter cloud Internet 4 after firewall box 3;
Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to
Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4;Described mobile information acquisition end 9 wraps
Include mobile phone, flat board IPAD and laptop computer.
Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node
Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node
The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class
Cryptographic services;Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole
Individual security protection cloud system provides cloud to support.
(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12,
Diversity module 13 and replacement module 14:
The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing
Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained
The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.
A, incidence matrix generation module 11:
A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G1, V2... Vm, E=
{E1, E2... En, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n
A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R
The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node;Such as,
If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association;
B. minimum spanning tree module 12:
With (i j) represents connection network node V in non-directed graph GiWith network node VjLink, ω (Vi, Vj) represent this chain
The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T
Minimum spanning tree sum τ (G)=det (RR in GT), wherein det (.) represents determinant generating function,;
C. diversity module 13:
Node V is obtained by following formulaiImportance values ri:Wherein τ (G) is for be generated by minimum
The minimum spanning tree sum that tree computing module obtains;K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R
The new matrix obtained after the nonzero element column of i row and the i-th row, det (Zi) represent the determinant of Z;riValue the biggest,
I.e. node demonstrates the highest importance, works as riValue when take 1, then it represents that ViIt is most important network node in this network,
Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt;By with
Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 > T2 > T3, as
Really ri> T1, then be labeled as important node by this network node, if T1 is > ri> T2, then be labeled as time weight by this network node
Want node, if T2 is > ri> T3, then be labeled as intermediate node by this network node, if riLess than T3, then by this network node
It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively
Grade 1, grade 2, grade 3 and class 4;T3=0.35, fringe node number is not over the 37% of overall network nodes;
D. replacement module 14:
When network node quantity or node location change, automatically recalculate the important of each network node
Property value, and re-start safety classification and labelling;
(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet
It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique
For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate
Full service;Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information
Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique,
Following cipher mode is used to be encrypted specifically:
A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B
During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1;
Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu
RD2;By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out
Encryption, is sent to B by encrypted result;Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class
For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class
For, n1-n2=0, do not carry out the operation of matrix encryption;When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over
Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES
Amount of calculation reduces accordingly, has stronger adaptivity.
C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 '
Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned;
(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould
Block and transport module:
Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not
Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations
Relation, positions network node location;
(4) cloud service subsystem 40, including cloud storage module and cloud computing module:
Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud
Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule
Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication;
Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing
Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem
Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually
End program obtains high in the clouds data.
In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall
Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set
Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely;Network system
System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less
Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.35, and edge saves
Count not over the 37% of overall network nodes;Security protection configuration subsystem 20 to the network node of different safety class it
Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add
Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES
Should reduce, have stronger adaptivity;Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time
Cost.
Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:
With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless
Sensor receives the signal intensity of this network node and corresponds to qi, i=1,2 ..., n;
The position of network node (x, y) as follows:
Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.
Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected
Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should
Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention
Matter and scope.
Claims (3)
1. an intelligent power equipment data handling system based on classification safety, is characterized in that, including power equipment data acquisition
Collection unit, for the state parameter of power equipment is acquired, described state parameter include transformator high and low side on off state,
Transformator oneself state parameter, chopper and isolation switch state parameter;
Remote scheduling center, for receiving the status of electric power parameter collected by described power equipment data acquisition unit,
Data are carried out consolidation form conversion, and the information format after conversion is defined as Unified Communication form, man-machine friendship is provided simultaneously
Change port;
Device identification module, provides a special mark for each equipment, will be stored into cloud by the parameter in same mark source
In the corresponding storage area of Internet;
Cloud Internet, for calculating the state parameter of power equipment and store, it is assumed that its total m network node and n
Bar link;
Report to the police and interlocking modules, for judging the latching relation between each power equipment according to proofing rules, and according in advance
If parameters threshold values determine whether parameter transfinites, if when latching relation does not meets proofing rules or parameter-beyond-limit to
Operations staff sends alarm signal;
Security protection system, for providing protection for network node and link, it include cloud network node safety classification subsystem,
Security protection configuration subsystem, network security monitoring subsystem and cloud service subsystem.
A kind of intelligent power equipment data handling system based on classification safety the most according to claim 1, is characterized in that,
Also including firewall box, it is connected between remote scheduling center and cloud Internet, and the data at remote scheduling center are through anti-
Cloud Internet could be entered after wall with flues equipment.
A kind of intelligent power equipment data handling system based on classification safety the most according to claim 2, is characterized in that,
Also including authentication module and mobile information acquisition end, the user through authentication can be remote by mobile information acquisition end
Journey obtains the state parameter of relevant device in cloud network;Described mobile information acquisition end includes mobile phone, flat board IPAD and hand-held electric
Brain.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610562845.9A CN106209869A (en) | 2016-07-13 | 2016-07-13 | A kind of intelligent power equipment data handling system based on classification safety |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610562845.9A CN106209869A (en) | 2016-07-13 | 2016-07-13 | A kind of intelligent power equipment data handling system based on classification safety |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106209869A true CN106209869A (en) | 2016-12-07 |
Family
ID=57474691
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610562845.9A Pending CN106209869A (en) | 2016-07-13 | 2016-07-13 | A kind of intelligent power equipment data handling system based on classification safety |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106209869A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112910977A (en) * | 2021-01-26 | 2021-06-04 | 梁新祥 | Building electric power safety alarm system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105299837A (en) * | 2015-11-06 | 2016-02-03 | 武汉鸿图节能技术有限公司 | Central air conditioner charging and monitoring device, system and method |
CN105471969A (en) * | 2015-11-17 | 2016-04-06 | 国家电网公司 | Power grid data processing cloud platform system |
-
2016
- 2016-07-13 CN CN201610562845.9A patent/CN106209869A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105299837A (en) * | 2015-11-06 | 2016-02-03 | 武汉鸿图节能技术有限公司 | Central air conditioner charging and monitoring device, system and method |
CN105471969A (en) * | 2015-11-17 | 2016-04-06 | 国家电网公司 | Power grid data processing cloud platform system |
Non-Patent Citations (1)
Title |
---|
彭凯: ""面向云内部网络结构的安全防护机制研究"", 《中国博士学位论文全文数据库-信息科技辑》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112910977A (en) * | 2021-01-26 | 2021-06-04 | 梁新祥 | Building electric power safety alarm system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gou et al. | Construction and strategies in IoT security system | |
CN105933361B (en) | Big data security protection cloud system based on trusted calculation | |
CN102792629A (en) | Method and device for providing at least one secure cryptographic key | |
CN103905469A (en) | Safety control system and method applied to smart power grid wireless sensor network and cloud computing | |
Zhang et al. | Security threats and measures for the cyber-physical systems | |
Khari et al. | Internet of Things: Proposed security aspects for digitizing the world | |
CN106131489B (en) | Multi-source data power plant inspection management system | |
Michailidis et al. | Secure UAV-aided mobile edge computing for IoT: A review | |
Hajivali et al. | Applying an agent-based user authentication and access control model for cloud servers | |
CN106131018A (en) | A kind of doctors and patients' information management system based on network security | |
CN106212109A (en) | A kind of self-action field irrigation system of high security | |
CN105959418B (en) | A kind of vehicle assistance system based on safety | |
Ahamed Ahanger et al. | Distributed Blockchain-Based Platform for Unmanned Aerial Vehicles. | |
CN106209869A (en) | A kind of intelligent power equipment data handling system based on classification safety | |
CN106341256B (en) | V2G system based on software defined network and safety communication method thereof | |
CN105959326A (en) | Intelligent big data processing device of electric power equipment based on multilevel security | |
CN106658490A (en) | Wireless sensor network homomorphic encryption privacy protection method | |
CN102611991A (en) | Internet/Internet of things computer intelligent module based on Beidou satellite navigation system | |
CN107948144B (en) | Threat processing system based on intelligent power grid information security detection | |
CN106114453B (en) | A kind of distribution high safety automotive theft proof system | |
Finogeev et al. | Methods and tools for secure sensor data transmission and data mining in energy SCADA system | |
CN109754149A (en) | Power communication is credible background management system, terminal and power communication trusted system | |
CN110086878A (en) | A kind of 5G private network and construction method | |
CN106230856A (en) | A kind of System of Industrial Device Controls based on Internet of Things | |
CN103297962A (en) | Opportunity network route method and system based on encrypted fuzzy keywords |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161207 |