Specific embodiment
To make the objects, technical solutions and advantages of the present invention become more apparent, below in conjunction with drawings and Examples, to this
Invention is described in further detail.It should be appreciated that specific embodiment described herein is only to explain the present invention,
Protection scope of the present invention is not limited.
Electric power monitoring system security protection compliance detection method in one embodiment, as shown in figure 1, including following step
Suddenly:
Step S101:Detection guiding book is obtained from test management platform, the detection guiding book is patted for the testing tube
Platform is generated according to detection project, and the detection project is that the test management platform is associated according to detection object and with detection object
Compliance index build, the detection object is determined according to the assets of electric power monitoring system, described to associate with detection object
Compliance index is determined according to the compliance index stored in conjunction rule storehouse;
Specifically, the assets of the electric power monitoring system include main process equipment in electric power monitoring system, application system, net
Network safety equipment etc..
Here, closing rule storehouse is used to store compliance index, and the detection of electric power monitoring system security protection compliance refers to examine
Examine the conjunction rule situation during electric power monitoring system security protection.
Step S102:The detection guiding book is carried out parsing the conjunction for generating the detection object and associating with detection object
Rule property index;
Step S103:The compliance index associated according to the detection object and with detection object carries out data acquisition;
Step S104:Data acquisition results and the conjunction are advised the compliance index stored in storehouse carries out accordance judgement;
Step S105:Inspection is generated according to the requirement of the compliance index stored in accordance judged result and conjunction rule storehouse
Survey result.
It is evidenced from the above discussion that, electric power monitoring system security protection compliance detection method of the present invention solves tradition and closes rule
Property detection efficiency is low and the not high problem of accuracy rate, while continuously can detect to detected object, it is to avoid dredge
Leakage.
Additionally, in a specific example, the compliance associated according to the detection object and with detection object refers to
Mark carries out the mode of data acquisition to be included:
Oneself in the compliance index associated with detection object is determined according to the criterion of Aulomatizeted Detect index
Dynamicization Testing index, the criterion of the Aulomatizeted Detect index are determined according to compliance data acquisition protocols;
The Aulomatizeted Detect index is converted to into automatic test cases;
The automatic test cases are applied into right in detection corresponding with the automatic test cases by harvester
As upper, data acquisition is carried out.
Here, the compliance data acquisition protocols include SNMP(Simple Network Management
Protocol, Simple Network Management Protocol)、TELNET(Remote terminal protocol)、SSH(Safety shell protocol)And JDBC(Java
Data Base Connectivity, java data bases connection)Etc. compliance data acquisition protocols, the harvester includes SNMP
Harvester, TELNET/SSH harvesters and JDBC harvesters etc..
Various compliance data acquisition protocols such as comprehensive SNMP, TELNET, SSH, JDBC, it is determined that Aulomatizeted Detect index
Criterion, i.e. index can be converted to the executable order in measurand.And can be with automatization with this detailed combing
The index of automatization is converted to automatic test cases by the electric power monitoring system security protection compliance Testing index of detection.
Finally, automatic test cases are applied by SNMP harvesters, TELNET/SSH harvesters, JDBC harvesters etc. and is being detected
On object, corresponding collection result is obtained.
Additionally, in a specific example, the compliance stored in storehouse that data acquisition results and the conjunction are advised refers to
Mark carries out the mode of accordance judgement to be included:
The compliance index stored in data acquisition results and the conjunction rule storehouse is entered according to default canonical matching keyword
Row canonical is matched, and the default canonical matching keyword root advises the compliance index determination stored in storehouse according to described conjunction;
Accordance judgement is carried out to the data acquisition results according to canonical matching result.
Here, data are carried out to the index corresponding to detection object by agreements such as SNMP, TELNET/SSH and WMI to adopt
Collect, and collection result is done into canonical with the keyword in rule base and match, data acquisition results are entered according to canonical matching result
Row accordance judges.
Additionally, in a specific example, it is described according to the conjunction rule stored in accordance judged result and conjunction rule storehouse
Property index requirement generate testing result mode include:
The requirement for advising the compliance index stored in storehouse is closed respectively to each detection in accordance judged result according to described
The corresponding accordance judged result of object is scored;
Obtain the detection object generated after parsing to the detection guiding book and the conjunction associated with detection object
The weight of rule property index, is weighted summation according to the weight to the appraisal result of each detection object, generates testing result.
Specifically, the data to collecting are carried out after accordance judged result, are referred to according to detecting in each class detection object
Target requires to be scored, and in one of embodiment, code of points is as follows:1. safety problem is deducted points according to seriousness:It is non-
Often 40 points of serious problems button, 2 points of serious problems button, detain 0.1 point the problems such as middle, 0.05 point of general considerations button;2. certain test and appraisal refer to
It is marked on multiple same type test and appraisal objects and repeats safety problem, the ratio that the test and appraisal object for going wrong accounts for target sample is big
In being equal to 50%, 4 points of serious problems button detains 0.2 point the problems such as middle, 0.1 point of general considerations button.
The weight of detection object and Testing index is calculated according to analytic hierarchy process (AHP), and each class is examined according to gained weight
The individual scores for surveying object are weighted summation, generate testing result.
Additionally, in a specific example, in the compliance associated according to the detection object and with detection object
After index carries out data acquisition, the compliance index stored in storehouse that data acquisition results and the conjunction are advised is met
Property judge before, also including step:
Data acquisition results are carried out with pretreatment, the pretreatment includes referring to according to the compliance stored in the conjunction rule storehouse
Mark is filtered to data acquisition results, and carries out unification process to the data acquisition results after filtration.
Due to the complexity and multiformity of detection object, cause Data duplication that harvester collects and inconsistent, so
The data for collecting must be filtered and unification process.
In order to more fully understand said method, rule are closed in an electric power monitoring system security protection of the present invention detailed below
The application example of property detection method.
Step S201:The compliance index that measurement and management platform is associated according to detection object and with detection object builds detection
Project, the detection object is according to the determination of the assets of electric power monitoring system, the compliance index root associated with detection object
The compliance index determination stored in storehouse is advised according to closing;
Here, the assets of the electric power monitoring system include main process equipment in electric power monitoring system, application system, network
Safety equipment etc..
Step S202:The compliance that measurement and management platform is associated by the detection object in detection project and with detection object refers to
Mark is written in Excel, generates detection guiding book, and detection guiding book is imported Aulomatizeted Detect instrument;
Step S203:Detection project, the detection object of detection project association in Aulomatizeted Detect instrument reading Excel
And the compliance index associated with detection object;
Step S204:Various compliance data collection associations such as Aulomatizeted Detect instrument synthesis SNMP, TELNET, SSH, JDBC
View, it is determined that the criterion of Aulomatizeted Detect index, i.e. index can be converted to the executable order in measurand, and with
This detailed combing can with the electric power monitoring system security protection compliance Testing index of Aulomatizeted Detect, by the index of automatization
Automatic test cases are converted to, by SNMP harvesters, TELNET/SSH harvesters, JDBC harvesters etc. by automatic test
Use-case is applied on detected object, obtains corresponding collection result;
Step S205:Due to the complexity and multiformity of detection object, cause Data duplication that harvester collects and not
Unanimously, Aulomatizeted Detect instrument is filtered to the data for collecting and unification is processed;
Step S206:According to the compliance index stored in conjunction rule storehouse, Aulomatizeted Detect instrument determines that canonical matching is crucial
Data acquisition results after carrying out filtration and unification process are deposited in rule storehouse with closing by word according to the canonical matching keyword for determining
The compliance index of storage carries out canonical matching, and the match is successful to match expression, and otherwise it fails to match;
Step S207:Aulomatizeted Detect instrument advises the requirement of the compliance index stored in storehouse respectively to canonical according to conjunction
Scored with the corresponding canonical matching result of each detection object in result;
Step S208:Aulomatizeted Detect instrument is determined to detecting what guiding book was generated after parsing according to analytic hierarchy process (AHP)
The weight of detection object and the compliance index associated with detection object, according to scoring of the weight for determining to each detection object
As a result summation is weighted, testing result is generated, and testing result is imported to into measurement and management platform;
Step S209:Measurement and management platform is analyzed process to testing result, generates the detection of final Word format
Report.
The present invention creates the detection of electric power monitoring system security protection compliance detection first by measurement and management platform
Mesh, and corresponding detection guiding book is generated according to the detection project, then, detection guiding book is imported to into Aulomatizeted Detect instrument
In, Aulomatizeted Detect instrument carries out data acquisition process and generates testing result according to detection guiding book.Finally, measurement and management is put down
Testing result is carried out statistical analysiss and generates final Word format examining report by platform.The system be divided into two it is most of:Test and appraisal
Management platform and Aulomatizeted Detect instrument.Measurement and management platform is completed to index and resource unified management, Aulomatizeted Detect instrument
Specific Aulomatizeted Detect work, both are to detect guiding book as data interaction carrier.
Measurement and management platform is mainly instructed by corresponding detection is generated to INDEX MANAGEMENT, asset management and project management
Book, then the testing result after the completion of to Aulomatizeted Detect tool detection carry out data prediction, generate final Word lattice
Formula examining report, operation flow are as shown in Figure 3.
The Technical Architecture of measurement and management platform is as shown in figure 4, include:Intensive data layer, pooled applications layer and concentration show
Layer.
Intensive data layer:In electric power monitoring system security protection compliance detection process, on the one hand there is multiple format number
According to needing storage to process, such as assets information, examining report etc., another aspect statistical analysiss can produce mass data redundancy.Pass through
Data Service Bus, platform provide the database service interface for file and data base.
Pooled applications layer:Including to electric power monitoring system security protection compliance index library management, the management of flow process, project
Management, the management of assets, the module such as the management of user, the major function of each module is as follows:
User management:Mainly to user, role, control of authority management;
Project management:It is the object of compliance Aulomatizeted Detect, comprising multiple detection information systems, each information system is again
Comprising compliance testing equipment, the detection of compliance testing equipment depends on conjunction rule storehouse;
Asset management:Including to main process equipment, application system, Network Security Device etc..The assets can be added to will
In the information system of detection;
Index library management:The index that rule storehouse is closed in electric power monitoring system security protection is carried out into various dimensions division, and combing can
Automatization and can not automatization's index, and to can automatization's pointer carry out machine instruction conversion;
Workflow management:Mainly include the process such as information and analysis, detection scheme, detection process, testing result process,
Is carried out by Aulomatizeted Detect and the text of corresponding format is generated for whole electric power monitoring system security protection compliance by these processes
Shelves.
Concentrate represent layer:Measurement and management platform can provide multiple Users, from statistical analysiss information visualization, working clothing
The many aspects such as business platform visualization, careful workflow visualization meet user's represent layer demand.
The work of Aulomatizeted Detect instrument is that corresponding detection is parsed into the detection guiding book that measurement and management platform is generated
Object and index, then again to can Aulomatizeted Detect index carry out data acquisition and rule match, to can not Aulomatizeted Detect refer to
Mark carries out manual detection and matching, finally, is scored according to matching result and index request, generates final testing result,
Operation flow is as shown in Figure 5.
Aulomatizeted Detect tool technique framework is as shown in fig. 6, include:Detection object, data collection layer, data analysis layer and
Concentrate represent layer.
Detection:According to the requirement of electric power monitoring system security protection compliance detection, detection includes that network is integrally pacified
Entirely, routing safety, application system security, operating system security and database security etc. are exchanged.It is again relevant under each detection
The Testing index of connection.
Detection object:Including to the main process equipment in electric power monitoring system, application system, Network Security Device etc..It is each
Plant detection object and be respectively associated different detections.
Data collection layer:Many kinds of compliance data acquisition protocols of comprehensive SNMP, TELNET, SSH, JDBC, it is determined that can be certainly
The criterion of dynamicization Testing index, i.e. index can be converted to the executable order in measurand, and with this detailed combing
Can with the electric power monitoring system security protection compliance Testing index of Aulomatizeted Detect, by automatable index be converted to from
Dynamicization test case.Finally, automatic test is used by SNMP harvesters, TELNET/SSH harvesters, JDBC harvesters etc.
Example is applied on detected object, obtains corresponding collection result.
Data analysis layer:Including moulds such as data prediction, accordance assessment, individual scores, comprehensive grading, user managements
Block.Major function is as follows:
Data prediction:Due to the complexity and multiformity of detection object, cause Data duplication that harvester collects and
It is inconsistent, so must be filtered and unification process to the data for collecting.
Accordance is assessed:Data to collecting carry out, after pretreatment, detecting each class according to modes such as rule match
Testing index under object requires to carry out accordance judgement.
Individual scores:Accordance judged result is scored according to the requirement of Testing index in each class detection object,
Wherein code of points is as follows:1. safety problem is deducted points according to seriousness:Unusual 40 points of serious problems button, serious problems button 2
Point, 0.1 point is detained the problems such as middle, 0.05 point of general considerations button;2. certain assessment indicator repeats in multiple same types test and appraisal object
Existing safety problem, the test and appraisal object that goes wrong accounts for the ratio of target sample more than or equal to 50%, 4 points of serious problems button, in
The problems such as detain 0.2 point, 0.1 point of general considerations button.
Comprehensive grading:The weight of detection object and Testing index is calculated according to analytic hierarchy process (AHP), and according to gained weight
Summation is weighted to the individual scores of each class detection object, the score of whole detection project is calculated.
Concentrate represent layer:Aulomatizeted Detect instrument can provide multiple Users, from data collection visualization, detection process
The many aspects such as visualization, comprehensive assessment visualization meet user's represent layer demand.
Above-mentioned electric power monitoring system security protection compliance is tested, test environment:Electric power monitoring system, surveys
Examination process:The detection test of electric power monitoring system security protection compliance.
" electric power monitoring system " and association are created in the asset management of power monitoring security protection compliance detecting system
Corresponding main process equipment, Network Security Device and application system, then " power grid security protection compliance " is created in project management
" electric power monitoring system " is finally added in " power grid security protection compliance " by detection project.Pacify according to electric power monitoring system
Full protection close rule storehouse and Aulomatizeted Detect instrument " power grid security protection compliance " detection project is detected, and by detection
As a result carry out the examining report of comprehensive analysis generation " electric power monitoring system security protection compliance Aulomatizeted Detect reports .doc ".
Electric power monitoring system security protection compliance manual testing:The requirement supervised according to higher level carries out artificial customary inspection
Survey, the mode that investigation is sampled to detection object for Testing index is carried out, and carries out manual analyses finally according to testing result
Process and submit the examining report of corresponding Word format.
Electric power monitoring system security protection compliance detection method is contrasted, as shown in table 1.
1 electric power monitoring system security protection compliance detection method of table is contrasted
As can be known from the above table:Manual detection takes time and effort, and false drop rate is higher;And electric power monitoring system of the present invention is anti-safely
Shield compliance detecting system can not only reduce the consumption of the resources such as manpower, reduce false drop rate, moreover it is possible to which electric power monitoring system is carried out
Persistently detect.
It is evidenced from the above discussion that, on the basis of the present embodiment closes rule storehouse in electric power monitoring system security protection, with reference to data
Acquisition technique and Port Scanning Technology pairing rule storehouse carry out comprehensive combing, by can the part of Aulomatizeted Detect screen, design
Electric power monitoring system security protection compliance automated detection system.The system can not only be avoided produced by manual detection
Efficiency is low and the not high problem of accuracy rate, and continuously detected object can be detected, it is to avoid careless omission.To rear
Continuous optimization secure resources configuration, realizes the horizontal General Promotion of security information for power system, has great impetus with strategy meaning
Justice.
Electric power monitoring system security protection compliance detecting system in one embodiment, as shown in fig. 7, comprises:
Detection guiding book acquisition module 701, for obtaining detection guiding book, the detection guiding book from test management platform
Generated according to detection project for the test management platform, the detection project is the test management platform according to detection object
And the compliance index associated with detection object is built, the detection object is determined according to the assets of electric power monitoring system, described
The compliance index associated with detection object is determined according to the compliance index stored in conjunction rule storehouse;
Detection guiding book parsing module 702, for the detection guiding book is carried out parsing generate the detection object and
The compliance index associated with detection object;
Data acquisition module 703, the compliance index for associating according to the detection object and with detection object are carried out
Data acquisition;
Accordance judge module 704, for data acquisition results are entered with the compliance index stored in rule storehouse of closing
Row accordance judges;
Testing result generation module 705, for according to the compliance stored in accordance judged result and conjunction rule storehouse
The requirement of index generates testing result.
As shown in fig. 7, in a specific example, the data acquisition module 703 includes:
Aulomatizeted Detect index determining unit 7031, for according to the criterion of Aulomatizeted Detect index determine it is described and
Aulomatizeted Detect index in the compliance index of detection object association, the criterion of the Aulomatizeted Detect index is according to conjunction
Rule property data acquisition protocol determines;
Automatic test cases converting unit 7032, for the Aulomatizeted Detect index is converted to automatic test use
Example;
Data acquisition unit 7033, for by harvester by the automatic test cases apply with the automatization
In the corresponding detection object of test case, data acquisition is carried out.
As shown in fig. 7, in a specific example, the accordance judge module 704 includes:
Canonical matching unit 7041, for data acquisition results are closed rule storehouse with described according to default canonical matching keyword
The compliance index of middle storage carries out canonical matching, and the default canonical matching keyword root advises the conjunction stored in storehouse according to described conjunction
Rule property index determines;
Accordance judging unit 7042, sentences for carrying out accordance to the data acquisition results according to canonical matching result
It is disconnected.
As shown in fig. 7, in a specific example, the testing result generation module 705 includes:
Scoring unit 7051, for being sentenced to accordance according to the requirement for closing the compliance index stored in rule storehouse respectively
In disconnected result, the corresponding accordance judged result of each detection object is scored;
Testing result signal generating unit 7052, for obtaining to the detection for detecting that guiding book is generated after parsing
The weight of object and the compliance index associated with detection object, is entered to the appraisal result of each detection object according to the weight
Row weighted sum, generates testing result.
As shown in fig. 7, in a specific example, the electric power monitoring system security protection compliance detecting system is also wrapped
Pretreatment module 706 is included, for the conjunction associated according to the detection object and with detection object in the data acquisition module 703
After rule property index carries out data acquisition, data acquisition results are carried out with pretreatment, the pretreatment includes rule being closed according to described
The compliance index stored in storehouse is filtered to data acquisition results, and carries out unification to the data acquisition results after filtration
Process;
The accordance judge module 704 will carry out pretreated data acquisition results and close what is stored in rule storehouse with described
Compliance index carries out accordance judgement.
It is evidenced from the above discussion that, electric power monitoring system security protection compliance detecting system of the present invention solves traditional conjunction
Detection efficiency is low and the not high problem of accuracy rate for rule property, while continuously can detect to detected object, it is to avoid
Careless omission.
Each technical characteristic of embodiment described above arbitrarily can be combined, to make description succinct, not to above-mentioned reality
Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, the scope of this specification record is all considered to be.
Embodiment described above only expresses the several embodiments of the present invention, and its description is more concrete and detailed, but and
Therefore can not be construed as limiting the scope of the patent.It should be pointed out that for one of ordinary skill in the art comes
Say, without departing from the inventive concept of the premise, some deformations and improvement can also be made, these belong to the protection of the present invention
Scope.Therefore, the protection domain of patent of the present invention should be defined by claims.