Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the detailed description and specific examples, while indicating the scope of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
In one embodiment, a method for detecting safety protection compliance of a power monitoring system, as shown in fig. 1, includes the following steps:
step S101: acquiring a detection instruction from a test management platform, wherein the detection instruction is generated by the test management platform according to detection items, the detection items are constructed by the test management platform according to a detection object and a compliance index associated with the detection object, the detection object is determined according to assets of an electric power monitoring system, and the compliance index associated with the detection object is determined according to the compliance index stored in a compliance library;
specifically, the assets of the power monitoring system include host equipment, an application system, network security equipment and the like in the power monitoring system.
Here, the compliance library is used for storing compliance indexes, and the detection of the safety protection compliance of the power monitoring system refers to the observation of compliance conditions in the safety protection process of the power monitoring system.
Step S102: analyzing the detection instruction to generate the detection object and a compliance index associated with the detection object;
step S103: acquiring data according to the detection object and a compliance index associated with the detection object;
step S104: performing compliance judgment on the data acquisition result and compliance indexes stored in the compliance library;
step S105: and generating a detection result according to the compliance judgment result and the requirement of the compliance index stored in the compliance library.
From the above description, the method for detecting the safety protection compliance of the power monitoring system solves the problems of low efficiency and low accuracy of the traditional compliance detection, and can continuously detect the detected object to avoid carelessness.
In addition, in a specific example, the manner of acquiring data according to the detection object and the compliance index associated with the detection object includes:
determining an automatic detection index in the compliance index associated with the detection object according to a judgment standard of the automatic detection index, wherein the judgment standard of the automatic detection index is determined according to a compliance data acquisition protocol;
converting the automatic detection index into an automatic test case;
and applying the automatic test case to a detection object corresponding to the automatic test case through a collector to acquire data.
Here, the compliance data collection protocol includes compliance data collection protocols such as SNMP (Simple Network management protocol), TELNET (remote terminal protocol), SSH (secure shell protocol), and JDBC (java data Base Connectivity), and the collectors include an SNMP collector, a TELNET/SSH collector, and a JDBC collector.
By integrating various compliance data acquisition protocols such as SNMP, TELNET, SSH, JDBC and the like, the judgment standard of the automatic detection index is determined, namely the index can be converted into a command which can be executed on the tested object. And the safety protection compliance detection indexes of the power monitoring system which can be automatically detected are combed in detail, and the automatic indexes are converted into automatic test cases. And finally, applying the automatic test case to the detected object through an SNMP collector, a TELNET/SSH collector, a JDBC collector and the like to obtain a corresponding acquisition result.
In addition, in a specific example, the manner of performing compliance judgment on the data collection result and the compliance index stored in the compliance library includes:
performing regular matching on a data acquisition result and the compliance index stored in the compliance base according to a preset regular matching keyword, wherein the preset regular matching keyword is determined according to the compliance index stored in the compliance base;
and judging the conformity of the data acquisition result according to the regular matching result.
And acquiring data of the indexes corresponding to the detection objects through protocols such as SNMP, TELNET/SSH and WMI, performing regular matching on the acquired result and keywords in the rule base, and judging the conformity of the data acquisition result according to the regular matching result.
In addition, in a specific example, the manner of generating the detection result according to the compliance judgment result and the requirement of the compliance index stored in the compliance library includes:
scoring the conformity judgment result corresponding to each detection object in the conformity judgment result according to the requirement of the compliance index stored in the compliance library;
and obtaining the weights of the detection objects generated after the detection instruction is analyzed and the compliance indexes related to the detection objects, and performing weighted summation on the scoring result of each detection object according to the weights to generate a detection result.
Specifically, after the collected data are subjected to a conformity judgment result, scoring is carried out according to the requirement of the detection index in each type of detection object, wherein in one embodiment, the scoring rules are that ① safety problems are scored according to severity, namely 40 points are deducted for very serious problems, 2 points are deducted for serious problems, 0.1 point is deducted for medium problems, and 0.05 point is deducted for general problems, ② certain evaluation indexes repeatedly cause safety problems in a plurality of same type of detection objects, the proportion of the detection objects with problems in the sampling objects is more than or equal to 50%, 4 points are deducted for serious problems, 0.2 point is deducted for medium problems, and 0.1 point is deducted for general problems.
And calculating the weights of the detection objects and the detection indexes according to an analytic hierarchy process, and performing weighted summation on the single scores of each type of detection objects according to the obtained weights to generate a detection result.
In addition, in a specific example, after the data acquisition is performed according to the detection object and the compliance index associated with the detection object, before the compliance judgment is performed on the data acquisition result and the compliance index stored in the compliance library, the method further includes the following steps:
and preprocessing the data acquisition result, wherein the preprocessing comprises filtering the data acquisition result according to the compliance index stored in the compliance library and carrying out the consistency processing on the filtered data acquisition result.
Due to the complexity and diversity of the detection objects, the data collected by the collector are repeated and inconsistent, so the collected data must be filtered and processed in a consistent manner.
In order to better understand the method, an application example of the safety protection compliance detection method of the power monitoring system is described in detail below.
Step S201: the method comprises the following steps that an evaluation management platform constructs a detection project according to a detection object and a compliance index associated with the detection object, wherein the detection object is determined according to assets of a power monitoring system, and the compliance index associated with the detection object is determined according to the compliance index stored in a compliance library;
here, the assets of the power monitoring system include a host device, an application system, a network security device, and the like in the power monitoring system.
Step S202: the evaluation management platform writes a detection object in the detection item and a compliance index associated with the detection object into Excel, generates a detection instruction book and imports the detection instruction book into an automatic detection tool;
step S203: reading a detection item in Excel, a detection object related to the detection item and a compliance index related to the detection object by an automatic detection tool;
step S204: the automatic detection tool integrates various compliance data acquisition protocols such as SNMP, TELNET, SSH, JDBC and the like, determines the judgment standard of an automatic detection index, namely the index can be converted into an executable command on a detected object, combs the safety protection compliance detection index of the electric power monitoring system capable of automatically detecting in detail, converts the automatic index into an automatic test case, and applies the automatic test case to the detected object through an SNMP collector, a TELNET/SSH collector, a JDBC collector and the like to obtain a corresponding acquisition result;
step S205: due to the complexity and diversity of detection objects, the data acquired by the acquisition unit are repeated and inconsistent, and the acquired data are filtered and processed in a consistent manner by an automatic detection tool;
step S206: the automatic detection tool determines a regular matching keyword according to the compliance index stored in the compliance base, and performs regular matching on the filtered and uniformized data acquisition result and the compliance index stored in the compliance base according to the determined regular matching keyword, wherein the matching indicates successful matching, and otherwise, the matching fails;
step S207: the automatic detection tool scores the regular matching result corresponding to each detection object in the regular matching results according to the requirement of the compliance index stored in the compliance library;
step S208: the automatic detection tool determines the weight of the detection object generated after the detection instruction is analyzed and the compliance index associated with the detection object according to an analytic hierarchy process, performs weighted summation on the scoring result of each detection object according to the determined weight to generate a detection result, and imports the detection result into an evaluation management platform;
step S209: and the evaluation management platform analyzes and processes the detection result to generate a final detection report in a Word format.
According to the method, firstly, detection items for safety protection compliance detection of the power monitoring system are created through the evaluation management platform, corresponding detection guide books are generated according to the detection items, then the detection guide books are imported into the automatic detection tool, and the automatic detection tool carries out data acquisition and processing according to the detection guide books and generates detection results. And finally, the evaluation management platform performs statistical analysis on the detection result to generate a final Word format detection report. The system is divided into two major parts: an evaluation management platform and an automatic detection tool. The evaluation management platform manages indexes and resources uniformly, the automatic detection tool finishes specific automatic detection work, and the two tools use a detection instruction book as a data interaction carrier.
The evaluation management platform mainly generates a corresponding detection instruction book through index management, asset management and project management, then performs data preprocessing on a detection result after the detection of the automatic detection tool is completed, and generates a final Word format detection report, wherein a service flow is shown in fig. 3.
Fig. 4 shows a technical architecture of the evaluation management platform, which includes: a centralized data layer, a centralized application layer and a centralized display layer.
And (4) centralizing a data layer: in the process of detecting the safety protection compliance of the power monitoring system, on one hand, data in various formats, such as asset information and detection reports, need to be stored and processed, and on the other hand, a large amount of data redundancy can be generated through statistical analysis. Through the data service bus, the platform provides a data service interface for files and databases.
And (4) centralizing an application layer: the system comprises modules for managing safety protection compliance indexes of the power monitoring system, managing processes, managing projects, managing assets, managing users and the like, wherein the main functions of each module are as follows:
user management: the method mainly comprises the management of user, role and authority control;
and (4) project management: the method is an object of compliance automatic detection, and comprises a plurality of detection information systems, wherein each information system also comprises compliance detection equipment, and detection items of the compliance detection equipment depend on a compliance library;
asset management: including host devices, application systems, network security devices, etc. The asset may be added to the information system to be detected;
index library management: carrying out multi-dimensional division on indexes of a safety protection compliance library of the power monitoring system, combing automatic indexes and non-automatic indexes, and carrying out machine instruction conversion on an automatic pointer;
and (3) flow management: the method mainly comprises the processes of information collection and analysis, a detection scheme, a detection process, detection result processing and the like, and the processes are used for automatically detecting the safety protection compliance of the whole power monitoring system and generating documents with corresponding formats.
A centralized display layer: the evaluation management platform can provide a plurality of user views, and meets the requirements of a user display layer from the aspects of statistical analysis information visualization, workbench visualization, audit workflow visualization and the like.
The automatic detection tool works by analyzing a detection instruction generated by the evaluation management platform into a corresponding detection object and an index, then performing data acquisition and rule matching on the automatically detectable index, performing manual detection and matching on the automatically undetectable index, and finally performing evaluation according to the matching result and the index requirement to generate a final detection result, wherein the service flow is shown in fig. 5.
Fig. 6 shows a technical architecture of an automated inspection tool, which includes: the system comprises a detection object, a data acquisition layer, a data processing layer and a centralized presentation layer.
And (3) detection items: according to the requirement of the safety protection compliance detection of the power monitoring system, the detection items comprise network overall safety, exchange route safety, application system safety, operating system safety, database safety and the like. Each detection item is also associated with a detection index.
Detecting an object: the method comprises the steps of monitoring host equipment, application systems, network security equipment and the like in the power monitoring system. Each detection object is respectively associated with different detection items.
A data acquisition layer: the method integrates various compliance data acquisition protocols of SNMP, TELNET, SSH and JDBC, determines the judgment standard of the automatically detectable index, namely the index can be converted into an executable command on the detected object, combs the safety protection compliance detection index of the automatically detectable power monitoring system in detail, and converts the automatically detectable index into an automatic test case. And finally, applying the automatic test case to the detected object through an SNMP collector, a TELNET/SSH collector, a JDBC collector and the like to obtain a corresponding acquisition result.
A data processing layer: the system comprises modules of data preprocessing, conformity assessment, single item grading, comprehensive grading, user management and the like. The main functions are as follows:
data preprocessing: due to the complexity and diversity of the detection objects, the data collected by the collector are repeated and inconsistent, so the collected data must be filtered and processed in a consistent manner.
And (3) evaluating the compliance: after the collected data are preprocessed, the conformity judgment is carried out on the detection index requirements under each type of detection object according to the modes of rule matching and the like.
And (3) single scoring, wherein the coincidence judgment result is scored according to the requirements of detection indexes in each type of detection object, the scoring rules are as follows, ① safety problems are graded according to severity, namely, a very serious problem is graded into 40 grades, a serious problem is graded into 2 grades, a medium problem is graded into 0.1 grade, and a general problem is graded into 0.05 grade, ② certain evaluation index repeatedly causes safety problems in a plurality of same type of detection objects, the proportion of the detection objects with problems in the detection objects in the sampling objects is more than or equal to 50%, the proportion of the detection objects with problems in the sampling objects is graded into 4 grades, the proportion of the detection objects with problems in the sampling objects is graded into 0.2 grade, and the proportion of the general.
And (3) comprehensive scoring: and calculating the weights of the detection objects and the detection indexes according to an analytic hierarchy process, and carrying out weighted summation on the single score of each type of detection object according to the obtained weights to calculate the score of the whole detection item.
A centralized display layer: the automatic detection tool can provide a plurality of user views, and meets the requirements of a user display layer in a plurality of aspects such as data acquisition visualization, detection process visualization, comprehensive evaluation visualization and the like.
Testing the safety protection compliance detection of the power monitoring system, wherein the testing environment is as follows: electric power monitored control system, test process: and (5) carrying out safety protection compliance detection test on the power monitoring system.
The method comprises the steps of establishing an electric power monitoring system and relevant corresponding host equipment, network safety equipment and an application system in asset management of the electric power monitoring safety protection compliance detection system, establishing a power grid safety protection compliance detection project in project management, and finally adding the electric power monitoring system into the power grid safety protection compliance. And detecting the detection item of the power grid safety protection compliance according to the power monitoring system safety protection compliance library and the automatic detection tool, and comprehensively analyzing the detection result to generate a detection report of an automatic detection report doc of the power monitoring system safety protection compliance.
The safety protection compliance manual test of the power monitoring system: and carrying out manual routine detection according to the requirements of superior supervision, carrying out sampling inspection on the detection object according to the detection index, and finally carrying out manual analysis processing according to the detection result and submitting a corresponding detection report in the Word format.
The safety protection compliance detection methods of the power monitoring system are compared and shown in table 1.
TABLE 1 comparison of safety protection compliance detection methods for power monitoring systems
From the above table, it can be seen that: the manual detection is time-consuming and labor-consuming, and the false detection rate is high; the safety protection compliance detection system of the power monitoring system can reduce the consumption of resources such as manpower and the like, reduce the false detection rate and can also carry out continuous detection on the power monitoring system.
As can be seen from the above description, in this embodiment, on the basis of the safety protection compliance library of the power monitoring system, the data acquisition technology and the port scanning technology are combined to comprehensively sort the compliance library, and a part that can be automatically detected is screened out, so as to design an automatic detection system for the safety protection compliance of the power monitoring system. The system can avoid the problems of low efficiency and low accuracy caused by manual detection, and can continuously detect the detected object to avoid omission. The method has great promotion and strategic significance for subsequent optimization of safe resource allocation and realization of overall improvement of the safety level of the electric power information.
In one embodiment, the safety protection compliance detection system of the power monitoring system, as shown in fig. 7, includes:
a detection instruction obtaining module 701, configured to obtain a detection instruction from a test management platform, where the detection instruction is generated by the test management platform according to a detection item, the detection item is constructed by the test management platform according to a detection object and a compliance index associated with the detection object, the detection object is determined according to an asset of an electric power monitoring system, and the compliance index associated with the detection object is determined according to a compliance index stored in a compliance library;
a detection instruction parsing module 702, configured to parse the detection instruction to generate the detection object and a compliance index associated with the detection object;
a data acquisition module 703, configured to perform data acquisition according to the detection object and a compliance index associated with the detection object;
a compliance judgment module 704, configured to perform compliance judgment on the data acquisition result and the compliance index stored in the compliance library;
the detection result generating module 705 is configured to generate a detection result according to the compliance judgment result and the requirement of the compliance index stored in the compliance library.
As shown in fig. 7, in a specific example, the data acquisition module 703 includes:
an automatic detection index determining unit 7031, configured to determine an automatic detection index in the compliance index associated with the detection object according to a criterion of the automatic detection index, where the criterion of the automatic detection index is determined according to a compliance data acquisition protocol;
an automated test case conversion unit 7032, configured to convert the automated detection index into an automated test case;
and the data acquisition unit 7033 is configured to apply the automatic test case to a detection object corresponding to the automatic test case through a collector, and perform data acquisition.
As shown in fig. 7, in a specific example, the compliance determination module 704 includes:
a regular matching unit 7041, configured to perform regular matching on a data acquisition result and a compliance index stored in the compliance library according to a preset regular matching keyword, where the preset regular matching keyword is determined according to the compliance index stored in the compliance library;
and a conformity judgment unit 7042, configured to perform conformity judgment on the data acquisition result according to the regular matching result.
As shown in fig. 7, in a specific example, the detection result generating module 705 includes:
the scoring unit 7051 is configured to score the compliance judgment result corresponding to each detection object in the compliance judgment results according to the requirement of the compliance index stored in the compliance library;
a detection result generating unit 7052, configured to obtain weights of the detection objects generated by analyzing the detection instruction and the compliance index associated with the detection objects, and perform weighted summation on the scoring result of each detection object according to the weights to generate a detection result.
As shown in fig. 7, in a specific example, the power monitoring system safety protection compliance detection system further includes a preprocessing module 706, configured to preprocess a data acquisition result after the data acquisition module 703 acquires data according to the detection object and a compliance index associated with the detection object, where the preprocessing includes filtering the data acquisition result according to the compliance index stored in the compliance library, and performing a consistency process on the filtered data acquisition result;
the compliance judgment module 704 performs compliance judgment on the preprocessed data acquisition result and compliance indexes stored in the compliance library.
From the above description, the safety protection compliance detection system of the power monitoring system solves the problems of low efficiency and low accuracy of the traditional compliance detection, and can continuously detect the detected object to avoid carelessness.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.