CN106603489A - Network security management and control apparatus for transformer substation - Google Patents
Network security management and control apparatus for transformer substation Download PDFInfo
- Publication number
- CN106603489A CN106603489A CN201610980044.4A CN201610980044A CN106603489A CN 106603489 A CN106603489 A CN 106603489A CN 201610980044 A CN201610980044 A CN 201610980044A CN 106603489 A CN106603489 A CN 106603489A
- Authority
- CN
- China
- Prior art keywords
- network
- security
- module
- risk
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a network security management and control apparatus for a transformer substation. The apparatus is integrated with a real-time network message monitoring, analyzing, and recording module, a network white list and black list management module, a network host checking module, and a network security risk evaluation and auditing module. With the apparatus, an original network communication message of a secondary system is analyzed, recorded and stored; and validity of network nodes and network communication connection is monitored in real time, so that security checking of software and hardware systems of network host equipment can be realized. Security auditing and risk evaluation are carried out on a secondary system network in the substation and the identified network abnormity can warned early. Therefore, a problem that boundary prevention is emphasized in security protection of the secondary system of the transformer substation and monitoring and management of the security risk of the network communication behavior are neglected can be solved. On the basis of integration of functions of real-time network monitoring, communication data analysis, host checking, security auditing, and risk evaluation to one apparatus, security management of the network communication behavior can be realized, so that the security of the secondary system can be improved substantially.
Description
Technical field
The invention belongs to network security and field of electric power automation, are related specifically to the safety about transformer station secondary system
The research of protection.
Background technology
With networking, digitlization and intelligent, the situation change of substation secondary information security of transformer station secondary system
It is increasingly serious, current comparative maturity be transformer station secondary system Border Protection, longitudinal authenticated encryption device, network are set
Xegregating unit and fire wall, can take precautions against the invasion and attack of outside.But there are two for the network of electrical secondary system
The risk of aspect, one is if Border Protection failure, outside unauthorized access and attack are equal to completely once invading internal network
Internal electrical secondary system is opened wide, internal monitoring and protection has just been lost, two has been if the network equipment inside electrical secondary system occurs
Communication abnormality, or network configuration false wiring mistake causes communication abnormality, both of these case can have a strong impact on if occurring
The operation safety of electrical secondary system.Therefore the network service behavior to electrical secondary system carries out real-time monitoring management and control and risk assessment early warning
Just seem extremely important.
Accordingly, it would be desirable to a kind of substation network security management and control device of research and design so that substation secondary security protection body
System structure is more perfect, can carry out monitoring analysis, security audit and the risk assessment and early warning of electrical secondary system network.
The content of the invention
The purpose of the present invention, is a kind of substation network security management and control device of design, can carry out electrical secondary system network
Monitoring analysis, security audit and risk assessment and early warning so that substation secondary security protection system framework is more perfect.
In order to reach above-mentioned purpose, the solution of the present invention is specific as follows:
A kind of substation network security management and control device, including network message Real Time Monitoring logging modle, the white name of network
Single blacklist management module, network host verify module, network security risk evaluation and Audit Module.The device integrated above-mentioned four
Individual module, realizes the storage record of the Real Time Monitoring of transformer station secondary system network communication data, to the network equipment and net
The real-time status of network connection carries out blacklist white list supervision, and line period safety automatically and manually is entered to main process equipment on network
Verify and the network behavior to whole electrical secondary system carries out security audit and risk assessment.
Network message Real Time Monitoring logging modle is all original on Real-time Collection transformer station secondary system switch
Message, is analyzed the configuration and behavior of current network, and marks to be stored into message store after message occurs the moment, decomposites net
Network process feature, including the process and state of the network equipment, the network port, network connection, these process features are white as network
The input of list blacklist management module.Meanwhile, calculate network service statistical information, including the break-make of flow, network connection
The number of times that number of times, network blacklist occur.
Network white list blacklist management module, collects the laggard stepping of process feature of the network equipment, network connection
Row validity judgement.Module includes following job step:
Step one, arranges the white and black list of network development process feature;
Step 2, is input into the network development process feature for collecting;
Step 3, by network development process feature the comparison of white list, blacklist is carried out, in white list be it is legal,
In blacklist is illegal;
Step 4, is input into the network development process feature for collecting not within white and black list, submits man-machine interface to
Judge to confirm, and update white and black list.
Network host verifies module, and line period and manual two ways are entered to the work station in network host, server
Security check.Module comprises the steps:
Step one, arranges and verifies parameter, including cycle time, weak passwurd standard, legitimate processes list;
Step 2, according to parameter is verified line period verification and verification manually are entered, and whether content includes system weak passwurd, installs
Antivirus software, software installation and unloading record, whether whether operation process is legal, have mobile storage to access;
Step 3, record verifies result;
Network security risk evaluation and Audit Module, comment the risk index of the network security of transformer station secondary system
Estimate and audit, and provide Risk-warning.Module comprises the steps:
Step one, arranges Risk-warning threshold parameter;
Step 2, reads in network service statistical information, network white list, network blacklist, network host and verifies result;
Step 3, the above-mentioned data read in of auditing, assesses the risk class of network security;
Step 4, when risk evaluation result exceeds threshold value, provides Risk-warning;
The invention has the beneficial effects as follows:Solve lay particular emphasis on for a long time in transformer station secondary system security protection Border Protection and
Lack the monitoring management problem of the security risk to network service behavior, integrated network real-time monitoring, communication in a table apparatus
Data analysis, security audit, real-time risk assessment, the function of man-machine interaction remote management many aspects, realize logical to network
The safety management of letter behavior, can greatly improve the security performance of electrical secondary system.
Description of the drawings
Fig. 1 is the substation network security management and control apparatus module Organization Chart in the present invention;
Fig. 2 is the network message Real Time Monitoring logging modle flow chart in the present invention;
Fig. 3 is the network white list blacklist management module flow chart in the present invention;
Fig. 4 is that the network host in the present invention verifies block flow diagram;
Network security risk evaluation and Audit Module flow chart in the present invention of Fig. 5 positions;
Specific embodiment
To make technical scheme and feature definitely, the present invention is further explained below in conjunction with accompanying drawing
State.
A kind of substation network security management and control device, including network message Real Time Monitoring logging modle, the white name of network
Single blacklist management module, network host verify module, network security risk evaluation and Audit Module, as shown in Figure 1.The device
Integrated aforementioned four module, realizes the storage record of the Real Time Monitoring of transformer station secondary system network communication data, to net
The real-time status of network equipment and network connection carries out blacklist white list supervision, line period is entered to main process equipment on network automatically and
The manual security check and network behavior to whole electrical secondary system carries out security audit and risk assessment.
Network message Real Time Monitoring logging modle is all original on Real-time Collection transformer station secondary system switch
Message, is analyzed the configuration and behavior of current network, and marks to be stored into message store after message occurs the moment, decomposites net
Network process feature, including the process and state of the network equipment, the network port, network connection, these process features are white as network
The input of list blacklist management module.Meanwhile, calculate network service statistical information, including the break-make of flow, network connection
The number of times that number of times, network blacklist occur.Block process is as shown in Figure 2.
Network white list blacklist management module, collects the laggard stepping of process feature of the network equipment, network connection
Row validity judgement.Block process is as shown in figure 3, including following job step:
Step one, arranges the white and black list of network development process feature;
Step 2, is input into the network development process feature for collecting;
Step 3, by network development process feature the comparison of white list, blacklist is carried out, in white list be it is legal,
In blacklist is illegal;
Step 4, is input into the network development process feature for collecting not within white and black list, submits man-machine interface to
Judge to confirm, and update white and black list.
Network host verifies module, and line period and manual two ways are entered to the work station in network host, server
Security check.Block process is as shown in figure 4, comprise the steps:
Step one, arranges and verifies parameter, including cycle time, weak passwurd standard, legitimate processes list;
Step 2, according to parameter is verified line period verification and verification manually are entered, and whether content includes system weak passwurd, installs
Antivirus software, software installation and unloading record, whether whether operation process is legal, have mobile storage to access;
Step 3, record verifies result;
Network security risk evaluation and Audit Module, comment the risk index of the network security of transformer station secondary system
Estimate and audit, and provide Risk-warning.Block process is as shown in figure 5, comprise the steps:
Step one, arranges Risk-warning threshold parameter;
Step 2, reads in network service statistical information, network white list, network blacklist, network host and verifies result;
Step 3, the above-mentioned data read in of auditing, assesses the risk class of network security;
Step 4, when risk evaluation result exceeds threshold value, provides Risk-warning;
It should be noted that the above only expresses embodiments of the present invention, its description is more concrete and detailed, but
Therefore the restriction to the scope of the claims of the present invention can not be interpreted as.It should be pointed out that for the ordinary skill people of this area
For member, without departing from the inventive concept of the premise, some deformations and improvement can also be made, these belong to the present invention's
Protection domain.Therefore, the protection domain of patent of the present invention should be defined by claims.
Claims (5)
1. a kind of substation network security management and control device, it is characterised in that:Including network message Real Time Monitoring logging modle,
Network white list blacklist management module, network host verify module and network security risk evaluation and Audit Module, wherein,
The network message Real Time Monitoring logging modle collection switch original message simultaneously carries out network analysis, decomposites network mistake
Cheng Tezheng and Network statistical information, by the state of the network equipment in network development process feature and network connection the white name of network is input to
Single blacklist management module compares, while network host verifies module manually or periodic mode is to network master
Machine carries out security check, network security risk evaluation and Audit Module comprehensive collection Network statistical information, the black name of network white list
Menu manager result and network host verify result, carry out security audit and the risk assessment of the network behavior of whole electrical secondary system.
2. a kind of substation network security management and control device as described in right 1, it is characterised in that the network message real-time monitoring
Analysis logging modle, all original messages on Real-time Collection transformer station secondary system switch are analyzed current network
Configuration and behavior, and mark to be stored into message store after message occurs the moment, network development process feature is decomposited, including network sets
The standby, network port, the process of network connection and state, these process features are defeated as network white list blacklist management module
Enter;Meanwhile, calculate network service statistical information, including the break-make number of times of flow, network connection, network blacklist occur time
Number.
3. a kind of substation network security management and control device as described in right 1, it is characterised in that the network white list blacklist
Management module, collects and further carry out after the process feature of the network equipment, network connection validity judgement, and the legitimacy is sentenced
It is disconnected to comprise the steps:
Step one, arranges the white and black list of network development process feature;
Step 2, is input into the network development process feature for collecting;
Step 3, by network development process feature the comparison of white list, blacklist is carried out, in white list be it is legal, in black name
In list is illegal;
Step 4, is input into the network development process feature for collecting not within white and black list, submits to man-machine interface to judge
Confirm, and update white and black list.
4. a kind of substation network security management and control device as described in right 1, it is characterised in that the network host verifies mould
Block, to the work station in network host, server the security check of line period and manual two ways is entered, and is comprised the steps:
Step one, arranges and verifies parameter, including cycle time, weak passwurd standard, legitimate processes list;
Step 2, according to parameter is verified line period verification and verification manually are entered, and content includes system weak passwurd, whether installs gas defence
Software, software installation and unloading record, whether whether operation process is legal, have mobile storage to access;
Step 3, record verifies result.
5. a kind of substation network security management and control device as described in right 1, it is characterised in that the network security risk evaluation
And Audit Module, the risk index of the network security of transformer station secondary system is estimated and is audited, and Risk-warning is given,
Comprise the steps:
Step one, arranges Risk-warning threshold parameter;
Step 2, reads in network service statistical information, network white list, network blacklist, network host and verifies result;
Step 3, the above-mentioned data read in of auditing, assesses the risk class of network security;
Step 4, when risk evaluation result exceeds threshold value, provides Risk-warning.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610980044.4A CN106603489A (en) | 2016-11-08 | 2016-11-08 | Network security management and control apparatus for transformer substation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610980044.4A CN106603489A (en) | 2016-11-08 | 2016-11-08 | Network security management and control apparatus for transformer substation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106603489A true CN106603489A (en) | 2017-04-26 |
Family
ID=58590756
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610980044.4A Pending CN106603489A (en) | 2016-11-08 | 2016-11-08 | Network security management and control apparatus for transformer substation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106603489A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566334A (en) * | 2017-07-17 | 2018-01-09 | 全球能源互联网研究院有限公司 | A kind of distribution terminal safety monitoring method and device realized based on agency |
| CN111031062A (en) * | 2019-12-24 | 2020-04-17 | 四川英得赛克科技有限公司 | Industrial control system panoramic perception monitoring method, device and system with self-learning function |
| CN113438207A (en) * | 2021-06-03 | 2021-09-24 | 张宇翔 | Network security protection method based on white list |
| CN115065515A (en) * | 2022-06-02 | 2022-09-16 | 国网河北省电力有限公司超高压分公司 | Network security monitoring device of transformer substation |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102208996A (en) * | 2011-05-18 | 2011-10-05 | 河南省电力公司 | Network safety surveillance method for intelligent network equipment of digitalized transformer satiation |
| CN102739679A (en) * | 2012-06-29 | 2012-10-17 | 东南大学 | URL(Uniform Resource Locator) classification-based phishing website detection method |
| US9002761B2 (en) * | 2008-10-08 | 2015-04-07 | Rey Montalvo | Method and system for automatically adapting end user power usage |
| CN104834984A (en) * | 2015-02-11 | 2015-08-12 | 国家电网公司 | Electric power transaction supervision risk early warning system based on unified and interconnected electric power market |
| CN105589757A (en) * | 2014-10-23 | 2016-05-18 | 上海天脉聚源文化传媒有限公司 | Method for protecting working process in server framework and server |
-
2016
- 2016-11-08 CN CN201610980044.4A patent/CN106603489A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9002761B2 (en) * | 2008-10-08 | 2015-04-07 | Rey Montalvo | Method and system for automatically adapting end user power usage |
| CN102208996A (en) * | 2011-05-18 | 2011-10-05 | 河南省电力公司 | Network safety surveillance method for intelligent network equipment of digitalized transformer satiation |
| CN102739679A (en) * | 2012-06-29 | 2012-10-17 | 东南大学 | URL(Uniform Resource Locator) classification-based phishing website detection method |
| CN105589757A (en) * | 2014-10-23 | 2016-05-18 | 上海天脉聚源文化传媒有限公司 | Method for protecting working process in server framework and server |
| CN104834984A (en) * | 2015-02-11 | 2015-08-12 | 国家电网公司 | Electric power transaction supervision risk early warning system based on unified and interconnected electric power market |
Non-Patent Citations (1)
| Title |
|---|
| 潘路: "电力二次系统网络信息安全防护的设计与实现", 《中国优秀硕士学位论文全文数据库工程科技II辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566334A (en) * | 2017-07-17 | 2018-01-09 | 全球能源互联网研究院有限公司 | A kind of distribution terminal safety monitoring method and device realized based on agency |
| CN111031062A (en) * | 2019-12-24 | 2020-04-17 | 四川英得赛克科技有限公司 | Industrial control system panoramic perception monitoring method, device and system with self-learning function |
| CN111031062B (en) * | 2019-12-24 | 2020-12-15 | 四川英得赛克科技有限公司 | Industrial control system panoramic perception monitoring method, device and system with self-learning function |
| CN113438207A (en) * | 2021-06-03 | 2021-09-24 | 张宇翔 | Network security protection method based on white list |
| CN115065515A (en) * | 2022-06-02 | 2022-09-16 | 国网河北省电力有限公司超高压分公司 | Network security monitoring device of transformer substation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN201145918Y (en) | Networking safety door inhibition apparatus | |
| Cárdenas et al. | Research challenges for the security of control systems. | |
| CN106603489A (en) | Network security management and control apparatus for transformer substation | |
| CN102999716B (en) | virtual machine monitoring system and method | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN110324323B (en) | New energy plant station network-related end real-time interaction process anomaly detection method and system | |
| CN104967825A (en) | Gatekeeper electronic dog system | |
| CN102413127A (en) | Database generalization safety protection method | |
| CN204965491U (en) | Safety tool of power supply station cabinet storehouse intelligent management system | |
| CN112799358A (en) | Industrial control safety defense system | |
| CN103679028A (en) | Software behavior monitoring method and terminal | |
| CN202771508U (en) | Data processing equipment, server and system based on filing cabinet control | |
| CN201540602U (en) | Safe access control device for defending tailing | |
| Suo et al. | Research on the application of honeypot technology in intrusion detection system | |
| CN112350858A (en) | Cloud intelligent home data security management system | |
| CN203835143U (en) | Vertical type fingerprint confidential cabinet | |
| CN204256814U (en) | A kind of community power transformation power gate control system | |
| CN112199700B (en) | Safety management method and system for MES data system | |
| CN102592341A (en) | Filing cabinet control-based data processing method, equipment, server and system | |
| CN106534110B (en) | Trinity transformer substation secondary system safety protection system framework system | |
| CN117292054A (en) | Three-dimensional digital-based intelligent operation and maintenance method and system for power grid | |
| CN108920305B (en) | USB device access risk detection method and device based on distributed accounting | |
| CN109756483B (en) | Safety protection method aiming at MELASEC protocol | |
| CN107277040A (en) | A kind of method for carrying out terminal Access Control in Intranet | |
| CN104966345A (en) | Access control system and access control management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170426 |
|
| WD01 | Invention patent application deemed withdrawn after publication |