CN106790111A - Intelligent grid threat propagation defence method based on software definition multicast - Google Patents

Intelligent grid threat propagation defence method based on software definition multicast Download PDF

Info

Publication number
CN106790111A
CN106790111A CN201611220741.6A CN201611220741A CN106790111A CN 106790111 A CN106790111 A CN 106790111A CN 201611220741 A CN201611220741 A CN 201611220741A CN 106790111 A CN106790111 A CN 106790111A
Authority
CN
China
Prior art keywords
data
software definition
multicast
controller
definition multicast
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611220741.6A
Other languages
Chinese (zh)
Other versions
CN106790111B (en
Inventor
伍军
李高磊
张宇韬
何珊
李建华
叶天鹏
陈璐艺
李高勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Crane Mdt Infotech Ltd
SHANGHAI PENGYUE JINGHONG INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd
Shanghai Jiaotong University
Original Assignee
Shanghai Crane Mdt Infotech Ltd
SHANGHAI PENGYUE JINGHONG INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Crane Mdt Infotech Ltd, SHANGHAI PENGYUE JINGHONG INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd, Shanghai Jiaotong University filed Critical Shanghai Crane Mdt Infotech Ltd
Priority to CN201611220741.6A priority Critical patent/CN106790111B/en
Publication of CN106790111A publication Critical patent/CN106790111A/en
Application granted granted Critical
Publication of CN106790111B publication Critical patent/CN106790111B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a kind of intelligent grid threat propagation defence method based on software definition multicast, including step 1:Software definition multicast system is set up, the software definition multicast system includes:Centralization key-course and data Layer;Step 2:Naming rule according to regulation is matched after being named to the data of high-grade intelligent electronic equipment to service name, and data content is perceived and feature extraction;The data content for extracting is authenticated by the centralization key-course in the system of software definition multicast, successfully passing the data flow corresponding to the data content of certification can be forwarded, and the data flow corresponding to the data content of bad authentication is by limitation forwarding.The present invention includes a specific master controller, and it can be monitored and controlled the state of intelligent electronic device.For the defect of IEC61850 standards, software definition multicast mechanism makes interchanger perform content matching module, is the selection time that each packet reduces forwarding strategy.

Description

Intelligent grid threat propagation defence method based on software definition multicast
Technical field
The present invention relates to intelligent power grid technology field, in particular it relates to the intelligent grid for being based on software definition multicast is threatened Propagate defence method.
Background technology
In the transformer station of intelligent grid, intelligent electronic device (Intelligent Electronic Devices, IEDs) initial design is used for realizing real-time guard control and data acquisition (Real-time Protection Control and Data Acquisition, RPCDA).In order to improve the validity for being in communication with each other cooperation between intelligent electronic device, industry is formulated IEC61850 standards (the unique universal standard of power system automatic field), the standard criterion data model and intelligence Communication format between energy network stations.IEC61850 standards are successfully realized the multicast transmission of many intelligent electronic devices so that intelligence Communication efficiency between energy electricity grid substation IEDs is significantly improved.But this novel standard under cover significant safety problem.By In the presence of this form of multicast transmission, the loss caused by network security attacks exponentially type will increase.
The network security threats source of intelligent substation can be roughly divided into two kinds:Cyberspace safety and physical facility are pacified Entirely.And both security threats are closely related.For physical facility safety, its major security threat includes that hardware is old Change, operational error and natural calamity.In order to reduce the influence that physical facility is brought safely, substantial amounts of intelligent electronic device is by portion In affixing one's name to scattered transformer station, with the state of all kinds of instrument and meters in effective detection and control intelligent grid.In cyberspace Secure context, data confidentiality, integrality and availability are intimately tied to the real-time of communication system, such as network delay, network Congestion, packet loss etc..The operation of error is likely to cause the interruption of service, or even triggers a series of security incident harm intelligence electricity The safety and stablization of network operation.
Research before is often absorbed in how to ensure the real-time of data transfer between intelligent electronic device, to being dispersed in biography The design of the aspects such as the data on sensor is very in short supply.In recent years, with the rapid increasing of network attack quantity in intelligent grid Long, people are to the attention degree of smart grid security intimidation defense also more and more higher.Multicast transmission can make security threat rapid Diffusion, therefore any network security threats attack can all become very fatal in multi-casting communication system.Although VLAN (Virtual Local Area Network, VLAN) technology can to a certain extent reduce the propagation of network security threats Domain, but the multicast transmission based on MAC (Medium Access Control) address is typically static state, and independence and data Content, existing means are difficult to detect and take precautions against.
The content of the invention
For defect of the prior art, it is an object of the invention to provide a kind of intelligent grid based on software definition multicast Threat propagation defence method.
According to the intelligent grid threat propagation defence method based on software definition multicast that the present invention is provided, including following step Suddenly:
Step 1:Software definition multicast system is set up, the software definition multicast system includes:Centralization key-course and Data Layer;The centralization key-course be used for perform status monitoring, operational control, name matching, interest judgement table safeguard and Propagation path is selected;The data Layer is used to perform data forwarding and content caching;And in the software definition multicast system Operation has various data flows;
Step 2:Naming rule according to regulation is carried out after being named to the data of intelligent electronic device to service name Matching, and data content is perceived and feature extraction;By the centralization key-course pair in the system of software definition multicast The data content for extracting is authenticated, and successfully passing the data flow corresponding to the data content of certification can be forwarded, not Data flow corresponding to the data content of success identity is by limitation forwarding.
Preferably, acted on behalf of comprising at least one numerical nomenclature in the intelligent electronic device in the step 2, the name generation Include at least one numerical nomenclature module in reason, for being named to data.
Preferably, at least one controller is included in the centralization key-course in the step 2, is included in the data Layer There are multiple intelligent electronic devices and data transmission set;Data transmission set includes:Interchanger;
Specifically, local Monitoring Data is aperiodically shared with it by a certain intelligent electronic device by data transmission set Reinforcement level intelligent electronic device, the data transmission set can be passed by controller control, the controller to the data Transfer device carries out real time status information and updates and network topology information renewal;And the controller can also be limited and flow through institute State the data traffic size of each port of data transmission set.
Preferably, matching agency, authentication proxy and the treatment agency of numerical nomenclature are included in the controller;It is described Numerical nomenclature matching agency to data according to naming rule for matching;The authentication proxy is used for according to the spy for being matched Authentication data is levied with the presence or absence of security threat;The treatment agency is for according to Threat verdict result limitation corresponding data flow.
Preferably, the step 2 includes:
Step 2.1:In it will be forwarded to controller after first time is sent in network, the controller is according to rule for data Fixed naming rule carries out data content perception and feature extraction, and the packet that will be matched is stored in untreated name pipe Reason unit is stored;
Step 2.2:The extracted feature of agency will be matched to send to authentication proxy, by the security service module of authentication proxy Data characteristics is differentiated, and judges whether security threat behavior, produce corresponding authentication result;
Step 2.3:Authentication result is sent to treatment and acted on behalf of by authentication proxy, and the treatment is in not authenticated data Hold corresponding data flow to be limited.
Preferably, being comprised at least during the data exchange between each agency of the controller has a data sharing Module, the data sharing module is realized based on publish/subscribe pattern;Specifically, result is published to one by each agency In publicly-owned domain space, all agencies that have subscribed the result can obtain other generations from the publicly-owned domain space The result of reason.
Compared with prior art, the present invention has following beneficial effect:
The intelligent grid threat propagation defence method based on software definition multicast that the present invention is provided can effectively suppress prestige The side of body is attacked by diffusion rate of the multicast transmission in whole network domain, in addition the intelligent grid threat based on software definition multicast Propagate defence method and include a specific master controller, it can be monitored and controlled the state of intelligent electronic device.For The defect of IEC61850 standards, software definition multicast mechanism makes interchanger perform content matching module, is that each packet is reduced The selection time of forwarding strategy.
Brief description of the drawings
The detailed description made to non-limiting example with reference to the following drawings by reading, further feature of the invention, Objects and advantages will become more apparent upon:
Fig. 1 is the software definition multicast mechanism schematic diagram in the present invention;
Fig. 2 (a) and Fig. 2 (b) are respectively the schematic diagram of intelligent electronic device data model and traffic model;
Fig. 3 is the work sequence figure of the software definition multicast in the present invention;
Fig. 4 is the propagation characteristic schematic diagram of different multicast patterns;
Fig. 5 (a) to Fig. 5 (d) is respectively four kinds of IEC61850 communications and illustrates with the performance comparison of software definition multicast mechanism Figure;
Fig. 6 (a) to Fig. 6 (c) is respectively the comparison schematic diagram that three kinds of software definition multicasts are reduced to transmission delay.
Specific embodiment
With reference to specific embodiment, the present invention is described in detail.Following examples will be helpful to the technology of this area Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that to the ordinary skill of this area For personnel, without departing from the inventive concept of the premise, some changes and improvements can also be made.These belong to the present invention Protection domain.
Intelligent grid threat propagation generally concentrating of defence method key-course and data Layer based on software definition multicast, such as Shown in Fig. 1.Status monitoring, operational control are performed in centralization key-course, name is matched, interest judges that road is safeguarded and propagated to table Footpath selection function, data forwarding and content caching function are performed in data Layer.The key-course of centralization includes at least one control Device, each controller includes untreated interest management unit, name matching domain, network resource management, network application and safety Service totally 5 parts.When implementing, logic controller is represented with C1 and C2 respectively according to function allocation difference, actually C1 and C2 can be realized on a physical controller.
Untreated interest management unit is used to collect the NDOs in each IEDs.Title in NDOs is sent by interest bag. These NDOs will be mapped in a unified table flexibly to call by MAC Address.
Name matching domain is the correct important step for carrying out data transmission between a subject and object.In the matching domain, The target MAC (Media Access Control) address of subscribed service data is determined in advance.In matching domain, publish/subscribe pattern is used.
The basic function that Path selection is each network application is route in network resource management.Routed path selection must be first Set up a virtual topological structure for whole network.After it receives source MAC collection and destination-mac address collection, will calculate from The optimal routed path of source MAC to purpose MAC.Requirement of the different servers to Link State may be not quite similar.
Security service is that the intelligent grid threat propagation defence method based on software definition multicast will automatically can be forwarded Data and Internet resources carry out the basis of classifying rationally, the specific safety measure logarithm of security service module calls in authentication proxy It is authenticated according to feature.
The present invention wishes to solve the problems, such as the threat propagation in intelligent grid, further, is threatened in reduction whole network The speed of propagation.The present invention makes the realization of multicast mechanism by software definition and manages concentratedly and configuration in conventional, with safety The multi-case data of threat flexibly can be recognized and limited.According to emulation as can be seen that the present invention effectively reduces safety The propagation rate in intelligent grid is threatened, so as to enhance the security of intelligent grid.
According to the intelligent grid threat propagation defence method based on software definition multicast that the present invention is provided, including following step Suddenly:
Step 1:The ACSI services to be issued to source/destination intelligent electronic device are named;
Step 2:SAP bags are issued to the controller based on software definition multicast mechanism, the SAP bags refer to source smart electronicses The interest bag that equipment is issued to the controller of the power network intimidation defense method based on software definition multicast;
Step 3:Derive server name, Ts/Td and MAC Address respectively in SAP and DAS;The DAS refers to purpose The interest bag that intelligent electronic device is issued to the controller of the power network intimidation defense method based on software definition multicast;
Step 4:The server name of SAP and the server name of DAS are matched from controller C1, if matching is correct, The SAP and DAS that will be matched are labeled as SAP ' and DAS ';Controller C1 refers to that the power network threat propagation based on software definition multicast is prevented First module of controller in imperial method;
Step 5:Selected respectively from SAP ' and DAS ' source MAC and target MAC (Media Access Control) address and re-flag respectively for DMAC ' and SMAC ';
Step 6:DMAC ' and SMAC ' are sent to controller C2, controller C2 refers to the power network based on software definition multicast Second module of controller in threat propagation defence method;
Step 7:Controller C2 notifies that source intelligent electronic device sends the service data of DMAC ' to SMAC ';
Step 8:Be sent to data flow in network by source intelligent electronic device;
Step 9:Network element receives data flow from source intelligent electronic device;
Step 10:Network element is by the OpenFlow of customization to controller C2 report network states;
Step 11:Controller C2 chooses network type and service name information from network data flow;
Step 12:Controller C2 sets up logical topology and virtual topology for logical services;
Step 13:Controller C2 is detected and is controlled the state of all-network element;
Step 14:Controller C2 matches the ether network parameters of the token network type of SMAC ' and DMAC ';
Step 15:Controller C2 formulates the flow table of data forwarding from data forwarding rule;
Step 16:Controller C2 distributes flow table to each element;
Step 17:Service is forwarded from source intelligent electronic device to purpose intelligent electronic device.
For the defect of IEC61850 standards, software definition multicast mechanism is set, interchanger is performed content matching module, The selection time of forwarding strategy is reduced for each packet.
The software definition multicast mechanism is as shown in figure 1, content matching module safeguards a name matching domain, name matching Domain is the correct important step for carrying out data transmission between a subject and object.In the matching domain, subscribed service data Target MAC (Media Access Control) address be determined in advance.
System using the inventive method mainly includes:Key-course and data Layer, by key-course perform monitoring, control with And matching operation, and safeguard interest judges table and propagation path selecting module;Each module is independent in key-course, and And they can in the case of distributed deployment cooperating.Data Layer mainly includes:Source/Intelligent target electronic equipment, net Network execution unit (interchanger) and context buffer.Source therein/Intelligent target electronic equipment is responsible for power network infrastructure Real-time guard, is the key node of Various types of data convergence and treatment.Source/Intelligent target electronic equipment IEDs in intelligent substation Play highly important role.One exposed intelligent electronic device will be likely to turn into the dreamboat of attacker, base The flow control towards ACSI services is supported in the intelligent grid threat propagation defence method of software definition multicast, is spread to threatening With obvious inhibitory action.High-grade intelligent electronic equipment determines which service needs to be named, the data energy which is named Enough it is associated with other people.
Untreated interest management unit, for collecting the NDOs in each IEDs.Title in NDOs is sent by interest bag. These NDOs will be mapped in a unified table flexibly to call by MAC Address.
It is the 2 most basic functions that must include in each network execution unit that content is forwarded with caching.Forwarding capability, Such as routed path selection is to pull out what is come from the complicated data Layer of dispersion, and software definition multicast mechanism supports Route Selection Centralized management.It is different with existing transmission structure, forward-path has been formulated before data is activation to network, and data Only can be just transmitted under link connection state.
Name matching domain is the correct important step for carrying out data transmission between a subject and object.In name matching domain In, the target MAC (Media Access Control) address of subscribed service data is determined in advance.In matching domain is named, publish/subscribe pattern is made With.
Routed path selection is the basic function of each network application.Routed path selection must first set up a whole network Virtual topological structure.After it receives source MAC collection and destination-mac address collection, will calculate from source MAC to purpose MAC Optimal routed path.Requirement of the different servers to Link State may be not quite similar.Intelligence based on software definition multicast The data and Internet resources that energy power network threat propagation defence method will automatically can be forwarded carry out classifying rationally.
There are at least 10 kinds different data flows in intelligent grid threat propagation defence method based on software definition multicast.
Table 1:Data object and data flow
Source NDOs and purpose NDOs must issue their topic and agency to PITM by interest bag.Interest bag it is interior Hold the title comprising server.Interest bag is transmitted by multi-casting communication mode.PITM have recorded the MAC Address of each NDO, And send these MAC Address and matched by name to matching domain.When the server of name is matched, MAC Address will be sent out Routed path select unit is sent to carry out path computing.Unit is monitored and controlled and sends network in real time to routed path selection unit Made reference when status information is for Path selection.After selected path receives these status informations, an ack signal will be sent out Source NDOs is sent to be chosen to confirm optimal path.When no flow table supplies data forwarding, first packet will be sent To monitoring and control unit.Especially, this monitoring and with control unit in, the header and data prediction of transmission packet The title of service must be consistent.
Fig. 3 describes the workflow of the power network intimidation defense method based on software definition multicast.SAP is source NDOs to base In the interest bag of the controller issue of the power network intimidation defense method of software definition multicast.DAS is purpose NDOs to based on software Define the interest bag of the controller issue of the power network intimidation defense method of multicast.In SAP and DAS, the ACSI clothes in the NDOs of source Business is by abstract name respectively.SAP and DAS and position independence, they depend on the communication pattern of issue/signature.Performance is gone with C1 Perception of content and service name-matches function, C1 are made up of PITM units and matching domain.After C1 receives SAP and DAS bags, C1 will be opened Begin to extract server name, Ts/Td and MAC Address.C1 sends it to C2 afterwards from DAS and SAP match server titles, C2 is then responsible for monitoring and control to network.After C2 knows that service data can be sent from S, data flow will be introduced to net In network.
Table 2:Symbol and relevant explanation
Power network intimidation defense method based on software definition multicast is based on OpenFlow agreements.If packet is for the first time Reach network node, it will be sent in the controller of the power network intimidation defense method based on software definition multicast with certification and Path selection.C2 can extract ether network parameters and service device name information from data flow, and each network element will send Its state is to C2.C2 sets up a logical topology chart between logical node and a physical network facility virtual architecture.Purpose MAC Address is selected according to ACSI servers and calculates forward-path by virtual topological structure.Forwarding operation is by flow table Separate.Especially, in whole process, server name is extracted from EnetPters.And the data distorted will be dropped and send out Send and be tampered data intelligence electronic equipment and will be isolated in real time.
The present invention has 10 logical nodes by simulating 20 intelligent electronic devices, each intelligent electronic device.Pass through Compare the attack spread speed of different circulation ways to measure the work of the power network intimidation defense method based on software definition multicast Performance.Multicast transmission mode would generally be used in a point-to-point IEC61850 network.Experiment is simulated based on soft first Part is defined in the power network intimidation defense method of multicast, diffusion velocity of the Cyberthreat in unicast.Different information transfer sides The analog result that formula is drawn is as shown in Figure 4.
In the present invention with 4 to multicast transmission go explain different transmission mode between difference.4 in multicast transmission and VLAN Broadcast effect is identical, and 1 identical with unicast to multicast transmission.In unicast, threatening will need more times to spread. And then the consuming time is less in the broadcast, this perhaps causes network traffics to reach peak value.In fact, 3 to multicast transmission and 2 to many It is two kinds of most common communication modes to broadcast transmission.However, in VLAN the intelligent electronic device of fixed qty and without can expand Malleability and flexibility are adapting to more intelligent transformer station.Power network intimidation defense method based on software definition multicast is provided in addition Three kinds of feasible communication modes.The similitude of these curves demonstrates the feasibility of this structure.
Fig. 5 (a) to Fig. 5 (d) respectively describes the IEC61850 and the electricity based on software definition multicast for commonly using now Performance difference between net threat propagation method.It embody software definition multicast power network threat propagation can slow down threat exist Diffusion velocity in communication process.Zone circle marks curve due to limited Internet resources, and finally tend towards stability saturation, and software definition The power network threat propagation of multicast then all the time in blue curve lower section, illustrates true with the power network threat propagation of software definition multicast Can preferably suppress threat propagation in fact.
Fig. 6 (a) to Fig. 6 (c) describes the power network threat propagation side based on software definition multicast under different circulation ways The performance of method.As can be seen from the figure the software definition multicast transmission that content oriented is perceived threatens preventing structure in various propagation sides There is effective inhibitory action under formula to threat propagation.
To sum up, the present invention reduces threat letter in the safe information transmission in considering intelligent grid, on the basis of access Breath diffusion velocity, can effectively protect electric network composition.
Specific embodiment of the invention is described above.It is to be appreciated that the invention is not limited in above-mentioned Particular implementation, those skilled in the art can within the scope of the claims make a variety of changes or change, this not shadow Sound substance of the invention.In the case where not conflicting, feature in embodiments herein and embodiment can any phase Mutually combination.

Claims (6)

1. a kind of intelligent grid threat propagation defence method based on software definition multicast, it is characterised in that comprise the following steps:
Step 1:Software definition multicast system is set up, the software definition multicast system includes:Centralization key-course and data Layer;The centralization key-course is used to perform status monitoring, operational control, name matching, the maintenance of interest judgement table and propagates Path selection;The data Layer is used to perform data forwarding and content caching;And run in the software definition multicast system There are various data flows;
Step 2:Naming rule according to regulation is matched after being named to the data of intelligent electronic device to service name, And data content is perceived and feature extraction;By the centralization key-course in the system of software definition multicast to extracting Data content be authenticated, successfully passing the data flow corresponding to the data content of certification can be forwarded, and be recognized not successfully Data flow corresponding to the data content of card is by limitation forwarding.
2. the intelligent grid threat propagation defence method based on software definition multicast according to claim 1, its feature exists In, in the intelligent electronic device in the step 2 comprising at least one numerical nomenclature act on behalf of, it is described name agency in include to A few numerical nomenclature module, for being named to data.
3. the intelligent grid threat propagation defence method based on software definition multicast according to claim 1, its feature exists In, at least one controller is included in the centralization key-course in the step 2, multiple intelligence electricity are included in the data Layer Sub- equipment and data transmission set;Data transmission set includes:Interchanger;
Specifically, local Monitoring Data is aperiodically shared with its reinforcement by a certain intelligent electronic device by data transmission set Level intelligent electronic device, the data transmission set can be set by controller control, the controller to the data transfer The standby real time status information that carries out updates and network topology information renewal;And the controller can also be limited and flow through the number According to the data traffic size of each port of transmission equipment.
4. the intelligent grid threat propagation defence method based on software definition multicast according to claim 3, its feature exists In matching agency, authentication proxy and the treatment for including numerical nomenclature in the controller are acted on behalf of;The numerical nomenclature matching Act on behalf of for being matched to data according to naming rule;The authentication proxy is used for It is no to there is security threat;The treatment agency is for according to Threat verdict result limitation corresponding data flow.
5. the intelligent grid threat propagation defender based on software definition multicast according to any one of claim 1 to 4 Method, it is characterised in that the step 2 includes:
Step 2.1:In it will be forwarded to controller after first time is sent in network, the controller is according to regulation for data Naming rule carries out data content perception and feature extraction, and the packet that will be matched is stored in untreated name management list Unit is stored;
Step 2.2:The extracted feature of agency will be matched to send to authentication proxy, by the security service module logarithm of authentication proxy Differentiated according to feature, and judged whether security threat behavior, produced corresponding authentication result;
Step 2.3:Authentication result is sent to treatment and acted on behalf of by authentication proxy, and the treatment is to not authenticated data content pair The data flow answered is limited.
6. the intelligent grid threat propagation defence method based on software definition multicast according to claim 4, its feature exists In being comprised at least during the data exchange between each agency of the controller has a data sharing module, the number Realized based on publish/subscribe pattern according to sharing module;Specifically, result is published to a publicly-owned domain space by each agency In, all agencies that have subscribed the result can obtain the treatment knot of other agencies from the publicly-owned domain space Really.
CN201611220741.6A 2016-12-26 2016-12-26 Smart power grid threat propagation defense method based on software defined multicast Active CN106790111B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611220741.6A CN106790111B (en) 2016-12-26 2016-12-26 Smart power grid threat propagation defense method based on software defined multicast

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611220741.6A CN106790111B (en) 2016-12-26 2016-12-26 Smart power grid threat propagation defense method based on software defined multicast

Publications (2)

Publication Number Publication Date
CN106790111A true CN106790111A (en) 2017-05-31
CN106790111B CN106790111B (en) 2020-07-28

Family

ID=58924725

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611220741.6A Active CN106790111B (en) 2016-12-26 2016-12-26 Smart power grid threat propagation defense method based on software defined multicast

Country Status (1)

Country Link
CN (1) CN106790111B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104063442A (en) * 2014-06-13 2014-09-24 中国科学院计算技术研究所 Service processing method and system of information center network
CN104601557A (en) * 2014-12-29 2015-05-06 广东顺德中山大学卡内基梅隆大学国际联合研究院 Method and system for defending malicious websites based on software-defined network
CN106211136A (en) * 2016-08-31 2016-12-07 上海交通大学 Secure communication mechanism based on name in a kind of intelligent grid

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104063442A (en) * 2014-06-13 2014-09-24 中国科学院计算技术研究所 Service processing method and system of information center network
CN104601557A (en) * 2014-12-29 2015-05-06 广东顺德中山大学卡内基梅隆大学国际联合研究院 Method and system for defending malicious websites based on software-defined network
CN106211136A (en) * 2016-08-31 2016-12-07 上海交通大学 Secure communication mechanism based on name in a kind of intelligent grid

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
许世文: "基于SDN的信息中心网络的技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Also Published As

Publication number Publication date
CN106790111B (en) 2020-07-28

Similar Documents

Publication Publication Date Title
Yu et al. An efficient SDN-based DDoS attack detection and rapid response platform in vehicular networks
Nguyen et al. Search: A collaborative and intelligent nids architecture for sdn-based cloud iot networks
Tan et al. A new framework for DDoS attack detection and defense in SDN environment
Qureshi et al. Anomaly detection and trust authority in artificial intelligence and cloud computing
Liu et al. FL-GUARD: A detection and defense system for DDoS attack in SDN
CN110224990A (en) A kind of intruding detection system based on software definition security architecture
CN104618377B (en) Botnet detecting system and detection method based on NetFlow
CN105791047B (en) A kind of control method of security video private network Network Management System
CN107659543A (en) The means of defence of facing cloud platform APT attacks
Alimohammadifar et al. Stealthy probing-based verification (SPV): An active approach to defending software defined networks against topology poisoning attacks
CN104580222A (en) DDoS attack distributed detection and response system and method based on information entropy
Bohara et al. Ed4gap: Efficient detection for goose-based poisoning attacks on iec 61850 substations
CN107623663A (en) Handle the method and device of network traffics
Kuo et al. SFaaS: Keeping an eye on IoT fusion environment with security fusion as a service
CN104144166B (en) Towards the security management and control method for establishing model of restructural service load bearing network
Kanade et al. Analysis of wireless network security in internet of things and its applications
Geng et al. A software defined networking-oriented security scheme for vehicle networks
Arya et al. Detection of malicious node in vanets using digital twin
CN111476656B (en) Transaction safety identification method based on block chain
CN106790111A (en) Intelligent grid threat propagation defence method based on software definition multicast
Jeet et al. A survey on interest packet flooding attacks and its countermeasures in named data networking
Rathee et al. Handoff security using artificial neural networks in cognitive radio networks
Zhan et al. Adaptive detection method for Packet-In message injection attack in SDN
CN109195160A (en) Network equipment resource detects the anti-tamper storage system and its control method of information
Olakanmi et al. Throttle: An efficient approach to mitigate distributed denial of service attacks on software‐defined networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant