CN107566334A - A kind of distribution terminal safety monitoring method and device realized based on agency - Google Patents
A kind of distribution terminal safety monitoring method and device realized based on agency Download PDFInfo
- Publication number
- CN107566334A CN107566334A CN201710581802.XA CN201710581802A CN107566334A CN 107566334 A CN107566334 A CN 107566334A CN 201710581802 A CN201710581802 A CN 201710581802A CN 107566334 A CN107566334 A CN 107566334A
- Authority
- CN
- China
- Prior art keywords
- distribution terminal
- white list
- monitoring
- account
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Alarm Systems (AREA)
Abstract
The present invention proposes a kind of distribution terminal safety monitoring method and device realized based on agency, and the distribution terminal safety monitoring method includes:Proxy module is locally created in distribution terminal, is performed by the proxy module:The account weak passwurd of acquisition is combined with account name and logs in distribution terminal, record logs in successful account weak passwurd;Whether monitoring distribution terminal port belongs to the port monitoring white list of acquisition, and record is not belonging to the port of port monitoring white list;Whether the opposite end address of monitoring distribution terminal network connection table belongs to the network external connection white list of acquisition, and record is not belonging to the opposite end address of network external connection white list;Whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, and record is not belonging to the external equipment of peripheral hardware access white list.Agency of the present invention has reached operation lightweight and the requirement of service nondestructive while realizing to distribution terminal safety monitoring in real time comprehensively.
Description
Technical field
The present invention relates to security information for power system field, and in particular to a kind of distribution terminal safety monitoring realized based on agency
Method and device.
Background technology
With quickly propelling for intelligent grid and energy internet, the degree more and more higher of Automation of Electric Systems, for more
Add effective analysis power business, raise the professional level, it is a large amount of to use in the power businesses such as power transformation, transmission of electricity, electricity consumption, distribution
Intelligent terminal carries out information search to live power equipment.Because field of power distribution has the field feature of itself, including divide
Cloth environment is complicated, unattended and terminal device has a wide range of application, and causes distribution terminal equipment to be easier to be attacked with system
Hit.Intelligent distribution terminal easily produces leak, lacked in use for illegal due to lacking unified safety Design
The auditability of the behaviors such as operation, unauthorized access, so as to cause the huge risk of system security presence.Distribution terminal uses mostly
Embedded real time system, its resource and processing operational capability are limited, it is difficult to bear the safety monitoring of high load capacity.
The content of the invention
In view of above-mentioned analysis, the present invention proposes a kind of distribution terminal safety monitoring method and dress realized based on agency
Put, the safety monitoring for bearing high load capacity to solve the problems, such as distribution terminal to be difficult to.
The purpose of the present invention is achieved through the following technical solutions:
The present invention proposes a kind of distribution terminal safety monitoring method realized based on agency, suitable for distribution terminal, bag
Include:Proxy module is locally created in the distribution terminal, following steps are performed by the proxy module:The account of acquisition is weak
Password combines with account name and logs in distribution terminal, and record logs in successful account weak passwurd;Whether monitor distribution terminal port
Belong to the port monitoring white list of acquisition, record is not belonging to the port of port monitoring white list;Monitor distribution terminal network connection
Whether the opposite end address of table belongs to the network external connection white list of acquisition, and record is not belonging to the opposite end address of network external connection white list;
Whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, and the outside that record is not belonging to peripheral hardware access white list is set
It is standby.
As a preferred embodiment, the account weak passwurd of acquisition is combined with account name and logs in distribution terminal,
Record logs in successful account weak passwurd, including:Obtain account weak passwurd;Generate account weak passwurd dictionary;It is weak from the account
Some account weak passwurds are taken out in password dictionary, is combined with account name and logs in the distribution terminal;When monitoring to log in success
When, record logs in successful account weak passwurd.
As a preferred embodiment, some account weak passwurds are taken out from the account weak passwurd dictionary, with account
Name in an account book combines and logs in the distribution terminal, including:Account weak passwurd is classified according to the security intensity of account weak passwurd,
Account weak passwurd class of the generation with different safety monitoring priority;From taking out one respectively in account weak passwurd class each described
Individual account weak passwurd subset, since the account weak passwurd class of safety monitoring highest priority, travel through all account weak passwurd
Each the account weak passwurd concentrated, each described account weak passwurd is combined with account name respectively and logs in the distribution end
End.
As a preferred embodiment, whether monitoring distribution terminal port belongs to the port monitoring white list of acquisition,
Record is not belonging to the port of port monitoring white list, including:Obtain port monitoring white list;Distribution terminal local interface is called,
Obtain distribution terminal port list;Judge whether the port in the distribution terminal port list belongs to the port and monitor white name
It is single;When monitoring to be not belonging to the port of port monitoring white list, the port of port monitoring white list is not belonging to described in record.
As a preferred embodiment, whether the opposite end address of monitoring distribution terminal network connection table belongs to acquisition
Network external connection white list, record are not belonging to the opposite end address of network external connection white list, including:Obtain network external connection white list;Adjust
With distribution terminal local interface, all opposite end addresses of acquisition distribution terminal network connection table;Judge distribution terminal network connection
Whether the opposite end address of table belongs to the network external connection white list;When the opposite end address for monitoring to be not belonging to network external connection white list
When, the opposite end address of network external connection white list is not belonging to described in record.
As a preferred embodiment, whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, note
Record is not belonging to the external equipment of peripheral hardware access white list, including:Obtain peripheral hardware access white list;Distribution terminal is called locally to connect
Mouthful, obtain distribution terminal external equipment table;Judge whether the equipment in distribution terminal external equipment table belongs to the peripheral hardware access
White list;When monitoring to be not belonging to the equipment of peripheral hardware access white list, setting for peripheral hardware access white list is not belonging to described in record
It is standby.
The present invention also proposes a kind of distribution terminal safety monitoring assembly realized based on agency, including:Proxy module is established
Unit, for proxy module to be locally created in the distribution terminal;Account weak passwurd monitoring unit, for acting on behalf of mould by described
The account weak passwurd of acquisition is combined and logs in distribution terminal by block with account name, and record logs in successful account weak passwurd;Port
Monitoring abnormal state unit, for monitoring whether distribution terminal port belongs to the port monitoring of acquisition in vain by the proxy module
List, record are not belonging to the port of port monitoring white list;Violation network external connection monitoring abnormal state unit, for by described
Whether the opposite end address of proxy module monitoring distribution terminal network connection table belongs to the network external connection white list of acquisition, and record does not belong to
In the opposite end address of network external connection white list;Illegal peripheral hardware access monitoring abnormal state unit, for passing through the proxy module
Whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, and the outside that record is not belonging to peripheral hardware access white list is set
It is standby.
As a preferred embodiment, the account weak passwurd monitoring unit, including:Account weak passwurd obtains single
Member, for obtaining account weak passwurd;Account weak passwurd dictionary creation unit, for generating account weak passwurd dictionary;The weak mouth of account
Login unit is made, for taking out some account weak passwurds from the account weak passwurd dictionary, is combined with account name and logs in institute
State distribution terminal;Account weak passwurd monitoring result recording unit, for when monitoring to log in successfully, record to log in successful account
Family weak passwurd.
As a preferred embodiment, the account weak passwurd login unit, including:The generation of account weak passwurd class is single
Member, account weak passwurd is classified for the security intensity according to account weak passwurd, generation has different safety monitorings preferential
The account weak passwurd class of level;Account weak passwurd Traversal Unit, for from taking out one respectively in account weak passwurd class each described
Individual account weak passwurd subset, since the account weak passwurd class of safety monitoring highest priority, travel through all account weak passwurd
Each the account weak passwurd concentrated, each described account weak passwurd is combined with account name respectively and logs in the distribution end
End.
As a preferred embodiment, the port monitoring abnormal state unit, including:Port monitoring white list obtains
Unit is taken, for obtaining port monitoring white list;Distribution terminal port list acquiring unit, for calling distribution terminal locally to connect
Mouthful, obtain distribution terminal port list;Distribution terminal port judging unit, for judging in the distribution terminal port list
Whether port belongs to the port monitoring white list;Port abnormality recording unit, monitor to be not belonging to port prison for working as
When surveying the port of white list, the port of port monitoring white list is not belonging to described in record.
As a preferred embodiment, the violation network external connection monitoring abnormal state unit, including:Network external connection
White list acquiring unit, for obtaining network external connection white list;Distribution terminal network connection table opposite end address acquisition unit, is used for
Distribution terminal local interface is called, obtains all opposite end addresses of distribution terminal network connection table;Distribution terminal network connection table
Whether opposite end address judging unit, the opposite end address for judging distribution terminal network connection table belong to the white name of the network connection
It is single;Violation network external connection abnormality recording unit, for when monitoring to be not belonging to the opposite end address of network connection white list,
The opposite end address of network connection white list is not belonging to described in record.
As a preferred embodiment, the illegal peripheral hardware access monitoring abnormal state unit, including:Peripheral hardware accesses
White list acquiring unit, for obtaining peripheral hardware access white list;Distribution terminal external equipment table acquiring unit, for calling distribution
Terminal local interface, obtain distribution terminal external equipment table;Distribution terminal external equipment judging unit, for judging distribution terminal
Whether the equipment in external equipment table belongs to peripheral hardware access white list;Illegal peripheral hardware access abnormality recording unit, for working as
When monitoring to be not belonging to the equipment of peripheral hardware access white list, the equipment that peripheral hardware accesses white list is not belonging to described in record.
The present invention also proposes a kind of distribution terminal, including:At least one processor;And with least one processor
The memory of communication connection;Wherein, have can be by the instruction of one computing device, the instruction quilt for the memory storage
At least one computing device, so that the distribution terminal realized based on agency described at least one computing device
Any one in safety monitoring method.
Technical scheme proposed by the present invention, compared with prior art, at least have the following advantages that:
The present invention proposes a kind of distribution terminal safety monitoring method and device realized based on agency, in distribution terminal sheet
Proxy module is established on ground, is performed by the proxy module:The account weak passwurd of acquisition is combined with account name and logs in distribution
Terminal, record log in successful account weak passwurd;Whether monitoring distribution terminal port belongs to the port monitoring white list of acquisition, note
Record is not belonging to the port of port monitoring white list;Whether the opposite end address of monitoring distribution terminal network connection table belongs to the net of acquisition
Network external connection white list, record are not belonging to the opposite end address of network external connection white list;Whether monitoring distribution terminal external equipment belongs to
Peripheral hardware accesses white list, and record is not belonging to the external equipment of peripheral hardware access white list.Agency of the present invention runs directly in embedding
In embedded system, the monitoring to distribution terminal directly invokes a small amount of native interface of operating system, does not use third party library, right
The average occupancy of system resource is extremely low, meanwhile, system level or service layer is not present between the agency and distribution terminal
On data syn-chronization operation and data communication interaction, therefore the distribution business of distribution terminal itself is not influenceed, is also not take up
The network bandwidth of distribution system, carried realizing to the comprehensive safety monitoring in real time of distribution terminal, for distribution terminal fault source tracing
While for accurate foundation, operation lightweight and the requirement of service nondestructive are reached.
Brief description of the drawings
, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art
The required accompanying drawing used is briefly described in embodiment or description of the prior art, it should be apparent that, in describing below
Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid
Put, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a specific example of the distribution terminal safety monitoring method realized in the embodiment of the present invention based on agency
Flow chart;
Fig. 2 is that the account weak passwurd of acquisition is combined with account name in the embodiment of the present invention and logs in distribution terminal and records
Log in the flow chart of a specific example of the method for successful account weak passwurd;
Fig. 3 is that some account weak passwurds are taken out from account weak passwurd dictionary in the embodiment of the present invention and are combined with account name
Log in the flow chart of a specific example of the method for distribution terminal;
Fig. 4 is to monitor whether distribution terminal port belongs to the port monitoring white list of acquisition and record in the embodiment of the present invention
It is not belonging to the flow chart of a specific example of the method for the port of port monitoring white list;
Fig. 5 is whether the opposite end address of monitoring distribution terminal network connection table in the embodiment of the present invention belongs to the network of acquisition
External connection white list and the flow chart for recording a specific example of the method for the opposite end address for being not belonging to network external connection white list;
Fig. 6 is that whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list and record not in the embodiment of the present invention
Belong to the flow chart of the method for the external equipment of peripheral hardware access white list;
Fig. 7 is a specific example of the distribution terminal safety monitoring assembly realized in the embodiment of the present invention based on agency
Theory diagram;
Fig. 8 is the theory diagram of a specific example of account weak passwurd monitoring unit in the embodiment of the present invention;
Fig. 9 is the theory diagram of a specific example of account weak passwurd login unit in the embodiment of the present invention;
Figure 10 is the theory diagram of a specific example of middle port monitoring abnormal state unit of the embodiment of the present invention;
Figure 11 is the principle of a specific example of violation network external connection monitoring abnormal state unit in the embodiment of the present invention
Block diagram;
Figure 12 is the principle of the specific example that illegal peripheral hardware accesses monitoring abnormal state unit in the embodiment of the present invention
Block diagram;
Figure 13 is the theory diagram of a specific example of distribution terminal in the embodiment of the present invention;
Figure 14 is the theory diagram of a specific example of distribution terminal in the embodiment of the present invention.
Embodiment
Technical scheme is clearly and completely described below in conjunction with accompanying drawing, it is clear that described implementation
Example is part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill
The every other embodiment that personnel are obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
As long as in addition, technical characteristic involved in invention described below different embodiments non-structure each other
It is be combined with each other into conflict can.
The embodiment of the present invention provides a kind of distribution terminal safety monitoring method realized based on agency, whole suitable for distribution
End, the flow chart of the distribution terminal safety monitoring method is as shown in figure 1, comprise the following steps:
S1:Proxy module is locally created in the distribution terminal.
Above-mentioned proxy module is run directly in the backstage of distribution terminal embedded system.
S2:The account weak passwurd of acquisition is combined with account name by above-mentioned proxy module and logs in distribution terminal, is recorded
Log in successful account weak passwurd.
S3:The port for whether belonging to acquisition by above-mentioned proxy module monitoring distribution terminal port monitors white list, record
It is not belonging to the port of port monitoring white list.
S4:Whether belong to the network of acquisition by the opposite end address of above-mentioned proxy module monitoring distribution terminal network connection table
External connection white list, record are not belonging to the opposite end address of network external connection white list.
S5:Monitor whether distribution terminal external equipment belongs to peripheral hardware access white list by above-mentioned proxy module, record is not
Belong to the external equipment of peripheral hardware access white list.
In the above-mentioned distribution terminal safety monitoring method realized based on agency provided in an embodiment of the present invention, the agency of foundation
Run directly in embedded system, the monitoring to distribution terminal directly invokes a small amount of native interface of operating system, does not use
It is extremely low to the average occupancy of system resource to third party library, meanwhile, system level is not present between the agency and distribution terminal
Or data syn-chronization operation and data communication interaction in service layer, therefore there is no shadow to the distribution business of distribution terminal itself
Ring, be also not take up the network bandwidth of distribution system, realizing to the comprehensive safety monitoring in real time of distribution terminal, be distribution terminal
While fault source tracing provides accurate foundation, operation lightweight and the requirement of service nondestructive are reached.
As a preferred embodiment, as shown in Fig. 2 above-mentioned steps S2 comprises the following steps:
S21:Obtain account weak passwurd.
The data source of above-mentioned account weak passwurd includes industry control general field and actual production environment.
S22:Generate account weak passwurd dictionary.
Specifically, the peace of all weak passwurds comprising above-mentioned acquisition and each account weak passwurd in account weak passwurd dictionary
Full strength.
S23:Some account weak passwurds are taken out from above-mentioned account weak passwurd dictionary, is combined with account name and logs in described match somebody with somebody
Electric terminals.
S24:When monitoring to log in successfully, record logs in successful account weak passwurd.
As a preferred embodiment, as shown in figure 3, above-mentioned steps S23 further comprises:
S231:Account weak passwurd is classified according to the security intensity of account weak passwurd, there are different safety to supervise for generation
Survey the account weak passwurd class of priority.
S232:Take out an account weak passwurd subset respectively from each account weak passwurd class, it is preferential from safety monitoring
Level highest account weak passwurd class starts, and travels through each account weak passwurd in all account weak passwurd subsets, will be described every
One account weak passwurd combines with account name and logs in the distribution terminal respectively.
In a specific embodiment, the number of above-mentioned account weak passwurd class is m, the account weak passwurd subset bag of taking-up
Containing at least one account weak passwurd, number is designated as n, and when the number for the user name that distribution terminal logs in is p, above-mentioned traversal owns
The number of each account weak passwurd in account weak passwurd subset is m*n*p.Wherein, the method for above-mentioned traversal account weak passwurd
Can take out an account weak passwurd respectively from each account weak passwurd subset and combine with each account name respectively to log in
Distribution terminal, repeats the step n times, traverses each account weak passwurd of each account weak passwurd subset;It can also be, take
One account weak passwurd subset, each of which account weak passwurd is combined with each account name and logs in distribution terminal, is repeated
Step m times, travel through each account weak passwurd subset.
Because the account weak passwurd subset taken out from account weak passwurd class is far smaller than the size of weak passwurd class, can reduce
To the consumption of system resource during safety monitoring.
As a preferred embodiment, as shown in figure 4, above-mentioned steps S3 comprises the following steps:
S31:Obtain port monitoring white list.
Specifically, according to distribution port safety standard, the list of the distribution port of trust is obtained, includes and matches somebody with somebody in the list
The port of electric terminals itself and the business service port of distribution terminal, integrate the distribution port of above-mentioned trust, obtain this reality
Apply the port monitoring white list in example.
S32:Distribution terminal local interface is called, obtains distribution terminal port list.
S33:Judge whether the port in the distribution terminal port list belongs to the port monitoring white list.
S34:When monitoring to be not belonging to the port of port monitoring white list, port monitoring white list is not belonging to described in record
Port.
As a preferred embodiment, as shown in figure 5, above-mentioned steps S4 comprises the following steps:
S41:Obtain network external connection white list.
Specifically, according to distribution network safety standard, the network address of trust is counted, integrates the network of above-mentioned trust
Address, obtain the network external connection white list in the present embodiment.
S42:Distribution terminal local interface is called, obtains all opposite end addresses of distribution terminal network connection table.
S43:Judge whether the opposite end address of distribution terminal network connection table belongs to the network external connection white list.
S44:It is white that network external connection is not belonging to when monitoring to be not belonging to the opposite end address of network external connection white list, described in record
The opposite end address of list.
The opposite end address that above-mentioned record is not belonging to network external connection white list is included with recording the opposite end address and the opposite end
The time of distribution terminal is accessed in location.
As a preferred embodiment, as shown in fig. 6, above-mentioned steps S5 comprises the following steps:
S51:Obtain peripheral hardware access white list.
Specifically, according to the requirement to distribution terminal peripheral hardware access criteria, the list of the external equipment of trust is obtained, it is whole
The external equipment for stating trust is closed, obtains the peripheral hardware access white list in the present embodiment.
S52:Distribution terminal local interface is called, obtains distribution terminal external equipment table.
Specifically, real-time detection is mounted to the external equipment of distribution terminal local embedded system, and the external equipment includes
USB device and serial equipment.
S53:Judge whether the equipment in distribution terminal external equipment table belongs to the peripheral hardware access white list.
S54:When monitoring to be not belonging to the equipment of peripheral hardware access white list, peripheral hardware access white list is not belonging to described in record
Equipment.
The equipment for being not belonging to peripheral hardware access white list of above-mentioned record includes recording the time of equipment access distribution terminal
And device type.
The embodiment of the present invention also provides a kind of distribution terminal safety monitoring assembly realized based on agency, distribution terminal peace
The theory diagram of full monitoring device as shown in fig. 7, comprises:
Proxy module establishes unit 1, for proxy module to be locally created in the distribution terminal;The proxy module is directly transported
Row is in the backstage of distribution terminal embedded system.
Account weak passwurd monitoring unit 2, for by the proxy module by the account weak passwurd of acquisition and account name group
Merging logs in distribution terminal, and record logs in successful account weak passwurd.
Port monitoring abnormal state unit 3, for being obtained by the way that whether proxy module monitoring distribution terminal port belongs to
The port monitoring white list taken, record are not belonging to the port of port monitoring white list.
Violation network external connection monitoring abnormal state unit 4, connect for monitoring distribution terminal network by the proxy module
Whether the opposite end address for connecing table belongs to the network external connection white list of acquisition, and record is with being not belonging to the opposite end of network external connection white list
Location.
Illegal peripheral hardware access monitoring abnormal state unit 5, sets for being monitored by the proxy module outside distribution terminal
Standby whether to belong to peripheral hardware access white list, record is not belonging to the external equipment of peripheral hardware access white list.
The above-mentioned distribution terminal safety monitoring assembly realized based on agency provided by the invention, the agency of foundation are directly run
In embedded systems, the monitoring to distribution terminal directly invokes a small amount of native interface of operating system, does not use third party
Storehouse, it is extremely low to the average occupancy of system resource, meanwhile, system level or operation layer are not present between the agency and distribution terminal
Data syn-chronization operation and data communication interaction on face, therefore the distribution business of distribution terminal itself is not influenceed, also do not account for
With the network bandwidth of distribution system, realizing to the comprehensive safety monitoring in real time of distribution terminal, be distribution terminal fault source tracing
While accurate foundation is provided, operation lightweight and the requirement of service nondestructive are reached.
As a preferred embodiment, as shown in figure 8, above-mentioned account weak passwurd monitoring unit 2 includes:
Account weak passwurd acquiring unit 21, for obtaining account weak passwurd;The data source of account weak passwurd includes work
Control general field and actual production environment.
Account weak passwurd dictionary creation unit 22, for generating account weak passwurd dictionary;Wrapped in account weak passwurd dictionary
The security intensity of all weak passwurds and each account weak passwurd containing above-mentioned acquisition.
Account weak passwurd login unit 23, for taking out some account weak passwurds from the account weak passwurd dictionary, with
Account name combines and logs in the distribution terminal.
Account weak passwurd monitoring result recording unit 24, for when monitoring to log in successfully, record to log in successful account
Family weak passwurd.
As a preferred embodiment, as shown in figure 9, above-mentioned account weak passwurd login unit 23 further comprises:
Account weak passwurd class generation unit 231, account weak passwurd is carried out for the security intensity according to account weak passwurd
Classification, account weak passwurd class of the generation with different safety monitoring priority.
Account weak passwurd Traversal Unit 232, for taking out an account respectively from account weak passwurd class each described
Weak passwurd subset, since the account weak passwurd class of safety monitoring highest priority, travel through in all account weak passwurd subsets
Each account weak passwurd, each described account weak passwurd is combined with account name respectively and logs in the distribution terminal.
In a specific embodiment, the number of above-mentioned account weak passwurd class is m, the account weak passwurd subset bag of taking-up
Containing at least one account weak passwurd, number is designated as n, and when the number for the user name that distribution terminal logs in is p, above-mentioned traversal owns
The number of each account weak passwurd in account weak passwurd subset is m*n*p.Wherein, the method for above-mentioned traversal account weak passwurd
Can take out an account weak passwurd respectively from each account weak passwurd subset and combine with each account name respectively to log in
Distribution terminal, repeats the step n times, traverses each account weak passwurd of each account weak passwurd subset;It can also be, take
One account weak passwurd subset, each of which account weak passwurd is combined with each account name and logs in distribution terminal, is repeated
Step m times, travel through each account weak passwurd subset.
Because the account weak passwurd subset taken out from account weak passwurd class is far smaller than the size of weak passwurd class, can reduce
To the consumption of system resource during safety monitoring.
As a preferred embodiment, as shown in Figure 10, above-mentioned port monitoring abnormal state unit 3, including:
Port monitoring white list acquiring unit 31, for obtaining port monitoring white list;Specifically, pacified according to distribution port
Full specification, the list of the distribution port of trust is obtained, the port comprising distribution terminal itself and distribution terminal in the list
Business service port, integrate the distribution port of above-mentioned trust, obtain the port monitoring white list in the present embodiment.
Distribution terminal port list acquiring unit 32, for calling distribution terminal local interface, obtain distribution terminal port
List.
Distribution terminal port judging unit 33, for judging whether the port in the distribution terminal port list belongs to institute
State port monitoring white list.
Port abnormality recording unit 34, for when monitoring to be not belonging to the port of port monitoring white list, recording
The port for being not belonging to port monitoring white list.
As a preferred embodiment, as shown in figure 11, above-mentioned violation network external connection monitoring abnormal state unit 4,
Including:
Network external connection white list acquiring unit 41, for obtaining network external connection white list;Specifically, pacified according to distribution network
Full specification, the network address of trust is counted, integrate the network address of above-mentioned trust, obtain the network external connection in the present embodiment
White list.
Distribution terminal network connection table opposite end address acquisition unit 42, for calling distribution terminal local interface, acquisition is matched somebody with somebody
All opposite end addresses of electric terminals network connection table.
Distribution terminal network connection table opposite end address judging unit 43, for judging the opposite end of distribution terminal network connection table
Whether address belongs to the network connection white list.
Violation network external connection abnormality recording unit 44, monitor to be not belonging to the opposite end of network connection white list for working as
The opposite end address of network connection white list is not belonging to during address, described in record, including with recording the opposite end address and the opposite end
The time of distribution terminal is accessed in location.
As a preferred embodiment, as shown in figure 12, above-mentioned illegal peripheral hardware access monitoring abnormal state unit 5,
Including:
Peripheral hardware access white list acquiring unit 51, for obtaining peripheral hardware access white list;Specifically, according to distribution terminal
The requirement of peripheral hardware access criteria, the list of the external equipment of trust is obtained, integrate the external equipment of above-mentioned trust, obtain this
Peripheral hardware access white list in embodiment.
Distribution terminal external equipment table acquiring unit 52, for calling distribution terminal local interface, obtain outside distribution terminal
Portion's equipment list;Specifically, real-time detection is mounted to the external equipment of distribution terminal local embedded system, and the external equipment includes
USB device and serial equipment.
Distribution terminal external equipment judging unit 53, for judging whether the equipment in distribution terminal external equipment table belongs to
Peripheral hardware accesses white list.
Illegal peripheral hardware access abnormality recording unit 54, for when the equipment for monitoring to be not belonging to peripheral hardware access white list
When, the equipment of peripheral hardware access white list is not belonging to described in record, including record the time of equipment access distribution terminal and set
Standby type.
The embodiment of the present invention also provides a kind of distribution terminal 6, and the theory diagram of the distribution terminal 6 is as shown in figure 13, including
One or more processors 61;And the memory 62 with the communication connection of one or more of processors 61;With one in figure
Exemplified by processor 61.
Wherein, the memory 62 is stored with the instruction that can be performed by one processor 61, and the instruction is described
One or more processors 61 perform, so that one or more of processors 61 perform the above-mentioned distribution end realized based on agency
Hold safety monitoring method.
As shown in figure 14, above-mentioned distribution terminal 6 can also include:Input unit 63 and output device 64.
Processor 61, memory 62, input unit 63 can be connected with output device 64 by bus or other modes.
Processor 61 can be central processing unit (Central Processing Unit, CPU).Processor 61 can be with
For other general processors, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other PLDs, discrete gate or transistor logic,
The chips such as discrete hardware components, or the combination of above-mentioned all kinds of chips.General processor can be microprocessor or the processing
Device can also be any conventional processor etc..
Memory 62 is used as a kind of non-transient computer readable storage medium storing program for executing, available for storing non-transient software program, non-
Transient computer executable program and module, such as the distribution terminal safety monitoring realized based on agency in the embodiment of the present application
Programmed instruction/module corresponding to method.Processor 61 is by running the non-transient software program being stored in memory 62, instruction
And module, various function application and data processing so as to execute server.
Memory 62 can include storing program area and storage data field, wherein, storing program area can storage program area,
Application program required at least one function.In addition, memory 62 can include high-speed random access memory, can also wrap
Include non-transient memory, a for example, at least disk memory, flush memory device or other non-transient solid-state memories.
Above-mentioned input unit 63 can receive the numeral or character information of input, and produce the distribution with being realized based on agency
The key signals input that the user of terminal security monitoring device is set and function control is relevant.Output device 64 may include display screen
Deng display device.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Obviously, above-described embodiment is only intended to clearly illustrate example, and is not the restriction to embodiment.It is right
For those of ordinary skill in the art, can also make on the basis of the above description it is other it is various forms of change or
Change.There is no necessity and possibility to exhaust all the enbodiments.And the obvious change thus extended out or
Among changing still in the protection domain of the invention.
Claims (13)
- A kind of 1. distribution terminal safety monitoring method realized based on agency, suitable for distribution terminal, it is characterised in that including:Proxy module is locally created in the distribution terminal, following steps are performed by the proxy module:The account weak passwurd of acquisition is combined with account name and logs in distribution terminal, record logs in successful account weak passwurd;Whether monitoring distribution terminal port belongs to the port monitoring white list of acquisition, and record is not belonging to the end of port monitoring white list Mouthful;Whether the opposite end address of monitoring distribution terminal network connection table belongs to the network external connection white list of acquisition, and record is not belonging to net The opposite end address of network external connection white list;Whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, and record is not belonging to the outside of peripheral hardware access white list Equipment.
- 2. the distribution terminal safety monitoring method according to claim 1 realized based on agency, it is characterised in that will obtain Account weak passwurd combined with account name and log in distribution terminal, record log in successful account weak passwurd, including:Obtain account weak passwurd;Generate account weak passwurd dictionary;Some account weak passwurds are taken out from the account weak passwurd dictionary, is combined with account name and logs in the distribution terminal;When monitoring to log in successfully, record logs in successful account weak passwurd.
- 3. the distribution terminal safety monitoring method according to claim 2 realized based on agency, it is characterised in that from described Some account weak passwurds are taken out in account weak passwurd dictionary, is combined with account name and logs in the distribution terminal, including:Account weak passwurd is classified according to the security intensity of account weak passwurd, generation has different safety monitoring priority Account weak passwurd class;An account weak passwurd subset is taken out respectively from account weak passwurd class each described, from safety monitoring highest priority Account weak passwurd class start, travel through each account weak passwurd in all account weak passwurd subsets, will each described account Family weak passwurd combines with account name and logs in the distribution terminal respectively.
- 4. the distribution terminal safety monitoring method according to claim 1 realized based on agency, it is characterised in that monitoring is matched somebody with somebody Whether electric terminals port belongs to the port monitoring white list of acquisition, and record is not belonging to the port of port monitoring white list, including:Obtain port monitoring white list;Distribution terminal local interface is called, obtains distribution terminal port list;Judge whether the port in the distribution terminal port list belongs to the port monitoring white list;When monitoring to be not belonging to the port of port monitoring white list, the port of port monitoring white list is not belonging to described in record.
- 5. the distribution terminal safety monitoring method according to claim 1 realized based on agency, it is characterised in that monitoring is matched somebody with somebody Whether the opposite end address of electric terminals network connection table belongs to the network external connection white list of acquisition, and record is not belonging to the white name of network external connection Single opposite end address, including:Obtain network external connection white list;Distribution terminal local interface is called, obtains all opposite end addresses of distribution terminal network connection table;Judge whether the opposite end address of distribution terminal network connection table belongs to the network external connection white list;When monitoring to be not belonging to the opposite end address of network external connection white list, pair of network external connection white list is not belonging to described in record Hold address.
- 6. the distribution terminal safety monitoring method according to claim 1 realized based on agency, it is characterised in that monitoring is matched somebody with somebody Whether electric terminals external equipment belongs to peripheral hardware access white list, and record is not belonging to the external equipment of peripheral hardware access white list, including:Obtain peripheral hardware access white list;Distribution terminal local interface is called, obtains distribution terminal external equipment table;Judge whether the equipment in distribution terminal external equipment table belongs to the peripheral hardware access white list;When monitoring to be not belonging to the equipment of peripheral hardware access white list, the equipment that peripheral hardware accesses white list is not belonging to described in record.
- A kind of 7. distribution terminal safety monitoring assembly realized based on agency, it is characterised in that including:Proxy module establishes unit, for proxy module to be locally created in the distribution terminal;Account weak passwurd monitoring unit, for the account weak passwurd of acquisition to be combined and stepped on account name by the proxy module Land distribution terminal, record log in successful account weak passwurd;Port monitoring abnormal state unit, for whether belonging to the end of acquisition by proxy module monitoring distribution terminal port Mouth monitoring white list, record are not belonging to the port of port monitoring white list;Violation network external connection monitoring abnormal state unit, for monitoring distribution terminal network connection table by the proxy module Whether opposite end address belongs to the network external connection white list of acquisition, and record is not belonging to the opposite end address of network external connection white list;Illegal peripheral hardware access monitoring abnormal state unit, for whether monitoring distribution terminal external equipment by the proxy module Belong to peripheral hardware access white list, record is not belonging to the external equipment of peripheral hardware access white list.
- 8. the distribution terminal safety monitoring assembly according to claim 7 realized based on agency, it is characterised in that the account Family weak passwurd monitoring unit, including:Account weak passwurd acquiring unit, for obtaining account weak passwurd;Account weak passwurd dictionary creation unit, for generating account weak passwurd dictionary;Account weak passwurd login unit, for taking out some account weak passwurds from the account weak passwurd dictionary, with account name Combine and log in the distribution terminal;Account weak passwurd monitoring result recording unit, for when monitoring to log in successfully, record to log in the weak mouth of successful account Order.
- 9. the distribution terminal safety monitoring assembly according to claim 8 realized based on agency, it is characterised in that the account Family weak passwurd login unit, including:Account weak passwurd class generation unit, account weak passwurd is classified for the security intensity according to account weak passwurd, it is raw Into the account weak passwurd class with different safety monitoring priority;Account weak passwurd Traversal Unit, for taking out account weak passwurd respectively from account weak passwurd class each described Collection, since the account weak passwurd class of safety monitoring highest priority, travels through each account in all account weak passwurd subsets Family weak passwurd, each described account weak passwurd is combined with account name respectively and logs in the distribution terminal.
- 10. the distribution terminal safety monitoring assembly according to claim 7 realized based on agency, it is characterised in that described Port monitoring abnormal state unit, including:Port monitors white list acquiring unit, for obtaining port monitoring white list;Distribution terminal port list acquiring unit, for calling distribution terminal local interface, obtain distribution terminal port list;Distribution terminal port judging unit, for judging whether the port in the distribution terminal port list belongs to the port Monitor white list;Port abnormality recording unit, for when monitoring to be not belonging to the port of port monitoring white list, described in record not Belong to the port of port monitoring white list.
- 11. the distribution terminal safety monitoring assembly according to claim 7 realized based on agency, it is characterised in that described Violation network external connection monitoring abnormal state unit, including:Network external connection white list acquiring unit, for obtaining network external connection white list;Distribution terminal network connection table opposite end address acquisition unit, for calling distribution terminal local interface, obtain distribution terminal All opposite end addresses of network connection table;Distribution terminal network connection table opposite end address judging unit, for judging that the opposite end address of distribution terminal network connection table is It is no to belong to the network connection white list;Violation network external connection abnormality recording unit, monitor to be not belonging to the opposite end address of network connection white list for working as When, the opposite end address of network connection white list is not belonging to described in record.
- 12. the distribution terminal safety monitoring assembly according to claim 7 realized based on agency, it is characterised in that described Illegal peripheral hardware access monitoring abnormal state unit, including:Peripheral hardware accesses white list acquiring unit, for obtaining peripheral hardware access white list;Distribution terminal external equipment table acquiring unit, for calling distribution terminal local interface, obtain distribution terminal external equipment Table;Distribution terminal external equipment judging unit, connect for judging whether the equipment in distribution terminal external equipment table belongs to peripheral hardware Enter white list;Illegal peripheral hardware access abnormality recording unit, for when monitoring to be not belonging to the equipment of peripheral hardware access white list, remembering The equipment of peripheral hardware access white list is not belonging to described in record.
- A kind of 13. distribution terminal, it is characterised in that including:At least one processor;And the memory being connected with least one processor communication;Wherein, the memory is deposited Contain can by the instruction of one computing device, the instruction by least one computing device so that it is described extremely Few computing device distribution terminal safety monitoring side as claimed in any one of claims 1 to 6 realized based on agency Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710581802.XA CN107566334B (en) | 2017-07-17 | 2017-07-17 | A kind of distribution terminal safety monitoring method and device realized based on agency |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710581802.XA CN107566334B (en) | 2017-07-17 | 2017-07-17 | A kind of distribution terminal safety monitoring method and device realized based on agency |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107566334A true CN107566334A (en) | 2018-01-09 |
CN107566334B CN107566334B (en) | 2019-10-01 |
Family
ID=60973523
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710581802.XA Active CN107566334B (en) | 2017-07-17 | 2017-07-17 | A kind of distribution terminal safety monitoring method and device realized based on agency |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107566334B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108595939A (en) * | 2018-03-15 | 2018-09-28 | 北京雷石天地电子技术有限公司 | A kind of method and system authorizing external equipment permission |
CN108881211A (en) * | 2018-06-11 | 2018-11-23 | 杭州盈高科技有限公司 | A kind of illegal external connection detection method and device |
CN114338074A (en) * | 2021-11-09 | 2022-04-12 | 国网浙江省电力有限公司宁波供电公司 | Automatic detection method and detection system for IP white list of power distribution terminal |
CN114466064A (en) * | 2021-12-31 | 2022-05-10 | 航天银山电气有限公司 | Transformer substation network security agent method and device and readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468631A (en) * | 2014-12-31 | 2015-03-25 | 国家电网公司 | Network intrusion identification method based on anomaly flow and black-white list library of IP terminal |
CN106603489A (en) * | 2016-11-08 | 2017-04-26 | 南京南瑞继保电气有限公司 | Network security management and control apparatus for transformer substation |
US10193706B2 (en) * | 2015-10-21 | 2019-01-29 | Arris Enterprises Llc | Distributed rule provisioning in an extended bridge |
-
2017
- 2017-07-17 CN CN201710581802.XA patent/CN107566334B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468631A (en) * | 2014-12-31 | 2015-03-25 | 国家电网公司 | Network intrusion identification method based on anomaly flow and black-white list library of IP terminal |
US10193706B2 (en) * | 2015-10-21 | 2019-01-29 | Arris Enterprises Llc | Distributed rule provisioning in an extended bridge |
CN106603489A (en) * | 2016-11-08 | 2017-04-26 | 南京南瑞继保电气有限公司 | Network security management and control apparatus for transformer substation |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108595939A (en) * | 2018-03-15 | 2018-09-28 | 北京雷石天地电子技术有限公司 | A kind of method and system authorizing external equipment permission |
CN108881211A (en) * | 2018-06-11 | 2018-11-23 | 杭州盈高科技有限公司 | A kind of illegal external connection detection method and device |
CN114338074A (en) * | 2021-11-09 | 2022-04-12 | 国网浙江省电力有限公司宁波供电公司 | Automatic detection method and detection system for IP white list of power distribution terminal |
CN114466064A (en) * | 2021-12-31 | 2022-05-10 | 航天银山电气有限公司 | Transformer substation network security agent method and device and readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107566334B (en) | 2019-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wang et al. | Fog computing: Issues and challenges in security and forensics | |
CN107566334B (en) | A kind of distribution terminal safety monitoring method and device realized based on agency | |
CN105450636B (en) | A kind of cloud computing management system | |
CN109614093B (en) | Visual intelligent contract system and intelligent contract processing method | |
CN110162979A (en) | A kind of safety detecting method, device, electronic equipment and the storage medium of Web API | |
CN113254445B (en) | Real-time data storage method, device, computer equipment and storage medium | |
CN114327803A (en) | Method, apparatus, device and medium for accessing machine learning model by block chain | |
CN106534242A (en) | Processing method and device for requests in distributed system | |
CN106502875A (en) | A kind of daily record generation method and system based on cloud computing | |
CN107168844B (en) | Performance monitoring method and device | |
CN111193633A (en) | Method and device for detecting abnormal network connection | |
CN116545678A (en) | Network security protection method, device, computer equipment and storage medium | |
CN114338684A (en) | Energy management system and method | |
CN115168848B (en) | Interception feedback processing method based on big data analysis interception | |
CN111130882A (en) | Monitoring system and method of network equipment | |
Sui et al. | Edge computing and AIoT based network intrusion detection mechanism | |
CN115984481A (en) | Visual industrial digital simulation management system | |
CN115719147A (en) | Power transmission line inspection data processing method, device and platform | |
CN115828256A (en) | Unauthorized and unauthorized logic vulnerability detection method | |
CN115470489A (en) | Detection model training method, detection method, device and computer readable medium | |
CN114513329A (en) | Industrial Internet information security assessment method and device | |
Tong et al. | Application of frequent item set mining algorithm in IDS based on Hadoop framework | |
CN107766216A (en) | It is a kind of to be used to obtain the method and apparatus using execution information | |
CN113778777A (en) | Log playback method and device | |
Xie et al. | Research on Information Sharing System of Digital Library in Cloud Computing Environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing Applicant after: Global energy Internet Institute, Inc. Applicant after: State Grid Corporation of China Address before: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing Applicant before: Global energy Internet Institute, Inc. Applicant before: State Grid Corporation of China |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |