CN107566334A - A kind of distribution terminal safety monitoring method and device realized based on agency - Google Patents

A kind of distribution terminal safety monitoring method and device realized based on agency Download PDF

Info

Publication number
CN107566334A
CN107566334A CN201710581802.XA CN201710581802A CN107566334A CN 107566334 A CN107566334 A CN 107566334A CN 201710581802 A CN201710581802 A CN 201710581802A CN 107566334 A CN107566334 A CN 107566334A
Authority
CN
China
Prior art keywords
distribution terminal
white list
monitoring
account
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710581802.XA
Other languages
Chinese (zh)
Other versions
CN107566334B (en
Inventor
马媛媛
张涛
费稼轩
周诚
范杰
程光
袁霞
汪晨
石聪聪
邵志鹏
郭骞
张波
王齐
陈明立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Original Assignee
State Grid Corp of China SGCC
Global Energy Interconnection Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Global Energy Interconnection Research Institute filed Critical State Grid Corp of China SGCC
Priority to CN201710581802.XA priority Critical patent/CN107566334B/en
Publication of CN107566334A publication Critical patent/CN107566334A/en
Application granted granted Critical
Publication of CN107566334B publication Critical patent/CN107566334B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Alarm Systems (AREA)

Abstract

The present invention proposes a kind of distribution terminal safety monitoring method and device realized based on agency, and the distribution terminal safety monitoring method includes:Proxy module is locally created in distribution terminal, is performed by the proxy module:The account weak passwurd of acquisition is combined with account name and logs in distribution terminal, record logs in successful account weak passwurd;Whether monitoring distribution terminal port belongs to the port monitoring white list of acquisition, and record is not belonging to the port of port monitoring white list;Whether the opposite end address of monitoring distribution terminal network connection table belongs to the network external connection white list of acquisition, and record is not belonging to the opposite end address of network external connection white list;Whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, and record is not belonging to the external equipment of peripheral hardware access white list.Agency of the present invention has reached operation lightweight and the requirement of service nondestructive while realizing to distribution terminal safety monitoring in real time comprehensively.

Description

A kind of distribution terminal safety monitoring method and device realized based on agency
Technical field
The present invention relates to security information for power system field, and in particular to a kind of distribution terminal safety monitoring realized based on agency Method and device.
Background technology
With quickly propelling for intelligent grid and energy internet, the degree more and more higher of Automation of Electric Systems, for more Add effective analysis power business, raise the professional level, it is a large amount of to use in the power businesses such as power transformation, transmission of electricity, electricity consumption, distribution Intelligent terminal carries out information search to live power equipment.Because field of power distribution has the field feature of itself, including divide Cloth environment is complicated, unattended and terminal device has a wide range of application, and causes distribution terminal equipment to be easier to be attacked with system Hit.Intelligent distribution terminal easily produces leak, lacked in use for illegal due to lacking unified safety Design The auditability of the behaviors such as operation, unauthorized access, so as to cause the huge risk of system security presence.Distribution terminal uses mostly Embedded real time system, its resource and processing operational capability are limited, it is difficult to bear the safety monitoring of high load capacity.
The content of the invention
In view of above-mentioned analysis, the present invention proposes a kind of distribution terminal safety monitoring method and dress realized based on agency Put, the safety monitoring for bearing high load capacity to solve the problems, such as distribution terminal to be difficult to.
The purpose of the present invention is achieved through the following technical solutions:
The present invention proposes a kind of distribution terminal safety monitoring method realized based on agency, suitable for distribution terminal, bag Include:Proxy module is locally created in the distribution terminal, following steps are performed by the proxy module:The account of acquisition is weak Password combines with account name and logs in distribution terminal, and record logs in successful account weak passwurd;Whether monitor distribution terminal port Belong to the port monitoring white list of acquisition, record is not belonging to the port of port monitoring white list;Monitor distribution terminal network connection Whether the opposite end address of table belongs to the network external connection white list of acquisition, and record is not belonging to the opposite end address of network external connection white list; Whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, and the outside that record is not belonging to peripheral hardware access white list is set It is standby.
As a preferred embodiment, the account weak passwurd of acquisition is combined with account name and logs in distribution terminal, Record logs in successful account weak passwurd, including:Obtain account weak passwurd;Generate account weak passwurd dictionary;It is weak from the account Some account weak passwurds are taken out in password dictionary, is combined with account name and logs in the distribution terminal;When monitoring to log in success When, record logs in successful account weak passwurd.
As a preferred embodiment, some account weak passwurds are taken out from the account weak passwurd dictionary, with account Name in an account book combines and logs in the distribution terminal, including:Account weak passwurd is classified according to the security intensity of account weak passwurd, Account weak passwurd class of the generation with different safety monitoring priority;From taking out one respectively in account weak passwurd class each described Individual account weak passwurd subset, since the account weak passwurd class of safety monitoring highest priority, travel through all account weak passwurd Each the account weak passwurd concentrated, each described account weak passwurd is combined with account name respectively and logs in the distribution end End.
As a preferred embodiment, whether monitoring distribution terminal port belongs to the port monitoring white list of acquisition, Record is not belonging to the port of port monitoring white list, including:Obtain port monitoring white list;Distribution terminal local interface is called, Obtain distribution terminal port list;Judge whether the port in the distribution terminal port list belongs to the port and monitor white name It is single;When monitoring to be not belonging to the port of port monitoring white list, the port of port monitoring white list is not belonging to described in record.
As a preferred embodiment, whether the opposite end address of monitoring distribution terminal network connection table belongs to acquisition Network external connection white list, record are not belonging to the opposite end address of network external connection white list, including:Obtain network external connection white list;Adjust With distribution terminal local interface, all opposite end addresses of acquisition distribution terminal network connection table;Judge distribution terminal network connection Whether the opposite end address of table belongs to the network external connection white list;When the opposite end address for monitoring to be not belonging to network external connection white list When, the opposite end address of network external connection white list is not belonging to described in record.
As a preferred embodiment, whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, note Record is not belonging to the external equipment of peripheral hardware access white list, including:Obtain peripheral hardware access white list;Distribution terminal is called locally to connect Mouthful, obtain distribution terminal external equipment table;Judge whether the equipment in distribution terminal external equipment table belongs to the peripheral hardware access White list;When monitoring to be not belonging to the equipment of peripheral hardware access white list, setting for peripheral hardware access white list is not belonging to described in record It is standby.
The present invention also proposes a kind of distribution terminal safety monitoring assembly realized based on agency, including:Proxy module is established Unit, for proxy module to be locally created in the distribution terminal;Account weak passwurd monitoring unit, for acting on behalf of mould by described The account weak passwurd of acquisition is combined and logs in distribution terminal by block with account name, and record logs in successful account weak passwurd;Port Monitoring abnormal state unit, for monitoring whether distribution terminal port belongs to the port monitoring of acquisition in vain by the proxy module List, record are not belonging to the port of port monitoring white list;Violation network external connection monitoring abnormal state unit, for by described Whether the opposite end address of proxy module monitoring distribution terminal network connection table belongs to the network external connection white list of acquisition, and record does not belong to In the opposite end address of network external connection white list;Illegal peripheral hardware access monitoring abnormal state unit, for passing through the proxy module Whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, and the outside that record is not belonging to peripheral hardware access white list is set It is standby.
As a preferred embodiment, the account weak passwurd monitoring unit, including:Account weak passwurd obtains single Member, for obtaining account weak passwurd;Account weak passwurd dictionary creation unit, for generating account weak passwurd dictionary;The weak mouth of account Login unit is made, for taking out some account weak passwurds from the account weak passwurd dictionary, is combined with account name and logs in institute State distribution terminal;Account weak passwurd monitoring result recording unit, for when monitoring to log in successfully, record to log in successful account Family weak passwurd.
As a preferred embodiment, the account weak passwurd login unit, including:The generation of account weak passwurd class is single Member, account weak passwurd is classified for the security intensity according to account weak passwurd, generation has different safety monitorings preferential The account weak passwurd class of level;Account weak passwurd Traversal Unit, for from taking out one respectively in account weak passwurd class each described Individual account weak passwurd subset, since the account weak passwurd class of safety monitoring highest priority, travel through all account weak passwurd Each the account weak passwurd concentrated, each described account weak passwurd is combined with account name respectively and logs in the distribution end End.
As a preferred embodiment, the port monitoring abnormal state unit, including:Port monitoring white list obtains Unit is taken, for obtaining port monitoring white list;Distribution terminal port list acquiring unit, for calling distribution terminal locally to connect Mouthful, obtain distribution terminal port list;Distribution terminal port judging unit, for judging in the distribution terminal port list Whether port belongs to the port monitoring white list;Port abnormality recording unit, monitor to be not belonging to port prison for working as When surveying the port of white list, the port of port monitoring white list is not belonging to described in record.
As a preferred embodiment, the violation network external connection monitoring abnormal state unit, including:Network external connection White list acquiring unit, for obtaining network external connection white list;Distribution terminal network connection table opposite end address acquisition unit, is used for Distribution terminal local interface is called, obtains all opposite end addresses of distribution terminal network connection table;Distribution terminal network connection table Whether opposite end address judging unit, the opposite end address for judging distribution terminal network connection table belong to the white name of the network connection It is single;Violation network external connection abnormality recording unit, for when monitoring to be not belonging to the opposite end address of network connection white list, The opposite end address of network connection white list is not belonging to described in record.
As a preferred embodiment, the illegal peripheral hardware access monitoring abnormal state unit, including:Peripheral hardware accesses White list acquiring unit, for obtaining peripheral hardware access white list;Distribution terminal external equipment table acquiring unit, for calling distribution Terminal local interface, obtain distribution terminal external equipment table;Distribution terminal external equipment judging unit, for judging distribution terminal Whether the equipment in external equipment table belongs to peripheral hardware access white list;Illegal peripheral hardware access abnormality recording unit, for working as When monitoring to be not belonging to the equipment of peripheral hardware access white list, the equipment that peripheral hardware accesses white list is not belonging to described in record.
The present invention also proposes a kind of distribution terminal, including:At least one processor;And with least one processor The memory of communication connection;Wherein, have can be by the instruction of one computing device, the instruction quilt for the memory storage At least one computing device, so that the distribution terminal realized based on agency described at least one computing device Any one in safety monitoring method.
Technical scheme proposed by the present invention, compared with prior art, at least have the following advantages that:
The present invention proposes a kind of distribution terminal safety monitoring method and device realized based on agency, in distribution terminal sheet Proxy module is established on ground, is performed by the proxy module:The account weak passwurd of acquisition is combined with account name and logs in distribution Terminal, record log in successful account weak passwurd;Whether monitoring distribution terminal port belongs to the port monitoring white list of acquisition, note Record is not belonging to the port of port monitoring white list;Whether the opposite end address of monitoring distribution terminal network connection table belongs to the net of acquisition Network external connection white list, record are not belonging to the opposite end address of network external connection white list;Whether monitoring distribution terminal external equipment belongs to Peripheral hardware accesses white list, and record is not belonging to the external equipment of peripheral hardware access white list.Agency of the present invention runs directly in embedding In embedded system, the monitoring to distribution terminal directly invokes a small amount of native interface of operating system, does not use third party library, right The average occupancy of system resource is extremely low, meanwhile, system level or service layer is not present between the agency and distribution terminal On data syn-chronization operation and data communication interaction, therefore the distribution business of distribution terminal itself is not influenceed, is also not take up The network bandwidth of distribution system, carried realizing to the comprehensive safety monitoring in real time of distribution terminal, for distribution terminal fault source tracing While for accurate foundation, operation lightweight and the requirement of service nondestructive are reached.
Brief description of the drawings
, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art The required accompanying drawing used is briefly described in embodiment or description of the prior art, it should be apparent that, in describing below Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid Put, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a specific example of the distribution terminal safety monitoring method realized in the embodiment of the present invention based on agency Flow chart;
Fig. 2 is that the account weak passwurd of acquisition is combined with account name in the embodiment of the present invention and logs in distribution terminal and records Log in the flow chart of a specific example of the method for successful account weak passwurd;
Fig. 3 is that some account weak passwurds are taken out from account weak passwurd dictionary in the embodiment of the present invention and are combined with account name Log in the flow chart of a specific example of the method for distribution terminal;
Fig. 4 is to monitor whether distribution terminal port belongs to the port monitoring white list of acquisition and record in the embodiment of the present invention It is not belonging to the flow chart of a specific example of the method for the port of port monitoring white list;
Fig. 5 is whether the opposite end address of monitoring distribution terminal network connection table in the embodiment of the present invention belongs to the network of acquisition External connection white list and the flow chart for recording a specific example of the method for the opposite end address for being not belonging to network external connection white list;
Fig. 6 is that whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list and record not in the embodiment of the present invention Belong to the flow chart of the method for the external equipment of peripheral hardware access white list;
Fig. 7 is a specific example of the distribution terminal safety monitoring assembly realized in the embodiment of the present invention based on agency Theory diagram;
Fig. 8 is the theory diagram of a specific example of account weak passwurd monitoring unit in the embodiment of the present invention;
Fig. 9 is the theory diagram of a specific example of account weak passwurd login unit in the embodiment of the present invention;
Figure 10 is the theory diagram of a specific example of middle port monitoring abnormal state unit of the embodiment of the present invention;
Figure 11 is the principle of a specific example of violation network external connection monitoring abnormal state unit in the embodiment of the present invention Block diagram;
Figure 12 is the principle of the specific example that illegal peripheral hardware accesses monitoring abnormal state unit in the embodiment of the present invention Block diagram;
Figure 13 is the theory diagram of a specific example of distribution terminal in the embodiment of the present invention;
Figure 14 is the theory diagram of a specific example of distribution terminal in the embodiment of the present invention.
Embodiment
Technical scheme is clearly and completely described below in conjunction with accompanying drawing, it is clear that described implementation Example is part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill The every other embodiment that personnel are obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
As long as in addition, technical characteristic involved in invention described below different embodiments non-structure each other It is be combined with each other into conflict can.
The embodiment of the present invention provides a kind of distribution terminal safety monitoring method realized based on agency, whole suitable for distribution End, the flow chart of the distribution terminal safety monitoring method is as shown in figure 1, comprise the following steps:
S1:Proxy module is locally created in the distribution terminal.
Above-mentioned proxy module is run directly in the backstage of distribution terminal embedded system.
S2:The account weak passwurd of acquisition is combined with account name by above-mentioned proxy module and logs in distribution terminal, is recorded Log in successful account weak passwurd.
S3:The port for whether belonging to acquisition by above-mentioned proxy module monitoring distribution terminal port monitors white list, record It is not belonging to the port of port monitoring white list.
S4:Whether belong to the network of acquisition by the opposite end address of above-mentioned proxy module monitoring distribution terminal network connection table External connection white list, record are not belonging to the opposite end address of network external connection white list.
S5:Monitor whether distribution terminal external equipment belongs to peripheral hardware access white list by above-mentioned proxy module, record is not Belong to the external equipment of peripheral hardware access white list.
In the above-mentioned distribution terminal safety monitoring method realized based on agency provided in an embodiment of the present invention, the agency of foundation Run directly in embedded system, the monitoring to distribution terminal directly invokes a small amount of native interface of operating system, does not use It is extremely low to the average occupancy of system resource to third party library, meanwhile, system level is not present between the agency and distribution terminal Or data syn-chronization operation and data communication interaction in service layer, therefore there is no shadow to the distribution business of distribution terminal itself Ring, be also not take up the network bandwidth of distribution system, realizing to the comprehensive safety monitoring in real time of distribution terminal, be distribution terminal While fault source tracing provides accurate foundation, operation lightweight and the requirement of service nondestructive are reached.
As a preferred embodiment, as shown in Fig. 2 above-mentioned steps S2 comprises the following steps:
S21:Obtain account weak passwurd.
The data source of above-mentioned account weak passwurd includes industry control general field and actual production environment.
S22:Generate account weak passwurd dictionary.
Specifically, the peace of all weak passwurds comprising above-mentioned acquisition and each account weak passwurd in account weak passwurd dictionary Full strength.
S23:Some account weak passwurds are taken out from above-mentioned account weak passwurd dictionary, is combined with account name and logs in described match somebody with somebody Electric terminals.
S24:When monitoring to log in successfully, record logs in successful account weak passwurd.
As a preferred embodiment, as shown in figure 3, above-mentioned steps S23 further comprises:
S231:Account weak passwurd is classified according to the security intensity of account weak passwurd, there are different safety to supervise for generation Survey the account weak passwurd class of priority.
S232:Take out an account weak passwurd subset respectively from each account weak passwurd class, it is preferential from safety monitoring Level highest account weak passwurd class starts, and travels through each account weak passwurd in all account weak passwurd subsets, will be described every One account weak passwurd combines with account name and logs in the distribution terminal respectively.
In a specific embodiment, the number of above-mentioned account weak passwurd class is m, the account weak passwurd subset bag of taking-up Containing at least one account weak passwurd, number is designated as n, and when the number for the user name that distribution terminal logs in is p, above-mentioned traversal owns The number of each account weak passwurd in account weak passwurd subset is m*n*p.Wherein, the method for above-mentioned traversal account weak passwurd Can take out an account weak passwurd respectively from each account weak passwurd subset and combine with each account name respectively to log in Distribution terminal, repeats the step n times, traverses each account weak passwurd of each account weak passwurd subset;It can also be, take One account weak passwurd subset, each of which account weak passwurd is combined with each account name and logs in distribution terminal, is repeated Step m times, travel through each account weak passwurd subset.
Because the account weak passwurd subset taken out from account weak passwurd class is far smaller than the size of weak passwurd class, can reduce To the consumption of system resource during safety monitoring.
As a preferred embodiment, as shown in figure 4, above-mentioned steps S3 comprises the following steps:
S31:Obtain port monitoring white list.
Specifically, according to distribution port safety standard, the list of the distribution port of trust is obtained, includes and matches somebody with somebody in the list The port of electric terminals itself and the business service port of distribution terminal, integrate the distribution port of above-mentioned trust, obtain this reality Apply the port monitoring white list in example.
S32:Distribution terminal local interface is called, obtains distribution terminal port list.
S33:Judge whether the port in the distribution terminal port list belongs to the port monitoring white list.
S34:When monitoring to be not belonging to the port of port monitoring white list, port monitoring white list is not belonging to described in record Port.
As a preferred embodiment, as shown in figure 5, above-mentioned steps S4 comprises the following steps:
S41:Obtain network external connection white list.
Specifically, according to distribution network safety standard, the network address of trust is counted, integrates the network of above-mentioned trust Address, obtain the network external connection white list in the present embodiment.
S42:Distribution terminal local interface is called, obtains all opposite end addresses of distribution terminal network connection table.
S43:Judge whether the opposite end address of distribution terminal network connection table belongs to the network external connection white list.
S44:It is white that network external connection is not belonging to when monitoring to be not belonging to the opposite end address of network external connection white list, described in record The opposite end address of list.
The opposite end address that above-mentioned record is not belonging to network external connection white list is included with recording the opposite end address and the opposite end The time of distribution terminal is accessed in location.
As a preferred embodiment, as shown in fig. 6, above-mentioned steps S5 comprises the following steps:
S51:Obtain peripheral hardware access white list.
Specifically, according to the requirement to distribution terminal peripheral hardware access criteria, the list of the external equipment of trust is obtained, it is whole The external equipment for stating trust is closed, obtains the peripheral hardware access white list in the present embodiment.
S52:Distribution terminal local interface is called, obtains distribution terminal external equipment table.
Specifically, real-time detection is mounted to the external equipment of distribution terminal local embedded system, and the external equipment includes USB device and serial equipment.
S53:Judge whether the equipment in distribution terminal external equipment table belongs to the peripheral hardware access white list.
S54:When monitoring to be not belonging to the equipment of peripheral hardware access white list, peripheral hardware access white list is not belonging to described in record Equipment.
The equipment for being not belonging to peripheral hardware access white list of above-mentioned record includes recording the time of equipment access distribution terminal And device type.
The embodiment of the present invention also provides a kind of distribution terminal safety monitoring assembly realized based on agency, distribution terminal peace The theory diagram of full monitoring device as shown in fig. 7, comprises:
Proxy module establishes unit 1, for proxy module to be locally created in the distribution terminal;The proxy module is directly transported Row is in the backstage of distribution terminal embedded system.
Account weak passwurd monitoring unit 2, for by the proxy module by the account weak passwurd of acquisition and account name group Merging logs in distribution terminal, and record logs in successful account weak passwurd.
Port monitoring abnormal state unit 3, for being obtained by the way that whether proxy module monitoring distribution terminal port belongs to The port monitoring white list taken, record are not belonging to the port of port monitoring white list.
Violation network external connection monitoring abnormal state unit 4, connect for monitoring distribution terminal network by the proxy module Whether the opposite end address for connecing table belongs to the network external connection white list of acquisition, and record is with being not belonging to the opposite end of network external connection white list Location.
Illegal peripheral hardware access monitoring abnormal state unit 5, sets for being monitored by the proxy module outside distribution terminal Standby whether to belong to peripheral hardware access white list, record is not belonging to the external equipment of peripheral hardware access white list.
The above-mentioned distribution terminal safety monitoring assembly realized based on agency provided by the invention, the agency of foundation are directly run In embedded systems, the monitoring to distribution terminal directly invokes a small amount of native interface of operating system, does not use third party Storehouse, it is extremely low to the average occupancy of system resource, meanwhile, system level or operation layer are not present between the agency and distribution terminal Data syn-chronization operation and data communication interaction on face, therefore the distribution business of distribution terminal itself is not influenceed, also do not account for With the network bandwidth of distribution system, realizing to the comprehensive safety monitoring in real time of distribution terminal, be distribution terminal fault source tracing While accurate foundation is provided, operation lightweight and the requirement of service nondestructive are reached.
As a preferred embodiment, as shown in figure 8, above-mentioned account weak passwurd monitoring unit 2 includes:
Account weak passwurd acquiring unit 21, for obtaining account weak passwurd;The data source of account weak passwurd includes work Control general field and actual production environment.
Account weak passwurd dictionary creation unit 22, for generating account weak passwurd dictionary;Wrapped in account weak passwurd dictionary The security intensity of all weak passwurds and each account weak passwurd containing above-mentioned acquisition.
Account weak passwurd login unit 23, for taking out some account weak passwurds from the account weak passwurd dictionary, with Account name combines and logs in the distribution terminal.
Account weak passwurd monitoring result recording unit 24, for when monitoring to log in successfully, record to log in successful account Family weak passwurd.
As a preferred embodiment, as shown in figure 9, above-mentioned account weak passwurd login unit 23 further comprises:
Account weak passwurd class generation unit 231, account weak passwurd is carried out for the security intensity according to account weak passwurd Classification, account weak passwurd class of the generation with different safety monitoring priority.
Account weak passwurd Traversal Unit 232, for taking out an account respectively from account weak passwurd class each described Weak passwurd subset, since the account weak passwurd class of safety monitoring highest priority, travel through in all account weak passwurd subsets Each account weak passwurd, each described account weak passwurd is combined with account name respectively and logs in the distribution terminal.
In a specific embodiment, the number of above-mentioned account weak passwurd class is m, the account weak passwurd subset bag of taking-up Containing at least one account weak passwurd, number is designated as n, and when the number for the user name that distribution terminal logs in is p, above-mentioned traversal owns The number of each account weak passwurd in account weak passwurd subset is m*n*p.Wherein, the method for above-mentioned traversal account weak passwurd Can take out an account weak passwurd respectively from each account weak passwurd subset and combine with each account name respectively to log in Distribution terminal, repeats the step n times, traverses each account weak passwurd of each account weak passwurd subset;It can also be, take One account weak passwurd subset, each of which account weak passwurd is combined with each account name and logs in distribution terminal, is repeated Step m times, travel through each account weak passwurd subset.
Because the account weak passwurd subset taken out from account weak passwurd class is far smaller than the size of weak passwurd class, can reduce To the consumption of system resource during safety monitoring.
As a preferred embodiment, as shown in Figure 10, above-mentioned port monitoring abnormal state unit 3, including:
Port monitoring white list acquiring unit 31, for obtaining port monitoring white list;Specifically, pacified according to distribution port Full specification, the list of the distribution port of trust is obtained, the port comprising distribution terminal itself and distribution terminal in the list Business service port, integrate the distribution port of above-mentioned trust, obtain the port monitoring white list in the present embodiment.
Distribution terminal port list acquiring unit 32, for calling distribution terminal local interface, obtain distribution terminal port List.
Distribution terminal port judging unit 33, for judging whether the port in the distribution terminal port list belongs to institute State port monitoring white list.
Port abnormality recording unit 34, for when monitoring to be not belonging to the port of port monitoring white list, recording The port for being not belonging to port monitoring white list.
As a preferred embodiment, as shown in figure 11, above-mentioned violation network external connection monitoring abnormal state unit 4, Including:
Network external connection white list acquiring unit 41, for obtaining network external connection white list;Specifically, pacified according to distribution network Full specification, the network address of trust is counted, integrate the network address of above-mentioned trust, obtain the network external connection in the present embodiment White list.
Distribution terminal network connection table opposite end address acquisition unit 42, for calling distribution terminal local interface, acquisition is matched somebody with somebody All opposite end addresses of electric terminals network connection table.
Distribution terminal network connection table opposite end address judging unit 43, for judging the opposite end of distribution terminal network connection table Whether address belongs to the network connection white list.
Violation network external connection abnormality recording unit 44, monitor to be not belonging to the opposite end of network connection white list for working as The opposite end address of network connection white list is not belonging to during address, described in record, including with recording the opposite end address and the opposite end The time of distribution terminal is accessed in location.
As a preferred embodiment, as shown in figure 12, above-mentioned illegal peripheral hardware access monitoring abnormal state unit 5, Including:
Peripheral hardware access white list acquiring unit 51, for obtaining peripheral hardware access white list;Specifically, according to distribution terminal The requirement of peripheral hardware access criteria, the list of the external equipment of trust is obtained, integrate the external equipment of above-mentioned trust, obtain this Peripheral hardware access white list in embodiment.
Distribution terminal external equipment table acquiring unit 52, for calling distribution terminal local interface, obtain outside distribution terminal Portion's equipment list;Specifically, real-time detection is mounted to the external equipment of distribution terminal local embedded system, and the external equipment includes USB device and serial equipment.
Distribution terminal external equipment judging unit 53, for judging whether the equipment in distribution terminal external equipment table belongs to Peripheral hardware accesses white list.
Illegal peripheral hardware access abnormality recording unit 54, for when the equipment for monitoring to be not belonging to peripheral hardware access white list When, the equipment of peripheral hardware access white list is not belonging to described in record, including record the time of equipment access distribution terminal and set Standby type.
The embodiment of the present invention also provides a kind of distribution terminal 6, and the theory diagram of the distribution terminal 6 is as shown in figure 13, including One or more processors 61;And the memory 62 with the communication connection of one or more of processors 61;With one in figure Exemplified by processor 61.
Wherein, the memory 62 is stored with the instruction that can be performed by one processor 61, and the instruction is described One or more processors 61 perform, so that one or more of processors 61 perform the above-mentioned distribution end realized based on agency Hold safety monitoring method.
As shown in figure 14, above-mentioned distribution terminal 6 can also include:Input unit 63 and output device 64.
Processor 61, memory 62, input unit 63 can be connected with output device 64 by bus or other modes.
Processor 61 can be central processing unit (Central Processing Unit, CPU).Processor 61 can be with For other general processors, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field- Programmable Gate Array, FPGA) either other PLDs, discrete gate or transistor logic, The chips such as discrete hardware components, or the combination of above-mentioned all kinds of chips.General processor can be microprocessor or the processing Device can also be any conventional processor etc..
Memory 62 is used as a kind of non-transient computer readable storage medium storing program for executing, available for storing non-transient software program, non- Transient computer executable program and module, such as the distribution terminal safety monitoring realized based on agency in the embodiment of the present application Programmed instruction/module corresponding to method.Processor 61 is by running the non-transient software program being stored in memory 62, instruction And module, various function application and data processing so as to execute server.
Memory 62 can include storing program area and storage data field, wherein, storing program area can storage program area, Application program required at least one function.In addition, memory 62 can include high-speed random access memory, can also wrap Include non-transient memory, a for example, at least disk memory, flush memory device or other non-transient solid-state memories.
Above-mentioned input unit 63 can receive the numeral or character information of input, and produce the distribution with being realized based on agency The key signals input that the user of terminal security monitoring device is set and function control is relevant.Output device 64 may include display screen Deng display device.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Obviously, above-described embodiment is only intended to clearly illustrate example, and is not the restriction to embodiment.It is right For those of ordinary skill in the art, can also make on the basis of the above description it is other it is various forms of change or Change.There is no necessity and possibility to exhaust all the enbodiments.And the obvious change thus extended out or Among changing still in the protection domain of the invention.

Claims (13)

  1. A kind of 1. distribution terminal safety monitoring method realized based on agency, suitable for distribution terminal, it is characterised in that including:
    Proxy module is locally created in the distribution terminal, following steps are performed by the proxy module:
    The account weak passwurd of acquisition is combined with account name and logs in distribution terminal, record logs in successful account weak passwurd;
    Whether monitoring distribution terminal port belongs to the port monitoring white list of acquisition, and record is not belonging to the end of port monitoring white list Mouthful;
    Whether the opposite end address of monitoring distribution terminal network connection table belongs to the network external connection white list of acquisition, and record is not belonging to net The opposite end address of network external connection white list;
    Whether monitoring distribution terminal external equipment belongs to peripheral hardware access white list, and record is not belonging to the outside of peripheral hardware access white list Equipment.
  2. 2. the distribution terminal safety monitoring method according to claim 1 realized based on agency, it is characterised in that will obtain Account weak passwurd combined with account name and log in distribution terminal, record log in successful account weak passwurd, including:
    Obtain account weak passwurd;
    Generate account weak passwurd dictionary;
    Some account weak passwurds are taken out from the account weak passwurd dictionary, is combined with account name and logs in the distribution terminal;
    When monitoring to log in successfully, record logs in successful account weak passwurd.
  3. 3. the distribution terminal safety monitoring method according to claim 2 realized based on agency, it is characterised in that from described Some account weak passwurds are taken out in account weak passwurd dictionary, is combined with account name and logs in the distribution terminal, including:
    Account weak passwurd is classified according to the security intensity of account weak passwurd, generation has different safety monitoring priority Account weak passwurd class;
    An account weak passwurd subset is taken out respectively from account weak passwurd class each described, from safety monitoring highest priority Account weak passwurd class start, travel through each account weak passwurd in all account weak passwurd subsets, will each described account Family weak passwurd combines with account name and logs in the distribution terminal respectively.
  4. 4. the distribution terminal safety monitoring method according to claim 1 realized based on agency, it is characterised in that monitoring is matched somebody with somebody Whether electric terminals port belongs to the port monitoring white list of acquisition, and record is not belonging to the port of port monitoring white list, including:
    Obtain port monitoring white list;
    Distribution terminal local interface is called, obtains distribution terminal port list;
    Judge whether the port in the distribution terminal port list belongs to the port monitoring white list;
    When monitoring to be not belonging to the port of port monitoring white list, the port of port monitoring white list is not belonging to described in record.
  5. 5. the distribution terminal safety monitoring method according to claim 1 realized based on agency, it is characterised in that monitoring is matched somebody with somebody Whether the opposite end address of electric terminals network connection table belongs to the network external connection white list of acquisition, and record is not belonging to the white name of network external connection Single opposite end address, including:
    Obtain network external connection white list;
    Distribution terminal local interface is called, obtains all opposite end addresses of distribution terminal network connection table;
    Judge whether the opposite end address of distribution terminal network connection table belongs to the network external connection white list;
    When monitoring to be not belonging to the opposite end address of network external connection white list, pair of network external connection white list is not belonging to described in record Hold address.
  6. 6. the distribution terminal safety monitoring method according to claim 1 realized based on agency, it is characterised in that monitoring is matched somebody with somebody Whether electric terminals external equipment belongs to peripheral hardware access white list, and record is not belonging to the external equipment of peripheral hardware access white list, including:
    Obtain peripheral hardware access white list;
    Distribution terminal local interface is called, obtains distribution terminal external equipment table;
    Judge whether the equipment in distribution terminal external equipment table belongs to the peripheral hardware access white list;
    When monitoring to be not belonging to the equipment of peripheral hardware access white list, the equipment that peripheral hardware accesses white list is not belonging to described in record.
  7. A kind of 7. distribution terminal safety monitoring assembly realized based on agency, it is characterised in that including:
    Proxy module establishes unit, for proxy module to be locally created in the distribution terminal;
    Account weak passwurd monitoring unit, for the account weak passwurd of acquisition to be combined and stepped on account name by the proxy module Land distribution terminal, record log in successful account weak passwurd;
    Port monitoring abnormal state unit, for whether belonging to the end of acquisition by proxy module monitoring distribution terminal port Mouth monitoring white list, record are not belonging to the port of port monitoring white list;
    Violation network external connection monitoring abnormal state unit, for monitoring distribution terminal network connection table by the proxy module Whether opposite end address belongs to the network external connection white list of acquisition, and record is not belonging to the opposite end address of network external connection white list;
    Illegal peripheral hardware access monitoring abnormal state unit, for whether monitoring distribution terminal external equipment by the proxy module Belong to peripheral hardware access white list, record is not belonging to the external equipment of peripheral hardware access white list.
  8. 8. the distribution terminal safety monitoring assembly according to claim 7 realized based on agency, it is characterised in that the account Family weak passwurd monitoring unit, including:
    Account weak passwurd acquiring unit, for obtaining account weak passwurd;
    Account weak passwurd dictionary creation unit, for generating account weak passwurd dictionary;
    Account weak passwurd login unit, for taking out some account weak passwurds from the account weak passwurd dictionary, with account name Combine and log in the distribution terminal;
    Account weak passwurd monitoring result recording unit, for when monitoring to log in successfully, record to log in the weak mouth of successful account Order.
  9. 9. the distribution terminal safety monitoring assembly according to claim 8 realized based on agency, it is characterised in that the account Family weak passwurd login unit, including:
    Account weak passwurd class generation unit, account weak passwurd is classified for the security intensity according to account weak passwurd, it is raw Into the account weak passwurd class with different safety monitoring priority;
    Account weak passwurd Traversal Unit, for taking out account weak passwurd respectively from account weak passwurd class each described Collection, since the account weak passwurd class of safety monitoring highest priority, travels through each account in all account weak passwurd subsets Family weak passwurd, each described account weak passwurd is combined with account name respectively and logs in the distribution terminal.
  10. 10. the distribution terminal safety monitoring assembly according to claim 7 realized based on agency, it is characterised in that described Port monitoring abnormal state unit, including:
    Port monitors white list acquiring unit, for obtaining port monitoring white list;
    Distribution terminal port list acquiring unit, for calling distribution terminal local interface, obtain distribution terminal port list;
    Distribution terminal port judging unit, for judging whether the port in the distribution terminal port list belongs to the port Monitor white list;
    Port abnormality recording unit, for when monitoring to be not belonging to the port of port monitoring white list, described in record not Belong to the port of port monitoring white list.
  11. 11. the distribution terminal safety monitoring assembly according to claim 7 realized based on agency, it is characterised in that described Violation network external connection monitoring abnormal state unit, including:
    Network external connection white list acquiring unit, for obtaining network external connection white list;
    Distribution terminal network connection table opposite end address acquisition unit, for calling distribution terminal local interface, obtain distribution terminal All opposite end addresses of network connection table;
    Distribution terminal network connection table opposite end address judging unit, for judging that the opposite end address of distribution terminal network connection table is It is no to belong to the network connection white list;
    Violation network external connection abnormality recording unit, monitor to be not belonging to the opposite end address of network connection white list for working as When, the opposite end address of network connection white list is not belonging to described in record.
  12. 12. the distribution terminal safety monitoring assembly according to claim 7 realized based on agency, it is characterised in that described Illegal peripheral hardware access monitoring abnormal state unit, including:
    Peripheral hardware accesses white list acquiring unit, for obtaining peripheral hardware access white list;
    Distribution terminal external equipment table acquiring unit, for calling distribution terminal local interface, obtain distribution terminal external equipment Table;
    Distribution terminal external equipment judging unit, connect for judging whether the equipment in distribution terminal external equipment table belongs to peripheral hardware Enter white list;
    Illegal peripheral hardware access abnormality recording unit, for when monitoring to be not belonging to the equipment of peripheral hardware access white list, remembering The equipment of peripheral hardware access white list is not belonging to described in record.
  13. A kind of 13. distribution terminal, it is characterised in that including:
    At least one processor;And the memory being connected with least one processor communication;Wherein, the memory is deposited Contain can by the instruction of one computing device, the instruction by least one computing device so that it is described extremely Few computing device distribution terminal safety monitoring side as claimed in any one of claims 1 to 6 realized based on agency Method.
CN201710581802.XA 2017-07-17 2017-07-17 A kind of distribution terminal safety monitoring method and device realized based on agency Active CN107566334B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710581802.XA CN107566334B (en) 2017-07-17 2017-07-17 A kind of distribution terminal safety monitoring method and device realized based on agency

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710581802.XA CN107566334B (en) 2017-07-17 2017-07-17 A kind of distribution terminal safety monitoring method and device realized based on agency

Publications (2)

Publication Number Publication Date
CN107566334A true CN107566334A (en) 2018-01-09
CN107566334B CN107566334B (en) 2019-10-01

Family

ID=60973523

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710581802.XA Active CN107566334B (en) 2017-07-17 2017-07-17 A kind of distribution terminal safety monitoring method and device realized based on agency

Country Status (1)

Country Link
CN (1) CN107566334B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108595939A (en) * 2018-03-15 2018-09-28 北京雷石天地电子技术有限公司 A kind of method and system authorizing external equipment permission
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN114338074A (en) * 2021-11-09 2022-04-12 国网浙江省电力有限公司宁波供电公司 Automatic detection method and detection system for IP white list of power distribution terminal
CN114466064A (en) * 2021-12-31 2022-05-10 航天银山电气有限公司 Transformer substation network security agent method and device and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468631A (en) * 2014-12-31 2015-03-25 国家电网公司 Network intrusion identification method based on anomaly flow and black-white list library of IP terminal
CN106603489A (en) * 2016-11-08 2017-04-26 南京南瑞继保电气有限公司 Network security management and control apparatus for transformer substation
US10193706B2 (en) * 2015-10-21 2019-01-29 Arris Enterprises Llc Distributed rule provisioning in an extended bridge

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468631A (en) * 2014-12-31 2015-03-25 国家电网公司 Network intrusion identification method based on anomaly flow and black-white list library of IP terminal
US10193706B2 (en) * 2015-10-21 2019-01-29 Arris Enterprises Llc Distributed rule provisioning in an extended bridge
CN106603489A (en) * 2016-11-08 2017-04-26 南京南瑞继保电气有限公司 Network security management and control apparatus for transformer substation

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108595939A (en) * 2018-03-15 2018-09-28 北京雷石天地电子技术有限公司 A kind of method and system authorizing external equipment permission
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN114338074A (en) * 2021-11-09 2022-04-12 国网浙江省电力有限公司宁波供电公司 Automatic detection method and detection system for IP white list of power distribution terminal
CN114466064A (en) * 2021-12-31 2022-05-10 航天银山电气有限公司 Transformer substation network security agent method and device and readable storage medium

Also Published As

Publication number Publication date
CN107566334B (en) 2019-10-01

Similar Documents

Publication Publication Date Title
Wang et al. Fog computing: Issues and challenges in security and forensics
CN107566334B (en) A kind of distribution terminal safety monitoring method and device realized based on agency
CN105450636B (en) A kind of cloud computing management system
CN109614093B (en) Visual intelligent contract system and intelligent contract processing method
CN110162979A (en) A kind of safety detecting method, device, electronic equipment and the storage medium of Web API
CN113254445B (en) Real-time data storage method, device, computer equipment and storage medium
CN114327803A (en) Method, apparatus, device and medium for accessing machine learning model by block chain
CN106534242A (en) Processing method and device for requests in distributed system
CN106502875A (en) A kind of daily record generation method and system based on cloud computing
CN107168844B (en) Performance monitoring method and device
CN111193633A (en) Method and device for detecting abnormal network connection
CN116545678A (en) Network security protection method, device, computer equipment and storage medium
CN114338684A (en) Energy management system and method
CN115168848B (en) Interception feedback processing method based on big data analysis interception
CN111130882A (en) Monitoring system and method of network equipment
Sui et al. Edge computing and AIoT based network intrusion detection mechanism
CN115984481A (en) Visual industrial digital simulation management system
CN115719147A (en) Power transmission line inspection data processing method, device and platform
CN115828256A (en) Unauthorized and unauthorized logic vulnerability detection method
CN115470489A (en) Detection model training method, detection method, device and computer readable medium
CN114513329A (en) Industrial Internet information security assessment method and device
Tong et al. Application of frequent item set mining algorithm in IDS based on Hadoop framework
CN107766216A (en) It is a kind of to be used to obtain the method and apparatus using execution information
CN113778777A (en) Log playback method and device
Xie et al. Research on Information Sharing System of Digital Library in Cloud Computing Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing

Applicant after: Global energy Internet Institute, Inc.

Applicant after: State Grid Corporation of China

Address before: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing

Applicant before: Global energy Internet Institute, Inc.

Applicant before: State Grid Corporation of China

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant