CN108881179A - Transmission line of electricity applied to smart grid reliably monitors system - Google Patents
Transmission line of electricity applied to smart grid reliably monitors system Download PDFInfo
- Publication number
- CN108881179A CN108881179A CN201810531836.2A CN201810531836A CN108881179A CN 108881179 A CN108881179 A CN 108881179A CN 201810531836 A CN201810531836 A CN 201810531836A CN 108881179 A CN108881179 A CN 108881179A
- Authority
- CN
- China
- Prior art keywords
- network
- host
- transmission line
- electricity
- monitoring center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 69
- 230000005611 electricity Effects 0.000 title claims abstract description 60
- 238000012545 processing Methods 0.000 claims abstract description 17
- 238000004458 analytical method Methods 0.000 claims abstract description 10
- 238000000034 method Methods 0.000 claims abstract description 8
- 230000008569 process Effects 0.000 claims abstract description 7
- 230000002159 abnormal effect Effects 0.000 claims abstract description 6
- 238000013144 data compression Methods 0.000 claims abstract description 4
- 238000012544 monitoring process Methods 0.000 claims description 24
- 241000700605 Viruses Species 0.000 claims description 22
- 230000003542 behavioural effect Effects 0.000 claims description 19
- 230000036544 posture Effects 0.000 claims description 18
- 230000002155 anti-virotic effect Effects 0.000 claims description 16
- 238000012800 visualization Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 4
- 238000003745 diagnosis Methods 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 2
- 230000003612 virological effect Effects 0.000 claims description 2
- 230000008030 elimination Effects 0.000 abstract description 4
- 238000003379 elimination reaction Methods 0.000 abstract description 4
- 238000001514 detection method Methods 0.000 description 5
- 230000007547 defect Effects 0.000 description 4
- 230000005764 inhibitory process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000004321 preservation Methods 0.000 description 3
- XEEYBQQBJWHFJM-UHFFFAOYSA-N Iron Chemical compound [Fe] XEEYBQQBJWHFJM-UHFFFAOYSA-N 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 231100000572 poisoning Toxicity 0.000 description 2
- 230000000607 poisoning effect Effects 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000000840 anti-viral effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 229910052742 iron Inorganic materials 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000002574 poison Substances 0.000 description 1
- 231100000614 poison Toxicity 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H02J13/0013—
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02B—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO BUILDINGS, e.g. HOUSING, HOUSE APPLIANCES OR RELATED END-USER APPLICATIONS
- Y02B70/00—Technologies for an efficient end-user side electric power management and consumption
- Y02B70/30—Systems integrating technologies related to power network operation and communication or information technologies for improving the carbon footprint of the management of residential or tertiary loads, i.e. smart grids as climate change mitigation technology in the buildings sector, including also the last stages of power distribution and the control, monitoring or operating management systems at local level
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S20/00—Management or operation of end-user stationary applications or the last stages of power distribution; Controlling, monitoring or operating thereof
- Y04S20/20—End-user application control systems
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Alarm Systems (AREA)
Abstract
The present invention provides the transmission lines of electricity for being applied to smart grid reliably to monitor system, including multiple data acquisition subsystems and monitoring center, multiple second hosts that monitoring center includes the first host and connect with the first host, each data acquisition subsystem are connect with one second host;The transmission line of electricity sensing data that second host is used to acquire data acquisition subsystem carries out abnormal data elimination, data compression process, and compressed transmission line of electricity sensing data is sent to the first host;First host decompresses received transmission line of electricity sensing data, and is analyzed and processed according to preset transmission line of electricity analysis and early warning model to transmission line of electricity sensing data, the current operation conditions of output transmission line of electricity;Further include network security situation awareness subsystem, perceived for the network safety situation to monitoring center, calculate the network safety situation value of monitoring center, and exports corresponding security threat processing scheme.
Description
Technical field
The present invention relates to transmission line of electricity monitoring technical fields, and in particular to the transmission line of electricity applied to smart grid is reliably supervised
Examining system.
Background technique
Transmission line of electricity is the important component of power grid, and line inspection maintenance is to ensure that electric power netting safe running key link.
Traditional patrolling transmission line relies on substantially track walker and arrives field operation in person along power transmission line detection, then by patrol officer
On-the-spot record data, then data are taken back into typing into computer.However, this mode efficiency is very low, and by landform, weather etc.
It is convenient to influence.For example, oil gas is the one side patrol channel in the environment such as mountain high mountain, forest zone in daily line inspection
Road is rugged, and on the other hand, iron tower of power transmission line is higher, and tour personnel is not easy to find to some circuit element defects, gives power transmission line
The safe operation on road brings hidden danger, and is possible to also bring harm safely to the life of tour personnel under severe conditions.Especially
It is the farther away transmission line of electricity of transmission line of electricity, and node is more on the way, and route is longer, and artificial O&M pressure is big, not only to transmit electricity
Route needs to face more problem in process of construction, and also needs more man power and material to realize after coming into operation
The maintenance of route and the exclusion of hidden danger.
How the tour of under less man power and material investment realizing transmission line of electricity and transmission line of electricity technology ginseng itself are realized
Several feedbacks becomes the patrolling transmission line technical issues that need to address and smart grid construction and needs to solve in extension process
Certainly the problem of.
Summary of the invention
In view of the above-mentioned problems, the present invention, which is provided, reliably monitors system applied to the transmission line of electricity of smart grid.
The purpose of the present invention is realized using following technical scheme:
It provides and reliably monitors system, including multiple data acquisition subsystems and prison applied to the transmission line of electricity of smart grid
Measured center, multiple second hosts that monitoring center includes the first host and connect with the first host, each data acquisition subsystem
It is connect with one second host, each data acquisition subsystem is used to acquire multiple power transmission lines in a transmission line of electricity monitoring region
The transmission line of electricity sensing data of road monitoring node;Second host is used to carry out abnormal data to the transmission line of electricity sensing data of acquisition
It rejects, data compression process, and compressed transmission line of electricity sensing data is sent to the first host;First host is to received
Transmission line of electricity sensing data is decompressed, and according to preset transmission line of electricity analysis and early warning model to transmission line of electricity sensing data into
Row analysis processing, the current operation conditions of output transmission line of electricity;It further include network security situation awareness subsystem, for monitoring
The network safety situation at center is perceived, and the network safety situation value of monitoring center is calculated, and exports corresponding security threat
Processing scheme.
Preferably, data acquisition subsystem includes multiple sensors for being monitored to transmission line of electricity, wherein sensing
Device is that wind speed acquires sensor, temperature sensor, humidity sensor or tension sensor.
Further, network security situation awareness subsystem includes worm detecting module, loophole data acquisition module, virus
Data acquisition module, network safety situation value computing module and network safety situation visualization model are handled, wherein worm detecting
Module, loophole data acquisition module, virus treated data acquisition module are all connect with network safety situation value computing module, network
Security postures value computing module is connect with network safety situation visualization model;Wherein, worm detecting module is used for in monitoring
The heart carries out worm detecting, and worm detecting result is sent to network safety situation value computing module, and to the worm detected into
Row processing is realized and the worm of monitoring center is perceived and defendd;Loophole data acquisition module is used for using specified vulnerability scanning
System carries out vulnerability scanning to each host of monitoring center, obtains that there are the host informations of the middle-and-high-ranking above loophole, and by the host
Information is sent to network safety situation value computing module;Virus treated data acquisition module has installed specified network for counting
The host number of Anti-Virus, and viral diagnosis result and disease for host where being obtained according to Network anti-virus system
Poison is removed as a result, the data that will acquire are sent to network safety situation value computing module;Network safety situation value computing module is used
In the number sent according to extraction of selected period worm detecting module, loophole data acquisition module, virus treated data acquisition module
According to, and calculate according to the data of extraction the network safety situation value of monitoring center in the period;Network safety situation visualizes mould
Block, for passing through the web-based history security postures value and relevant security threat processing scheme of diagrammatic representation monitoring center.
Beneficial effects of the present invention are:The data of many multi-sensor collections summarize and united analysis processing, it can be into
Row data analysis and utilization improves the monitoring capability to transmission line of electricity, and intelligence is convenient, saves manpower;By each second host to acquisition
Data carry out abnormal data elimination processing, retransmit to the first host after compression processing, data transmissions consumption can be saved;If
It sets network security situation awareness subsystem and network security situation awareness is carried out to monitoring center, and it is visual to carry out network safety situation
Change, understand the network risks situation of monitoring center in time convenient for staff, avoids point for influencing data due to poisoning intrusion
Analysis processing, has ensured system reliability of operation, so that the monitoring to transmission line of electricity is relatively reliable.
Detailed description of the invention
The present invention will be further described with reference to the accompanying drawings, but the embodiment in attached drawing is not constituted to any limit of the invention
System, for those of ordinary skill in the art, without creative efforts, can also obtain according to the following drawings
Other attached drawings.
Fig. 1 is the structural schematic block diagram of the power transmission line monitoring system of an illustrative embodiment of the invention;
Fig. 2 is the structural schematic block diagram of the monitoring center of an illustrative embodiment of the invention;
Fig. 3 is the structural schematic block diagram of the network security situation awareness subsystem of an illustrative embodiment of the invention.
Appended drawing reference:
Data acquisition subsystem 1, monitoring center 2, network security situation awareness subsystem 3, the first host 10, the second host
20, worm detecting module 100, loophole data acquisition module 200, virus treated data acquisition module 300, network safety situation value
Computing module 400 and network safety situation visualization model 500, network security alarm module 600.
Specific embodiment
The invention will be further described with the following Examples.
Referring to Fig. 1, Fig. 2, the transmission line of electricity provided in this embodiment applied to smart grid reliably monitors system, including more
A data acquisition subsystem 1 and monitoring center 2, monitoring center 2 include the first host 10 and connect with the first host 10 multiple
Second host 20, each data acquisition subsystem 1 are connect with one second host 20, and each data acquisition subsystem 1 is for acquiring
The transmission line of electricity sensing data of multiple transmission line of electricity monitoring nodes in one transmission line of electricity monitoring region;Second host 20 is used for
Abnormal data elimination, data compression process are carried out to the transmission line of electricity sensing data of acquisition, and compressed transmission line of electricity is passed
Sense data are sent to the first host 10;First host 10 decompresses received transmission line of electricity sensing data, and according to default
Transmission line of electricity analysis and early warning model transmission line of electricity sensing data is analyzed and processed, the current operation shape of output transmission line of electricity
Condition;Further include network security situation awareness subsystem, perceived for the network safety situation to monitoring center 2, calculates prison
The network safety situation value of measured center 2, and export corresponding security threat processing scheme.
Wherein, data acquisition subsystem 1 includes multiple sensors for being monitored to transmission line of electricity, wherein sensor
Sensor, temperature sensor, humidity sensor or tension sensor are acquired for wind speed.
In following embodiments, host is referred to as by the first host 10 and with the second host 20.
In one embodiment, as shown in figure 3, network security situation awareness subsystem 3 include worm detecting module 100,
Loophole data acquisition module 200, virus treated data acquisition module 300, network safety situation value computing module 400 and network peace
Full situation visualization model 500, wherein worm detecting module 100, loophole data acquisition module 200, the acquisition of virus treated data
Module 300 is all connect with network safety situation value computing module 400, network safety situation value computing module 400 and network security
Situation visualization model 500 connects;Wherein, worm detecting module 100 is used to carry out worm detecting to monitoring center 2, by worm
Testing result is sent to network safety situation value computing module 400, and handles the worm detected, realizes in monitoring
The worm of the heart 2 perceives and defence;Loophole data acquisition module 200 is used for using specified vulnerability scanning system to monitoring center 2
Each host carries out vulnerability scanning, and there are the host informations of the middle-and-high-ranking above loophole for acquisition, and the host information is sent to network
Security postures value computing module 400;Virus treated data acquisition module 300 has installed specified Network anti-virus system for counting
The host number of system, and viral diagnosis result and virus sweep knot for host where being obtained according to Network anti-virus system
Fruit, the data that will acquire are sent to network safety situation value computing module 400;Network safety situation value computing module 400 is used for
Worm detecting module 100, loophole data acquisition module 200, virus treated data acquisition module 300 is extracted according to the selected period to send out
The data sent, and calculate according to the data of extraction the network safety situation value of monitoring center 2 in the period;Network safety situation can
Depending on changing module 500, for the web-based history security postures value and the processing of relevant security threat by diagrammatic representation monitoring center 2
Scheme.
The above embodiment of the present invention summarize by the data of many multi-sensor collections and united analysis is handled, and can be counted
According to analysis and utilization, the monitoring capability to transmission line of electricity is improved, intelligence is convenient, saves manpower;By each second host to the number of acquisition
According to retransmiting after carrying out abnormal data elimination processing, compression processing to the first host, data transmissions consumption can be saved;Net is set
Network security postures perceive subsystem and carry out network security situation awareness to monitoring center 2, and carry out network safety situation visualization,
The network risks situation for understanding monitoring center 2 in time convenient for staff avoids the analysis that data are influenced due to poisoning intrusion
Processing, has ensured system reliability of operation, so that the monitoring to transmission line of electricity is relatively reliable.
Further, network security situation awareness subsystem 3 further includes network security alarm module 600, for according to prison
The network safety situation value of measured center 2 periodically calculates network security warning level, and the network security warning level of calculating is sent out
Give system manager.
The present embodiment makes system have the function of automatic early-warning, calculates net automatically by network security alarm module 600
Network safety warning rank simultaneously notifies relevant system manager, can obtain in time monitoring center 2 convenient for system manager
Degree of risk.
Wherein, above-mentioned worm is substantially a kind of computer virus, but can be individually present without by place
Master file, and there is self-replacation and self-propagating ability.The main failure mode of traditional network worm is a large amount of multiple
Itself is made, then fast propagation, the serious limited Internet resources of occupancy finally cause the paralysis of whole network in a network,
Prevent user from normally being worked by network.In infrastructure network environment, because there are more limits in network connection
System, and for hidden needs, worm can only submarine low speed propagate, it means that worm cannot exist only in memory,
And need to exist in the form of disk file, otherwise host is once cut off the power, and the worm copy in the host is removed.And
For the worm in infrastructure network, any host of infection is all highly important springboard, and attacker needs
Worm survives for a long time as far as possible in infected host.
In one embodiment, the worm detecting module 100 includes the monitoring being set on each host of monitoring center 2
Unit, worm detecting unit, network worm defect unit;Monitoring unit is for host where monitoring, the behavior letter of host where record
It ceases and the behavioural information of record is sent to information process unit;Worm detecting unit is used to send to from each monitoring unit
Behavioural information carry out standard worm detecting, when detecting that there are when worm, behavior information preservation is got off work behavioural information
For the standard feature information of worm, and quick worm inspection is carried out to subsequent behavioural information using the standard feature information of worm
It surveys;Network worm defect unit is connect with worm detecting unit, and the worm detecting result for being exported according to worm detecting unit generates
It is corresponding to threaten inhibition/dispelling tactics, and threaten inhibition/dispelling tactics to the host progress by invermination using what is generated
The network worm defect to monitoring center 2 is realized in processing.
It in a kind of optional embodiment, can be analyzed according to worm detecting result, determine the propagation model of worm
It encloses, and then determines the host by invermination.Wherein, using threat inhibition/dispelling tactics of generation to by invermination
Host handled, including the use of generation threat inhibition/dispelling tactics design firewall rule, to be advised using firewall
Then impend isolation to the host by invermination.
Above-described embodiment perceives worm invasion from the level of the network overall situation, sends out first from each monitoring unit
The behavioural information sent carries out standard worm detecting, after detecting worm, by under corresponding Host behavior information preservation as
The characteristic information of worm, and worm detecting is carried out using the characteristic information of the worm of the preservation in worm detecting later.On
Embodiment is stated not need to obtain the sample characteristics of worm, and the worm information conduct detected in later use at the beginning
Sample is detected, and the detection speed of worm can be increased substantially, and improves the efficiency of 2 risk supervision of monitoring center.
In one embodiment, it is compacted to carry out standard to the behavioural information sent from each monitoring unit for worm detecting unit
Worm detection, specifically includes:
(1) behavioural information sent in the more same period from each monitoring unit, and Host List is constructed, will have
There is identical behavioural information and the different host of attribute is included into the same Host List, and using the identical behavioural information as corresponding to
The mark of Host List, wherein the host of type of service having the same belongs to same attribute;Each Host List is stored with work
By the behavioural information, the connecting node quantity for each host for including and the network domain information at place of mark, wherein if place
Host i and the exchanged network message of host j in Host List, the then connecting node of host i and host j other side each other;
(2) judge whether the behavioural information in each Host List as mark is worm, when being, worm detecting unit will
This preserves the standard feature information as worm as the behavioural information identified.
Wherein, the behavioural information includes file system operation behavior, registry operations behavior, network message transmission row
For;When two hosts send behavior there are identical file system operation behavior, registry operations behavior or network message, sentence
Fixed two hosts have identical behavioural information.
The present embodiment sets the mechanism that standard worm detecting is carried out to behavioural information, which uses the behavior of diversification
Information is recorded as the tracking clue to worm, the record that worm is propagated in several ways can be captured, to be suitable for
Detect the worm with different circulation ways;The mechanism is compacted to detect based on the propagation phenomenon of identical behavioural information in a network
Worm meets the substantive characteristics of worm.
Wherein, when Host List meets following condition, determine that the behavioural information in the Host List as mark is compacted
Worm:
In formula, HcFor the host number for including in Host List c, dcuFor the connecting node of u-th of host in Host List c
Quantity, LcFor the network domains quantity covered by host each in Host List c, K1For the first the upper limit of the number of setting, K2For setting
Second the upper limit of the number;Expression pairValue
It is rounded;Z(Lc,K2) it is comparison function, work as Lc> K2When, Z (Lc,K2)=1, works as Lc≤K2When, Z (Lc,K2)=0.
The present embodiment innovatively sets the decision condition of worm, is detected in the Host List and is made based on the decision condition
It whether is worm for the behavioural information of mark, mode is simple, improves the detection efficiency of worm.
In one embodiment, the calculation formula of setting network security postures value is:
In formula, YrIndicate the network safety situation value of the monitoring center 2 in r-th of period, arFor in r-th of period expert
The host number of worm is detected for information, P is the host total quantity of monitoring center 2, brTo have been installed within r-th of period
Anti-virus software, the host number for being detected worm, P1 are the host number that anti-virus software has been installed in All hosts, qr
For, there are the host number of the middle-and-high-ranking above loophole, g is the master for having installed specified Network anti-virus system within r-th of period
Machine quantity, εrFor within r-th of period network Anti-Virus detect there is virus but the host number that can not remove,
For within r-th of period network Anti-Virus detect in the presence of virus host number, e1、e2、e3For the weight coefficient of setting
And meet e1+e2+e3=1.
The present embodiment is according to worm detecting module 100, loophole data acquisition module 200, virus treated data acquisition module
300 data sent set network peace from worm detecting rate, Hole Detection rate and the multiple angles of virus sweep rate
The calculation formula of full situation value can relatively integrate the network safety situation for comprehensively, objective reality reflecting monitoring center 2;Network
The network safety situation value of day part is automatically analyzed and calculated to security postures value computing module 400 by the calculation formula,
It does not need artificially to go to count, manpower is greatly saved, improve the efficiency of networks security situation assessment.
In one embodiment, network security alarm module 600 is periodically true according to the network safety situation value of monitoring center 2
Determine network security warning level, specifically includes:
(1) the network safety situation Value Data for periodically extracting monitoring center 2 in unit period, according to network safety situation value
Data calculate the security threat degree of the monitoring center 2 of current period;
(2) network security warning level is determined, specially:All-network security postures value is both greater than set in current period
Network safety situation value lower limit, and security threat degree be less than setting the security threat degree upper limit when, determine network security
Warning level is common;Have in all-network security postures value under the network safety situation value for being less than setting in current period
Limit, and security threat degree be less than setting the security threat degree upper limit when, determine network security warning level be middle rank;Currently
There are two network safety situation value lower limits or security threat less than setting in period in all-network security postures value
When degree is greater than the security threat degree upper limit of setting, determine that network security warning level is advanced.
Wherein, set the calculation formula of security threat degree as:
In formula, S (t) indicates the security threat degree of the monitoring center 2 of t-th of unit period, Yx+1For t-th of unit week
The network safety situation value of the monitoring center 2 of (x+1)th period, Y in phasexFor the monitoring of x-th of period in t-th of unit period
The network safety situation value at center 2, W (t) are the period number in t-th of unit period.
The present embodiment sets the determination mechanism of network security warning level, which is determining network security warning level
When, not only allow for the size cases of network safety situation value, it is also contemplated that the security threat journey of the monitoring center 2 of current period
Degree, wherein the present embodiment innovatively sets the calculation formula of the security threat degree of monitoring center 2, calculated safe prestige
Side of body degree objective and accurate can be truly reflected out the network safety situation value variation degree of monitoring center 2, be based on network security
Situation value and security threat degree determine network security warning level, so that the determination of network security warning level is more objective
It sees, is accurate, network operation is carried out to monitoring center 2 according to network security warning level information in time convenient for system manager,
Ensure that transmission line of electricity reliably monitors system stable operation.
Finally it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than the present invention is protected
The limitation of range is protected, although explaining in detail referring to preferred embodiment to the present invention, those skilled in the art are answered
Work as understanding, it can be with modification or equivalent replacement of the technical solution of the present invention are made, without departing from the reality of technical solution of the present invention
Matter and range.
Claims (6)
1. the transmission line of electricity for being applied to smart grid reliably monitors system, characterized in that including multiple data acquisition subsystems and
Monitoring center, multiple second hosts that monitoring center includes the first host and connect with the first host, each data acquisition system
System is connect with one second host, and each data acquisition subsystem is used to acquire multiple transmissions of electricity in a transmission line of electricity monitoring region
The transmission line of electricity sensing data of path monitoring node;Second host is used to carry out abnormal number to the transmission line of electricity sensing data of acquisition
According to rejecting, data compression process, and compressed transmission line of electricity sensing data is sent to the first host;First host is to reception
Transmission line of electricity sensing data decompressed, and according to preset transmission line of electricity analysis and early warning model to transmission line of electricity sensing data
It is analyzed and processed, the current operation conditions of output transmission line of electricity;It further include network security situation awareness subsystem, for prison
The network safety situation of measured center is perceived, and the network safety situation value of monitoring center is calculated, and exports corresponding safe prestige
Coerce processing scheme.
2. the transmission line of electricity according to claim 1 applied to smart grid reliably monitors system, characterized in that data are adopted
Subsystem includes multiple sensors for being monitored to transmission line of electricity, and wherein sensor is that wind speed acquires sensor, temperature
Spend sensor, humidity sensor or tension sensor.
3. the transmission line of electricity according to claim 1 or 2 applied to smart grid reliably monitors system, characterized in that net
It includes worm detecting module, loophole data acquisition module, virus treated data acquisition module, net that network security postures, which perceive subsystem,
Network security postures value computing module and network safety situation visualization model, wherein worm detecting module, loophole data acquisition module
Block, virus treated data acquisition module are all connect with network safety situation value computing module, network safety situation value computing module
It is connect with network safety situation visualization model;Wherein, worm detecting module is used to carry out worm detecting to monitoring center, will be compacted
Worm testing result is sent to network safety situation value computing module, and handles the worm detected, realizes in monitoring
The worm of the heart perceives and defence;Loophole data acquisition module is used for using specified vulnerability scanning system to each host of monitoring center
Vulnerability scanning is carried out, there are the host informations of the middle-and-high-ranking above loophole for acquisition, and the host information is sent to network security state
Gesture value computing module;Virus treated data acquisition module is for counting the host number for having installed specified Network anti-virus system
Amount, and for the viral diagnosis result and virus sweep according to Network anti-virus system acquisition place host as a result, will acquire
Data be sent to network safety situation value computing module;Network safety situation value computing module is used to extract according to the selected period
The data that worm detecting module, loophole data acquisition module, virus treated data acquisition module are sent, and according to the data of extraction
Calculate the network safety situation value of monitoring center in the period;Network safety situation visualization model, for passing through diagrammatic representation
The web-based history security postures value of monitoring center and relevant security threat processing scheme.
4. the transmission line of electricity according to claim 3 applied to smart grid reliably monitors system, characterized in that network peace
Full Situation Awareness subsystem further includes network security alarm module, by according to the network safety situation value of monitoring center periodically based on
Network security warning level is calculated, and the network security warning level of calculating is sent to system manager.
5. the transmission line of electricity according to claim 4 applied to smart grid reliably monitors system, characterized in that setting net
The calculation formula of network security postures value is:
In formula, YrIndicate the network safety situation value of the monitoring center in r-th of period, arFor the behavioural information within r-th of period
It is detected the host number of worm, P is the host total quantity of monitoring center, brTo have installed anti-virus within r-th of period
Software, the host number for being detected worm, P1For the host number for having installed anti-virus software in All hosts, qrFor in r
There are the host number of the middle-and-high-ranking above loophole in a period, g is the host number for having installed specified Network anti-virus system,
εrFor within r-th of period network Anti-Virus detect there is virus but the host number that can not remove,For in r
Network Anti-Virus detects the host number in the presence of virus, e in a period1、e2、e3For the weight coefficient and satisfaction of setting
e1+e2+e3=1.
6. the transmission line of electricity according to claim 5 applied to smart grid reliably monitors system, characterized in that network peace
Full alarm module periodically determines network security warning level according to the network safety situation value of monitoring center, specifically includes:
(1) the network safety situation Value Data for periodically extracting monitoring center in unit period, according to network safety situation Value Data
Calculate the security threat degree of the monitoring center of current period;
(2) network security warning level is determined, specially:All-network security postures value is both greater than the net set in current period
Network security postures value lower limit, and security threat degree be less than setting the security threat degree upper limit when, determine network security warning
Rank is common;There is the network safety situation value lower limit for being less than setting in current period in all-network security postures value,
And security threat degree be less than setting the security threat degree upper limit when, determine network security warning level be middle rank;Current week
There are the two network safety situation value lower limits or security threat journey less than setting in phase in all-network security postures value
When degree is greater than the security threat degree upper limit of setting, determine that network security warning level is advanced.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810531836.2A CN108881179A (en) | 2018-05-29 | 2018-05-29 | Transmission line of electricity applied to smart grid reliably monitors system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810531836.2A CN108881179A (en) | 2018-05-29 | 2018-05-29 | Transmission line of electricity applied to smart grid reliably monitors system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108881179A true CN108881179A (en) | 2018-11-23 |
Family
ID=64335590
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810531836.2A Pending CN108881179A (en) | 2018-05-29 | 2018-05-29 | Transmission line of electricity applied to smart grid reliably monitors system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108881179A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110631635A (en) * | 2019-09-27 | 2019-12-31 | 北京科百宏业科技有限公司 | Remote automatic monitoring system for agricultural production environment and working method thereof |
CN110716476A (en) * | 2019-11-08 | 2020-01-21 | 珠海市鸿瑞信息技术股份有限公司 | Industrial control system network security situation perception system based on artificial intelligence |
CN113098827A (en) * | 2019-12-23 | 2021-07-09 | 中国移动通信集团辽宁有限公司 | Network security early warning method and device based on situation awareness |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581155A (en) * | 2012-08-08 | 2014-02-12 | 贵州电网公司信息通信分公司 | Information security situation analysis method and system |
CN104794534A (en) * | 2015-04-16 | 2015-07-22 | 国网山东省电力公司临沂供电公司 | Power grid security situation predicting method based on improved deep learning model |
CN104901838A (en) * | 2015-06-23 | 2015-09-09 | 中国电建集团成都勘测设计研究院有限公司 | Enterprise network safety event management system and method thereof |
CN107332698A (en) * | 2017-06-19 | 2017-11-07 | 西北大学 | A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system |
-
2018
- 2018-05-29 CN CN201810531836.2A patent/CN108881179A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581155A (en) * | 2012-08-08 | 2014-02-12 | 贵州电网公司信息通信分公司 | Information security situation analysis method and system |
CN104794534A (en) * | 2015-04-16 | 2015-07-22 | 国网山东省电力公司临沂供电公司 | Power grid security situation predicting method based on improved deep learning model |
CN104901838A (en) * | 2015-06-23 | 2015-09-09 | 中国电建集团成都勘测设计研究院有限公司 | Enterprise network safety event management system and method thereof |
CN107332698A (en) * | 2017-06-19 | 2017-11-07 | 西北大学 | A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110631635A (en) * | 2019-09-27 | 2019-12-31 | 北京科百宏业科技有限公司 | Remote automatic monitoring system for agricultural production environment and working method thereof |
CN110716476A (en) * | 2019-11-08 | 2020-01-21 | 珠海市鸿瑞信息技术股份有限公司 | Industrial control system network security situation perception system based on artificial intelligence |
CN113098827A (en) * | 2019-12-23 | 2021-07-09 | 中国移动通信集团辽宁有限公司 | Network security early warning method and device based on situation awareness |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104486141B (en) | A kind of network security situation prediction method that wrong report is adaptive | |
CN108040074B (en) | Real-time network abnormal behavior detection system and method based on big data | |
CN105357063B (en) | A kind of cyberspace security postures real-time detection method | |
CN108449218B (en) | The network security situation sensing system of next-generation key message infrastructure | |
JP2010511359A (en) | Method and apparatus for network anomaly detection | |
CN105407103A (en) | Network threat evaluation method based on multi-granularity anomaly detection | |
CN108881179A (en) | Transmission line of electricity applied to smart grid reliably monitors system | |
CN105812200B (en) | Anomaly detection method and device | |
KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
CN105471875A (en) | Computer network monitoring system | |
CN111740975A (en) | Network security situation awareness system and method | |
KR20150100383A (en) | Apparatus and method for detecting command and control channels | |
WO2018232846A1 (en) | Large-scale peripheral security monitoring method and system | |
CN113660115B (en) | Alarm-based network security data processing method, device and system | |
CN109167794A (en) | A kind of attack detection method of network-oriented system security measure | |
CN102447707A (en) | DDoS (Distributed Denial of Service) detection and response method based on mapping request | |
CN116781430A (en) | Network information security system and method for gas pipe network | |
CN107070952A (en) | A kind of network node Traffic Anomaly analysis method and system | |
CN108809706A (en) | A kind of network risks monitoring system of substation | |
CN115378711A (en) | Industrial control network intrusion detection method and system | |
CN104796822B (en) | Audio squealing detection method, video monitoring method and system using this method | |
CN102104606B (en) | Worm detection method of intranet host | |
CN108761035A (en) | Soil Environmental Pollution reliably monitors system | |
KR100609707B1 (en) | Method for analyzing security condition by representing network events in graphs and apparatus thereof | |
KR101488271B1 (en) | Apparatus and method for ids false positive detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181123 |