CN109066981B - Information security monitoring method for medium voltage distribution network - Google Patents

Abstract

The invention discloses an information security monitoring method for a medium-voltage distribution network, which includes collecting communication data information of a medium-voltage distribution network terminal; The information security status of the power grid is monitored; the monitoring information is reported to the main station and the information security monitoring of the medium voltage distribution network is completed. The information security monitoring method for the medium-voltage distribution network provided by the present invention obtains and fully considers the data statistics and access frequency characteristics of the communication flow of the distribution network terminals monitored by the distribution network master station, and obtains the distribution network by collecting and obtaining the distribution network. The main station of the network monitors the data information of the distribution terminals, and builds a situational awareness analysis model for the flow and access frequency of the distribution network terminals, which improves the effectiveness of the information security monitoring of the medium-voltage distribution network terminals.

Description

Information safety monitoring method for medium-voltage distribution network

Technical Field

The invention particularly relates to an information safety monitoring method for a medium-voltage distribution network.

Background

With the development of economic technology and the improvement of living standard of people, electric energy becomes essential secondary energy in production and life of people, and brings endless convenience to production and life of people.

The communication information safety of the medium-voltage distribution network is one of the preconditions for the normal operation of the distribution network. The information security attack incident to medium voltage distribution network is increasingly frequent, and the safety protection equipment is relatively isolated, and the phenomenon of safe isolated island is outstanding. The harm of malicious network attack to the power distribution network is serious, which may cause the data leakage of the power distribution network terminal, and even may cause social harm such as large-area power failure.

In the existing communication information security strategy of the medium-voltage distribution network, most of the strategies are focused on setting physical isolation or adopting an encryption authentication system and the like. However, at present, the communication information security strategy for the medium voltage distribution network is passive, that is, the external attack event to the medium voltage distribution network communication is invalidated through enhancing the confidentiality and the tolerance of the strategy. However, it is obvious that the current security policy is very passive, and the protection capability against unknown attack events is obviously insufficient, so that the communication information security of the medium-voltage distribution network still bears huge risks.

Disclosure of Invention

The invention aims to provide an information safety monitoring method for a medium-voltage distribution network, which realizes the active monitoring of the communication information safety of the medium-voltage distribution network by actively sensing the communication information data volume of the medium-voltage distribution network.

The invention provides an information safety monitoring method for a medium-voltage distribution network, which comprises the following steps:

s1, collecting communication data information of a medium-voltage distribution network terminal;

s2, constructing a situation awareness analysis probability model of the medium-voltage power distribution network terminal according to the communication data information collected in the step S1;

s3, monitoring the information safety state of the medium-voltage distribution network by adopting the situation perception analysis probability model obtained in the step S2;

and S4, reporting the monitoring information obtained in the step S3 to the main station, thereby completing the information safety monitoring of the medium voltage distribution network.

Step S1 is to collect communication data information of the medium voltage distribution network terminal, specifically to collect traffic and frequency data information of the medium voltage distribution network terminal.

The method comprises the steps of collecting flow and frequency data information of a medium-voltage distribution network terminal, specifically, collecting flow data and access frequency of each monitoring period in a counting period by taking the first N monitoring periods of the current monitoring period as the counting period, so as to obtain a flow sequence { x (i) } and a frequency sequence { y (i) } in the counting period; wherein x (i) is the flow data of the ith monitoring period in the counting period, and y (i) is the frequency data of the ith monitoring period in each stage in the counting period.

Step S2, constructing a situation awareness analysis probability model of the medium voltage distribution network terminal, specifically constructing the model by adopting the following steps:

a. the mathematical expectation λ of the flow rate sequence { x (i) } obtained in step S1 is calculated_xAnd constructing a Poisson parameter of λ_xA poisson probability distribution model of (a);

b. calculating the mathematical expectation λ of the flow rate sequence { y (i) } obtained in step S1_yAnd constructing a Poisson parameter of λ_yA poisson probability distribution model of (a);

c. constructing a situation perception analysis probability model p (x, y) ═ p (x) × p (y) of the medium-voltage distribution network terminal, wherein p (x) is flow probability density, and the value of p (x) is Poisson parameter lambda_xThe probability density of the poisson probability distribution model of (1); p (y) is the frequency probability density with a Poisson parameter of λ_yThe poisson probability distribution model probability density.

Step S3, monitoring the information security state of the medium voltage distribution network, specifically, monitoring by using the following steps:

(1) setting a flow safety coefficient alpha, a frequency safety coefficient beta and a safety threshold gamma;

(2) in the space of a situation perception analysis probability model of a medium-voltage distribution network terminal, a two-dimensional area S is defined by taking a flow variable as an x axis and a frequency variable as a y axis, wherein the range of the area S is defined by a straight line x ═ 1-alpha lambda_x、x＝(1+α)λ_x、y＝(1-β)λ_yAnd y ═ 1+ β) λ_yThe enclosed area;

(3) acquiring flow data x of medium-voltage distribution network terminal in current monitoring period₀Sum frequency data y₀；

(4) And (3) judging the information safety state of the current monitoring period by adopting the following rules:

r1. if point (x)₀,y₀) If the current monitoring period is not in the region S, judging that the information safety state of the current monitoring period is abnormal;

r2. if point (x)₀,y₀) In the region S, the information security probability of the current monitoring period is calculated according to the following formula:

and if P (x)₀,y₀) If the current monitoring period is more than or equal to gamma, judging the information safety of the current monitoring period to be normal; if P (x)₀,y₀) If the current monitoring period is less than gamma, the information safety state of the current monitoring period is judged to be abnormal.

According to the information safety monitoring method for the medium-voltage distribution network, provided by the invention, the data statistics and the access frequency characteristic of the communication flow of the distribution network terminal monitored by the distribution network main station are actively obtained and fully considered, and the data information of the monitoring distribution terminal of the distribution network main station is acquired and obtained, so that a sensing analysis model of the flow and the access frequency situation of the distribution network terminal is constructed, and the effectiveness of information safety monitoring of the medium-voltage distribution network terminal is improved.

Drawings

FIG. 1 is a process flow diagram of the process of the present invention.

Fig. 2 is a schematic diagram of a two-dimensional region S constructed by the method of the present invention.

Detailed Description

FIG. 1 shows a flow chart of the method of the present invention: the invention provides an information safety monitoring method for a medium-voltage distribution network, which comprises the following steps:

s1, collecting communication data information of a medium-voltage power distribution network terminal, specifically collecting flow and frequency data information of the medium-voltage power distribution network terminal; in the acquisition process, the first N (10-15 suggested values) monitoring periods of the current monitoring period are taken as statistical periods, and the flow data and the access frequency of each monitoring period in the statistical periods are acquired, so that a flow sequence { x (i) } and a frequency sequence { y (i) } in the statistical periods are obtained; wherein x (i) is the flow data of the ith monitoring period in the statistical period, and y (i) is the frequency data of the ith monitoring period in each stage in the statistical period;

s2, constructing a situation awareness analysis probability model of the medium-voltage power distribution network terminal according to the communication data information collected in the step S1; specifically, the model is constructed by adopting the following steps:

a. the mathematical expectation λ of the flow rate sequence { x (i) } obtained in step S1 is calculated_xAnd constructing a Poisson parameter of λ_xA poisson probability distribution model of (a);

b. calculating the mathematical expectation λ of the flow rate sequence { y (i) } obtained in step S1_yAnd constructing a Poisson parameter of λ_yA poisson probability distribution model of (a);

c. constructing a situation perception analysis probability model p (x, y) ═ p (x) × p (y) of the medium-voltage distribution network terminal, wherein p (x) is flow probability density, and the value of p (x) is Poisson parameter lambda_xThe probability density of the poisson probability distribution model of (1); p (y) is the frequency probability density with a Poisson parameter of λ_yThe probability density of the poisson probability distribution model;

s3, monitoring the information safety state of the medium-voltage distribution network by adopting the situation perception analysis probability model obtained in the step S2; the method specifically comprises the following steps of:

(1) setting a flow safety coefficient alpha, a frequency safety coefficient beta and a safety threshold gamma, wherein the value range of the safety coefficient alpha is 0-1, the value range of the frequency safety coefficient beta is 0-1, and the value range of the proposed safety threshold gamma is 4% -8%;

(2) in the space of a situation perception analysis probability model of a medium-voltage distribution network terminal, a two-dimensional area S is defined by taking a flow variable as an x axis and a frequency variable as a y axis, wherein the range of the area S is defined by a straight line x ═ 1-alpha lambda_x、x＝(1+α)λ_x、y＝(1-β)λ_yAnd y ═ 1+ β) λ_yThe enclosed area; the schematic diagram of the region S is shown in fig. 2;

(3) acquiring flow data x of medium-voltage distribution network terminal in current monitoring period₀Sum frequency data y₀；

(4) And (3) judging the information safety state of the current monitoring period by adopting the following rules:

r1. if point (x)₀,y₀) If the current monitoring period is not in the region S, judging that the information safety state of the current monitoring period is abnormal;

r2. if point (x)₀,y₀) In the region S, the information security probability of the current monitoring period is calculated according to the following formula:

and if P (x)₀,y₀) If the current monitoring period is more than or equal to gamma, judging the information safety of the current monitoring period to be normal; if P (x)₀,y₀) If the current monitoring period is less than gamma, judging the information safety state of the current monitoring period to be abnormal;

the above calculation step is a calculation point (x)₀,y₀) The information safety probability corresponding to the shadow part in the region where the shadow part falls;

in the examples, α is 0.2, β is 0.2, γ is 8%, and λ is taken_x＝λ_yIf 100, the safety range S is S { (x, y) | x ∈ [80,120 { (x, y) | x ∈ { (x, y) |],y∈[80,120]When the judgment is carried out, two specific situations are adopted: in the monitoring period, if the monitored information security parameter flow time sequence x (i) of the distribution network terminal at the current time is 60, the monitored frequency time sequence y (i) is 80 times/S, and the terminal is not in the security region S, the terminal is identifiedThe information security is in an abnormal state; in the monitoring period, the monitored information security parameter flow time sequence x (i) of the distribution network terminal at the current time is 90bps, and the frequency time sequence y (i) is 90 times/S, and in the security region S, the information security reconfirmation state is entered, and the joint probability value P (x, y) of the joint probability density function P (x, y) of the flow and the frequency is calculated through a formula. If P (x, y) is not less than 0.08, the terminal information safety is identified to be in a normal state, otherwise, the terminal information safety is identified to be in an abnormal state;

and S4, reporting the monitoring information obtained in the step S3 to the main station, thereby completing the information safety monitoring of the medium voltage distribution network.

Claims (2)

1. An information safety monitoring method for a medium-voltage distribution network comprises the following steps:

s1, collecting communication data information of a medium-voltage distribution network terminal; specifically, the method comprises the steps of collecting flow and frequency data information of a medium-voltage distribution network terminal; collecting flow data and access frequency of each monitoring period in the counting period by taking the first N monitoring periods of the current monitoring period as the counting period, thereby obtaining a flow sequence { x (i) } and a frequency sequence { y (i) } in the counting period; wherein x (i) is the flow data of the ith monitoring period in the statistical period, and y (i) is the frequency data of the ith monitoring period in each stage in the statistical period;

s2, constructing a situation awareness analysis probability model of the medium-voltage power distribution network terminal according to the communication data information collected in the step S1; specifically, the model is constructed by adopting the following steps:

a. the mathematical expectation λ of the flow rate sequence { x (i) } obtained in step S1 is calculated_xAnd constructing a Poisson parameter of λ_xA poisson probability distribution model of (a);

b. calculating the mathematical expectation λ of the frequency sequence { y (i) } obtained in step S1_yAnd constructing a Poisson parameter of λ_yA poisson probability distribution model of (a);

c. constructing a situation perception analysis probability model p (x, y) ═ p (x) × p (y) of the medium-voltage distribution network terminal, wherein p (x) is flow probability density, and the value of p (x) is Poisson parameter lambda_xThe probability density of the poisson probability distribution model of (1); p (y) is the frequency probability density,having a Poisson parameter of λ_yThe probability density of the poisson probability distribution model;

s3, monitoring the information safety state of the medium-voltage distribution network by adopting the situation perception analysis probability model obtained in the step S2;

and S4, reporting the monitoring information obtained in the step S3 to the main station, thereby completing the information safety monitoring of the medium voltage distribution network.

2. The information safety monitoring method for the medium voltage distribution network according to claim 1, wherein the step S3 of monitoring the information safety state of the medium voltage distribution network specifically comprises the following steps:

(1) setting a flow safety coefficient alpha, a frequency safety coefficient beta and a safety threshold gamma;

(2) in the space of a situation perception analysis probability model of a medium-voltage distribution network terminal, a two-dimensional area S is defined by taking a flow variable as an x axis and a frequency variable as a y axis, wherein the range of the area S is defined by a straight line x ═ 1-alpha lambda_x、x＝(1+α)λ_x、y＝(1-β)λ_yAnd y ═ 1+ β) λ_yThe enclosed area;

(3) acquiring flow data x of medium-voltage distribution network terminal in current monitoring period₀Sum frequency data y₀；

(4) And (3) judging the information safety state of the current monitoring period by adopting the following rules:

r1. if point (x)₀,y₀) If the current monitoring period is not in the region S, judging that the information safety state of the current monitoring period is abnormal;

r2. if point (x)₀,y₀) In the region S, the information security probability of the current monitoring period is calculated according to the following formula:

and if P (x)₀,y₀) If the current monitoring period is more than or equal to gamma, judging the information safety of the current monitoring period to be normal; if P (x)₀,y₀) If < gamma, the current monitor is determinedAnd measuring the information safety state of the cycle as abnormal.

Images