CN111131274A - Non-invasive intelligent substation vulnerability detection method - Google Patents
Non-invasive intelligent substation vulnerability detection method Download PDFInfo
- Publication number
- CN111131274A CN111131274A CN201911378893.2A CN201911378893A CN111131274A CN 111131274 A CN111131274 A CN 111131274A CN 201911378893 A CN201911378893 A CN 201911378893A CN 111131274 A CN111131274 A CN 111131274A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- information
- intelligent substation
- equipment
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention relates to a non-invasive intelligent substation vulnerability detection method, and belongs to the field of information security. The method comprises three parts of intelligent substation equipment state detection, benchmark vulnerability information acquisition and intelligent substation security vulnerability correlation analysis. By analyzing the SCD file configured in the whole intelligent substation and the MMS, GOOSE, SV and other flow data messages in the bypass sniffing intelligent substation network, the state information of the active equipment in the system is filtered out and matched with the collected benchmark vulnerability information, and the security vulnerability of the intelligent substation system is detected and subjected to correlation analysis from the vulnerability severity, vulnerability CIA deviation and vulnerability attack mode dimensionality. The method can comprehensively, effectively and nondestructively detect the intelligent substation equipment and related bugs by a non-invasive method, and provides accurate basic data support for network security assessment of the intelligent substation system.
Description
Technical Field
The invention belongs to the field of information security, and relates to a non-invasive intelligent substation vulnerability detection method.
Background
The intelligent substation has the technical characteristics of total-station information digitization, communication platform networking, information sharing standardization and the like. The secondary system of the intelligent substation is developed based on SCD, and a three-layer two-network architecture is adopted. The station control layer adopts a TCP/IP MMS protocol to realize the digitalized unified modeling and control of the information on the spacing layer; the spacer layer and the process layer adopt GOOSE and SV protocols and directly communicate on the Ethernet; the transformer substation of the process layer (equipment layer) based on the IEC61850 standard generally adopts the exchange Ethernet technology, mainly comprises an electronic transformer and a merging unit, is configured with intelligent primary equipment, and automatically completes the functions of information acquisition, measurement, control, protection, measurement, detection and the like.
Potential bugs existing in the transformer substation, such as bugs which do not meet standard protocols of specifications, unauthorized access, default passwords and the like, pose great threats to the safe and stable operation of the smart grid. When the current common mature vulnerability detection technology is applied to an intelligent substation system, the following problems mainly exist:
(1) the traditional active detection vulnerability detection technology needs to send a large number of detection data packets, which may cause abnormal interruption of key services. In an intelligent substation system, whether a primary system or a secondary system, and a bay level or a process level, the continuity and the health of services are crucial, but due to the closed and independent characteristics of the intelligent substation system, the intelligent substation system does not have more fault-tolerant processing, such as processing of abnormal instructions, and does not have processing of greater pressure, such as rapid data transmission and access.
(2) The traditional vulnerability detection mode based on the host is not suitable for the primary system of the intelligent substation.
(3) The traditional vulnerability detection mode based on the network is not suitable for the system architecture of three layers and two networks of the intelligent substation.
(4) The traditional vulnerability detection facilities/equipment lack effective support for GOOSE, SV and other protocols.
Disclosure of Invention
In view of this, the present invention provides a method for detecting a vulnerability of a non-intrusive intelligent substation.
In order to achieve the purpose, the invention provides the following technical scheme:
a non-intrusive intelligent substation vulnerability detection method comprises the following steps: detecting the state of the intelligent substation equipment, acquiring reference vulnerability information and analyzing the security vulnerability association of the intelligent substation;
the intelligent substation equipment state detection is used for detecting and confirming information such as an SCADA (supervisory control and data acquisition), an operating system, network equipment, a merging unit, an intelligent terminal and a protocol deployed by an intelligent substation secondary system and a primary system, and generating an intelligent substation equipment state database;
the method comprises the steps that reference vulnerability information collection is used for collecting public authoritative vulnerability databases, vulnerability extension information of open standards and vulnerability information in security bulletins of relevant system/equipment manufacturers to generate reference vulnerability information databases;
and the intelligent substation security vulnerability correlation analysis is used for matching vulnerability information from the reference vulnerability information database according to the equipment information confirmed in the equipment state database, and analyzing the security vulnerability state of the intelligent substation.
Optionally, the state detection of the intelligent substation device is as follows:
(1) analyzing the SCD file configured in the intelligent substation total station, and acquiring a device list and attribute data of the intelligent substation total station;
(2) analyzing MMS, GOOSE and SV flow data messages in the intelligent substation network to obtain an active equipment list, fingerprint information and an MAC address;
(3) confirming the existing equipment list and state in the intelligent substation network according to the analysis results of the steps (1) and (2);
(4) judging the hierarchy of the equipment according to the description of the IED node about the equipment information in the scd file;
(5) performing correlation analysis on the data in the steps (3) and (4), completing equipment level modeling, and generating equipment state information, wherein the method comprises the following steps: the hierarchy of the device, the connection status, the product family and model, the firmware version, the address, the name and the manufacturer identification.
Optionally, the reference vulnerability information acquisition is as follows:
(1) acquiring CVE _ ID, CIA deviation, attack vector, authority, Chinese information, vulnerability position, utilization mode and vulnerability influence information of related vulnerabilities of intelligent substation facility equipment through a public authoritative vulnerability database;
(2) acquiring CVE _ ID and Vendor _ ID information of the vulnerability through safety notice information of a system equipment manufacturer;
(3) searching vulnerability extension information of an open standard according to the CVE _ ID and the Vendor _ ID, and collecting vulnerability classification, vulnerability description, attack mode and affected system information related to the vulnerability;
(4) and (3) logically associating, analyzing and sorting the information acquisition data in the steps (1), (2) and (3), and forming complete reference vulnerability information by comprehensively collecting and standardizing vulnerability information.
Optionally, the intelligent substation security vulnerability association analysis is as follows:
(1) according to equipment fingerprint information in the intelligent substation equipment state data, retrieving corresponding vulnerability information from the reference vulnerability information;
(2) and evaluating the vulnerability from vulnerability severity, vulnerability CIA deviation and vulnerability attack mode according to the information in the benchmark vulnerability information.
The invention has the beneficial effects that:
according to the non-invasive intelligent substation vulnerability detection method, the vulnerability is detected in an interference-free bypass mode, and safety accidents caused by system faults of the intelligent substation due to vulnerability scanning can be avoided.
The method comprises the steps that information such as instance configuration, communication parameters and communication configuration among IEDs of all intelligent electronic equipment in an intelligent substation is obtained through analyzing an SCD file of the intelligent substation, and a communication network model of the intelligent substation is established; meanwhile, the real-time flow data of the intelligent substation is compared with the acquired real-time flow data of the intelligent substation to obtain a network topology structure of the intelligent substation in the current state, and the network topology structure is hierarchically divided through equipment functions and mapped to a station control layer, a bay layer and a process layer of the intelligent substation to realize object-level management of the equipment. Meanwhile, managers of the intelligent transformer substation can master the current network connection state of the intelligent transformer substation in real time, the network operation and maintenance difficulty and cost of the intelligent transformer substation are further reduced, the overall safety of the intelligent transformer substation is improved, and a basis is provided for information safety research of the intelligent transformer substation.
The method has the advantages that the basic information of the vulnerability is perfected by collecting the public authoritative vulnerability database information, the mainstream open standard vulnerability expansion information and the manufacturer safety notice information, and the incidence relation of the vulnerability is established, so that the description information of the vulnerability is more three-dimensional, the deep incidence influence analysis of the vulnerability is more facilitated, and the vulnerability detection result has high precision and better expansibility.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention may be realized and attained by the means of the instrumentalities and combinations particularly pointed out hereinafter.
Drawings
For the purposes of promoting a better understanding of the objects, aspects and advantages of the invention, reference will now be made to the following detailed description taken in conjunction with the accompanying drawings in which:
fig. 1 is a flowchart of a method for detecting vulnerabilities of a non-intrusive intelligent substation according to an embodiment;
FIG. 2 is a flowchart illustrating an SCD file parsing according to an embodiment;
fig. 3 is a flow chart of traffic packet parsing according to an embodiment;
fig. 4 is a schematic diagram of a vulnerability information collection method provided by the embodiment;
fig. 5 is a schematic diagram of the intelligent substation security vulnerability correlation analysis provided in the embodiment.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention in a schematic way, and the features in the following embodiments and examples may be combined with each other without conflict.
Wherein the showings are for the purpose of illustrating the invention only and not for the purpose of limiting the same, and in which there is shown by way of illustration only and not in the drawings in which there is no intention to limit the invention thereto; to better illustrate the embodiments of the present invention, some parts of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product; it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if there is an orientation or positional relationship indicated by terms such as "upper", "lower", "left", "right", "front", "rear", etc., based on the orientation or positional relationship shown in the drawings, it is only for convenience of description and simplification of description, but it is not an indication or suggestion that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and therefore, the terms describing the positional relationship in the drawings are only used for illustrative purposes, and are not to be construed as limiting the present invention, and the specific meaning of the terms may be understood by those skilled in the art according to specific situations.
As shown in fig. 1, a non-intrusive intelligent substation vulnerability detection method includes the following steps:
(1) analyzing the SCD file of the transformer substation, and setting up a list and attribute data of the whole intelligent transformer substation (see the detailed steps in FIG. 2);
(2) acquiring flow data messages of intelligent substations such as MMS, GOOSE, SV and the like, analyzing and extracting equipment configuration information (see the detailed steps in FIG. 3);
(3) filtering the equipment list in the flow data through the equipment configuration information list extracted from the scd file so as to obtain the equipment list in the current network and the connection condition between the equipment, and mapping the equipment list to a three-layer two-network structure of the intelligent substation;
(4) and (5) carrying out vulnerability detection and association impact analysis on the intelligent substation facility equipment according to the equipment related information in the vulnerability information base (the vulnerability information base acquisition method is shown in figure 4).
As shown in fig. 2, the SCD file parsing includes the following steps:
(1) acquiring an SCD file of an intelligent substation;
(2) parsing the scd file using xml. dom. minitom in python; saving all elements in the SCD document as document objects with DOM tree structures;
(3) traversing layer by using a function provided by the DOM to obtain the label data of all the devices;
(4) and storing the obtained identification list and attribute data of the intelligent substation total station into a database.
As shown in fig. 3, the traffic packet parsing includes the following steps:
(1) sniffing flow data in a three-layer two-network system of the intelligent substation, and storing the flow data as a pcap file;
(2) reading the pcap file by using a scapy module of python, filtering the message according to the IEC 61850-9-2 standard, and identifying GOOSE and SV messages;
(3) analyzing a message protocol data unit by using a BER coding rule;
(4) and storing the device information such as the mac address in the analyzed GOOSE (SV, MMS) into a database.
As shown in fig. 4, the vulnerability information collection is developed based on an authoritative vulnerability database and mainstream open standards (CVE, NVD, CNNVD, CPE, CWE, CAPEC, CVSS) by using Python, Sqlite, openCVSS open source technologies, and supports association with third party security references (CVSS, OSVDB, OVAL) and system vendor security bulletins; in order to adapt to the current situation of network deployment of internal and external network physical isolation of an intelligent substation, the subsystem can independently operate to support offline acquisition of vulnerability information and support use of cross-system platforms (Windows and Linux). The concrete implementation steps are as follows:
(1) acquiring CVE _ ID, CIA deviation, attack vector, authority, Chinese information, vulnerability position, utilization mode and vulnerability influence information of the latest vulnerability through a public authority vulnerability database;
(2) acquiring CVE _ ID and Vendor _ ID information of the latest vulnerability through safety notice information of an equipment system manufacturer;
(3) searching vulnerability expansion information of an open standard according to the CVE _ ID and the Vendor _ ID, and acquiring vulnerability classification, vulnerability description, attack mode and affected system information related to the vulnerability;
(4) the classification information structured processing main module performs logical association analysis and sorting on the information acquisition data of the three steps, and forms complete reference vulnerability information through omnibearing collection and standardized sorting of vulnerability information.
As shown in fig. 5, the specific implementation steps of the vulnerability correlation analysis of the intelligent substation are as follows:
(1) the security vulnerability correlation analysis module performs correlation analysis on the data of the reference vulnerability information and the state information of the intelligent substation system equipment, and the vulnerability information is corresponding to the intelligent substation system equipment which is actually deployed and operated;
(2) and according to the information in the benchmark vulnerability information, performing management analysis and evaluation from vulnerability severity, vulnerability CIA deviation, vulnerability attack mode and vulnerability influence range.
In the embodiment of the application, the generated vulnerability information is more comprehensive, the vulnerability detection result is more accurate, the problems that the detection result of the current vulnerability detection system is simply high, medium and low in vulnerability division, the correlation influence among vulnerabilities and the distribution of the vulnerabilities in the whole system range are more visually described are effectively solved, and timely and comprehensive decision support information can be provided for the safety protection of Web application.
Finally, the above embodiments are only intended to illustrate the technical solutions of the present invention and not to limit the present invention, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all of them should be covered by the claims of the present invention.
Claims (4)
1. A non-invasive intelligent substation vulnerability detection method is characterized by comprising the following steps: the method comprises the following steps: detecting the state of the intelligent substation equipment, acquiring reference vulnerability information and analyzing the security vulnerability association of the intelligent substation;
the intelligent substation equipment state detection is used for detecting and confirming information such as an SCADA (supervisory control and data acquisition), an operating system, network equipment, a merging unit, an intelligent terminal and a protocol deployed by an intelligent substation secondary system and a primary system, and generating an intelligent substation equipment state database;
the method comprises the steps that reference vulnerability information collection is used for collecting public authoritative vulnerability databases, vulnerability extension information of open standards and vulnerability information in security bulletins of relevant system/equipment manufacturers to generate reference vulnerability information databases;
and the intelligent substation security vulnerability correlation analysis is used for matching vulnerability information from the reference vulnerability information database according to the equipment information confirmed in the equipment state database, and analyzing the security vulnerability state of the intelligent substation.
2. The non-intrusive intelligent substation vulnerability detection method according to claim 1, characterized in that: the state detection of the intelligent substation equipment is as follows:
(1) analyzing the SCD file configured in the intelligent substation total station, and acquiring a device list and attribute data of the intelligent substation total station;
(2) analyzing MMS, GOOSE and SV flow data messages in the intelligent substation network to obtain an active equipment list, fingerprint information and an MAC address;
(3) confirming the existing equipment list and state in the intelligent substation network according to the analysis results of the steps (1) and (2);
(4) judging the hierarchy of the equipment according to the description of the IED node about the equipment information in the scd file;
(5) performing correlation analysis on the data in the steps (3) and (4), completing equipment level modeling, and generating equipment state information, wherein the method comprises the following steps: the hierarchy of the device, the connection status, the product family and model, the firmware version, the address, the name and the manufacturer identification.
3. The non-intrusive intelligent substation vulnerability detection method according to claim 1, characterized in that: the benchmark vulnerability information acquisition is as follows:
(1) acquiring CVE _ ID, CIA deviation, attack vector, authority, Chinese information, vulnerability position, utilization mode and vulnerability influence information of related vulnerabilities of intelligent substation facility equipment through a public authoritative vulnerability database;
(2) acquiring CVE _ ID and Vendor _ ID information of the vulnerability through safety notice information of a system equipment manufacturer;
(3) searching vulnerability extension information of an open standard according to the CVE _ ID and the Vendor _ ID, and collecting vulnerability classification, vulnerability description, attack mode and affected system information related to the vulnerability;
(4) and (3) logically associating, analyzing and sorting the information acquisition data in the steps (1), (2) and (3), and forming complete reference vulnerability information by comprehensively collecting and standardizing vulnerability information.
4. The non-intrusive intelligent substation vulnerability detection method according to claim 1, characterized in that: the intelligent substation security vulnerability correlation analysis comprises the following steps:
(1) according to equipment fingerprint information in the intelligent substation equipment state data, retrieving corresponding vulnerability information from the reference vulnerability information;
(2) and evaluating the vulnerability from vulnerability severity, vulnerability CIA deviation and vulnerability attack mode according to the information in the benchmark vulnerability information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911378893.2A CN111131274A (en) | 2019-12-27 | 2019-12-27 | Non-invasive intelligent substation vulnerability detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911378893.2A CN111131274A (en) | 2019-12-27 | 2019-12-27 | Non-invasive intelligent substation vulnerability detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111131274A true CN111131274A (en) | 2020-05-08 |
Family
ID=70504221
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911378893.2A Pending CN111131274A (en) | 2019-12-27 | 2019-12-27 | Non-invasive intelligent substation vulnerability detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111131274A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112311767A (en) * | 2020-09-29 | 2021-02-02 | 北京软慧科技有限公司 | Car networking vulnerability analysis method, device, medium and equipment based on correlation analysis |
| CN113159638A (en) * | 2021-05-17 | 2021-07-23 | 国网山东省电力公司电力科学研究院 | Intelligent substation layered health degree index evaluation method and device |
| CN113259334A (en) * | 2021-04-30 | 2021-08-13 | 西安理工大学 | Network system security vulnerability correlation modeling and analyzing method |
| CN117579400A (en) * | 2024-01-17 | 2024-02-20 | 国网四川省电力公司电力科学研究院 | Industrial control system network safety monitoring method and system based on neural network |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120310559A1 (en) * | 2011-05-31 | 2012-12-06 | Cisco Technology, Inc. | Distributed data collection for utility grids |
| CN102906840A (en) * | 2011-05-03 | 2013-01-30 | 株式会社爱霓威亚 | Secondary terminal |
| CN103296757A (en) * | 2013-05-21 | 2013-09-11 | 国家电网公司 | Multi-parameter identification based secondary system fault diagnosing method for intelligent substation |
| CN104836855A (en) * | 2015-04-30 | 2015-08-12 | 国网四川省电力公司电力科学研究院 | Web application safety situation assessment system based on multi-source data fusion |
| CN106059087A (en) * | 2016-07-19 | 2016-10-26 | 国网四川省电力公司电力科学研究院 | Intelligent transformer substation vulnerability analysis and assessment system |
| CN106230780A (en) * | 2016-07-19 | 2016-12-14 | 国网四川省电力公司电力科学研究院 | A kind of intelligent transformer substation information and control system safety analysis Evaluation Platform |
| CN106656588A (en) * | 2016-12-12 | 2017-05-10 | 国网北京市电力公司 | Fault locating method and device for intelligent substation |
| CN107124319A (en) * | 2017-06-14 | 2017-09-01 | 贵州电网有限责任公司 | A kind of topological Dynamic Recognition device of the intelligent substation network equipment matched based on MAC Address |
| CN108663581A (en) * | 2017-11-15 | 2018-10-16 | 云南电网有限责任公司大理供电局 | A kind of secondary equipment of intelligent converting station test method |
-
2019
- 2019-12-27 CN CN201911378893.2A patent/CN111131274A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102906840A (en) * | 2011-05-03 | 2013-01-30 | 株式会社爱霓威亚 | Secondary terminal |
| US20120310559A1 (en) * | 2011-05-31 | 2012-12-06 | Cisco Technology, Inc. | Distributed data collection for utility grids |
| CN103296757A (en) * | 2013-05-21 | 2013-09-11 | 国家电网公司 | Multi-parameter identification based secondary system fault diagnosing method for intelligent substation |
| CN104836855A (en) * | 2015-04-30 | 2015-08-12 | 国网四川省电力公司电力科学研究院 | Web application safety situation assessment system based on multi-source data fusion |
| CN106059087A (en) * | 2016-07-19 | 2016-10-26 | 国网四川省电力公司电力科学研究院 | Intelligent transformer substation vulnerability analysis and assessment system |
| CN106230780A (en) * | 2016-07-19 | 2016-12-14 | 国网四川省电力公司电力科学研究院 | A kind of intelligent transformer substation information and control system safety analysis Evaluation Platform |
| CN106656588A (en) * | 2016-12-12 | 2017-05-10 | 国网北京市电力公司 | Fault locating method and device for intelligent substation |
| CN107124319A (en) * | 2017-06-14 | 2017-09-01 | 贵州电网有限责任公司 | A kind of topological Dynamic Recognition device of the intelligent substation network equipment matched based on MAC Address |
| CN108663581A (en) * | 2017-11-15 | 2018-10-16 | 云南电网有限责任公司大理供电局 | A kind of secondary equipment of intelligent converting station test method |
Non-Patent Citations (2)
| Title |
|---|
| 刘劼,徐超,徐声龙,朱彤,郭莎莎,袁文: "智能变电站工控系统安全防护技术研究", 《能源与环保》 * |
| 刘姗梅,柴继文: "四川电力信息安全集中监测分析平台研究与应用", 《四川电力技术》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112311767A (en) * | 2020-09-29 | 2021-02-02 | 北京软慧科技有限公司 | Car networking vulnerability analysis method, device, medium and equipment based on correlation analysis |
| CN112311767B (en) * | 2020-09-29 | 2022-09-16 | 北京智联安行科技有限公司 | Car networking vulnerability analysis method, device, medium and equipment based on correlation analysis |
| CN113259334A (en) * | 2021-04-30 | 2021-08-13 | 西安理工大学 | Network system security vulnerability correlation modeling and analyzing method |
| CN113259334B (en) * | 2021-04-30 | 2022-06-21 | 西安理工大学 | Network system security vulnerability correlation modeling and analyzing method |
| CN113159638A (en) * | 2021-05-17 | 2021-07-23 | 国网山东省电力公司电力科学研究院 | Intelligent substation layered health degree index evaluation method and device |
| CN117579400A (en) * | 2024-01-17 | 2024-02-20 | 国网四川省电力公司电力科学研究院 | Industrial control system network safety monitoring method and system based on neural network |
| CN117579400B (en) * | 2024-01-17 | 2024-03-29 | 国网四川省电力公司电力科学研究院 | Industrial control system network safety monitoring method and system based on neural network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111131274A (en) | Non-invasive intelligent substation vulnerability detection method | |
| CN103457791B (en) | A kind of intelligent substation network samples and the self-diagnosing method of control link | |
| Yang et al. | Cybersecurity test-bed for IEC 61850 based smart substations | |
| CN102142720B (en) | Network communication recorder and network communication record analysis system | |
| CN105790441A (en) | Intelligent transformer substation relay protection inspection system | |
| US8893216B2 (en) | Security measures for the smart grid | |
| CN110808865B (en) | Passive industrial control network topology discovery method and industrial control network security management system | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN108063753A (en) | A kind of information safety monitoring method and system | |
| CN106982235A (en) | A kind of power industry control network inbreak detection method and system based on IEC 61850 | |
| CN105471656B (en) | A kind of abstract method for automatic system of intelligent transformer station O&M information model | |
| CN105116248B (en) | Relay protection device of intelligent substation automated closed-loop test method | |
| CN105429977A (en) | Method for monitoring abnormal flows of deep packet detection equipment based on information entropy measurement | |
| CN109391613A (en) | A kind of intelligent substation method for auditing safely based on SCD parsing | |
| CN105867347B (en) | Cross-space cascading fault detection method based on machine learning technology | |
| CN106302540A (en) | Communications network security detecting system based on substation information safety and method | |
| CN107704359A (en) | A kind of monitoring system of big data platform | |
| CN102904721B (en) | Signature and authentication method for information safety control of intelligent substations and device thereof | |
| CN104657814A (en) | Extraction definition method based on EMS system for relay protection device signal template | |
| CN108737210A (en) | It is a kind of based on the intelligent substation configuration file check method monitored in real time | |
| CN112398693A (en) | Assessment method for safety protection capability of power Internet of things sensing layer | |
| CN109617918B (en) | Safe operation and maintenance gateway and operation and maintenance method thereof | |
| CN109633332B (en) | Automatic regular inspection method for equipment in power system and fault recording device | |
| CN104506363A (en) | Method for extracting device identifiers in power system | |
| CN113285937B (en) | Safety audit method and system based on traditional substation configuration file and IEC103 protocol flow |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200902 Address after: 610000 No. 16 Jinhui west two street, Chengdu high tech Zone, Sichuan Applicant after: STATE GRID SICHUAN ELECTRIC POWER Research Institute Applicant after: STATE GRID CORPORATION OF CHINA Address before: 610000 No. 16 Jinhui west two street, Chengdu high tech Zone, Sichuan Applicant before: STATE GRID SICHUAN ELECTRIC POWER Research Institute Applicant before: STATE GRID CORPORATION OF CHINA Applicant before: Chongqing University |
|
| TA01 | Transfer of patent application right | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200508 |
|
| RJ01 | Rejection of invention patent application after publication |