CN111367217A - Monitoring method for improving inter-station communication safety of stability control system - Google Patents

Monitoring method for improving inter-station communication safety of stability control system Download PDF

Info

Publication number
CN111367217A
CN111367217A CN202010203203.6A CN202010203203A CN111367217A CN 111367217 A CN111367217 A CN 111367217A CN 202010203203 A CN202010203203 A CN 202010203203A CN 111367217 A CN111367217 A CN 111367217A
Authority
CN
China
Prior art keywords
detected
data message
byte
data
trigger
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010203203.6A
Other languages
Chinese (zh)
Inventor
侯凯元
张玉含
刘洋
娄霄楠
岳涵
王�华
王克非
韩亮
张博闻
黎翔英
阴宏民
王建华
张艾红
牛胜南
夏德明
杨晓嵩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sifang Project Co ltd
Northeast Branch Of State Grid Corp Of China
Sifang Jibao Wuhan Software Co ltd
Beijing Sifang Automation Co Ltd
Original Assignee
Beijing Sifang Project Co ltd
Northeast Branch Of State Grid Corp Of China
Sifang Jibao Wuhan Software Co ltd
Beijing Sifang Automation Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sifang Project Co ltd, Northeast Branch Of State Grid Corp Of China, Sifang Jibao Wuhan Software Co ltd, Beijing Sifang Automation Co Ltd filed Critical Beijing Sifang Project Co ltd
Priority to CN202010203203.6A priority Critical patent/CN111367217A/en
Publication of CN111367217A publication Critical patent/CN111367217A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24024Safety, surveillance

Abstract

The disclosure relates to the field of power grid automation control, in particular to a monitoring method for improving inter-station communication safety of a stability control system. The method comprises the following steps: receiving a data message to be detected transmitted on a 2M communication channel; and when the data message to be detected meets a preset trigger condition, automatically blocking information transmission on a 2M communication channel or sending abnormal notification information, wherein the preset trigger condition is used for indicating that the data message to be detected is an illegal message. According to the embodiment of the disclosure, the network safety monitoring equipment is connected in parallel to the 2M communication channel between the stability control system stations, so that the network safety monitoring equipment can automatically block information transmission or send abnormal notification information when the data message to be detected transmitted on the 2M communication channel meets the preset trigger condition; the problem that a power supply or a load is mistakenly switched by a stability control device to cause a power grid accident due to the fact that a communication channel between stability control stations is illegally invaded and a control instruction is issued in the related technology is solved, and the safety of communication between the stability control stations is improved.

Description

Monitoring method for improving inter-station communication safety of stability control system
Technical Field
The disclosure relates to the field of power grid automation control, in particular to a monitoring method for improving inter-station communication safety of a stability control system.
Background
The stability control system is a system formed by connecting safety and stability control devices of a plurality of stations with communication interface equipment through information channels and is used for realizing the safety and stability control of an electric power system in an area or a larger range.
The stability control system can be generally divided into a control main station, an execution station and the like according to the positions and the functions of stability control devices of different plant stations in the stability control system. Generally, a stability control system at least comprises a control master station and a plurality of execution stations, wherein the execution stations are used as control execution terminals of the stability control system, communicate with the control master station, and undertake the responsibilities of uploading power/load information and executing power/load command removal of the control master station.
If a hacker invades a communication channel between the execution station and the control master station and simulates the control master station to issue a control instruction, the execution station may mistakenly cut off a power supply or a load, and a power grid accident may be caused.
Disclosure of Invention
In view of this, the present disclosure provides a monitoring method for improving inter-station communication security of a stability control system, which may be used to solve a problem of a power grid accident caused by a power supply or a load being cut by a stability control device due to illegal intrusion of an inter-station communication channel of the stability control system and issuance of a control instruction in a related art, and the technical scheme includes:
according to an aspect of the present disclosure, there is provided a monitoring method for improving communication security between stable control systems, which is used in a network security monitoring device connected in parallel to a 2M communication channel between stable control systems, and the method includes:
receiving a data message to be detected transmitted on a 2M communication channel;
and when the data message to be detected meets a preset trigger condition, automatically blocking information transmission on a 2M communication channel or sending abnormal notification information, wherein the preset trigger condition is used for indicating that the data message to be detected is an illegal message.
In a possible implementation manner, the presetting of the trigger condition includes:
at least one byte in the data message to be detected is equal to the corresponding positive trigger byte; alternatively, the first and second electrodes may be,
the first preset number of bytes in the data message to be detected is equal to the respective corresponding positive trigger bytes; alternatively, the first and second electrodes may be,
and each byte in the data message to be detected is equal to the corresponding positive trigger byte.
In another possible implementation manner, the preset trigger condition includes:
at least one byte in the data message to be detected is not equal to the corresponding negative trigger byte; alternatively, the first and second electrodes may be,
the bytes of the second preset number in the data message to be detected are not equal to the negative trigger bytes corresponding to the bytes respectively; alternatively, the first and second electrodes may be,
each byte in the data message to be detected is not equal to the corresponding negative trigger byte.
In another possible implementation manner, the preset trigger condition includes:
and the positive and negative code check of a target byte in the data message to be detected fails, wherein the target byte is at least two specified bytes participating in the positive and negative code check.
In another possible implementation manner, the preset trigger condition includes:
the data message to be detected is received, and the data message to be detected is subjected to data transmission and data transmission, wherein the data message to be detected is subjected to data transmission and data transmission, and the data message to be detected is subjected to data transmission and data transmission.
In another possible implementation manner, the automatically blocking information transmission on the 2M communication channel or sending an abnormal notification message when the data packet to be detected meets a preset trigger condition includes:
when the data message to be detected meets the preset triggering condition, transmitting a locking device signal to a stable control device through a hard node, wherein the locking device signal is used for indicating the stable control device to refuse to receive the information transmitted on the 2M communication channel; and/or triggering the monitoring system to send abnormal alarm information through a hard node or a preset communication protocol.
In another possible implementation manner, the method further includes:
storing data content and time identification corresponding to each of multiple frames of data frames in a target time period;
the target time period is a time period between a first time before a trigger time and a second time after the trigger time, and the trigger time is a time when a data frame meeting the preset trigger condition is received.
According to another aspect of the present disclosure, there is provided a monitoring apparatus for improving communication security between stable control systems, which is used in a network security monitoring device connected in parallel to a 2M communication channel between stable control systems, the apparatus including:
the receiving module is used for receiving the data message to be detected transmitted on the 2M communication channel;
and the processing module is used for automatically blocking information transmission on the 2M communication channel or sending abnormal notification information when the data message to be detected meets a preset trigger condition, wherein the preset trigger condition is used for indicating that the data message to be detected is an illegal message.
In a possible implementation manner, the presetting of the trigger condition includes:
at least one byte in the data message to be detected is equal to the corresponding positive trigger byte; alternatively, the first and second electrodes may be,
the first preset number of bytes in the data message to be detected is equal to the respective corresponding positive trigger bytes; alternatively, the first and second electrodes may be,
and each byte in the data message to be detected is equal to the corresponding positive trigger byte.
In another possible implementation manner, the preset trigger condition includes:
at least one byte in the data message to be detected is not equal to the corresponding negative trigger byte; alternatively, the first and second electrodes may be,
the bytes of the second preset number in the data message to be detected are not equal to the negative trigger bytes corresponding to the bytes respectively; alternatively, the first and second electrodes may be,
each byte in the data message to be detected is not equal to the corresponding negative trigger byte.
In another possible implementation manner, the preset trigger condition includes:
and the positive and negative code check of a target byte in the data message to be detected fails, wherein the target byte is at least two specified bytes participating in the positive and negative code check.
In another possible implementation manner, the preset trigger condition includes:
the data message to be detected is received, and the data message to be detected is subjected to data transmission and data transmission, wherein the data message to be detected is subjected to data transmission and data transmission, and the data message to be detected is subjected to data transmission and data transmission.
In another possible implementation manner, the processing module is further configured to:
when the data message to be detected meets the preset triggering condition, transmitting a locking device signal to a stable control device through a hard node, wherein the locking device signal is used for indicating the stable control device to refuse to receive the information transmitted on the 2M communication channel; and/or triggering the monitoring system to send abnormal alarm information through a hard node or a preset communication protocol.
In another possible implementation manner, the apparatus further includes: the storage module is used for storing data content and time identification corresponding to each of multiple frames of data frames in a target time period;
the target time period is a time period between a first time before a trigger time and a second time after the trigger time, and the trigger time is a time when a data frame meeting the preset trigger condition is received.
According to another aspect of the present disclosure, there is provided a network security monitoring device connected in parallel to a 2M communication channel between stability control systems, the network security monitoring device including: a processor; a memory for storing processor-executable instructions;
wherein the processor is configured to:
receiving a data message to be detected transmitted on a 2M communication channel;
and when the data message to be detected meets a preset trigger condition, automatically blocking information transmission on a 2M communication channel or sending abnormal notification information, wherein the preset trigger condition is used for indicating that the data message to be detected is an illegal message.
According to another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the above-described method.
According to the embodiment of the disclosure, network security monitoring equipment is connected in parallel to a 2M communication channel between stability control system stations, the network security monitoring equipment receives a data message to be detected transmitted on the 2M communication channel, and when the data message to be detected meets a preset trigger condition, information transmission on the 2M communication channel is automatically blocked or abnormal notification information is sent; the problem that a power supply or a load is mistakenly switched by a stability control device to cause a power grid accident due to the fact that a communication channel between stability control stations is illegally invaded and a control instruction is issued in the related technology is solved, and the safety of communication between the stability control stations is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.
Fig. 1 shows a schematic structural diagram of a stability control system provided in an exemplary embodiment of the present disclosure;
fig. 2 is a flowchart illustrating a monitoring method for improving communication security between stable control systems according to an exemplary embodiment of the disclosure;
fig. 3 is a flowchart illustrating a monitoring method for improving communication security between stable control systems according to another exemplary embodiment of the disclosure;
FIG. 4 is a schematic diagram illustrating a data storage manner involved in a monitoring method according to an exemplary embodiment of the disclosure;
fig. 5 is a schematic structural diagram of a monitoring device for improving communication security between stable control systems according to an exemplary embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
The embodiment of the disclosure provides a monitoring method for improving communication safety between stable control systems, and realizes unidirectional reception of data inflow of a 2M communication channel by connecting a network safety monitoring device on the 2M communication channel between the stable control systems to complete monitoring, legality identification and recording of a communication message, and when the communication message is monitored to be illegal, measures for automatically blocking information transmission on the 2M communication channel or informing an operation maintenance worker to perform channel inspection are immediately taken. By the method, the risk that the power supply or the load is mistakenly switched by the stable control device to cause a power grid accident due to illegal invasion of the communication channel between the stable control stations and issuing of the control instruction is avoided.
Referring to fig. 1, a schematic structural diagram of a stability control system according to an exemplary embodiment of the present disclosure is shown.
The stable control equipment configuration of the first station mainly comprises a stable control device 10 arranged in a relay protection room and a communication interface device arranged in a communication machine room.
The communication interface device is used as an intermediate device for information interaction with a stability control device of a second station, and mainly realizes the function of converting an optical path signal and a 2M circuit signal. That is, the communication interface device is used for converting the optical path signal of the first plant station into a 2M circuit signal and then transmitting the 2M circuit signal to the second plant station through a Digital Distribution Frame (DDF) 12 of the power system; and/or converting the 2M circuit signal received by the power system DDF12 into an optical path signal and transmitting the optical path signal to the stability control device 10 in the first plant station.
The first plant station is any one of a plurality of plant stations in the stable control system, and the second plant station is one plant station except the first plant station in the stable control system. In the embodiment of the present disclosure, a first factory station is taken as an execution station, and a second factory station is taken as a control master station.
The 2M communication channel is a communication channel between a first station and a second station and is used for transmitting a communication message between the first station and the second station.
Optionally, the 2M communication channel is also referred to as E1 channel, and 30-channel Pulse Code Modulation (PCM) is abbreviated as E1, and the rate is 2.048Mbit/s, and is composed of 32E1 lines of 64kbps and 2 signaling and control lines. In the E1 channel, 8 bits constitute one slot, 32 slots constitute one frame, and 16 frames constitute one multiframe.
The network safety monitoring device 14 is connected in parallel to a 2M communication channel between the stable control system stations, namely the network safety monitoring device 14 is connected in parallel to a channel from a communication interface device to a Synchronous Digital Hierarchy (SDH), the safety monitoring device 14 is used for receiving data flowing in the 2M communication channel in a one-way manner to realize monitoring of communication messages, and adopts multiple software and hardware isolation measures to ensure that no information and signals are sent to the channel, so that normal operation of the original stable control system is prevented from being influenced. When the network safety monitoring equipment runs abnormally or stops working after power failure, the information transmission path of the original stable control system cannot be interrupted, and the channel where the stable control system is accessed cannot be influenced.
The network security monitoring device 14 is configured to monitor data packets transmitted on the 2M communication channel. In a possible implementation manner, the triple-junction header 18 is configured on the receiving port RX of the in-station communication multiplexing device 16, so that the receiving port RX is divided into two parts, that is, one branch corresponding to the receiving port RX is normally accessed to the power system DDF12 for receiving the communication message information sent by the stability control device of the second plant station, and the other branch is accessed to the network security monitoring device 14 for detecting the data message transmitted on the 2M communication channel.
It should be noted that, each of the above devices may have different names in the stability control system, but have the same or similar functions, and the embodiment of the present disclosure does not limit this.
Next, several exemplary embodiments are used to describe the monitoring method for improving the inter-station communication security of the stability control system provided by the embodiments of the present disclosure.
Referring to fig. 2, a flowchart of a monitoring method for improving communication security between stable control system stations according to an exemplary embodiment of the present disclosure is shown, and this embodiment is illustrated by using the method in the network security monitoring device 14 connected in parallel to a 2M communication channel between stable control system stations shown in fig. 1. The method comprises the following steps.
Step 201, receiving a data message to be detected transmitted on a 2M communication channel.
The network safety monitoring equipment is connected in parallel to the inter-station 2M communication channel of the stability control system, and receives the data message to be detected transmitted on the 2M communication channel in real time or at preset time intervals.
The preset time interval is set by default or by self-definition. This embodiment is not limited thereto.
The network safety monitoring equipment receives the data message to be detected transmitted on the 2M communication channel in a one-way mode. In the following, only the network security monitoring device is used to receive the data packet to be detected transmitted on the 2M communication channel in a real-time and unidirectional manner.
Step 202, when the data message to be detected meets a preset trigger condition, automatically blocking information transmission on the 2M communication channel or sending abnormal notification information, wherein the preset trigger condition is used for indicating that the data message to be detected is an illegal message.
The network safety monitoring equipment judges whether the data message to be detected meets a preset trigger condition, and if the data message to be detected meets the preset trigger condition, the information transmission on the 2M communication channel is automatically blocked or abnormal notification information is sent.
Optionally, the network security monitoring device compares the data message to be detected with a private compliant communication protocol message format, and if a preset trigger condition is met, automatically blocks information transmission on the 2M communication channel or sends abnormal notification information.
Optionally, the network security monitoring device compares each byte of the data packet to be detected with the set trigger byte, and if a preset trigger condition is met, automatically blocks information transmission on the 2M communication channel or sends abnormal notification information.
To sum up, in the embodiment of the present disclosure, a network security monitoring device is connected in parallel to a 2M communication channel between stability control systems, the network security monitoring device receives a data packet to be detected transmitted on the 2M communication channel, and when the data packet to be detected meets a preset trigger condition, the information transmission on the 2M communication channel is automatically blocked or abnormal notification information is sent; the problem that a power supply or a load is mistakenly switched by a stability control device to cause a power grid accident due to the fact that a communication channel between stability control stations is illegally invaded and a control instruction is issued in the related technology is solved, and the safety of communication between the stability control stations is improved.
The embodiment of the disclosure also connects the network security monitoring device in parallel to the 2M communication channel between the stable control systems, receives the data flow of the 2M communication channel in one way to realize the monitoring of the data message to be detected, and does not send any information to the channel where the data message is located, thereby avoiding affecting the normal operation of the original stable control system. In addition, the access mode adopting the parallel connection has the advantages that when the network safety monitoring equipment runs abnormally or stops working after power failure, the information transmission path of the original stable control system cannot be interrupted, and the channel where the stable control system is accessed cannot be influenced.
Referring to fig. 3, a flowchart of a monitoring method for improving communication security between stable control system stations according to another exemplary embodiment of the present disclosure is shown, and this embodiment is illustrated by using the method in the network security monitoring device 14 connected in parallel to a 2M communication channel between stable control system stations shown in fig. 1. The method comprises the following steps.
Step 301, receiving a data message to be detected transmitted on a 2M communication channel.
Optionally, the network security monitoring device unidirectionally receives the data message to be detected transmitted on the 2M communication channel in real time.
It should be noted that, for the process of receiving the data packet to be detected transmitted on the 2M communication channel, the network security monitoring device may refer to the relevant details in the foregoing embodiments, and details are not described here again.
Step 302, determining whether the data packet to be detected meets a preset trigger condition.
The network safety monitoring equipment judges whether the data message to be detected meets a preset trigger condition. The preset trigger condition is used for indicating that the data message to be detected is an illegal message.
The preset trigger condition is that a setting value is preset for each byte of the data message to be detected. Optionally, at least one of four independent setting values, namely a positive setting value, a negative setting value, a positive and negative code check value, and an accumulation and check value, is set for each byte of the data packet to be detected in advance, and the setting value is hexadecimal.
In an illustrative example, a setting value is set in advance for each byte of the data packet to be detected, and the setting mode is shown in table one. In the first table, a positive setting value, a negative setting value, a positive and negative code check value, an accumulation sum check value, and a positive and negative code check value are set in advance for n bytes of a data message to be detected, where n is a positive integer and "X" is used to represent any possible value.
Watch 1
Figure BDA0002420075060000091
Figure BDA0002420075060000101
The preset trigger condition comprises at least one of a positive trigger comparison condition, a negative trigger comparison condition, a positive and negative code check exception trigger condition and an accumulation and check exception trigger condition. Namely, the network security monitoring device judges whether the data message to be detected meets the preset trigger condition, including: the network safety monitoring equipment judges whether the data message to be detected meets at least one of a positive trigger comparison condition, a negative trigger comparison condition, a positive and negative code check abnormity trigger condition and an accumulation and check abnormity trigger condition.
The positive trigger comparison condition or the negative trigger comparison condition is used for identifying the correctness of the data message feature code, the address of the station, the address of the opposite station and the like; the positive and negative code check abnormal triggering condition is used for identifying the legality of control commands such as a cut load, a cutter and the like; the accumulation and check abnormal triggering conditions are used for identifying the integrity of the data message to be detected.
In one possible implementation, the positive trigger comparison condition is implemented by setting a setting value "positive value", and the positive trigger comparison condition includes: and the byte corresponding to the data message to be detected is equal to the set positive trigger byte.
Optionally, the positive trigger comparison condition includes: at least one byte in the data message to be detected is equal to the corresponding positive trigger byte; or the first preset number of bytes in the data message to be detected is equal to the respective corresponding positive trigger bytes; or, each byte in the data to be detected is equal to the corresponding positive trigger byte.
At least one byte in the data message to be detected is equal to the corresponding positive trigger byte, and the method comprises the following steps: one byte in the data to be detected is equal to the corresponding positive trigger byte, or a plurality of bytes in the data to be detected are equal to the respective corresponding positive trigger bytes.
The first preset number of bytes in the data message to be detected is equal to the respective corresponding positive trigger bytes, and the method comprises the following steps: the data message to be detected has a first preset number of bytes equal to the respective positive trigger bytes. The first preset number is a default set or a self-defined set numerical value. For example, the first preset number is 5. This embodiment is not limited thereto.
The positive trigger comparison condition includes that any byte in the data packet to be detected is equal to the corresponding positive trigger byte, a corresponding positive value is set for each byte in the data packet to be detected in advance, the positive value includes a first indication byte and a positive trigger byte, and the first indication byte corresponding to the byte is used for indicating whether to start the positive trigger comparison logic of the byte.
Optionally, the positive value includes a first indication byte and a two-bit positive trigger byte, where the first indication byte is used to indicate to turn on the positive trigger comparison logic of the corresponding byte when the first indication byte is a first value, and the first indication byte is used to indicate to turn off the positive trigger comparison logic of the corresponding byte when the first indication byte is a second value, where the first value is different from the second value. For example, the first value is 1 and the second value is 0. This embodiment is not limited thereto.
In an illustrative example, when a positive value corresponding to one byte in a data message to be detected is set to be "1 XX", a first indication byte in the positive value "1 XX" is "1" for indicating positive trigger comparison logic for turning on the byte, that is, comparing the byte with a positive trigger byte "XX" in the positive value, and when the byte is equal to the positive trigger byte "XX" in the positive value, determining that a positive trigger comparison condition is satisfied; when this byte is not equal to the positive trigger byte "XX" in a positive value, it is determined that the positive trigger comparison condition is not satisfied. When the positive value corresponding to one byte in the data packet to be detected is set to "0 XX", the first indication byte in the positive value "0 XX" is "0" for indicating that the positive trigger comparison logic of the byte is closed.
In another possible implementation manner, the negative trigger comparison condition is completed by setting a setting value "negative value", and the negative trigger comparison condition includes: and the byte corresponding to the data message to be detected is equal to the set negative trigger byte.
Optionally, the negative trigger comparison condition includes: at least one byte in the data message to be detected is not equal to the corresponding negative trigger byte; or the second preset number of bytes in the data message to be detected is not equal to the respective corresponding negative trigger bytes; or each byte in the data to be detected is not equal to the corresponding negative trigger byte.
At least one byte in the data message to be detected is not equal to the corresponding negative trigger byte, and the method comprises the following steps: one byte in the data to be detected is not equal to the corresponding negative trigger byte, or a plurality of bytes in the data to be detected are not equal to the respective corresponding negative trigger bytes.
The second preset number of bytes in the data message to be detected is not equal to the respective corresponding negative trigger bytes, and the method comprises the following steps: the data message to be detected has the second preset number of bytes which are not equal to the negative trigger bytes corresponding to the second preset number of bytes. The second preset number is set by default or by self-definition. For example, the second preset number is 5. This embodiment is not limited thereto.
Explaining by taking the example that the negative trigger comparison condition includes that any byte in the data message to be detected is not equal to the corresponding negative trigger byte, a corresponding negative value is set for each byte in the data message to be detected in advance, the negative value corresponding to the byte includes a second indication byte and a negative trigger byte, and the second indication byte is used for indicating whether to start the negative trigger comparison logic of the byte.
Optionally, the negative value includes a first indication byte and a two-bit negative trigger byte, where the first indication byte is used to indicate to turn on the negative trigger comparison logic of the corresponding byte when the first indication byte is a first value, and the second indication byte is used to indicate to turn off the negative trigger comparison logic of the corresponding byte when the first indication byte is a second value, where the first value is different from the second value. For example, the third value is 1 and the fourth value is 0. This embodiment is not limited thereto.
In an illustrative example, when a negative value corresponding to one byte in a data packet to be detected is set to be "1 XX", a second indication byte in the negative value "1 XX" is "1" for indicating to turn on the negative trigger comparison logic of the byte, that is, the negative trigger byte "XX" in the negative value of the byte is compared, and when the negative trigger byte "XX" in the negative value of the byte is not equal, it is determined that a negative trigger comparison condition is satisfied; when the negative trigger byte "XX" in the byte negative determination value is equal, it is determined that the negative trigger comparison condition is not satisfied. When the negative value corresponding to one byte in the data packet to be detected is set to "0 XX", the second indication byte in the negative value "0 XX" is "0" for indicating that the negative trigger comparison logic of the byte is closed.
In another possible implementation manner, the positive and negative code check exception triggering condition is completed by setting a setting value "positive and negative code check value", and the positive and negative code check exception triggering condition includes: and the positive and negative code check of the target byte in the data message to be detected fails, wherein the target byte is at least two specified bytes participating in the positive and negative code check.
The method includes the steps of setting a corresponding positive and negative code check value for each byte in a data message to be detected in advance, wherein the positive and negative code check value corresponding to the byte includes a third indication byte and a check trigger byte, and the third indication byte is used for indicating whether the byte participates in the positive and negative code check.
Optionally, the positive and negative code check value includes a first third indication byte and a second check trigger byte, where the third indication byte is used to indicate that the corresponding byte participates in the positive and negative code check when the third indication byte is a fifth numerical value, and the third indication byte is used to indicate that the corresponding byte does not participate in the positive and negative code check when the third indication byte is a sixth numerical value, where the fifth numerical value is different from the sixth numerical value. For example, the fifth value is 1, and the sixth value is 0. This embodiment is not limited thereto.
Optionally, when the positive and negative code check values corresponding to two bytes in the data packet to be detected are used to indicate that the two bytes both participate in the positive and negative code check, and the check trigger bytes corresponding to the two bytes are equal, it is determined that the two bytes are matched for the positive and negative code check, and when the sum of the values of the two bytes is not equal to the preset value, it is determined that the abnormal trigger condition for the positive and negative code check is satisfied. And when the sum of the numerical values of the two bytes is equal to a preset numerical value, determining that the positive and negative code check exception triggering condition is not met.
The preset value is set by default or by self-definition. This embodiment is not limited thereto.
In an illustrative example, when a positive and negative code check value corresponding to one byte in a data message to be detected is set to be "1 XX", and a positive and negative code check value corresponding to another byte is set to be "1 XX", a third indication byte in the positive and negative code check value "1 XX" is used for indicating that the corresponding byte participates in the positive and negative code check, when the two bytes both participate in the positive and negative code check and the check trigger bytes "XX" corresponding to the two bytes are equal to each other, it is determined that the two bytes are matched for the positive and negative code check, and when the sum of the numerical values of the two bytes is not equal to a preset numerical value "FF", it is determined that the positive and negative code check abnormal trigger condition is satisfied; when the sum of the numerical values of the two bytes is equal to a preset numerical value 'FF', the condition that the positive and negative code check abnormity triggering condition is not met is determined. When the positive and negative code check value corresponding to one byte in the data packet to be detected is set to be "0 XX", a third indication byte in the positive and negative code check value "0 XX" is "0" and is used for indicating that the corresponding byte does not participate in the positive and negative code check.
In another possible implementation manner, the accumulation and verification exception triggering condition is completed by setting a setting value "accumulation and verification value", and the accumulation and verification exception triggering condition includes: the numerical value of the sum check byte in the data message to be detected is unequal to the calculated target accumulation sum, the numerical value of the sum check byte is the accumulation sum of the numerical values of a plurality of bytes obtained through pre-calculation, and the target accumulation sum is the sum obtained by accumulating the numerical values of all the bytes appointed to participate in the sum check after receiving the data message to be detected and ignoring carry.
Optionally, the data packet to be detected includes a checksum byte, the value of the checksum byte is an accumulated sum obtained by pre-calculation, and the target accumulated sum is an accumulated sum obtained by re-settlement after receiving the data packet to be detected. The data to be detected is added to the data to be detected as the number of the sum check byte, so that the data to be detected carries the sum check byte. After the data message to be detected is received, recalculating the numerical values of the bytes appointed to participate in the sum check in the data message to be detected, namely recalculating the accumulation of neglected carry again to obtain a target accumulation sum, comparing the numerical value of the sum check byte in the data message to be detected with the recalculated target accumulation sum, and determining that the accumulation sum check abnormal triggering condition is met when the numerical value of the sum check byte is not equal to the target accumulation sum. And when the value of the sum check byte is equal to the target accumulation sum, determining that the accumulation sum check exception triggering condition is not met.
And setting a corresponding accumulation and check value for each byte in the data message to be detected in advance, wherein the accumulation and check value corresponding to the byte is used for indicating whether the byte participates in accumulation and check. And when the accumulation and check value is an eighth value, the byte is indicated not to participate in the accumulation and check, and the seventh value is different from the eighth value. For example, the seventh value is 1 and the eighth value is 0. This embodiment is not limited thereto.
And each byte appointed to participate in the sum check in the data message to be detected is each byte of which the accumulated sum check value is the seventh numerical value in the data message to be detected.
In an illustrative example, the data message to be detected includes a sum check byte with a value of "XX", the sum check byte with an accumulated sum check value of "1" in the data message to be detected is accumulated while omitting carry to obtain a target accumulated sum, the value "XX" of the sum check byte in the data message to be detected is compared with the recalculated target accumulated sum, and when the value "XX" of the sum check byte is not equal to the target accumulated sum, it is determined that an accumulation and check exception triggering condition is satisfied. When the value "XX" of the sum check byte is equal to the target accumulation sum, it is determined that the accumulation sum check exception triggering condition is not satisfied.
And 303, automatically blocking information transmission on the 2M communication channel or sending abnormal notification information when the data message to be detected meets a preset trigger condition.
When the data message to be detected meets a preset trigger condition, the network safety monitoring equipment automatically blocks information transmission on the 2M communication channel or sends abnormal notification information; and when the data message to be detected does not meet the preset triggering condition, ending the process.
In a possible implementation manner, when the data message to be detected meets at least one of a positive trigger comparison condition, a negative trigger comparison condition, a positive and negative code check exception trigger condition, and an accumulation and check exception trigger condition, automatically blocking information transmission on the 2M communication channel or sending exception notification information; otherwise, the flow ends.
In another possible implementation manner, when the data message to be detected simultaneously meets the positive trigger comparison condition, the negative trigger comparison condition, the positive and negative code check abnormal trigger condition, and the accumulation and check abnormal trigger condition, the information transmission on the 2M communication channel is automatically blocked or abnormal notification information is sent; otherwise, the flow ends. This embodiment is not limited thereto.
The following description will only take the example of automatically blocking information transmission or sending abnormal notification information on the 2M communication channel when the data packet to be detected simultaneously satisfies the positive trigger comparison condition, the negative trigger comparison condition, the positive and negative code check abnormal trigger condition, and the accumulation and check abnormal trigger condition.
Optionally, when the data packet to be detected meets a preset trigger condition, transmitting a locking device signal to the stability control device through the hard node, where the locking device signal is used to instruct the stability control device to refuse to receive and process information transmitted on the 2M communication channel; and/or triggering the monitoring system to send abnormal alarm information through a hard node or a preset communication protocol.
In a possible implementation manner, the network security monitoring device transmits a locking device signal to a stability control device in the plant station through the hard node, and when the stability control device receives the locking device signal, the network security monitoring device does not receive and process information transmitted to the stability control device on the 2M communication channel.
In another possible implementation manner, the network security monitoring device triggers a monitoring system in the plant station to send abnormal alarm information through a hard node or a preset communication protocol, wherein the abnormal alarm information is used for reminding field operation and maintenance maintainers to carry out risk troubleshooting and elimination. For example, the preset communication protocol is a 61850 communication protocol.
Optionally, the network security monitoring device sends the abnormal alarm information to the network security monitoring system through a scheduling data network according to a preset communication protocol.
And step 304, storing the data content and the time identification corresponding to each of the multiple frames of data in the target time period.
The network safety monitoring equipment stores data records of multi-frame data frames in a target time period, wherein the data records of the multi-frame data frames comprise data contents and time identifications corresponding to the multi-frame data frames respectively.
The target time period is a time period between a first time before the trigger time and a second time after the trigger time, and the trigger time is a time when a data frame meeting a preset trigger condition is received.
Optionally, the target time period is a time period between a first time and a second time, the first time is earlier than the trigger time and an absolute value of a difference between the first time and the trigger time is a first time difference threshold, and the second time is later than the trigger time and an absolute value of a difference between the second time and the trigger time is a second time difference threshold. In this embodiment, specific values of the first time difference threshold and the second time difference threshold are not limited.
The network safety monitoring equipment records and stores multi-frame data frames in a target time period, and adds time identification to each frame of the recorded multi-frame data frames. The time identifier of the data frame is used for indicating the time when the network security monitoring device receives the data frame.
In consideration of the fact that more data are stored by using a limited storage space, and the storage space needs to store data when a preset trigger condition occurs, the following data trigger storage scheme is adopted in the embodiment of the disclosure. When the triggering process is not started, triggering data storage when the network safety monitoring equipment receives a data frame meeting a preset triggering condition at a triggering moment, wherein the triggering moment is the moment, and recording the data record of the multi-frame data frame in a target time period corresponding to the triggering moment. And if the data frame meeting the trigger condition setting and different from the data frame received at the previous time is received within a preset trigger time period after the trigger time, restarting the trigger, re-determining the trigger time, and recording the data record of the multi-frame data frame within a target time period corresponding to the trigger time. And if the data frame meeting the preset trigger condition is not received within the preset trigger time period after the trigger moment, finishing the trigger recording process, and storing the data record of the recorded multi-frame data frame to the memory card.
In an illustrative example, as shown in fig. 4, when the triggering process is not started, the network security monitoring device triggers data storage when receiving a data frame meeting a preset triggering condition at time t0, determines the triggering time as time t0, and records and stores a data record of a 200 frame data frame before time t0 and a data record of a data frame received 1 second after time t0, that is, a data record of a multi-frame data frame received between time t1 and time t 2. If the data frame meeting the trigger condition setting is received within 5 seconds after the time t0, namely the data frame meeting the trigger condition setting and different from the data frame received at the previous time is received at the time t3, restarting the trigger, re-determining the trigger time as the time t3, and recording the data records of the 200 frame data frame before the time t3 and the multi-frame data frame 1 second after the time t 3; and if the data frame meeting the preset trigger condition is not received within 5 seconds after the time t0, triggering the end of the recording process at the time t4 which is 5 seconds after the time t0, and storing the data record of the recorded multi-frame data frame into the memory card.
At most 50000 data frames can be stored in the trigger record of each record file in the memory card, and the data recording time which can be stored is 50000 x 1.667 ms-83.35 s according to the data transmission cycle of 1.667 ms. If the recording data of one recording file reaches the upper limit and the start triggering data recording process is not finished yet, the recording process of the next recording file is carried out, and each channel has 256 data recording files at most. When the number of data records is greater than the preset storage number, the earliest record can be automatically deleted.
Optionally, when the number of data records in the memory card is greater than the preset storage number, the plurality of data records in the memory card are sorted according to the time identifier in the data records, and the data records that are located in the first k after sorting are deleted, where k is a positive integer.
The preset storage number is set by default or by self-definition. For example, the preset storage number is 256. This embodiment is not limited thereto.
In summary, the embodiment of the present disclosure adds the high-precision time identifier to each frame of data when recording and storing, that is, stores the data content and the time identifier corresponding to each frame of data in the target time period, so as to accurately analyze the network attack occurrence process in the following process.
The following are embodiments of the apparatus of the embodiments of the present disclosure, and for portions of the embodiments of the apparatus not described in detail, reference may be made to technical details disclosed in the above-mentioned method embodiments.
Referring to fig. 5, a schematic structural diagram of a monitoring apparatus for improving inter-station communication security of a stability control system according to an exemplary embodiment of the present disclosure is shown. The monitoring device for improving the communication safety between the stable control systems can be realized by software, hardware and the combination of the software and the hardware to be all or part of network safety monitoring equipment, and the network safety monitoring equipment is connected in parallel with a 2M communication channel between the stable control systems. The device includes: a receiving module 510 and a processing module 520.
A receiving module 510, configured to receive a data packet to be detected transmitted on a 2M communication channel;
the processing module 520 is configured to automatically block information transmission on the 2M communication channel or send an abnormal notification message when the data packet to be detected meets a preset trigger condition, where the preset trigger condition is used to indicate that the data packet to be detected is an illegal packet.
In one possible implementation, the presetting of the trigger condition includes:
at least one byte in the data message to be detected is equal to the corresponding positive trigger byte; alternatively, the first and second electrodes may be,
the first preset number of bytes in the data message to be detected is equal to the respective corresponding positive trigger bytes; alternatively, the first and second electrodes may be,
each byte in the data message to be detected is equal to the corresponding positive trigger byte.
In another possible implementation manner, the preset triggering condition includes:
at least one byte in the data message to be detected is not equal to the corresponding negative trigger byte; alternatively, the first and second electrodes may be,
the bytes of the second preset number in the data message to be detected are not equal to the negative trigger bytes corresponding to the bytes; alternatively, the first and second electrodes may be,
each byte in the data message to be detected is not equal to the corresponding negative trigger byte.
In another possible implementation manner, the preset triggering condition includes:
and the positive and negative code check of the target byte in the data message to be detected fails, wherein the target byte is at least two specified bytes participating in the positive and negative code check.
In another possible implementation manner, the preset triggering condition includes:
the numerical value of the sum check byte in the data message to be detected is unequal to the calculated target accumulation sum, and the target accumulation sum is obtained by accumulating the numerical values of all bytes appointed to participate in the sum check in the data message to be detected by ignoring carry.
In another possible implementation manner, the processing module 520 is further configured to:
when the data message to be detected meets a preset trigger condition, transmitting a locking device signal to a stability control device through a hard node, wherein the locking device signal is used for indicating the stability control device to refuse to receive information transmitted on a 2M communication channel; and/or triggering the in-station monitoring system to send abnormal alarm information through a hard node or a preset communication protocol.
In another possible implementation manner, the apparatus further includes: the storage module is used for storing the data content and the time identification which correspond to each of the multi-frame data frames in the target time period;
the target time period is a time period between a first time before the trigger time and a second time after the trigger time, and the trigger time is a time when a data frame meeting a preset trigger condition is received.
It should be noted that, when the apparatus provided in the foregoing embodiment implements the functions thereof, only the division of the above functional modules is illustrated, and in practical applications, the above functions may be distributed by different functional modules according to actual needs, that is, the content structure of the device is divided into different functional modules, so as to complete all or part of the functions described above.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The embodiment of the present disclosure further provides a network security monitoring device, which is connected in parallel to the inter-station 2M communication channel of the stability control system, and the network security monitoring device includes: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to: the steps executed by the network security monitoring equipment in the above method embodiments are realized.
The disclosed embodiments also provide a non-transitory computer-readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the methods in the various method embodiments described above.
The present disclosure may be systems, methods, and/or computer program products. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for causing a processor to implement various aspects of the present disclosure.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations of the present disclosure may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, the electronic circuitry that can execute the computer-readable program instructions implements aspects of the present disclosure by utilizing the state information of the computer-readable program instructions to personalize the electronic circuitry, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA).
Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (10)

1. A monitoring method for improving communication safety between stable control system stations is characterized in that the monitoring method is used in network safety monitoring equipment connected in parallel with 2M communication channels between the stable control system stations, and the method comprises the following steps:
receiving a data message to be detected transmitted on a 2M communication channel;
and when the data message to be detected meets a preset trigger condition, automatically blocking information transmission on a 2M communication channel or sending abnormal notification information, wherein the preset trigger condition is used for indicating that the data message to be detected is an illegal message.
2. The method of claim 1, wherein the preset trigger condition comprises:
at least one byte in the data message to be detected is equal to the corresponding positive trigger byte; alternatively, the first and second electrodes may be,
the first preset number of bytes in the data message to be detected is equal to the respective corresponding positive trigger bytes; alternatively, the first and second electrodes may be,
and each byte in the data message to be detected is equal to the corresponding positive trigger byte.
3. The method of claim 1, wherein the preset trigger condition comprises:
at least one byte in the data message to be detected is not equal to the corresponding negative trigger byte; alternatively, the first and second electrodes may be,
the bytes of the second preset number in the data message to be detected are not equal to the negative trigger bytes corresponding to the bytes respectively; alternatively, the first and second electrodes may be,
each byte in the data message to be detected is not equal to the corresponding negative trigger byte.
4. The method of claim 1, wherein the preset trigger condition comprises:
and the positive and negative code check of a target byte in the data message to be detected fails, wherein the target byte is at least two specified bytes participating in the positive and negative code check.
5. The method of claim 1, wherein the preset trigger condition comprises:
the data message to be detected is received, and the data message to be detected is subjected to data transmission and data transmission, wherein the data message to be detected is subjected to data transmission and data transmission, and the data message to be detected is subjected to data transmission and data transmission.
6. The method according to any one of claims 1 to 5, wherein the automatically blocking information transmission or sending abnormal notification information on the 2M communication channel when the data packet to be detected meets a preset trigger condition includes:
when the data message to be detected meets the preset triggering condition, transmitting a locking device signal to a stable control device through a hard node, wherein the locking device signal is used for indicating the stable control device to refuse to receive the information transmitted on the 2M communication channel; and/or triggering the monitoring system to send abnormal alarm information through a hard node or a preset communication protocol.
7. The method of any of claims 1 to 5, further comprising:
storing data content and time identification corresponding to each of multiple frames of data frames in a target time period;
the target time period is a time period between a first time before a trigger time and a second time after the trigger time, and the trigger time is a time when a data frame meeting the preset trigger condition is received.
8. A monitoring device for improving communication safety between stable control system stations is characterized in that the monitoring device is used in network safety monitoring equipment connected in parallel with 2M communication channels between the stable control system stations, and the device comprises:
the receiving module is used for receiving the data message to be detected transmitted on the 2M communication channel;
and the processing module is used for automatically blocking information transmission on the 2M communication channel or sending abnormal notification information when the data message to be detected meets a preset trigger condition, wherein the preset trigger condition is used for indicating that the data message to be detected is an illegal message.
9. A network safety monitoring device is characterized in that the network safety monitoring device is connected in parallel with a 2M communication channel between stable control system stations, and the network safety monitoring device comprises: a processor; a memory for storing processor-executable instructions;
wherein the processor is configured to:
receiving a data message to be detected transmitted on a 2M communication channel;
and when the data message to be detected meets a preset trigger condition, automatically blocking information transmission on a 2M communication channel or sending abnormal notification information, wherein the preset trigger condition is used for indicating that the data message to be detected is an illegal message.
10. A non-transitory computer readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the method of any of claims 1 to 7.
CN202010203203.6A 2020-03-20 2020-03-20 Monitoring method for improving inter-station communication safety of stability control system Pending CN111367217A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010203203.6A CN111367217A (en) 2020-03-20 2020-03-20 Monitoring method for improving inter-station communication safety of stability control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010203203.6A CN111367217A (en) 2020-03-20 2020-03-20 Monitoring method for improving inter-station communication safety of stability control system

Publications (1)

Publication Number Publication Date
CN111367217A true CN111367217A (en) 2020-07-03

Family

ID=71209197

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010203203.6A Pending CN111367217A (en) 2020-03-20 2020-03-20 Monitoring method for improving inter-station communication safety of stability control system

Country Status (1)

Country Link
CN (1) CN111367217A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262210A (en) * 2015-09-21 2016-01-20 中国南方电网有限责任公司 System and method for analysis and early warning of substation network security
CN105306262A (en) * 2015-09-30 2016-02-03 国网湖北省电力公司 Anomaly detection method based on power system protocol
CN106302540A (en) * 2016-10-14 2017-01-04 国网浙江省电力公司绍兴供电公司 Communications network security detecting system based on substation information safety and method
KR101695958B1 (en) * 2016-04-18 2017-01-23 주식회사 나온웍스 Apparatus and method for securing commuication for electric power demand response system
CN107483444A (en) * 2017-08-22 2017-12-15 北京邮电大学 A kind of intelligent grid information transmission security protector and safety protecting method
CN108063753A (en) * 2017-11-10 2018-05-22 全球能源互联网研究院有限公司 A kind of information safety monitoring method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262210A (en) * 2015-09-21 2016-01-20 中国南方电网有限责任公司 System and method for analysis and early warning of substation network security
CN105306262A (en) * 2015-09-30 2016-02-03 国网湖北省电力公司 Anomaly detection method based on power system protocol
KR101695958B1 (en) * 2016-04-18 2017-01-23 주식회사 나온웍스 Apparatus and method for securing commuication for electric power demand response system
CN106302540A (en) * 2016-10-14 2017-01-04 国网浙江省电力公司绍兴供电公司 Communications network security detecting system based on substation information safety and method
CN107483444A (en) * 2017-08-22 2017-12-15 北京邮电大学 A kind of intelligent grid information transmission security protector and safety protecting method
CN108063753A (en) * 2017-11-10 2018-05-22 全球能源互联网研究院有限公司 A kind of information safety monitoring method and system

Similar Documents

Publication Publication Date Title
CA1204834A (en) Protocol for determining physical order of active stations on a token ring
CN108650140B (en) Automatic auxiliary analysis method and system for service fault of optical transmission equipment
CN109639503B (en) Abnormal message tracing implementation method based on substation process layer network equipment
CN110650060A (en) Processing method, equipment and storage medium for flow alarm
US11539607B2 (en) Detection block sending and receiving method, and network device and system
RU2526836C1 (en) Utility communication method and apparatus therefor
CN109728948B (en) Operation maintenance management information processing method and device
CN111130821B (en) Power failure alarm method, processing method and device
JP4413358B2 (en) Fault monitoring system and fault notification method
CN111182531A (en) Associated information backfilling method, device, equipment and storage medium
CN113572654B (en) Network performance monitoring method, network equipment and storage medium
CN107431655B (en) Method and apparatus for fault propagation in segment protection
CN110597226A (en) Abnormity early warning method and device for vehicle-mounted Ethernet
EP3767855A1 (en) Data transmission protection method, apparatus, and system, and computer readable storage medium
CN110113222B (en) Method and device for acquiring link bandwidth utilization rate and terminal
CN103297298A (en) Network storm real-time rapid detecting method used for intelligent substation
CN111367217A (en) Monitoring method for improving inter-station communication safety of stability control system
CN105610246A (en) Information redundancy based transformer substation information check and error correction method
CN107819591B (en) Data synchronization method, device, system and network equipment
CN101232404B (en) Remote network management method of EPON access system
US7843838B1 (en) Communication network route tracing
CN107395448B (en) 2M communication detection method and detection equipment
CN115694931A (en) Relay protection remote operation and maintenance intrusion prevention and detection method and system
WO1997050209A1 (en) A method for fault control of a telecommunications network and a telecommunications system
WO2018041275A1 (en) Fault determination and information sending methods and apparatuses, source end device, and sink end device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200703

RJ01 Rejection of invention patent application after publication