CN111563270A - Nuclear power plant digital security threat studying and judging system and method - Google Patents

Nuclear power plant digital security threat studying and judging system and method Download PDF

Info

Publication number
CN111563270A
CN111563270A CN202010241673.1A CN202010241673A CN111563270A CN 111563270 A CN111563270 A CN 111563270A CN 202010241673 A CN202010241673 A CN 202010241673A CN 111563270 A CN111563270 A CN 111563270A
Authority
CN
China
Prior art keywords
information
power plant
nuclear power
security
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010241673.1A
Other languages
Chinese (zh)
Inventor
王改霞
刘高俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China General Nuclear Power Corp
China Nuclear Power Engineering Co Ltd
CGN Power Co Ltd
Original Assignee
China General Nuclear Power Corp
China Nuclear Power Engineering Co Ltd
CGN Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China General Nuclear Power Corp, China Nuclear Power Engineering Co Ltd, CGN Power Co Ltd filed Critical China General Nuclear Power Corp
Priority to CN202010241673.1A priority Critical patent/CN111563270A/en
Publication of CN111563270A publication Critical patent/CN111563270A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention discloses a system and a method for studying and judging digital security threats of a nuclear power plant, wherein the system is applied to nuclear protection of the nuclear power plant by establishing a system for studying and judging the digital security threats of the nuclear power plant, and comprises a nuclear power plant physical protection platform, a threat studying and judging module and at least one functional module, wherein the functional module is correspondingly provided with a data acquisition device and corresponds to a target area in the nuclear power plant; the functional module is used for acquiring personnel and vehicle information of the nuclear power plant acquired by the data acquisition device; the system is also used for acquiring network information and communication flow information of the digital equipment in the target area; the nuclear power plant physical protection platform is used for storing personnel and vehicle information, network information and communication flow information; the threat studying and judging module is used for studying and judging the digital security threat of the nuclear power plant by carrying out correlation analysis on the collected related parameters through a digital technical means, so that the intrusion attack of the outside on network equipment and communication equipment of the nuclear power plant physical protection platform can be prevented.

Description

Nuclear power plant digital security threat studying and judging system and method
Technical Field
The invention relates to the field of nuclear protection of a nuclear power plant, in particular to a system and a method for researching and judging digital security threats of the nuclear power plant.
Background
In security of nuclear facilities and nuclear materials, efforts have been made to prevent theft or illegal transfer of nuclear materials to compromise the security of the nuclear; how to utilize entity barrier, detection delay technique and personnel's response ability to the nuclear power plant, prevent theft, robbery or illegal transfer nuclear material and destroy the safety precaution system of nuclear facility action to guarantee in the nuclear power plant material protection system from the threat of digital technologies such as equipment, network, communication to the material protection system, damage or influence the normal, stable operation of material protection system.
In the field of nuclear protection of the nuclear power plant at present, no related scheme is available in physical protection of the nuclear power plant to provide security protection guarantee for network and communication of digital equipment of a physical protection system in physical protection of the nuclear power plant. This makes possible enemy molecules or group partners of the nuclear power plant to invade the digital equipment of the nuclear power plant physical protection system, and the enemy molecules may use the means of network and communication technology to destroy the nuclear power plant physical protection system and interfere with the normal operation of the digital equipment of the nuclear power plant physical protection system.
Disclosure of Invention
The invention mainly aims to provide a system and a method for researching and judging digital security threats of a nuclear power plant, and aims to solve the technical problems that how to effectively prevent the nuclear power plant from being invaded by the outside and how to prevent digital equipment of a physical protection system in a nuclear power plant from being disturbed and damaged by the outside by using modern technology in the prior art.
The technical scheme provided by the invention for the technical problem is as follows:
the invention provides a nuclear power plant digital security threat studying and judging system, which comprises a nuclear power plant physical protection platform, a threat studying and judging module and at least one functional module, wherein the functional module is correspondingly provided with a data acquisition device, and the functional module corresponds to a target area in a nuclear power plant;
the functional module is used for acquiring personnel and vehicle information of the nuclear power plant acquired by the data acquisition device;
the functional module is further configured to acquire network information and communication traffic information of digital equipment of the physical protection system in the target area;
the nuclear power plant physical protection platform is in data docking with the functional module and is used for storing the personnel and vehicle information, the network information and the communication flow information transmitted by the functional module;
the threat studying and judging module is in data butt joint with the functional module and is used for studying and judging the digital security threat of the nuclear power plant according to the personnel and vehicle information, the network information and the communication flow information transmitted by the functional module.
Preferably, the function module comprises a database auditing module, a network flow monitoring module and a communication flow monitoring module;
the database auditing module is used for acquiring personnel and vehicle information in the nuclear power plant and transmitting the personnel and vehicle information to the nuclear power plant physical protection platform so that the nuclear power plant physical protection platform stores the personnel and vehicle information;
the database auditing module is also used for acquiring prestored historical registration information and carrying out consistency check on the personnel and vehicle information according to the historical registration information;
the network flow monitoring module is used for acquiring network information of digital equipment of a physical protection system in a target area of a nuclear power plant, detecting the abnormality of the network information, and transmitting the network information to the physical protection platform of the nuclear power plant so that the physical protection platform of the nuclear power plant stores the network information;
the communication flow monitoring module is used for acquiring communication flow information of digital equipment of a physical protection system in a target area of the nuclear power plant, detecting the abnormity of the communication flow information, and transmitting the communication flow information to the physical protection platform of the nuclear power plant, so that the physical protection platform of the nuclear power plant is used for storing the communication flow information.
Preferably, the personnel and vehicle information comprises personnel entry and exit registration information and vehicle passing information;
the system comprises a database audit module, a data processing module and a data processing module, wherein the database audit module is used for acquiring personnel access registration information and vehicle passing information in a nuclear power plant, and transmitting the personnel access registration information and the vehicle passing information to a physical protection platform of the nuclear power plant so that the physical protection platform of the nuclear power plant stores the personnel access registration information and the vehicle passing information;
the database auditing module is also used for acquiring pre-stored historical registration information and carrying out consistency check on the access registration information and the vehicle passing information according to the historical registration information.
Preferably, the functional module further comprises an access right detection module;
the access authority detection module is used for acquiring current position information of different employees in a target area in the nuclear power plant, extracting prestored employee authority information from the database audit module, and checking the access consistency of the employees according to the current position information and the employee authority information.
Preferably, the functional module further comprises a security module, the security module is respectively connected with the database audit module, the network flow monitoring module and the communication flow monitoring module, and the security module corresponds to a security area in the nuclear power plant;
the database auditing module is also used for acquiring personnel and vehicle information in a security area corresponding to the security module and sending the personnel and vehicle information in the security area to the security module;
the network flow monitoring module is also used for acquiring the network information of the digital equipment of the physical protection system in the security area and transmitting the network information of the digital equipment of the physical protection system in the security area to the security module;
the communication flow monitoring module is further used for acquiring communication flow information of the digital equipment of the physical protection system in the security area and transmitting the communication flow information of the digital equipment of the physical protection system in the security area to the security module;
the security module is used for performing correlation analysis on the personnel and vehicle information, the network information and the communication flow information of the security area to obtain a security analysis result of the security area, and transmitting the security analysis result of the security area to the threat studying and judging module, so that the threat studying and judging module conducts studying and judging on the digital security threat in the nuclear power plant according to the security analysis result of the security area.
Preferably, the security module comprises at least one of a ground security module, an underground security module, an underwater security module and an aerial security module, and the security area comprises at least one of a ground security area, an underground security area, an underwater security area and an aerial security area;
the ground security module corresponds to the ground security area, the underground security module corresponds to the underground security area, the underwater security module corresponds to the underwater security area, and the aerial security module corresponds to the aerial security area.
Preferably, the threat studying and judging module is further configured to correlate the security analysis result of the ground security area, the security analysis result of the underground security area, the security analysis result of the underwater security area, and the security analysis result of the aerial security area, so as to study and judge the digital security threat in the nuclear power plant.
In addition, in order to solve the above technical problem, the present invention further provides a method for studying and judging a digital security threat of a nuclear power plant, wherein the nuclear power plant digital includes a plurality of target areas, and the method for studying and judging the digital security threat of the nuclear power plant includes:
acquiring personnel and vehicle information of a nuclear power plant;
acquiring network information and communication flow information of digital equipment of the physical protection system in different target areas;
storing the personnel and vehicle information, the network information and the communication flow information;
and studying and judging the digital security threat of the nuclear power plant according to the personnel and vehicle information, the network information and the communication flow information.
Preferably, the personnel and vehicle information comprises personnel entry and exit registration information and vehicle passing information;
correspondingly, the step of obtaining personnel and vehicle information of the nuclear power plant specifically comprises:
acquiring personnel access registration information and vehicle passing information of a nuclear power plant;
acquiring pre-stored history registration information, and performing consistency check on the access registration information and the vehicle passing information according to the history registration information to obtain a first check result;
correspondingly, the step of acquiring the network information and the communication traffic information of the digital devices of the physical protection system in different target areas specifically includes:
acquiring network information and communication flow information of digital equipment of a real object protection system in different target areas, and detecting the abnormality of the network information and the communication flow information to obtain a second check result;
and when the first check result and the second check result simultaneously meet preset conditions, executing the step of storing the personnel vehicle information, the network information and the communication flow information.
Preferably, before the step of saving the human vehicle information, the network information, and the communication traffic information is performed when the first verification result and the second verification result simultaneously satisfy a preset condition, the method further includes:
acquiring current position information of each employee in different target areas;
pre-stored employee authority information is extracted, and the access consistency of each employee is verified according to the current position information and the employee authority information to obtain a third verification result;
correspondingly, when the first verification result and the second verification result simultaneously satisfy a preset condition, the step of storing the personal vehicle information, the network information, and the communication traffic information is executed, which specifically includes:
and when the first check result, the second check result and the third check result simultaneously meet preset conditions, executing the step of storing the personnel vehicle information, the network information and the communication flow information.
The technical scheme provided by the invention has the beneficial effects that: the system is applied to nuclear protection of a nuclear power plant by establishing a digital security threat studying and judging system of the nuclear power plant, and comprises a nuclear power plant physical protection platform, a threat studying and judging module and at least one functional module, wherein the functional module is correspondingly provided with a data acquisition device, and the functional module corresponds to a target area in the nuclear power plant; the system collects relevant parameters of different target areas in a nuclear power plant, each target area is correspondingly provided with a functional module and a data collecting device, the parameters comprise personnel and vehicle information of the nuclear power plant, network information and communication flow information of digital equipment of a physical protection system in the target area, correlation analysis is carried out on the collected parameters through a digital technical means to study and judge the digital security threat of the nuclear power plant, and then intrusion attack on the network equipment and the communication equipment of a physical protection platform of the nuclear power plant from the outside can be prevented.
Drawings
Fig. 1 is a schematic structural diagram of a nuclear power plant digital security threat studying and judging system according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a first embodiment of a system for studying and judging digital security threats of a nuclear power plant according to the first embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a first embodiment of a system for studying and judging digital security threats of a nuclear power plant according to the first embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an embodiment of a security module of the nuclear power plant digital security threat studying and judging system according to the present invention;
fig. 5 is a schematic flow chart of an embodiment of a method for studying and judging a digital security threat of a nuclear power plant according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In order to solve the technical defects of nuclear protection of a nuclear power plant in the prior art, the invention aims to provide a system and a method for researching and judging the digital security threat of the nuclear power plant, and the core idea is as follows: the method is characterized in that a research and judgment system for preventing digital technical means from invading and attacking is established and applied to nuclear protection of a nuclear power plant, relevant parameters of different target areas in the nuclear power plant are collected, each target area is correspondingly provided with a functional module and a data collection device, the parameters comprise personnel and vehicle information of the nuclear power plant, network information and communication flow information of digital equipment of a physical protection system in the target area, the collected parameters are subjected to correlation analysis through digital technical means to research and judge digital security threats of the nuclear power plant, and then the invasion attack of the outside on the network equipment and the communication equipment of a physical protection platform of the nuclear power plant can be prevented.
Example one
The embodiment of the invention provides a digital security threat studying and judging system of a nuclear power plant physical protection system, referring to fig. 1, wherein fig. 1 is a schematic diagram of a system overall structure of the embodiment of the invention, and the digital security threat studying and judging system of the nuclear power plant physical protection system comprises: the system comprises a nuclear power plant physical protection platform 01, a threat studying and judging module 02 and at least one functional module 03, wherein the functional module 03 is correspondingly provided with a data acquisition device 04, and the functional module 03 corresponds to a target area which can be reached by an in-nuclear power plant physical protection system;
it should be noted that the data acquisition device 04 of the present embodiment has a specially developed third party communication interface; the functional module 03 is further configured to acquire network information, communication flow information, abnormal behavior information, and the like of the digital device of the physical protection system in the target area, and in a specific implementation, the data acquisition device 04 acquires log data of the digital system and the network device in the target area where the functional module 03 is located, that is, acquires network information, communication flow information, abnormal behavior information, and the like of the digital device of the physical protection system in the target area, and then the functional module 03 acquires the network information, the communication flow information, the abnormal behavior information, and the like of the digital device of the physical protection system in the target area, and then transmits the network information, the communication flow information, the abnormal behavior information, and the like to the physical protection platform 01 of the nuclear power plant and the threat studying and judging module 02.
The functional module 03 is used for acquiring personnel and vehicle information of the nuclear power plant acquired by the data acquisition device; in a specific implementation, the data acquisition device 04 acquires the personnel and vehicle information of a corresponding target area in the nuclear power plant in a bypass real-time copying manner, then the functional module 03 corresponding to the target area acquires the personnel and vehicle information in the target area acquired by the data acquisition device 04, and then transmits the personnel and vehicle information to the nuclear power plant physical protection platform 01 and the threat studying and judging module 02; it should be noted that, the target area corresponding to the data acquisition device for acquiring the personnel and vehicle information may be a plant doorway area of the nuclear power plant.
The nuclear power plant physical protection platform 01 is in data docking with the functional module 03 and is used for storing the personnel and vehicle information, the network information, the communication flow information, the abnormal behavior information and the like transmitted by the functional module;
the threat studying and judging module 02 is in data butt joint with the functional module 03 and is used for studying and judging the digital security threat of the nuclear power plant according to the personnel and vehicle information transmitted by the functional module, the network information, the communication flow information, the abnormal behavior information and the like, namely, the nuclear power plant of the embodiment can monitor the running states of the network equipment and the core equipment of the system through a network monitoring technology in the internal network space of the power station on the basis of the workflow of the network data of the service system and through auditing the network data messages, and further can effectively prevent the digital equipment of the physical protection system in the nuclear power plant from being interfered and attacked by the outside by utilizing a digital technical means.
In this embodiment, preferably, the physical protection platform 01 of the nuclear power plant carries a data integration interaction device to receive the personnel and vehicle information transmitted by the functional module 03, the network information and the communication traffic information of the digital device of the physical protection system, the abnormal behavior information, and the like. The threat studying and judging module 02 also receives the personnel and vehicle information transmitted by the functional module 03, the network information and the communication flow information of the digital equipment of the physical protection system, the abnormal behavior information and the like by carrying a data integration interaction device.
The nuclear power plant physical protection platform 01 is in data docking with the functional module 03 and is used for storing the personnel and vehicle information, the network information and the communication flow information transmitted by the functional module; the threat studying and judging module 02 is in data docking with the functional module 03 and is used for studying and judging the digital security threat of the nuclear power plant according to the personnel and vehicle information, the network information and the communication flow information transmitted by the functional module.
The big data analysis method is adopted to perform data screening, data understanding, data cleaning and data extraction on a large amount of collected log data and network flow data, preprocess logs of various application systems and equipment, and extract unknown but potentially useful information and traces in the logs to perform event analysis. The method and the device realize collection, storage, vulnerability diagnosis, threat study and judgment, threat assessment, threat early warning and threat response handling of the network and communication data of the nuclear power plant physical protection system, thereby ensuring that each function of the nuclear power plant physical protection system can normally and stably operate.
Further, referring to fig. 2, fig. 2 is a schematic structural diagram of another system embodiment of the nuclear power plant digital security threat studying and judging system according to the first embodiment of the present invention, in this embodiment, the functional module 03 includes a database audit module 031, a network traffic monitoring module 032, and a communication traffic monitoring module 033;
the database audit module 031 is configured to acquire personnel and vehicle information in a nuclear power plant, and transmit the personnel and vehicle information to the nuclear power plant physical protection platform, so that the nuclear power plant physical protection platform stores the personnel and vehicle information; the database audit module 031 is further configured to obtain pre-stored history registration information, and perform consistency check on the personnel and vehicle information according to the history registration information;
it should be noted that the information of the personnel and the vehicle in the embodiment includes two kinds of data, i.e., information of the personnel entry and exit registration and the vehicle passing information;
the acquisition of the person entry and exit registration information may be accomplished by: each official employee of the nuclear power plant makes a two-dimensional code employee card, each time an employee enters or exits the nuclear power plant door, the employee can align with a corresponding two-dimensional code scanning device (the two-dimensional code scanning device can be understood as a data acquisition device 04) to perform code scanning authentication, and after the employee scans codes, the two-dimensional code scanning device generates employee entrance and exit registration information of the employee and transmits the employee entrance and exit registration information to a database audit module 031;
the acquisition of the vehicle traffic information can be completed by the following modes: a vehicle entrance and exit gate device of a nuclear power plant (the vehicle entrance and exit gate device can be understood as a data acquisition device 04) acquires a license plate image of a vehicle to enter a field, generates vehicle passing information after the license plate image is acquired, and transmits the vehicle passing information to a database audit module 031;
the database audit module 031 may be a relational database based on Sql (Structured Query Language), such as SqlServer or MySQL. The database auditing module 031 compares the access registration information or vehicle passing information with the pre-stored historical registration information to perform consistency check, and if the check result is that the two-dimensional code employee license plate of a certain employee or the license plate number of a certain vehicle is already stored in the blacklist data table of the database, activates an alarm device of a nuclear power plant to prohibit the same trip of the personnel or the vehicle; and if the result of the verification is that the employee or the vehicle passes the consistency verification, the employee or the vehicle is released.
The network flow monitoring module 032 is configured to acquire network information of a digital device of a physical protection system in a target area of a nuclear power plant, detect an abnormality of the network information, and transmit the network information to the physical protection platform of the nuclear power plant, so that the physical protection platform of the nuclear power plant stores the network information; specifically, the network traffic monitoring module 032 collects data traffic of the network device through a bypass, performs full analysis on the traffic, and determines whether the traffic is abnormal.
The communication flow monitoring module 033 is configured to acquire communication flow information of a digital device of a physical protection system in a target area of the nuclear power plant, detect an abnormality of the communication flow information, and transmit the communication flow information to the physical protection platform of the nuclear power plant, so that the physical protection platform of the nuclear power plant is right to store the communication flow information. Specifically, the communication traffic monitoring module 033 collects the data traffic of the communication device through the bypass, performs full analysis on the traffic, and determines whether the traffic is abnormal;
in the embodiment, the legality and consistency detection of network behaviors is carried out in the internal network space of the power plant through a network monitoring technology, based on the workflow of the network data of a service system and by auditing network data messages, the running states of network equipment and core equipment of the system are monitored, network attacks are early-warned and diagnosed, and the interference of the outside on the normal running of the physical protection system of the nuclear power plant is effectively prevented.
Further, the functional module 03 further includes an access right detection module 034;
the access authority detection module 034 is used for acquiring current position information of different employees in a target area in the nuclear power plant, extracting prestored employee authority information from the database audit module, and checking the access consistency of the employees according to the current position information and the employee authority information.
It can be understood that the plants of different work types in the nuclear power plant correspond to the employees of the respective corresponding work types, and the employees of the work types which are not the same cannot freely enter the plant which is not in accordance with the employees;
in the specific implementation of how to obtain the current position information of the employee in the plant, firstly, a unique active radio Frequency tag, namely, a radio Frequency identification (rfid) (radio Frequency identification) electronic tag, is made for the digital devices of different physical protection systems in the plant, the active radio Frequency tag is attached to the digital device of the corresponding physical protection system, registration is performed, information such as the plant (i.e., the target area) to which the active radio Frequency tag belongs, the item to which the active radio Frequency tag belongs, and the specific position coordinate is recorded, the active radio Frequency tag externally transmits an electronic tag signal, and the electronic tag signal includes the information such as the plant (i.e., the target area) to which the digital device belongs, the item to which the active radio Frequency tag belongs, and the specific position coordinate. In this embodiment, the electronic tag is a power supply active electronic tag, the electronic tag has a long transmission distance and a high data rate, and can continuously send out a tag signal through a set frequency band, the coverage area of the active electronic tag signal can reach 150 meters at most, and the positioning error is about 2 meters.
Then, WIreless broadband WI-FI (WIreless-FIdelity) is set up in different plants in the nuclear power plant, a WIreless AP access point of the WIreless broadband WI-FI is regarded as a data acquisition device 04, and the WIreless AP access point is connected with the access right detection module 034, that is, the access right detection module 034 has a function of receiving an electronic tag signal sent by an active radio frequency tag.
Meanwhile, each employee needs to wear a mobile terminal (such as a smart phone) with a function of receiving the electronic tag signal to receive the electronic tag signal (the electronic tag signal comprises the specific position coordinate of the digital equipment of the physical protection system in the plant), and after the employee enters the plant each time, the mobile terminal worn by the employee is connected with the wireless broadband WI-FI in the plant;
and the mac address of the mobile terminal worn by the employee is bound with personal information of the employee and is stored in the physical protection platform of the nuclear power plant in advance.
An AP access point in a wireless local area network can conveniently measure a Signal strength value RSSI (received Signal Strength indication) of a digital equipment electronic tag of a physical protection system in a Signal range of the AP access point, wherein the RSSI is a relative value for measuring the strength of a Signal of the electronic tag of the digital equipment, and the received RSSI value is larger, which basically indicates that the electronic tag is closer to the AP access point, otherwise, the RSSI value is smaller, which indicates that the electronic tag is farther; because the RSSI value of the active electronic tag has a certain relationship with the distance from the active electronic tag signal to the mobile terminal (signal receiving end) worn by the employee, the mobile terminal worn by the employee can calculate the distance between the active electronic tag and the active electronic tag according to the RSSI value (which can be regarded as the distance ratio between the reader and the electronic tag approximately);
a reader-writer of a mobile terminal worn by an employee (the reader-writer may be an electronic tag reader-writer developed by an impanj R2000 chip) can analyze a coordinate point of an active electronic tag (that is, a specific position coordinate of a digital device of a certain physical protection system in a plant), when an employee wearing the mobile terminal receives tag signal RSSI values of three active electronic tags, namely, a coordinate point a (x1, y1), a coordinate point B (x2, y2) and a coordinate point C (x3, y3), the access permission detection module 034 calculates distances d1, d2 and d3 from each active electronic tag to the mobile terminal (the employee) according to each RSSI value; therefore, the access right detecting module 034 uses the coordinate points of the active electronic tags, i.e. using point a (x1, y1) as the center of a circle and radius d1 as circle a, using point B (x2, y2) as the center of a circle and radius d2 as circle B, and using point C (x3, y3) as the center of a circle and radius d2 as circle C; the intersection point of the three circles of circle a, circle B and circle C is the current position coordinate D of the mobile terminal (the employee).
Meanwhile, when the employee enters the plant at each time, the mobile terminal worn by the employee is connected with the wireless broadband WI-FI in the plant, so the access right detection module 034 acquires the mac address of the mobile terminal worn by the employee, then acquires the personal information of the employee according to the mac address, searches the employee right information prestored by the employee from the database audit module through the personal information of the employee, if the current position information of the employee is not consistent with the employee right information of the employee, the employee access consistency check fails, the employee is regarded as entering the plant which is inconsistent with the employee's work type without authorization, an alarm device in a nuclear power plant area is activated, and meanwhile, the mobile terminal of the employee is subjected to vibration or voice prompt.
The embodiment can effectively identify the staff who has no authority but breaks into the special area in the nuclear power plant without authorization, and further ensures the safety of the physical protection platform of the nuclear power plant.
Further, referring to fig. 3, fig. 3 is a schematic structural diagram of another system embodiment of the digital security threat studying and judging system for a nuclear power plant according to the first embodiment of the present invention, in this embodiment, the functional modules further include a security module 05, the security module 05 is respectively connected to the database audit module 031, the network traffic monitoring module 032, and the communication traffic monitoring module 033, and the security module 05 corresponds to a security area in the nuclear power plant;
the database audit module 031 is further configured to acquire the staff and vehicle information in the security area corresponding to the security module 05, and send the staff and vehicle information in the security area to the security module 05;
the network traffic monitoring module 032 is further configured to acquire network information of the digital device of the physical protection system in the security area, and transmit the network information of the digital device of the physical protection system in the security area to the security module;
the communication flow monitoring module 033 is further configured to acquire communication flow information of the digital device of the physical protection system in the security area, and transmit the communication flow information of the digital device of the physical protection system in the security area to the security module;
the security module 05 is configured to perform correlation analysis on the personnel and vehicle information, the network information, and the communication flow information of the security area to obtain a security analysis result of the security area, and transmit the security analysis result of the security area to the threat studying and judging module, so that the threat studying and judging module studies and judges the digital security threat in the nuclear power plant according to the security analysis result of the security area.
Specifically, referring to fig. 4, the security module 05 includes a ground security module 051, an underground security module 052, an underwater security module 053 and an aerial security module 054, the ground security module 051 corresponds to the ground security area, the underground security module 052 corresponds to the underground security area, the underwater security module 053 corresponds to the underwater security area, and the aerial security module 054 corresponds to the aerial security area.
Specifically, the ground defense subsystem security threat studying and judging module comprehensively analyzes personnel, vehicles, network information, communication information and the like in the ground defense subsystem, and studies and judges whether security threats exist or not through correlation analysis.
And the security threat studying and judging module of the underground defense subsystem comprehensively analyzes personnel, vehicles, network information, communication information and the like in the underground defense subsystem and studies and judges whether security threats exist or not through correlation analysis.
The underwater defense subsystem safety threat studying and judging module comprehensively analyzes personnel, vehicles, network information, communication information and the like in the underwater defense subsystem, and whether safety threats exist is studied and judged through correlation analysis.
And the air defense subsystem security threat studying and judging module comprehensively analyzes personnel, vehicles, network information, communication information and the like in the air defense subsystem, and studies and judges whether security threats exist or not through correlation analysis.
Further, the threat studying and judging module 02 is further configured to correlate the safety analysis result of the ground security area, the safety analysis result of the underground security area, the safety analysis result of the underwater security area, and the safety analysis result of the aerial security area, so as to study and judge the digital security threats in the nuclear power plant, that is, the data of each module is subjected to event correlation analysis, and concentrated security threat studying and judging are performed in all directions.
According to the embodiment, personnel and vehicle information, network information and communication information are collected from four security areas including the ground, the underground, the underwater and the air in the nuclear power plant respectively, so that external invasion damage analysis can be carried out on the nuclear power plant physical protection platform more comprehensively, and the safety of the nuclear power plant physical protection platform is further ensured.
Example two
The embodiment of the invention provides a method for studying and judging the digital security threat of a nuclear power plant, which is suitable for a system for studying and judging the digital security threat of the nuclear power plant shown in the first embodiment, wherein the number of the nuclear power plant comprises a plurality of target areas; referring to fig. 5, the method for studying and judging the digital security threat of the nuclear power plant includes:
step S10: acquiring personnel and vehicle information of a nuclear power plant;
it should be noted that the execution subject of this embodiment is the digital security threat studying and judging system of the physical protection platform of the nuclear power plant of the first embodiment;
specifically, the personnel and vehicle information comprises personnel access registration information and vehicle passing information; the acquisition of the person entry and exit registration information may be accomplished by: each official employee of the nuclear power plant makes a two-dimensional code employee card, each time an employee enters or exits the door of the nuclear power plant, the employee can align to a corresponding two-dimensional code scanning device to perform code scanning authentication, and after the employee scans codes, the two-dimensional code scanning device generates entry and exit registration information of the employee and transmits the entry and exit registration information of the employee to a database;
the acquisition of the vehicle traffic information can be completed by the following modes: a vehicle entrance and exit gate device of a nuclear power plant collects a license plate image of a vehicle to enter a field, generates vehicle passing information after the license plate image is collected, and transmits the vehicle passing information to a database, wherein the database can be a relational database based on Sql (Structured Query Language), such as SqlServer or MySQL;
it can be understood that after the nuclear power plant digital security threat studying and judging system obtains the personnel access registration information and the vehicle passing information of the nuclear power plant through the above mode, corresponding pre-stored historical registration information is searched from a database, and consistency check is performed on the access registration information and the vehicle passing information according to the historical registration information to obtain a first check result.
Step S20: acquiring network information and communication flow information of digital equipment of the physical protection system in different target areas;
in specific implementation, a data acquisition device of a nuclear power plant digital security threat studying and judging system acquires log data of a digital system and network equipment in a specified target area, namely, acquires network information and communication flow information of digital equipment of a physical protection system in the target area, and detects abnormality of the network information and the communication flow information to obtain a second check result;
in addition, preferably, the nuclear power plant digital security threat studying and judging system also acquires the current position information of each employee in different target areas; pre-stored employee authority information is extracted, and the access consistency of each employee is verified according to the current position information and the employee authority information to obtain a third verification result; please refer to the content of the first embodiment for a specific implementation of how to obtain the current location information of the employee in the factory building, which is not described herein again.
Step S30: storing the personnel and vehicle information, the network information and the communication flow information;
in a specific implementation, when the first check result, the second check result and the third check result simultaneously satisfy a preset condition, the nuclear power plant digital security threat studying and judging system stores the personnel and vehicle information, the network information and the communication traffic information; the preset condition is that the check or detection is passed, namely consistency check of the access registration information and the vehicle passing information is passed, the abnormal detection of the network information and the communication flow information is qualified, and consistency check of access of each employee to the factory building is passed, and then the digital security threat studying and judging system of the nuclear power plant stores the personnel and vehicle information, the network information and the communication flow information into the database.
If the preset conditions are not met, namely the access registration information is inconsistent with the vehicle passing information, the detection results of the network information and the communication flow information are abnormal, and the verification results of the access of each employee to the plant are inconsistent, the corresponding devices in the nuclear power plant send out alarm signals.
Step S40: and studying and judging the digital security threat of the nuclear power plant according to the personnel and vehicle information, the network information and the communication flow information.
Specifically, the security threat studying and judging system adopts a big data analysis method to perform data screening, data understanding, data cleaning and data extraction on a large amount of collected log data and network flow data, preprocesses logs of various application systems and equipment, extracts unknown but potentially useful information and traces in the logs and performs event analysis. The method and the device realize collection, storage, vulnerability diagnosis, threat study and judgment, threat assessment, threat early warning and threat response handling of the network and communication data of the nuclear power plant physical protection system, thereby ensuring normal and stable operation of each function of the nuclear power plant physical protection system.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A nuclear power plant digital security threat studying and judging system is characterized by comprising a nuclear power plant physical protection platform, a threat studying and judging module and at least one functional module, wherein the functional module is correspondingly provided with a data acquisition device, and corresponds to a target area in a nuclear power plant;
the functional module is used for acquiring personnel and vehicle information of the nuclear power plant acquired by the data acquisition device and network information and communication flow information of digital equipment of the physical protection system in the target area;
the nuclear power plant physical protection platform is in data docking with the functional module and is used for storing the personnel and vehicle information, the network information and the communication flow information transmitted by the functional module;
the threat studying and judging module is in data butt joint with the functional module and is used for studying and judging the digital security threat of the nuclear power plant according to the personnel and vehicle information, the network information and the communication flow information transmitted by the functional module.
2. The nuclear power plant digital security threat studying and judging system according to claim 1, wherein the function modules include a database audit module, a network traffic monitoring module and a communication traffic monitoring module;
the database auditing module is used for acquiring personnel and vehicle information in the nuclear power plant and transmitting the personnel and vehicle information to the nuclear power plant physical protection platform so that the nuclear power plant physical protection platform stores the personnel and vehicle information;
the database auditing module is also used for acquiring prestored historical registration information and carrying out consistency check on the personnel and vehicle information according to the historical registration information;
the network flow monitoring module is used for acquiring network information of digital equipment of a physical protection system in a target area of a nuclear power plant, detecting the abnormality of the network information, and transmitting the network information to the physical protection platform of the nuclear power plant so that the physical protection platform of the nuclear power plant stores the network information;
the communication flow monitoring module is used for acquiring communication flow information of digital equipment of a physical protection system in a target area of the nuclear power plant, detecting the abnormity of the communication flow information, and transmitting the communication flow information to the physical protection platform of the nuclear power plant, so that the physical protection platform of the nuclear power plant is used for storing the communication flow information.
3. The nuclear power plant digital security threat studying and judging system according to claim 2, wherein the personnel and vehicle information includes personnel entry and exit registration information and vehicle passage information;
the system comprises a database audit module, a data processing module and a data processing module, wherein the database audit module is used for acquiring personnel access registration information and vehicle passing information in a nuclear power plant, and transmitting the personnel access registration information and the vehicle passing information to a physical protection platform of the nuclear power plant so that the physical protection platform of the nuclear power plant stores the personnel access registration information and the vehicle passing information;
the database auditing module is also used for acquiring pre-stored historical registration information and carrying out consistency check on the access registration information and the vehicle passing information according to the historical registration information.
4. The nuclear power plant digital security threat studying and judging system according to claim 3, wherein the function module further comprises an access right detection module;
the access authority detection module is used for acquiring current position information of different employees in a target area in the nuclear power plant, extracting prestored employee authority information from the database audit module, and checking the access consistency of the employees according to the current position information and the employee authority information.
5. The nuclear power plant digital security threat studying and judging system according to any one of claims 2 to 4, wherein the functional modules further comprise a security module, the security module is respectively connected with the database audit module, the network flow monitoring module and the communication flow monitoring module, and the security module corresponds to a security area in the nuclear power plant;
the database auditing module is also used for acquiring personnel and vehicle information in a security area corresponding to the security module and sending the personnel and vehicle information in the security area to the security module;
the network flow monitoring module is also used for acquiring the network information of the digital equipment of the physical protection system in the security area and transmitting the network information of the digital equipment of the physical protection system in the security area to the security module;
the communication flow monitoring module is further used for acquiring communication flow information of the digital equipment of the physical protection system in the security area and transmitting the communication flow information of the digital equipment of the physical protection system in the security area to the security module;
the security module is used for performing correlation analysis on the personnel and vehicle information, the network information and the communication flow information of the security area to obtain a security analysis result of the security area, and transmitting the security analysis result of the security area to the threat studying and judging module, so that the threat studying and judging module conducts studying and judging on the digital security threat in the nuclear power plant according to the security analysis result of the security area.
6. The nuclear power plant digital security threat studying and judging system according to claim 5, wherein the security module comprises at least one of a ground security module, an underground security module, an underwater security module and an aerial security module, and the security area comprises at least one of a ground security area, an underground security area, an underwater security area and an aerial security area;
the ground security module corresponds to the ground security area, the underground security module corresponds to the underground security area, the underwater security module corresponds to the underwater security area, and the aerial security module corresponds to the aerial security area.
7. The nuclear power plant digital security threat studying and judging system according to claim 6, wherein the threat studying and judging module is further configured to correlate the security analysis result of the ground security area, the security analysis result of the underground security area, the security analysis result of the underwater security area, and the security analysis result of the aerial security area, so as to study and judge the digital security threat in the nuclear power plant.
8. A nuclear power plant digital security threat studying and judging method is characterized in that a nuclear power plant digital comprises a plurality of target areas, and the nuclear power plant digital security threat studying and judging method comprises the following steps:
acquiring personnel and vehicle information of a nuclear power plant;
acquiring network information and communication flow information of digital equipment of the physical protection system in different target areas;
storing the personnel and vehicle information, the network information and the communication flow information;
and studying and judging the digital security threat of the nuclear power plant according to the personnel and vehicle information, the network information and the communication flow information.
9. The nuclear power plant digital security threat studying and judging method according to claim 8, wherein the personnel and vehicle information includes personnel entry and exit registration information and vehicle passing information;
correspondingly, the step of obtaining personnel and vehicle information of the nuclear power plant specifically comprises:
acquiring personnel access registration information and vehicle passing information of a nuclear power plant;
acquiring pre-stored history registration information, and performing consistency check on the access registration information and the vehicle passing information according to the history registration information to obtain a first check result;
correspondingly, the step of acquiring the network information and the communication traffic information of the digital devices of the physical protection system in different target areas specifically includes:
acquiring network information and communication flow information of digital equipment of a real object protection system in different target areas, and detecting the abnormality of the network information and the communication flow information to obtain a second check result;
and when the first check result and the second check result simultaneously meet preset conditions, executing the step of storing the personnel vehicle information, the network information and the communication flow information.
10. The method for studying and judging the digital security threat of the nuclear power plant according to claim 9, wherein before the step of storing the personnel vehicle information, the network information and the communication traffic information is performed when the first check result and the second check result simultaneously satisfy a preset condition, the method further comprises:
acquiring current position information of each employee in different target areas;
pre-stored employee authority information is extracted, and the access consistency of each employee is verified according to the current position information and the employee authority information to obtain a third verification result;
correspondingly, when the first verification result and the second verification result simultaneously satisfy a preset condition, the step of storing the personal vehicle information, the network information, and the communication traffic information is executed, which specifically includes:
and when the first check result, the second check result and the third check result simultaneously meet preset conditions, executing the step of storing the personnel vehicle information, the network information and the communication flow information.
CN202010241673.1A 2020-03-30 2020-03-30 Nuclear power plant digital security threat studying and judging system and method Pending CN111563270A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010241673.1A CN111563270A (en) 2020-03-30 2020-03-30 Nuclear power plant digital security threat studying and judging system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010241673.1A CN111563270A (en) 2020-03-30 2020-03-30 Nuclear power plant digital security threat studying and judging system and method

Publications (1)

Publication Number Publication Date
CN111563270A true CN111563270A (en) 2020-08-21

Family

ID=72074191

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010241673.1A Pending CN111563270A (en) 2020-03-30 2020-03-30 Nuclear power plant digital security threat studying and judging system and method

Country Status (1)

Country Link
CN (1) CN111563270A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112053089A (en) * 2020-09-27 2020-12-08 中国核电工程有限公司 Low-altitude threat analysis and consequence evaluation method and device based on nuclear power plant

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187771A (en) * 2015-07-31 2015-12-23 山东创德软件技术有限公司 Plant-level comprehensive supervision platform
CN109474607A (en) * 2018-12-06 2019-03-15 连云港杰瑞深软科技有限公司 A kind of industrial control network safeguard protection monitoring system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187771A (en) * 2015-07-31 2015-12-23 山东创德软件技术有限公司 Plant-level comprehensive supervision platform
CN109474607A (en) * 2018-12-06 2019-03-15 连云港杰瑞深软科技有限公司 A kind of industrial control network safeguard protection monitoring system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112053089A (en) * 2020-09-27 2020-12-08 中国核电工程有限公司 Low-altitude threat analysis and consequence evaluation method and device based on nuclear power plant

Similar Documents

Publication Publication Date Title
US8504431B2 (en) Method and system for monitoring forestry products
US7388481B1 (en) Method and apparatus for asset management in an open environment
JP5183221B2 (en) Security system, security center apparatus, and security management method
CN102622818A (en) All-directional intelligent monitoring method for bank ATMs
CN107909680A (en) Regulatory area entrance personnel safety inspection method and system
CN105574477A (en) Secure anti-theft method, apparatus and system
CN107122685A (en) A kind of big data method for secure storing and equipment
CN111563270A (en) Nuclear power plant digital security threat studying and judging system and method
CN202563654U (en) Novel community security system
CN104361705A (en) Power distribution room safety monitoring system based on infrared sensing
CA2771758C (en) Method and system for on-board vehicle detection of harmful material
CN106850645A (en) A kind of system and method for detecting invalid access to computer network
CN110942540A (en) Nuclear security monitoring alarm method and device
CN214704713U (en) Engineering project inspection path monitoring system
KR101732304B1 (en) Method of port logistics information security using information security management system
CN114677756A (en) Real-time remote monitoring intelligent early warning system for vault door
Garg et al. A comparative study on vehicles safety systems
KR101837846B1 (en) Active Container Access Control Wireless Security System and Method thereof
KR20110042813A (en) Management objective entrance and exit authentication system and the method
RU2703180C2 (en) Method of intelligent monitoring of a secure facility and device for implementation thereof
US20230274647A1 (en) Systems and methods for electronic surveillance
CN111653054B (en) Physical protection system for nuclear facilities
RU2759345C1 (en) Automated complex for protection of territories of objects with robotic system
JP6562405B1 (en) Security device and security system
CN114072861B (en) Guard device and guard system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination