CN111598268A - Power plant equipment detection method, system, equipment and computer storage medium - Google Patents
Power plant equipment detection method, system, equipment and computer storage medium Download PDFInfo
- Publication number
- CN111598268A CN111598268A CN202010443923.XA CN202010443923A CN111598268A CN 111598268 A CN111598268 A CN 111598268A CN 202010443923 A CN202010443923 A CN 202010443923A CN 111598268 A CN111598268 A CN 111598268A
- Authority
- CN
- China
- Prior art keywords
- maintenance terminal
- power plant
- target operation
- plant equipment
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 54
- 238000012423 maintenance Methods 0.000 claims abstract description 265
- 241000700605 Viruses Species 0.000 claims abstract description 108
- 238000000034 method Methods 0.000 claims abstract description 37
- 230000008569 process Effects 0.000 claims abstract description 21
- 238000004590 computer program Methods 0.000 claims description 41
- 238000004458 analytical method Methods 0.000 claims description 26
- 230000006399 behavior Effects 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000000875 corresponding effect Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 206010010356 Congenital anomaly Diseases 0.000 description 1
- 208000002720 Malnutrition Diseases 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000001071 malnutrition Effects 0.000 description 1
- 235000000824 malnutrition Nutrition 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 208000015380 nutritional deficiency disease Diseases 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/20—Administration of product repair or maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/50—Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Economics (AREA)
- Computer Security & Cryptography (AREA)
- Human Resources & Organizations (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Tourism & Hospitality (AREA)
- Software Systems (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Computer Hardware Design (AREA)
- Public Health (AREA)
- Water Supply & Treatment (AREA)
- Virology (AREA)
- Primary Health Care (AREA)
- Entrepreneurship & Innovation (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Testing And Monitoring For Control Systems (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
The application discloses a power plant equipment detection method, a system, equipment and a computer storage medium, wherein a target operation and maintenance terminal is used for performing virus searching and killing to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for performing operation and maintenance on power plant equipment; judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result; if the target operation and maintenance terminal is judged not to carry the virus, the target operation and maintenance terminal is allowed to be connected with the power plant equipment, safety judgment is carried out on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, the target operation and maintenance terminal is allowed to operate the power plant equipment, and if the operation information is judged to be dangerous, the target operation and maintenance terminal is forbidden to operate the power plant equipment; and if the target operation and maintenance terminal is judged to carry the virus, prohibiting the target operation and maintenance terminal from being connected with the power plant equipment. In this application, the threat that target operation and maintenance terminal self brought for power plant equipment has been avoided, power plant equipment's safety protection dynamics has been improved.
Description
Technical Field
The present application relates to the field of power plant equipment detection technologies, and more particularly, to a power plant equipment detection method, system, device, and computer storage medium.
Background
With the gradual maturity of the internet of things technology and the arrival of industry 4.0, a new revolution is developed worldwide, the technical revolution of industrial security network protection, and the network security (referred to as industrial control security for short) problem of the traditional industrial control system becomes a serious challenge for enterprise and national security, and is concerned by more and more enterprises and governments, especially a few large attack events of industrial equipment occur worldwide. At present, a power plant control system mainly has some patch repairing and virus killing functions aiming at some discovered leaks, can ensure the safety of power plant equipment to a certain extent, but still can cause the situation that the power plant equipment is attacked, and the safety of the power plant equipment is protected with low strength.
In conclusion, how to improve the strength of protecting the safety of the power plant equipment is a problem to be solved urgently by technical personnel in the field at present.
Disclosure of Invention
The application aims to provide a power plant equipment detection method which can solve the technical problem of how to improve the strength of protecting the safety of power plant equipment to a certain extent. The application also provides a power plant equipment detection system, equipment and a computer readable storage medium.
In order to achieve the above purpose, the present application provides the following technical solutions:
a power plant equipment detection method, comprising:
virus searching and killing are carried out on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for carrying out operation and maintenance on the power plant equipment;
judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result;
if the target operation and maintenance terminal is judged not to carry viruses, allowing the target operation and maintenance terminal to be connected with the power plant equipment, and performing safety judgment on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, allowing the target operation and maintenance terminal to operate the power plant equipment, and if the operation information is judged to be dangerous, forbidding the target operation and maintenance terminal to operate the power plant equipment;
and if the target operation and maintenance terminal is judged to carry the virus, forbidding the target operation and maintenance terminal to be connected with the power plant equipment.
Preferably, the safety judgment of the operation information of the power plant equipment operated by the target operation and maintenance terminal includes:
carrying out protocol analysis on the operation information to obtain an analysis result;
and carrying out safety judgment on the operation information based on the analysis result.
Preferably, the allowing the target operation and maintenance terminal to connect to the power plant equipment includes:
judging whether the target operation and maintenance terminal has the authority of accessing the power plant equipment;
and if the target operation and maintenance terminal has the authority of accessing the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
Preferably, after the target operation and maintenance terminal is allowed to connect to the power plant equipment, before the operation information of the power plant equipment operated by the target operation and maintenance terminal is subjected to safety judgment, the method further includes:
sending a target list to the target operation and maintenance terminal so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list comprises a device list, a protocol list and a port list of the power plant devices which are allowed to be accessed by the target operation and maintenance terminal.
Preferably, after the allowing the target operation and maintenance terminal to connect to the power plant equipment, the method further includes:
carrying out screen recording on the target operation and maintenance terminal to obtain recording information;
and storing the recording information.
Preferably, after the allowing the target operation and maintenance terminal to connect to the power plant equipment, the method further includes:
and recording and storing the behavior log of the target operation and maintenance terminal.
Preferably, the performing virus searching and killing on the target operation and maintenance terminal to obtain a virus searching and killing result includes:
and carrying out virus searching and killing on the target operation and maintenance terminal based on a preset U shield to obtain the virus searching and killing result.
A power plant equipment detection system, comprising:
the first searching and killing module is used for searching and killing viruses on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining the power plant equipment;
the first judgment module is used for judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result;
the first execution module is used for allowing the target operation and maintenance terminal to be connected with the power plant equipment if the target operation and maintenance terminal is judged not to carry viruses, performing safety judgment on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, allowing the target operation and maintenance terminal to operate the power plant equipment if the operation information is judged to be safe, and forbidding the target operation and maintenance terminal to operate the power plant equipment if the operation information is judged to be dangerous;
and the second execution module is used for forbidding the target operation and maintenance terminal to be connected with the power plant equipment if the target operation and maintenance terminal is judged to carry the virus.
A power plant equipment detection device, comprising:
a memory for storing a computer program;
a processor for carrying out the steps of the power plant detection method according to any of the above aspects when the computer program is executed.
A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the power plant detection method according to any of the above.
According to the power plant equipment detection method, virus searching and killing is carried out on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining power plant equipment; judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result; if the target operation and maintenance terminal is judged not to carry the virus, the target operation and maintenance terminal is allowed to be connected with the power plant equipment, safety judgment is carried out on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, the target operation and maintenance terminal is allowed to operate the power plant equipment, and if the operation information is judged to be dangerous, the target operation and maintenance terminal is forbidden to operate the power plant equipment; and if the target operation and maintenance terminal is judged to carry the virus, prohibiting the target operation and maintenance terminal from being connected with the power plant equipment. In this application, after judging that target operation and maintenance terminal does not carry the virus based on the virus result of searching and killing, just allow target operation and maintenance terminal to connect power plant equipment, and at the in-process of target operation and maintenance terminal operation power plant equipment, need carry out the security judgement to the operation information of target operation and maintenance terminal operation power plant equipment, if judge operation information safety, then allow target operation and maintenance terminal operation power plant equipment, if judge that operation information is dangerous, then forbid target operation and maintenance terminal operation power plant equipment, the threat of target operation and maintenance terminal self for power plant equipment has been avoided, power plant equipment's safety protection dynamics has been improved. The power plant equipment detection system, equipment and computer readable storage medium provided by the application also solve the corresponding technical problem.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a power plant equipment detection method provided by an embodiment of the present application;
FIG. 2 is a schematic connection diagram of an implementation body of a power plant equipment detection method provided by an embodiment of the application;
FIG. 3 is a schematic diagram of a power plant equipment detection system according to an embodiment of the present disclosure;
FIG. 4 is a schematic structural diagram of a power plant equipment inspection device according to an embodiment of the present disclosure;
fig. 5 is another schematic structural diagram of a power plant equipment detection device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
With the gradual maturity of the internet of things technology and the arrival of industry 4.0, a new revolution is developed worldwide, the technical revolution of industrial security network protection, and the network security (referred to as industrial control security for short) problem of the traditional industrial control system becomes a serious challenge for enterprise and national security, and is concerned by more and more enterprises and governments, especially a few large attack events of industrial equipment occur worldwide. Some industrial control systems are relatively in a closed and laggard environment due to historical reasons, most of the industrial control systems only pay attention to the function realization of the industrial system, and the safety protection of the industrial system is relatively lack of technology and management experience, so that the current situation of industrial control safety is in a state of 'congenital deficiency, acquired malnutrition and future worry'. The protocol and design of the industrial control system are focused on the real-time and reliable realization of functions in research and development, and a pre-design and effective defense method for security attack is lacked. In addition, because the industrial control system worries about the problem of system compatibility, patches are not upgraded generally, and even some workstation suppliers definitely require that users do not upgrade the system, a large amount of security holes can be accumulated after the system runs for a long time; in addition, scientific safety consciousness, management and technical schemes are lacked in the operation and maintenance process, and the defects make the industrial control system extremely fragile when facing network security attack, so that great hidden danger is brought to safety production. At present, a power plant control system mainly has some patch repairing and virus killing functions aiming at some discovered leaks, can ensure the safety of power plant equipment to a certain extent, but still can cause the situation that the power plant equipment is attacked, and the safety of the power plant equipment is protected with low strength. The power plant equipment detection method provided by the application can improve the strength of protecting the safety of the power plant equipment.
Referring to fig. 1, fig. 1 is a flowchart of a power plant equipment detection method according to an embodiment of the present disclosure.
The power plant equipment detection method provided by the embodiment of the application can comprise the following steps:
step S101: and virus searching and killing is carried out on the target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining the power plant equipment.
In practical application, the target operation and maintenance terminal can be firstly subjected to virus searching and killing to obtain a corresponding virus searching and killing result. The mode of virus searching and killing of the target operation and maintenance terminal can be determined according to actual needs, for example, virus searching and killing can be performed on the target operation and maintenance terminal through a virus searching and killing engine; in addition, the type of the target operation and maintenance terminal may be determined according to the operation and maintenance type of the power plant equipment, such as a computer for performing network operation and maintenance on the power plant equipment. It should be noted that, since the virus checking and killing result carries the virus detection information of the target operation and maintenance terminal, it can be determined whether the target operation and maintenance terminal carries a virus or not by means of the virus checking and killing result.
Step S102: judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result; if the target operation and maintenance terminal is judged not to carry the virus, executing the step S103; if the target operation and maintenance terminal is determined to carry the virus, step S104 is executed.
Step S103: and allowing the target operation and maintenance terminal to be connected with the power plant equipment, and in the process of operating the power plant equipment by the target operation and maintenance terminal, performing safety judgment on the operation information of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, allowing the target operation and maintenance terminal to operate the power plant equipment, and if the operation information is judged to be dangerous, forbidding the target operation and maintenance terminal to operate the power plant equipment.
Step S104: and forbidding the target operation and maintenance terminal to be connected with the power plant equipment.
In practical application, virus searching and killing is carried out on the target operation and maintenance terminal, and after a virus searching and killing result is obtained, whether the target operation and maintenance terminal carries viruses or not can be judged based on the virus searching and killing result; if the target operation and maintenance terminal is judged not to carry the virus, the target operation and maintenance terminal is allowed to be connected with the power plant equipment, safety judgment is carried out on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, the target operation and maintenance terminal is allowed to operate the power plant equipment, and if the operation information is judged to be dangerous, the target operation and maintenance terminal is forbidden to operate the power plant equipment; and if the target operation and maintenance terminal is judged to carry the virus, prohibiting the target operation and maintenance terminal from being connected with the power plant equipment. Only under the condition that the target operation and maintenance terminal does not carry viruses and the operation information of the target operation and maintenance terminal is safe, the target operation and maintenance terminal is allowed to operate the power plant equipment, the safety risk brought to the power plant equipment by the target operation and maintenance terminal can be reduced, and the safety of the power plant equipment is improved.
According to the power plant equipment detection method, virus searching and killing is carried out on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining power plant equipment; judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result; if the target operation and maintenance terminal is judged not to carry the virus, the target operation and maintenance terminal is allowed to be connected with the power plant equipment, safety judgment is carried out on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, the target operation and maintenance terminal is allowed to operate the power plant equipment, and if the operation information is judged to be dangerous, the target operation and maintenance terminal is forbidden to operate the power plant equipment; and if the target operation and maintenance terminal is judged to carry the virus, prohibiting the target operation and maintenance terminal from being connected with the power plant equipment. In the application, after the target operation and maintenance terminal is judged not to carry viruses based on the virus checking and killing result, the target operation and maintenance terminal is allowed to be connected with the power plant equipment, in the process of operating the power plant equipment by the target operation and maintenance terminal, the safety judgment needs to be carried out on the operation information of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, the power plant equipment is allowed to be operated by the target operation and maintenance terminal, if the operation information is judged to be dangerous, the power plant equipment is forbidden to be operated by the target operation and maintenance terminal, the threat of the power plant equipment by the target operation and maintenance terminal is avoided, and the safety protection force of the power plant,
in the power plant equipment detection method provided by the embodiment of the application, in the process of performing security judgment on the operation information of the power plant equipment operated by the target operation and maintenance terminal, the security judgment can be performed on the operation information by means of a protocol analysis method, that is, the protocol analysis can be performed on the operation information, for example, the operation information is subjected to SSH protocol analysis, RDP protocol analysis, TELNET protocol analysis, FTP protocol analysis, SFTP protocol analysis, Rlogin protocol analysis and the like, so that an analysis result is obtained; and performing safety judgment on the operation information based on the analysis result.
In the power plant equipment detection method provided by the embodiment of the application, in order to further judge the safety of the target operation and maintenance equipment, the power plant equipment that each operation and maintenance terminal can access can be preset, and whether the operation and maintenance terminal can be connected with the power plant equipment is judged by means of the permission of the operation and maintenance terminal for accessing the power plant equipment, that is, the step of allowing the target operation and maintenance terminal to be connected with the power plant equipment can be specifically as follows: judging whether the target operation and maintenance terminal has the authority of accessing the power plant equipment; and if the target operation and maintenance terminal has the authority of accessing the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
In practical application, after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, before the safety judgment is performed on the operation information of the power plant equipment operated by the target operation and maintenance terminal, a target list can be sent to the target operation and maintenance terminal, so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list may include a device list, a protocol list, a port list, etc. of the power plant devices that the target operation and maintenance terminal is allowed to access.
In practical application, in order to facilitate the follow-up tracking and backtracking of the process of operating and maintaining the power plant equipment by the target operation and maintenance terminal, after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, the target operation and maintenance terminal can be subjected to screen recording to obtain recording information; and storing the recording information so as to judge whether the operation and maintenance process of the power plant equipment by the target operation and maintenance terminal has safety risk or not according to the recording information.
In practical application, in order to facilitate subsequent tracking and backtracking of operation information of the power plant equipment operated by the target operation and maintenance terminal, after the target operation and maintenance terminal is judged to be allowed to be connected with the power plant equipment, a behavior log of the target operation and maintenance terminal can be recorded and stored, so that whether a safety risk exists in the operation process of the power plant equipment by the target operation and maintenance terminal can be judged according to the behavior log.
According to the power plant equipment detection method provided by the embodiment of the application, when the target operation and maintenance terminal is subjected to virus searching and killing to obtain a virus searching and killing result, the target operation and maintenance terminal can be subjected to virus searching and killing by means of the U shield in order to quickly obtain the virus searching and killing result, namely, the target operation and maintenance terminal can be subjected to virus searching and killing based on the preset U shield to obtain a virus searching and killing result.
It should be noted that an execution subject of the power plant equipment detection method provided by the present application may be determined flexibly as needed, for example, the execution subject may be an equipment safety protection device independent of the target operation and maintenance terminal and the power plant equipment, and at this time, a connection manner between the equipment safety protection device, the target operation and maintenance terminal, the power plant equipment, and the U shield may be as shown in fig. 2, and the equipment safety protection device may serve the target operation and maintenance terminal based on a transparent proxy technology, and the like.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a power plant equipment detection system according to an embodiment of the present disclosure.
The power plant equipment detection system provided by the embodiment of the application can comprise:
the first searching and killing module 101 is used for searching and killing viruses on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining power plant equipment;
the first judging module 102 is configured to judge whether the target operation and maintenance terminal carries a virus based on a virus searching and killing result;
the first execution module 103 is configured to allow the target operation and maintenance terminal to connect to the power plant equipment if it is determined that the target operation and maintenance terminal does not carry viruses, perform security judgment on operation information of the power plant equipment operated by the target operation and maintenance terminal in a process of operating the power plant equipment by the target operation and maintenance terminal, allow the target operation and maintenance terminal to operate the power plant equipment if it is determined that the operation information is safe, and prohibit the target operation and maintenance terminal from operating the power plant equipment if it is determined that the operation information is dangerous;
and the second execution module 104 is configured to prohibit the target operation and maintenance terminal from being connected with the power plant equipment if it is determined that the target operation and maintenance terminal carries the virus.
In an embodiment of the present application, a power plant equipment detection system, a first execution module may include:
the first analysis unit is used for carrying out protocol analysis on the operation information to obtain an analysis result;
and the first judgment unit is used for carrying out safety judgment on the operation information based on the analysis result.
In an embodiment of the present application, a power plant equipment detection system, a first execution module may include:
the second judgment unit is used for judging whether the target operation and maintenance terminal has the authority of accessing the power plant equipment; and if the target operation and maintenance terminal has the authority of accessing the power plant equipment, executing the operation and maintenance permission of allowing the target operation and maintenance terminal to be connected with the power plant equipment.
The power plant equipment detection system provided by the embodiment of the application can also comprise:
the first sending module is used for sending a target list to the target operation and maintenance terminal after the first execution module allows the target operation and maintenance terminal to be connected with the power plant equipment and before the first execution module judges the safety of the operation information of the power plant equipment operated by the target operation and maintenance terminal, so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list comprises a device list, a protocol list and a port list of the power plant devices which are allowed to be accessed by the target operation and maintenance terminal.
The power plant equipment detection system provided by the embodiment of the application can also comprise:
the first recording module is used for carrying out screen recording on the target operation and maintenance terminal after the first execution module allows the target operation and maintenance terminal to be connected with the power plant equipment, so as to obtain recording information;
and the first storage module is used for storing the recording information.
The power plant equipment detection system provided by the embodiment of the application can also comprise:
and the first recording module is used for recording and storing the behavior log of the target operation and maintenance terminal after the first execution module allows the target operation and maintenance terminal to be connected with the power plant equipment.
According to the power plant equipment detection system provided by the embodiment of the application, the first checking and killing module can comprise:
and the first searching and killing unit is used for searching and killing the virus of the target operation and maintenance terminal based on the preset U shield to obtain a virus searching and killing result.
The application also provides power plant equipment detection equipment and a computer readable storage medium, which have corresponding effects of the power plant equipment detection method provided by the embodiment of the application. Referring to fig. 4, fig. 4 is a schematic structural diagram of a power plant equipment detection device according to an embodiment of the present disclosure.
The power plant equipment detection device provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 executes the computer program to realize the following steps:
virus searching and killing is carried out on the target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operation and maintenance of the power plant equipment;
judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result;
if the target operation and maintenance terminal is judged not to carry the virus, the target operation and maintenance terminal is allowed to be connected with the power plant equipment, safety judgment is carried out on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, the target operation and maintenance terminal is allowed to operate the power plant equipment, and if the operation information is judged to be dangerous, the target operation and maintenance terminal is forbidden to operate the power plant equipment;
and if the target operation and maintenance terminal is judged to carry the virus, prohibiting the target operation and maintenance terminal from being connected with the power plant equipment.
The power plant equipment detection device provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 executes the computer program to realize the following steps: carrying out protocol analysis on the operation information to obtain an analysis result; and performing safety judgment on the operation information based on the analysis result.
The power plant equipment detection device provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 executes the computer program to realize the following steps: judging whether the target operation and maintenance terminal has the authority of accessing the power plant equipment; and if the target operation and maintenance terminal has the authority of accessing the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
The power plant equipment detection device provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 executes the computer program to realize the following steps: after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, before safety judgment is carried out on operation information of the power plant equipment operated by the target operation and maintenance terminal, a target list is sent to the target operation and maintenance terminal, so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list comprises a device list, a protocol list and a port list of the power plant devices which are allowed to be accessed by the target operation and maintenance terminal.
The power plant equipment detection device provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 executes the computer program to realize the following steps: after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, screen recording is carried out on the target operation and maintenance terminal to obtain recording information; and storing the recording information.
The power plant equipment detection device provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 executes the computer program to realize the following steps: and after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, recording and storing the behavior log of the target operation and maintenance terminal.
The power plant equipment detection device provided by the embodiment of the application comprises a memory 201 and a processor 202, wherein a computer program is stored in the memory 201, and the processor 202 executes the computer program to realize the following steps: and performing virus searching and killing on the target operation and maintenance terminal based on the preset U shield to obtain a virus searching and killing result.
Referring to fig. 5, another power plant equipment detection device provided in the embodiment of the present application may further include: an input port 203 connected to the processor 202, for transmitting externally input commands to the processor 202; a display unit 204 connected to the processor 202, for displaying the processing result of the processor 202 to the outside; and a communication module 205 connected to the processor 202 for communicating the power plant equipment detection device with the outside. The display unit 204 may be a display panel, a laser scanning display, or the like; the communication method adopted by the communication module 205 includes, but is not limited to, mobile high definition link technology (HML), Universal Serial Bus (USB), High Definition Multimedia Interface (HDMI), and wireless connection: wireless fidelity technology (WiFi), bluetooth communication technology, bluetooth low energy communication technology, ieee802.11s based communication technology.
A computer-readable storage medium is provided in an embodiment of the present application, in which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps:
virus searching and killing is carried out on the target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operation and maintenance of the power plant equipment;
judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result;
if the target operation and maintenance terminal is judged not to carry the virus, the target operation and maintenance terminal is allowed to be connected with the power plant equipment, safety judgment is carried out on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, the target operation and maintenance terminal is allowed to operate the power plant equipment, and if the operation information is judged to be dangerous, the target operation and maintenance terminal is forbidden to operate the power plant equipment;
and if the target operation and maintenance terminal is judged to carry the virus, prohibiting the target operation and maintenance terminal from being connected with the power plant equipment.
A computer-readable storage medium is provided in an embodiment of the present application, in which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps: carrying out protocol analysis on the operation information to obtain an analysis result; and performing safety judgment on the operation information based on the analysis result.
A computer-readable storage medium is provided in an embodiment of the present application, in which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps: judging whether the target operation and maintenance terminal has the authority of accessing the power plant equipment; and if the target operation and maintenance terminal has the authority of accessing the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
A computer-readable storage medium is provided in an embodiment of the present application, in which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps: after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, before safety judgment is carried out on operation information of the power plant equipment operated by the target operation and maintenance terminal, a target list is sent to the target operation and maintenance terminal, so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list comprises a device list, a protocol list and a port list of the power plant devices which are allowed to be accessed by the target operation and maintenance terminal.
A computer-readable storage medium is provided in an embodiment of the present application, in which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps: after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, screen recording is carried out on the target operation and maintenance terminal to obtain recording information; and storing the recording information.
A computer-readable storage medium is provided in an embodiment of the present application, in which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps: and after the target operation and maintenance terminal is allowed to be connected with the power plant equipment, recording and storing the behavior log of the target operation and maintenance terminal.
A computer-readable storage medium is provided in an embodiment of the present application, in which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps: and performing virus searching and killing on the target operation and maintenance terminal based on the preset U shield to obtain a virus searching and killing result.
The computer-readable storage media to which this application relates include Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage media known in the art.
For a description of relevant parts in the power plant equipment detection system, the equipment and the computer-readable storage medium provided by the embodiment of the present application, reference is made to detailed descriptions of corresponding parts in the power plant equipment detection method provided by the embodiment of the present application, and details are not repeated here. In addition, parts of the above technical solutions provided in the embodiments of the present application, which are consistent with the implementation principles of corresponding technical solutions in the prior art, are not described in detail so as to avoid redundant description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A power plant equipment detection method is characterized by comprising the following steps:
virus searching and killing are carried out on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for carrying out operation and maintenance on the power plant equipment;
judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result;
if the target operation and maintenance terminal is judged not to carry viruses, allowing the target operation and maintenance terminal to be connected with the power plant equipment, and performing safety judgment on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, if the operation information is judged to be safe, allowing the target operation and maintenance terminal to operate the power plant equipment, and if the operation information is judged to be dangerous, forbidding the target operation and maintenance terminal to operate the power plant equipment;
and if the target operation and maintenance terminal is judged to carry the virus, forbidding the target operation and maintenance terminal to be connected with the power plant equipment.
2. The method of claim 1, wherein the performing the safety determination on the operation information of the target operation and maintenance terminal to operate the power plant equipment comprises:
carrying out protocol analysis on the operation information to obtain an analysis result;
and carrying out safety judgment on the operation information based on the analysis result.
3. The method of claim 1, wherein allowing the target operation and maintenance terminal to connect to the power plant equipment comprises:
judging whether the target operation and maintenance terminal has the authority of accessing the power plant equipment;
and if the target operation and maintenance terminal has the authority of accessing the power plant equipment, allowing the target operation and maintenance terminal to be connected with the power plant equipment.
4. The method of claim 1, wherein after allowing the target operation and maintenance terminal to connect to the power plant equipment and before performing the safety determination on the operation information of the power plant equipment operated by the target operation and maintenance terminal, the method further comprises:
sending a target list to the target operation and maintenance terminal so that the target operation and maintenance terminal is connected with the power plant equipment based on the target list; the target list comprises a device list, a protocol list and a port list of the power plant devices which are allowed to be accessed by the target operation and maintenance terminal.
5. The method of any of claims 1 to 4, wherein after allowing the target operation and maintenance terminal to connect to the power plant equipment, further comprising:
carrying out screen recording on the target operation and maintenance terminal to obtain recording information;
and storing the recording information.
6. The method of claim 5, wherein after allowing the target operation and maintenance terminal to connect to the power plant equipment, further comprising:
and recording and storing the behavior log of the target operation and maintenance terminal.
7. The method of claim 1, wherein the performing virus killing on the target operation and maintenance terminal to obtain a virus killing result comprises:
and carrying out virus searching and killing on the target operation and maintenance terminal based on a preset U shield to obtain the virus searching and killing result.
8. A power plant equipment detection system, comprising:
the first searching and killing module is used for searching and killing viruses on a target operation and maintenance terminal to obtain a virus searching and killing result, and the target operation and maintenance terminal is used for operating and maintaining the power plant equipment;
the first judgment module is used for judging whether the target operation and maintenance terminal carries viruses or not based on the virus searching and killing result;
the first execution module is used for allowing the target operation and maintenance terminal to be connected with the power plant equipment if the target operation and maintenance terminal is judged not to carry viruses, performing safety judgment on operation information of the power plant equipment operated by the target operation and maintenance terminal in the process of operating the power plant equipment by the target operation and maintenance terminal, allowing the target operation and maintenance terminal to operate the power plant equipment if the operation information is judged to be safe, and forbidding the target operation and maintenance terminal to operate the power plant equipment if the operation information is judged to be dangerous;
and the second execution module is used for forbidding the target operation and maintenance terminal to be connected with the power plant equipment if the target operation and maintenance terminal is judged to carry the virus.
9. A power plant equipment detection device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the power plant detection method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the power plant detection method according to one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010443923.XA CN111598268B (en) | 2020-05-22 | 2020-05-22 | Power plant equipment detection method, system, equipment and computer storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010443923.XA CN111598268B (en) | 2020-05-22 | 2020-05-22 | Power plant equipment detection method, system, equipment and computer storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111598268A true CN111598268A (en) | 2020-08-28 |
CN111598268B CN111598268B (en) | 2023-07-07 |
Family
ID=72186394
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010443923.XA Active CN111598268B (en) | 2020-05-22 | 2020-05-22 | Power plant equipment detection method, system, equipment and computer storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111598268B (en) |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030088705A1 (en) * | 2001-10-31 | 2003-05-08 | Makoto Katagishi | Electronic mail system, mail server and mail terminal |
US20040255167A1 (en) * | 2003-04-28 | 2004-12-16 | Knight James Michael | Method and system for remote network security management |
JP2008158862A (en) * | 2006-12-25 | 2008-07-10 | Nec Fielding Ltd | Log information collection system and method for maintenance object device, information server and program |
US20080222702A1 (en) * | 2007-03-05 | 2008-09-11 | Liu Lifeng | System and method for preventing viruses from intruding into network |
CN104460657A (en) * | 2014-11-14 | 2015-03-25 | 北京网御星云信息技术有限公司 | Method, device and system for achieving protection of mobile operation and maintenance of industrial control system |
US20160330219A1 (en) * | 2015-05-04 | 2016-11-10 | Syed Kamran Hasan | Method and device for managing security in a computer network |
US20170195349A1 (en) * | 2015-12-31 | 2017-07-06 | Deutsche Telekom Ag | Platform for protecting small and medium enterprises from cyber security threats |
CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
CN108564181A (en) * | 2018-04-10 | 2018-09-21 | 国家电网公司 | Electrical equipment fault detects and method for maintaining and terminal device |
CN110233758A (en) * | 2019-06-10 | 2019-09-13 | 广东电网有限责任公司 | A kind of safety encryption of service system, device and relevant device |
CN110414227A (en) * | 2018-08-09 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of information output method and its equipment, storage medium, electronic equipment |
CN110705726A (en) * | 2019-09-30 | 2020-01-17 | 杭州安恒信息技术股份有限公司 | Operation and maintenance auditing method, system and device for industrial equipment |
US20200045524A1 (en) * | 2017-04-20 | 2020-02-06 | Beijing Xiaomi Mobile Software Co., Ltd. | Method and device for equipment management |
CN110765461A (en) * | 2019-11-08 | 2020-02-07 | 杭州安恒信息技术股份有限公司 | Safety protection method and device for equipment maintenance process |
-
2020
- 2020-05-22 CN CN202010443923.XA patent/CN111598268B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030088705A1 (en) * | 2001-10-31 | 2003-05-08 | Makoto Katagishi | Electronic mail system, mail server and mail terminal |
US20040255167A1 (en) * | 2003-04-28 | 2004-12-16 | Knight James Michael | Method and system for remote network security management |
JP2008158862A (en) * | 2006-12-25 | 2008-07-10 | Nec Fielding Ltd | Log information collection system and method for maintenance object device, information server and program |
US20080222702A1 (en) * | 2007-03-05 | 2008-09-11 | Liu Lifeng | System and method for preventing viruses from intruding into network |
CN104460657A (en) * | 2014-11-14 | 2015-03-25 | 北京网御星云信息技术有限公司 | Method, device and system for achieving protection of mobile operation and maintenance of industrial control system |
US20160330219A1 (en) * | 2015-05-04 | 2016-11-10 | Syed Kamran Hasan | Method and device for managing security in a computer network |
US20170195349A1 (en) * | 2015-12-31 | 2017-07-06 | Deutsche Telekom Ag | Platform for protecting small and medium enterprises from cyber security threats |
US20200045524A1 (en) * | 2017-04-20 | 2020-02-06 | Beijing Xiaomi Mobile Software Co., Ltd. | Method and device for equipment management |
CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
CN108564181A (en) * | 2018-04-10 | 2018-09-21 | 国家电网公司 | Electrical equipment fault detects and method for maintaining and terminal device |
CN110414227A (en) * | 2018-08-09 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of information output method and its equipment, storage medium, electronic equipment |
CN110233758A (en) * | 2019-06-10 | 2019-09-13 | 广东电网有限责任公司 | A kind of safety encryption of service system, device and relevant device |
CN110705726A (en) * | 2019-09-30 | 2020-01-17 | 杭州安恒信息技术股份有限公司 | Operation and maintenance auditing method, system and device for industrial equipment |
CN110765461A (en) * | 2019-11-08 | 2020-02-07 | 杭州安恒信息技术股份有限公司 | Safety protection method and device for equipment maintenance process |
Also Published As
Publication number | Publication date |
---|---|
CN111598268B (en) | 2023-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11022949B2 (en) | PLC virtual patching and automated distribution of security context | |
CN104468632A (en) | Loophole attack prevention method, device and system | |
Robles-Durazno et al. | PLC memory attack detection and response in a clean water supply system | |
KR101414084B1 (en) | System and for Malicious Application Detection on Mobile Device and Method thereof | |
CN113660296B (en) | Method and device for detecting anti-attack performance of industrial control system and computer equipment | |
CN102801717B (en) | Login validation method and system | |
CN113014571B (en) | Method, device and storage medium for processing access request | |
CN109005198B (en) | Controller anti-attack security policy generation method and system | |
CN114257413B (en) | Reaction blocking method and device based on application container engine and computer equipment | |
KR102433928B1 (en) | System for Managing Cyber Security of Autonomous Ship | |
CN109241730B (en) | Container risk defense method, device, equipment and readable storage medium | |
Kim et al. | STRIDE‐based threat modeling and DREAD evaluation for the distributed control system in the oil refinery | |
CN111669371B (en) | Network attack restoration system and method suitable for power network | |
RU2739864C1 (en) | System and method of correlating events for detecting information security incident | |
KR101657180B1 (en) | System and method for process access control system | |
CN114625074A (en) | Safety protection system and method for DCS (distributed control System) of thermal power generating unit | |
CN114760151B (en) | Method and device for acquiring authority of upper computer through PLC | |
CN109729089B (en) | Container-based intelligent network security function management method and system | |
CN111598268B (en) | Power plant equipment detection method, system, equipment and computer storage medium | |
CN111092886B (en) | Terminal defense method, system, equipment and computer readable storage medium | |
CN114329444A (en) | System safety improving method and device | |
Antonov et al. | Method for risk evaluation of functional instability of hardware and software systems under external information technology interference | |
CN112422501A (en) | Forward and reverse tunnel protection method, device, equipment and storage medium | |
CN112468516A (en) | Security defense method and device, electronic equipment and storage medium | |
CN111680296A (en) | Method, device and equipment for identifying malicious program in industrial control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |