CN112087445A - Electric power Internet of things security vulnerability assessment method fusing business security - Google Patents

Electric power Internet of things security vulnerability assessment method fusing business security Download PDF

Info

Publication number
CN112087445A
CN112087445A CN202010923638.8A CN202010923638A CN112087445A CN 112087445 A CN112087445 A CN 112087445A CN 202010923638 A CN202010923638 A CN 202010923638A CN 112087445 A CN112087445 A CN 112087445A
Authority
CN
China
Prior art keywords
node
security
security vulnerability
evaluation index
vulnerability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010923638.8A
Other languages
Chinese (zh)
Inventor
张小建
石聪聪
姚启桂
王向群
王齐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Hebei Electric Power Co Ltd
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Hebei Electric Power Co Ltd
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Hebei Electric Power Co Ltd, Global Energy Interconnection Research Institute, Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202010923638.8A priority Critical patent/CN112087445A/en
Publication of CN112087445A publication Critical patent/CN112087445A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis
    • G06Q50/40
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods

Abstract

The invention relates to the technical field of power Internet of things, in particular to a power Internet of things security vulnerability assessment method fusing service security, which comprises the steps of obtaining an attack tree model of a target power Internet of things, data corresponding to each leaf node in the attack tree model and at least one evaluation index; determining a weight of at least one evaluation index based on the data of each leaf node; calculating the security vulnerability of each leaf node by using the weight of at least one evaluation index and the at least one evaluation index; determining the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and the corresponding child node; and based on the safety vulnerability of each node, carrying out safety protection on the corresponding node of the power Internet of things. After the security vulnerability of each node is obtained through calculation, the security protection can be performed on each node in a targeted manner, and the accuracy of the security protection is improved.

Description

Electric power Internet of things security vulnerability assessment method fusing business security
Technical Field
The invention relates to the technical field of power Internet of things, in particular to a power Internet of things security vulnerability assessment method fusing service security.
Background
The electric power internet of things is an intelligent service system aiming at the interconnection of everything and the man-machine interaction of an electric power system. The service is very wide, and the whole service can be divided into internal services such as customer service and power grid operation, and external services such as virtual power plants and multi-station integration. Compared with the traditional power grid service, the service has the advantages of more data quantity to be acquired, larger data quantity to be transmitted, more extensive information interaction objects, more frequent information interaction times, wider information sharing range, deeper information mining granularity, higher service data degree, higher service intelligent degree and the like. With the increasing development of the power internet of things, the business safety is seriously threatened, and the research on the security vulnerability of the power internet of things is widely concerned. The security vulnerability can be understood as the probability of success of the attack.
For security threat assessment of the system, the attack tree model was proposed by Schneier in 1999. The attack tree model is good at qualitative analysis, and can analyze the topological relation among nodes and clarify the attack path and the interaction among attacks. The attack tree analysis method does not need complex modeling work, does not have huge calculation overhead, and is suitable for the safety of a simple analysis system. However, most existing attack tree evaluation methods aim at the power internet of things, vulnerability analysis is performed on the whole, and the safety vulnerability of the whole power internet of things is evaluated. But for the power internet of things, the significance of evaluating the overall safety vulnerability of the power internet of things is not great. The reason is that the nodes in the power internet of things are complicated, and if only the whole security vulnerability is known, the nodes with the security vulnerability cannot be accurately positioned, so that accurate security protection for the power internet of things is difficult to perform.
Disclosure of Invention
In view of this, the embodiment of the invention provides a method for evaluating security vulnerability of an electric power internet of things fusing service security, so as to solve the problem that the accuracy of security protection of the electric power internet of things is low.
According to a first aspect, an embodiment of the present invention provides a method for evaluating security vulnerability of an electric power internet of things fusing service security, including:
acquiring an attack tree model of a target power Internet of things, data corresponding to each leaf node in the attack tree model and at least one evaluation index;
determining a weight of the at least one evaluation index based on the data of the respective leaf nodes;
calculating the security vulnerability of each leaf node by using the weight of the at least one evaluation index and the at least one evaluation index;
determining the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and the corresponding child node;
and based on the security vulnerability of each node, carrying out security protection on the corresponding node of the power Internet of things.
According to the power internet of things security vulnerability assessment method fusing business security, provided by the embodiment of the invention, since the attack tree model of the target power internet of things is visually embodied as the data of the leaf nodes, the security vulnerability of each leaf node can be calculated by using the evaluation index and the data of each leaf node, the security vulnerability of each node is calculated at the security vulnerability of the leaf node, and after the security vulnerability of each node is calculated, the security protection can be performed on each node in a targeted manner, so that the accuracy of the security protection is improved, and the security of the target power internet of things is ensured.
With reference to the first aspect, in a first implementation manner of the first aspect, the determining the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and a relationship between each node in the attack tree model and its corresponding child node includes:
sequentially extracting nodes in the attack tree model and child nodes of all the nodes from bottom to top;
determining the type of the current node by using the relationship between the current node and the corresponding child node; the type of the current node is an OR node or an AND node;
and determining the security vulnerability of the current node based on the type of the current node so as to obtain the security vulnerability of each node in the attack tree model.
According to the method for evaluating the security vulnerability of the power internet of things fusing the business security, provided by the embodiment of the invention, the current security vulnerability is subjected to differential calculation by utilizing the relationship between the current node and the corresponding child node, so that the calculated security vulnerability of the current node is more consistent with the actual situation of the target power internet of things, and the calculation reliability of the security vulnerability of the current node is improved.
With reference to the first implementation manner of the first aspect, in a second implementation manner of the first aspect, when the type of the current node is an or node, the determining, based on the type of the current node, a security vulnerability of the current node to obtain a security vulnerability of each node in the attack tree model includes:
extracting the security vulnerabilities of all child nodes of the current node;
sequencing all child nodes of the current node based on the security vulnerabilities of all the child nodes;
acquiring a blind attack factor;
and calculating the security vulnerability of the current node by using the blind attack factor and the sequencing results of all the child nodes of the current node.
According to the power Internet of things security vulnerability assessment method fusing service security, a current node is an OR node, the node can be activated when any event occurs under the node, a blind attack factor is introduced in the security vulnerability computation process of the OR node, and when the blind attack factor is combined with all sub-nodes of the current node, the accuracy of security vulnerability computation of the current node is improved according to the security vulnerability of each sub-node.
With reference to the second implementation manner of the first aspect, in a third implementation manner of the first aspect, the following formula is used to calculate the security vulnerability of the current node:
Figure BDA0002667561310000031
wherein, PiIs the current node; pi1,Pi2,…,PimSorting results of m child nodes of the current node from big to small; rho is the blind attack factor, and rho belongs to [0,1 ]]。
According to the power Internet of things security vulnerability assessment method fusing service security, provided by the embodiment of the invention, rho 0 represents that an attacker knows the target power Internet of things very well and knows the weakest link of a system; rho 1 represents that an attacker has no knowledge about the target power Internet of things, the attack belongs to complete blind attack, and the accuracy of the security vulnerability calculation result of the current node is ensured by combining the blind attack factor and the security vulnerability.
With reference to the first implementation manner of the first aspect, in a fourth implementation manner of the first aspect, when the type of the current node is an and node, the determining, based on the type of the current node, a security vulnerability of the current node to obtain a security vulnerability of each node in the attack tree model includes:
extracting the security vulnerabilities of all child nodes of the current node;
and calculating the product of the security vulnerabilities of all the child nodes to obtain the security vulnerability of the current node.
According to the power internet of things security vulnerability assessment method fusing service security, the current node is the node and represents that all events under the node must be completed before the node can be activated, so that the calculation accuracy of the security vulnerability of the current node is guaranteed by calculating the product of the security vulnerabilities of all child nodes of the current node.
With reference to the fourth embodiment of the first aspect, in the fifth embodiment of the first aspect, the following formula is used to calculate the security vulnerability of the current node:
Figure BDA0002667561310000041
wherein, PiIs the current node; m is the number of all child nodes of the current node; pijIs the jth child node of the current node.
With reference to the first aspect or any one of the first to fifth embodiments of the first aspect, in a sixth embodiment of the first aspect, the securing the corresponding node of the power internet of things based on the security vulnerability of each node includes:
extracting the security vulnerability of a root node in the attack tree model;
determining the vulnerability sensitivity of each node by using the security vulnerability of the root node and the security vulnerability of each node;
and based on the vulnerability sensitivity of each node, carrying out safety protection on the corresponding node of the power Internet of things.
According to the method for evaluating the security vulnerability of the power internet of things fusing the service security, provided by the embodiment of the invention, the importance degree of each node on the security of the target power internet of things is different, and if the system security is protected efficiently and quickly, which node is the most important node on the system security needs to be known, so that the vulnerability sensitivity of the node, namely the influence degree of the node vulnerability change on the system security is calculated. And for the nodes with higher sensitivity, safety protection is carried out on the nodes, so that the safety of the system can be greatly improved.
With reference to the sixth implementation manner of the first aspect, in the seventh implementation manner of the first aspect, the vulnerability sensitivities of the respective nodes are calculated by using the following formula:
Figure BDA0002667561310000042
wherein v isiThe vulnerability sensitivity of the ith node in the attack tree model is obtained; psA security vulnerability of the root node; piIs the security vulnerability of the ith node.
With reference to the first aspect, in an eighth implementation manner of the first aspect, the determining a weight of the at least one evaluation index based on the data of each leaf node includes:
for each leaf node, carrying out standardization processing on the acquired data;
calculating the proportion of the normalized data under each evaluation index in the evaluation index;
calculating the information entropy redundancy of each evaluation index based on the calculated specific gravity;
calculating a first weight of the at least one evaluation index by using the information entropy redundancy;
determining a weight of the at least one evaluation index based on the first weight.
With reference to the first aspect or the eighth implementation manner of the first aspect, in a ninth implementation manner of the first aspect, the determining a weight of the at least one evaluation index based on the data of each leaf node includes:
constructing a fuzzy judgment matrix based on the data of each leaf node;
carrying out consistency check on the fuzzy judgment matrix;
calculating a second weight of the at least one evaluation index by using the fuzzy judgment matrix after consistency check;
determining a weight of the at least one evaluation index based on the second weight.
With reference to the ninth embodiment of the first aspect, in the tenth embodiment of the first aspect, the weight of the at least one evaluation index is calculated by using the following formula:
Figure BDA0002667561310000051
wherein n is the number of the evaluation indexes; w is ajThe weight of the jth evaluation index; i isjA first weight of the jth evaluation index; sjIs the second weight of the jth evaluation index.
The method for evaluating the security vulnerability of the power internet of things fusing the business security, provided by the embodiment of the invention, is used for calculating the weight of at least one evaluation index by combining the first weight and the second weight, so that an accurate and reasonable weight value can be obtained.
According to a second aspect, an embodiment of the present invention further provides a device for evaluating security vulnerability of an electric power internet of things fusing service security, including:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring an attack tree model of a target power Internet of things, data corresponding to each leaf node in the attack tree model and at least one evaluation index;
a weight determination module, configured to determine a weight of the at least one evaluation index based on the data of each leaf node;
the calculation module is used for calculating the security vulnerability of each leaf node by using the weight of the at least one evaluation index and the at least one evaluation index;
a security vulnerability determining module, configured to determine the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and its corresponding child node;
and the protection module is used for carrying out safety protection on the corresponding nodes of the power Internet of things based on the safety vulnerability of each node.
According to the power internet of things security vulnerability assessment device fusing business security, provided by the embodiment of the invention, since the attack tree model of the target power internet of things is visually embodied as the data of the leaf nodes, the security vulnerability of each leaf node can be calculated by using the evaluation index and the data of each leaf node, the security vulnerability of each node is calculated at the security vulnerability of the leaf node, and after the security vulnerability of each node is calculated, each node can be protected in a targeted manner, so that the accuracy of security protection is improved, and the security of the target power internet of things is ensured.
According to a third aspect, an embodiment of the present invention provides an electronic device, including: the memory and the processor are communicatively connected to each other, the memory stores computer instructions, and the processor executes the computer instructions to execute the method for evaluating the security vulnerability of the power internet of things of the converged business security according to the first aspect or any one of the embodiments of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores computer instructions for causing a computer to execute the method for evaluating security vulnerability of a power internet of things of converged business security described in the first aspect or any one of the implementation manners of the first aspect.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of an attack tree model of a target power internet of things according to an embodiment of the invention;
fig. 2 is a flowchart of a power internet of things security vulnerability assessment method fusing business security according to an embodiment of the present invention;
fig. 3 is a flowchart of a power internet of things security vulnerability assessment method fusing business security according to an embodiment of the present invention;
fig. 4 is a flowchart of a power internet of things security vulnerability assessment method fusing business security according to an embodiment of the present invention;
fig. 5 is a block diagram of a power internet of things security vulnerability assessment apparatus fusing service security according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 shows an alternative implementation of an attack tree model of a target power internet of things in the embodiment of the invention. The target power Internet of things in question has a four-layer logic architecture of a perception layer, a network layer, a platform layer and an application layer.
The sensing layer equipment comprises an electric meter, a mutual inductor, a concentrator and the like of electric power collection and also comprises various terminals related to electric power secondary equipment, and the protection capability of the various terminals is generally weaker due to the large quantity or the limitation of capabilities such as resources, technologies and the like. In the network layer, communication modes such as a power wireless private network, WiFi, an optical fiber communication network and the like are easy to be attacked by a network in the information communication transmission process, and face a complex security problem. The electric power Internet of things platform layer mainly improves the efficient processing and cloud and mist coordination capability of data through the application of large-scale terminal unified Internet of things management, a full-service unified data center and a national network cloud platform, so that new risks are introduced to the ubiquitous electric power Internet of things platform layer through cross-service sharing and coordination operation of platform data. In an electric power physical network application layer, various services such as intelligent energy services, virtual power plants, electric vehicles and the like have flexible access and diversified interactivity, and new risks are brought to the application layer by the new characteristics of the services.
When an attack tree model of a target power Internet of things is constructed, the method can be realized by adopting the following steps:
step 1, analyzing threat factors of services under a perception layer, and determining illegal damage, hardware design defects, terminal operating system threats and terminal service application threats as security threat factors of a bottom layer. For the sensing layer, mainly, the protection capability of various terminals is weak due to the limitation of large quantity or capabilities of resources, technologies and the like, and the requirement of accurate sensing cannot be met. The sensing layer mainly comprises a special transformer acquisition terminal and an electric energy meter, and both the special transformer acquisition terminal and the electric energy meter can influence the safety of the sensing layer. For a special transformer acquisition terminal and an electric energy meter, illegal destruction, hardware design defects, terminal operating system threats and terminal service application threats are main factors influencing the safety of the special transformer acquisition terminal and the electric energy meter, so that the four factors are used as bottom factors for evaluating the single-asset vulnerability of the special transformer acquisition terminal and the electric energy meter and the safety vulnerability of a final perception layer.
And 2, analyzing threat factors of services under a network layer, and determining communication tampering threats, communication protocol vulnerabilities and communication facility threats as bottom-layer security threat factors. For the network layer, including the power wireless carrier and the wireless private network, for the two, the three factors of the communication tampering threat, the communication protocol vulnerability and the communication facility threat directly influence the security of the network layer, so that the communication tampering threat, the communication protocol vulnerability and the communication facility threat are used as bottom-layer influencing factors to evaluate the security vulnerabilities of the power wireless carrier and the wireless private network and finally the security vulnerability of the network layer.
And 3, analyzing threat factors of the service under the platform layer, and determining an interactive interface threat, a data tampering threat and a privacy disclosure threat as bottom safety threat factors. The platform layer mainly improves the high-efficiency processing and cloud and mist cooperation capacity of data through large-scale terminal unified internet of things management, full-service unified data center and application of a 'national network cloud' platform, the platform interface and platform data directly influence the application safety, the interactive interface is easily threatened by the interactive interface, the platform data is easily threatened by data tampering and privacy disclosure, and therefore the interactive interface threat, the data tampering threat and the privacy disclosure threat serve as bottom threat factors and are used for evaluating the security vulnerability of the platform interface and the platform data and finally the security vulnerability of the platform layer.
And 4, analyzing threat factors of the service under the application layer, and determining service access threats, host infrastructure threats, application service logic threats and application software vulnerability threats as bottom-layer security threat elements. For an application layer, including services such as smart energy services, virtual power plants, electric vehicles and the like, the services are affected by three security elements, namely an access entrance, a service host and application software, wherein the access entrance is threatened by accessing APP and the like, the service host is threatened by host infrastructure, and the application software is threatened by application service logic and application software vulnerability, so that the service access threat, the host infrastructure threat, the application service logic threat and the application software vulnerability threat are used as bottom-layer security threat factors for evaluating the security vulnerabilities of the access entrance, the service host and the application software and the final application layer security vulnerability.
And 5, constructing an attack tree model of the power Internet of things service system based on the analysis result. The power internet of things service system serves as a root node and is a final attack target. The sub-nodes are respectively a sensing layer, a network layer, a platform layer and an application layer node, and are sequentially pushed downwards, so that finally, illegal damage, hardware design defects, terminal operating system threats, terminal service application threats, communication tampering threats, communication protocol vulnerabilities, communication facility threats, interactive interface threats, data tampering threats, privacy disclosure threats, service access threats, host infrastructure threats, application service logic threats and application software vulnerability threats are taken as leaf nodes of an attack tree, and any leaf node is attacked to form a security threat on the power physical service system.
It should be noted that fig. 1 is only an optional attack tree model of the target power internet of things, and the specific attack tree model may be configured according to actual situations, which is not limited herein.
According to an embodiment of the present invention, an embodiment of a power internet of things security vulnerability assessment method converged with business security is provided, it is noted that the steps shown in the flowchart of the figure may be executed in a computer system such as a set of computer executable instructions, and although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in an order different from that here.
In this embodiment, a method for evaluating security vulnerability of an electric power internet of things with converged business security is provided, and may be used for electronic devices, such as computers, mobile phones, tablet computers, and the like, fig. 2 is a flowchart of the method for evaluating security vulnerability of an electric power internet of things with converged business security according to an embodiment of the present invention, and as shown in fig. 2, the flowchart includes the following steps:
s11, acquiring an attack tree model of the target power Internet of things, data corresponding to each leaf node in the attack tree model and at least one evaluation index.
The attack tree model corresponding to the target power internet of things can be constructed in the above manner, and can also be constructed in other manners, which is not limited herein. As shown in fig. 1, the attack tree model includes a root node power internet of things service system, and leaf nodes include illegal destruction, hardware design defects, and the like. The root node comprises 4 child nodes which are respectively a perception layer, a network layer, a platform layer and an application layer. The sensing layer comprises 2 sub-nodes which are respectively a special transformer acquisition terminal and an electric energy meter; the network layer comprises 2 sub-nodes which are respectively a power wireless carrier and a wireless private network; the platform layer comprises 2 sub-nodes which are respectively a platform interface and platform data; the application layer comprises 3 child nodes which are respectively a service access inlet, a service host and application software. Taking a special transformer acquisition terminal as an example, the corresponding child nodes are respectively illegal destruction, hardware design defects, terminal operating system threats and terminal service application threats.
The data corresponding to each leaf node can be obtained by the electronic device directly from the target power internet of things in the operation process of the target power internet of things, or can be obtained by the electronic device from other places, and the like.
Each leaf node corresponds to at least one evaluation index, and the evaluation index can comprise a business economy UcThreat enforceability UdAnd threat occurrence frequency UrAnd so on. Wherein, the business economy refers to the economic loss caused to the business once the threat is successfully implemented. Threat enforceability refers to the technical difficulty of implementing an attack on the node. The threat occurrence frequency refers to the number of times of threat attack on the power internet of things service system. Of course, the evaluation index may include other indexes, and these three indexes are taken as an example in the description of the embodiment of the present invention.
S12, determining the weight of at least one evaluation index based on the data of each leaf node.
After the electronic device acquires the data of each leaf node, the data of each leaf node may be analyzed to determine the weight of at least one evaluation index. For example, the weight of at least one evaluation index may be determined by a subjective analysis method, an objective analysis method, or a combination of subjective and objective methods. The step will be described in detail below, and will not be described herein again.
And S13, calculating the security vulnerability of each leaf node by using the weight of the at least one evaluation index and the at least one evaluation index.
The electronic equipment calculates the sum of the products of each evaluation index and the corresponding weight, so that the security vulnerability of each leaf node can be obtained.
And S14, determining the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and the corresponding child node.
After the electronic equipment calculates the security vulnerability of each leaf node, the electronic equipment sequentially upwards calculates the security vulnerability of the upper-level node from the bottom layer of the attack tree model, and so on until the security vulnerabilities of all the nodes in the attack tree model are determined.
As shown in fig. 1, the electronic device calculates the security vulnerability of each leaf node, and then calculates the security vulnerability of the upper-level node of the leaf node, that is, calculates the security vulnerabilities of the special transformer acquisition terminal, the electric energy meter, the electric power wireless carrier, the wireless special network, the platform interface, the platform data, the service access entry, the service host and the application software; then calculating the security vulnerabilities of a perception layer, a network layer, a platform layer and an application layer; and finally, calculating the security vulnerability of the power Internet of things service system.
When the security vulnerability of the upper-level node is calculated, the security vulnerability of the child node of the current node is used for calculation. For example, the security vulnerability of the special transformer acquisition terminal is calculated by utilizing the security vulnerability of the child nodes, namely illegal destruction, hardware design defects, terminal operating system threats and terminal business application threats. Details about this step will be described later.
And S15, based on the security vulnerability of each node, carrying out security protection on the corresponding node of the power Internet of things.
After the electronic device calculates the security vulnerability of each node, security protection can be performed by using the security vulnerability of each node, for example, a leaf node corresponding to a hardware design defect can be protected by adding a removal-proof design on a device shell. For the leaf node which does not protect the debugging interface, the interface protection can be carried out through modes such as authentication or access control, and the like, so that the safety of the system is improved.
According to the electric power internet of things security vulnerability assessment method fusing business security, since the attack tree model of the target electric power internet of things is visually embodied as the data of the leaf nodes, the security vulnerability of each leaf node can be calculated by using the evaluation index and the data of each leaf node, the security vulnerability of each node is calculated at the security vulnerability of each leaf node, after the security vulnerability of each node is calculated, the security protection can be performed on each node in a targeted manner, the accuracy of the security protection is improved, and the security of the target electric power internet of things is ensured.
In this embodiment, a method for evaluating security vulnerability of an electric power internet of things with converged business security is provided, and may be used for electronic devices, such as computers, mobile phones, tablet computers, and the like, fig. 3 is a flowchart of the method for evaluating security vulnerability of an electric power internet of things with converged business security according to an embodiment of the present invention, and as shown in fig. 3, the flowchart includes the following steps:
s21, acquiring an attack tree model of the target power Internet of things, data corresponding to each leaf node in the attack tree model and at least one evaluation index.
Please refer to S11 in fig. 2 for details, which are not described herein.
S22, determining the weight of at least one evaluation index based on the data of each leaf node.
Please refer to S12 in fig. 2 for details, which are not described herein.
And S23, calculating the security vulnerability of each leaf node by using the weight of the at least one evaluation index and the at least one evaluation index.
Please refer to S13 in fig. 2 for details, which are not described herein.
And S24, determining the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and the corresponding child node.
Specifically, the step S24 includes the following steps:
and S241, sequentially extracting the nodes in the attack tree model and the child nodes of each node from bottom to top.
As shown in fig. 1, after the security vulnerability of each leaf node is obtained in S23, the upper level nodes of the leaf node, that is, the dedicated transformer acquisition terminal, the electric energy meter, the wireless power carrier, the wireless dedicated network, the platform interface, the platform data, the service access entry, the service host, and the application software, are extracted.
And after the nodes are extracted, the nodes are corresponding to the child nodes of the nodes so as to be used for the subsequent calculation of security vulnerability.
And S242, determining the type of the current node by using the relationship between the current node and the corresponding child node.
And the type of the current node is an OR node or an AND node.
An and node means that all events under the node must be completed to activate the node, or a node means that any event under the node occurs to activate the node. As shown in fig. 1, the nodes other than the leaf node are or nodes. The distinction of the nodes is judged according to the definition of the 'and' node and the 'or' node and based on the relationship between the node and the child nodes.
And taking the special transformer acquisition terminal as a current node, wherein the corresponding sub-nodes are illegal destruction, hardware design defects, terminal operating system threats and terminal service application threats. Wherein the current node is an OR node.
S243, based on the type of the current node, determining the security vulnerability of the current node to obtain the security vulnerability of each node in the attack tree model.
The electronic equipment calculates the security vulnerability of the current node in different modes aiming at different types of current nodes. The method comprises the following specific steps:
(1) the current node is an OR node
1.1) extracting the security vulnerabilities of all child nodes of the current node.
As described above, the current node is a dedicated transformer acquisition terminal, and extracts security vulnerabilities of illegal destruction, hardware design defects, terminal operating system threats, and terminal business application threats.
1.2) ordering all child nodes of the current node based on the security vulnerabilities of all child nodes.
And the electronic equipment sorts all the child nodes of the current node by using the security vulnerability of all the child nodes.
1.3) obtaining blind attack factors.
The blind attack factor may be stored in the electronic device, or may be obtained by the electronic device from the outside, and no limitation is imposed on the manner in which the electronic device obtains the blind attack factor. The specific value of the blind attack factor can be set correspondingly according to the actual situation. For example, the blind attack factor may be 0.5, 0.7, 0.9, and so on.
1.4) calculating the security vulnerability of the current node by using the blind attack factor and the sequencing results of all the child nodes of the current node.
After the electronic equipment obtains the blind attack factor and the sequencing results of all the child nodes of the current node, the blind attack factor is introduced in the calculation process of the security vulnerability of the current node. Specifically, the security vulnerability of the current node is calculated by adopting the following formula:
Figure BDA0002667561310000131
wherein, PiIs that it isA current node; pi1,Pi2,…,PimSorting results of m child nodes of the current node from big to small; rho is the blind attack factor, and rho belongs to [0,1 ]]。
Wherein ρ is 0, the attacker knows the target power internet of things very well and knows the weakest link of the system; rho 1 represents that an attacker has no knowledge about the target power Internet of things, the attack belongs to complete blind attack, and the accuracy of the security vulnerability calculation result of the current node is ensured by combining the blind attack factor and the security vulnerability.
The current node is the OR node, the node can be activated when any event occurs under the node, a blind attack factor is introduced in the safety vulnerability calculation process of the OR node, and when the blind attack factor is combined with all the sub-nodes of the current node, the accuracy of the safety vulnerability calculation of the current node is improved according to the safety vulnerability of each sub-node.
(2) The current node is an AND node
2.1) extracting the security vulnerabilities of all child nodes of the current node.
As described above, the current node is a dedicated transformer acquisition terminal, and extracts security vulnerabilities of illegal destruction, hardware design defects, terminal operating system threats, and terminal business application threats.
2.2) calculating the product of the security vulnerabilities of all the child nodes to obtain the security vulnerability of the current node.
Specifically, the security vulnerability of the current node may be calculated using the following formula:
Figure BDA0002667561310000141
wherein, PiIs the current node; m is the number of all child nodes of the current node; pijIs the jth child node of the current node.
The current node and the node represent that all events under the node must be completed before the node can be activated, so that the calculation accuracy of the security vulnerability of the current node is ensured by calculating the product of the security vulnerabilities of all child nodes of the current node.
And S25, based on the security vulnerability of each node, carrying out security protection on the corresponding node of the power Internet of things.
Specifically, the step S25 includes the following steps:
and S251, extracting the security vulnerability of the root node in the attack tree model.
After the electronic device is processed in S24, the security vulnerabilities of all nodes in the attack tree model can be obtained. The electronic device extracts the security vulnerability of the root node, namely the security vulnerability of the power internet of things service system in fig. 1.
And S252, determining the vulnerability sensitivity of each node by using the security vulnerability of the root node and the security vulnerability of each node.
After the electronic equipment obtains the security vulnerability of the root node, the vulnerability sensitivity of each node can be calculated by using the security vulnerability of the root node and the security vulnerability of each other node.
Specifically, the vulnerability sensitivity of each node can be calculated using the following formula:
Figure BDA0002667561310000142
wherein v isiThe vulnerability sensitivity of the ith node in the attack tree model is obtained; psA security vulnerability of the root node; piIs the security vulnerability of the ith node.
And S253, based on the vulnerability sensitivity of each node, carrying out safety protection on the corresponding node of the power Internet of things.
After calculating the vulnerability sensitivity of each node, the electronic equipment can perform targeted safety protection on the safety weak node of the power internet of things based on the vulnerability sensitivity.
According to the electric power internet of things safety vulnerability assessment method fusing business safety, the current safety vulnerability is subjected to difference calculation by using the relationship between the current node and the corresponding child node, so that the calculated safety vulnerability of the current node is more consistent with the actual situation of the target electric power internet of things, and the calculation reliability of the safety vulnerability of the current node is improved. And each node has different importance degrees on the safety of the target power internet of things, and if the system safety needs to be protected efficiently and quickly, which node is most important on the system safety needs to be known, so the vulnerability sensitivity of the node, namely the influence degree of the vulnerability change of the node on the system safety is calculated. And for the nodes with higher sensitivity, safety protection is carried out on the nodes, so that the safety of the system can be greatly improved.
In this embodiment, a method for evaluating security vulnerability of an electric power internet of things with converged business security is provided, and may be used for electronic devices, such as computers, mobile phones, tablet computers, and the like, fig. 4 is a flowchart of the method for evaluating security vulnerability of an electric power internet of things with converged business security according to an embodiment of the present invention, and as shown in fig. 4, the flowchart includes the following steps:
s31, acquiring an attack tree model of the target power Internet of things, data corresponding to each leaf node in the attack tree model and at least one evaluation index.
Wherein, the evaluation index corresponding to each leaf node is a business economy UcThreat enforceability UdAnd threat occurrence frequency Ur. As shown in fig. 1, leaf nodes of the attack tree model are numbered in order from left to right, and experts score the evaluation index values according to the scoring criteria in table 1. The service economy refers to the service economy loss caused by the attack on the node, the threat feasibility refers to the difficulty of technically realizing the attack on the node, and the threat occurrence frequency refers to the number of times of attack occurrence.
TABLE 1 Scoring standards
Figure BDA0002667561310000151
Figure BDA0002667561310000161
Based on the scoring standard, the business economy U corresponding to each leaf node can be determinedcThreat enforceability UdAnd threat occurrence frequency UrThe specific numerical value of (1).
Please refer to S21 in fig. 3 for details, which are not described herein.
S32, determining the weight of at least one evaluation index based on the data of each leaf node.
Specifically, the step S32 includes the following steps:
s321, standardizing the acquired data for each leaf node.
For example, each leaf node may obtain m data objects, and each leaf node has n evaluation indexes. The obtained data object may be normalized by the following formula:
Figure BDA0002667561310000162
wherein, bijIs the j-th evaluation index value b of the i-th data objectjminIs the minimum value of the j-th evaluation index data of the m groups of data, bjmaxIs the maximum value of the j-th evaluation index of the m groups of data.
S322, the normalized data under each evaluation index is calculated as the proportion of the evaluation index.
Calculating the proportion p of the ith data object in the jth evaluation index under the jth evaluation index by adopting the following formulaij
Figure BDA0002667561310000163
S323, the information entropy redundancy of each evaluation index is calculated based on the calculated specific gravity.
Wherein, the entropy ej of the jth evaluation index is expressed by the following formula:
Figure BDA0002667561310000164
wherein the content of the first and second substances,
Figure BDA0002667561310000165
ej≥0。
after the entropy values of the evaluation indexes are obtained through calculation, the information entropy redundancy d of the evaluation indexes is obtained through calculation by utilizing the entropy values of the evaluation indexesj
dj=1-ej
S324, calculating a first weight of at least one evaluation index by using the information entropy redundancy.
Wherein the first weight s of the jth evaluation indexjThe following formula is adopted:
Figure BDA0002667561310000166
correspondingly, the electronic device may determine the evaluation index corresponding to each leaf node: business economy UcThreat enforceability UdAnd threat occurrence frequency UrMay be expressed as: sc、sdAnd sr
S325, determining the weight of at least one evaluation index based on the first weight.
After the electronic device calculates the first weight, the electronic device may directly use the first weight as the weight of the evaluation index, or may continue the processing of the subsequent steps.
S326, based on the data of each leaf node, a fuzzy judgment matrix is constructed.
To obtain the fuzzy decision matrix R ═ (R)ij)n×nThe importance levels of the evaluation index i and the index j need to be compared as shown in table 1. Taking the sensing layer as an example, the expert scores according to the table 2 to obtain the fuzzy judgment matrix R.
TABLE 2 Scale comparison
Figure BDA0002667561310000171
And S327, carrying out consistency check on the fuzzy judgment matrix.
And (3) carrying out consistency check on the constructed fuzzy matrix R:
rij=rik-rjk+0.5,i,j,k=1,2,…,n
rij=1-rji,i,j=1,2,…,n
rii=0.5,i=1,2,…,n
if the fuzzy judgment matrix does not have consistency, the fuzzy judgment matrix is adjusted to be a fuzzy consistency judgment matrix R' by using an arithmetic mean method:
R'=['rij]n×n
Figure BDA0002667561310000172
if the fuzzy judgment matrix has consistency, R ═ R.
And S328, calculating a second weight of at least one evaluation index by using the fuzzy judgment matrix after the consistency check.
In order to obtain the weight value of each evaluation index, normalization processing is carried out on the fuzzy judgment consistency matrix to obtain a second weight value I of the jth evaluation indexj
Figure BDA0002667561310000181
Correspondingly, the electronic device may determine the evaluation index corresponding to each leaf node: business economy UcThreat enforceability UdAnd threat occurrence frequency UrMay be expressed as: i isc、IdAnd Ir
S329, a weight of the at least one evaluation index is determined based on the second weight.
After obtaining the second weight, the electronic device combines the first weight and the second weight to obtain a weight of at least one evaluation index.
Specifically, the weight of at least one evaluation index is calculated using the following formula:
Figure BDA0002667561310000182
wherein n is the number of the evaluation indexes; w is ajThe weight of the jth evaluation index; i isjA first weight of the jth evaluation index; sjIs the second weight of the jth evaluation index.
Correspondingly, the electronic device may determine the evaluation index corresponding to each leaf node: business economy UcThreat enforceability UdAnd threat occurrence frequency UrThe weights of (a) can be expressed as: w is ac、wdAnd wr
And S33, calculating the security vulnerability of each leaf node by using the weight of the at least one evaluation index and the at least one evaluation index.
After calculating the weight of each evaluation index, the electronic device may calculate the security vulnerability of each leaf node by using the following formula:
P=wc×Uc+wd×Ud+wr×Ur
and S34, determining the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and the corresponding child node.
Please refer to S24 in fig. 3 for details, which are not described herein.
And S35, based on the security vulnerability of each node, carrying out security protection on the corresponding node of the power Internet of things.
Please refer to S25 in fig. 3 for details, which are not described herein.
The method for evaluating the security vulnerability of the power internet of things fusing the service security provided by the embodiment is used for calculating the weight of at least one evaluation index by combining the first weight and the second weight, so that an accurate and reasonable weight value can be obtained.
The embodiment also provides a device for evaluating the security vulnerability of the power internet of things, which is integrated with the service security, and the device is used for implementing the above embodiments and preferred embodiments, and the description of the device is omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
The embodiment provides an electric power internet of things security vulnerability assessment device integrating business security, as shown in fig. 5, including:
the obtaining module 41 is configured to obtain an attack tree model of a target power internet of things, data corresponding to each leaf node in the attack tree model, and at least one evaluation index;
a weight determination module 42, configured to determine a weight of the at least one evaluation index based on the data of each leaf node;
a calculating module 43, configured to calculate the security vulnerability of each leaf node by using the weight of the at least one evaluation index and the at least one evaluation index;
a security vulnerability determining module 44, configured to determine the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and its corresponding child node;
and the protection module 45 is used for carrying out safety protection on the corresponding nodes of the power internet of things based on the safety vulnerability of each node.
According to the electric power internet of things security vulnerability assessment device fusing business security, since the external visual representation in the attack tree model of the target electric power internet of things is the data of the leaf nodes, the security vulnerability of each leaf node can be calculated by using the evaluation indexes and the data of each leaf node, the security vulnerability of each node is calculated at the security vulnerability of each leaf node, after the security vulnerability of each node is calculated, the security protection can be performed on each node in a targeted manner, the accuracy of the security protection is improved, and the security of the target electric power internet of things is ensured.
The power internet of things security vulnerability assessment device for converged service security in this embodiment is presented in the form of a functional unit, where the unit refers to an ASIC circuit, a processor and a memory executing one or more software or fixed programs, and/or other devices capable of providing the above functions.
Further functional descriptions of the modules are the same as those of the corresponding embodiments, and are not repeated herein.
An embodiment of the present invention further provides an electronic device, which includes the above power internet of things security vulnerability assessment apparatus with converged service security shown in fig. 5.
Referring to fig. 6, fig. 6 is a schematic structural diagram of an electronic device according to an alternative embodiment of the present invention, and as shown in fig. 6, the electronic device may include: at least one processor 51, such as a CPU (Central Processing Unit), at least one communication interface 53, memory 54, at least one communication bus 52. Wherein a communication bus 52 is used to enable the connection communication between these components. The communication interface 53 may include a Display (Display) and a Keyboard (Keyboard), and the optional communication interface 53 may also include a standard wired interface and a standard wireless interface. The Memory 54 may be a high-speed RAM Memory (volatile Random Access Memory) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The memory 54 may alternatively be at least one memory device located remotely from the processor 51. Wherein the processor 51 may be in connection with the apparatus described in fig. 5, the memory 54 stores an application program, and the processor 51 calls the program code stored in the memory 54 for performing any of the above-mentioned method steps.
The communication bus 52 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The communication bus 52 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 6, but this is not intended to represent only one bus or type of bus.
The memory 54 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (english: non-volatile memory), such as a flash memory (english: flash memory), a hard disk (english: hard disk drive, abbreviated: HDD) or a solid-state drive (english: SSD); the memory 54 may also comprise a combination of the above types of memories.
The processor 51 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP.
The processor 51 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
Optionally, the memory 54 is also used to store program instructions. The processor 51 may call a program instruction to implement the method for evaluating security vulnerability of the power internet of things of the converged service security as shown in the embodiments of fig. 2 to 4 of the present application.
The embodiment of the invention also provides a non-transitory computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions can execute the electric power internet of things security vulnerability assessment method for fusion service security in any method embodiment. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.

Claims (14)

1. A method for evaluating security vulnerability of an electric power Internet of things fused with business security is characterized by comprising the following steps:
acquiring an attack tree model of a target power Internet of things, data corresponding to each leaf node in the attack tree model and at least one evaluation index;
determining a weight of the at least one evaluation index based on the data of the respective leaf nodes;
calculating the security vulnerability of each leaf node by using the weight of the at least one evaluation index and the at least one evaluation index;
determining the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and the corresponding child node;
and based on the security vulnerability of each node, carrying out security protection on the corresponding node of the power Internet of things.
2. The method of claim 1, wherein the determining the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and its corresponding child node comprises:
sequentially extracting nodes in the attack tree model and child nodes of all the nodes from bottom to top;
determining the type of the current node by using the relationship between the current node and the corresponding child node; the type of the current node is an OR node or an AND node;
and determining the security vulnerability of the current node based on the type of the current node so as to obtain the security vulnerability of each node in the attack tree model.
3. The method of claim 2, wherein when the type of the current node is an or node, the determining the security vulnerability of the current node based on the type of the current node to obtain the security vulnerability of each node in the attack tree model comprises:
extracting the security vulnerabilities of all child nodes of the current node;
sequencing all child nodes of the current node based on the security vulnerabilities of all the child nodes;
acquiring a blind attack factor;
and calculating the security vulnerability of the current node by using the blind attack factor and the sequencing results of all the child nodes of the current node.
4. The method of claim 3, wherein the security vulnerability of the current node is calculated using the following formula:
Figure FDA0002667561300000021
wherein, PiIs the current node; pi1,Pi2,…,PimSorting results of m child nodes of the current node from big to small; rho is the blind tapHit factor, rho ∈ [0,1 ]]。
5. The method of claim 2, wherein when the type of the current node is an and node, the determining the security vulnerability of the current node based on the type of the current node to obtain the security vulnerability of each node in the attack tree model comprises:
extracting the security vulnerabilities of all child nodes of the current node;
and calculating the product of the security vulnerabilities of all the child nodes to obtain the security vulnerability of the current node.
6. The method of claim 5, wherein the security vulnerability of the current node is calculated using the following formula:
Figure FDA0002667561300000022
wherein, PiIs the current node; m is the number of all child nodes of the current node; pijIs the jth child node of the current node.
7. The method according to any one of claims 1-6, wherein the securing the corresponding node of the power internet of things based on the security vulnerability of each node comprises:
extracting the security vulnerability of a root node in the attack tree model;
determining the vulnerability sensitivity of each node by using the security vulnerability of the root node and the security vulnerability of each node;
and based on the vulnerability sensitivity of each node, carrying out safety protection on the corresponding node of the power Internet of things.
8. The method of claim 7, wherein the vulnerability sensitivity of each node is calculated using the following formula:
Figure FDA0002667561300000023
wherein v isiThe vulnerability sensitivity of the ith node in the attack tree model is obtained; psA security vulnerability of the root node; piIs the security vulnerability of the ith node.
9. The method of claim 1, wherein determining the weight of the at least one evaluation indicator based on the data of the respective leaf node comprises:
for each leaf node, carrying out standardization processing on the acquired data;
calculating the proportion of the normalized data under each evaluation index in the evaluation index;
calculating the information entropy redundancy of each evaluation index based on the calculated specific gravity;
calculating a first weight of the at least one evaluation index by using the information entropy redundancy;
determining a weight of the at least one evaluation index based on the first weight.
10. The method of claim 1 or 9, wherein determining the weight of the at least one evaluation index based on the data of the respective leaf node comprises:
constructing a fuzzy judgment matrix based on the data of each leaf node;
carrying out consistency check on the fuzzy judgment matrix;
calculating a second weight of the at least one evaluation index by using the fuzzy judgment matrix after consistency check;
determining a weight of the at least one evaluation index based on the second weight.
11. The method of claim 10, wherein the weight of the at least one evaluation index is calculated using the following formula:
Figure FDA0002667561300000031
wherein n is the number of the evaluation indexes; w is ajThe weight of the jth evaluation index; i isjA first weight of the jth evaluation index; sjIs the second weight of the jth evaluation index.
12. The utility model provides an electric power thing networking security vulnerability assessment device who fuses business safety which characterized in that includes:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring an attack tree model of a target power Internet of things, data corresponding to each leaf node in the attack tree model and at least one evaluation index;
a weight determination module, configured to determine a weight of the at least one evaluation index based on the data of each leaf node;
the calculation module is used for calculating the security vulnerability of each leaf node by using the weight of the at least one evaluation index and the at least one evaluation index;
a security vulnerability determining module, configured to determine the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and its corresponding child node;
and the protection module is used for carrying out safety protection on the corresponding nodes of the power Internet of things based on the safety vulnerability of each node.
13. An electronic device, comprising:
the storage and the processor are connected with each other in a communication mode, the storage stores computer instructions, and the processor executes the computer instructions to execute the power internet of things security vulnerability assessment method fusing business security according to any one of claims 1-11.
14. A computer-readable storage medium storing computer instructions for causing a computer to execute a method for evaluating security vulnerability of power internet of things converged with business security according to any one of claims 1 to 11.
CN202010923638.8A 2020-09-04 2020-09-04 Electric power Internet of things security vulnerability assessment method fusing business security Pending CN112087445A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010923638.8A CN112087445A (en) 2020-09-04 2020-09-04 Electric power Internet of things security vulnerability assessment method fusing business security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010923638.8A CN112087445A (en) 2020-09-04 2020-09-04 Electric power Internet of things security vulnerability assessment method fusing business security

Publications (1)

Publication Number Publication Date
CN112087445A true CN112087445A (en) 2020-12-15

Family

ID=73733126

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010923638.8A Pending CN112087445A (en) 2020-09-04 2020-09-04 Electric power Internet of things security vulnerability assessment method fusing business security

Country Status (1)

Country Link
CN (1) CN112087445A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112560061A (en) * 2020-12-18 2021-03-26 国家工业信息安全发展研究中心 Industrial Internet data safety protection capability assessment method and equipment deployment method
CN113191674A (en) * 2021-05-20 2021-07-30 广东电网有限责任公司 Security risk assessment method and device, storage medium and electronic equipment
CN113228594A (en) * 2021-03-31 2021-08-06 华为技术有限公司 Method, device and equipment for determining protection scheme and computer readable storage medium
CN113595790A (en) * 2021-07-29 2021-11-02 国网电力科学研究院有限公司 Security access assessment method and device for power terminal equipment
CN113645185A (en) * 2021-06-24 2021-11-12 宁波工业互联网研究院有限公司 Multi-level node sharing attack tree modeling method and system
CN116029613A (en) * 2023-02-17 2023-04-28 国网浙江省电力有限公司 Novel power system index data processing method and platform
CN112560061B (en) * 2020-12-18 2024-05-03 国家工业信息安全发展研究中心 Industrial Internet data security protection capability assessment method and equipment deployment method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140007244A1 (en) * 2012-06-28 2014-01-02 Integrated Solutions Consulting, Inc. Systems and methods for generating risk assessments
CN109508882A (en) * 2018-11-13 2019-03-22 国网经济技术研究院有限公司 A kind of Electric Power Network Planning evaluation method and system
CN110020815A (en) * 2019-05-07 2019-07-16 云南电网有限责任公司 A kind of comprehensive vulnerability inder calculation method of the grid nodes based on analytic network process
CN110298170A (en) * 2019-05-31 2019-10-01 国网浙江省电力有限公司宁波供电公司 A kind of Power SCADA security of system appraisal procedure considering the blind attack factor
CN110348665A (en) * 2019-04-03 2019-10-18 中国电力科学研究院有限公司 A kind of low-voltage platform area electric power system data quality evaluating method and device
US20200097663A1 (en) * 2018-09-26 2020-03-26 Clarion Co., Ltd. Vulnerability evaluation apparatus, vulnerability evaluation system, and vulnerability evaluation method
CN111262878A (en) * 2020-02-12 2020-06-09 华北电力大学 Vulnerability analysis method for safety-level digital instrument control system of nuclear power plant

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140007244A1 (en) * 2012-06-28 2014-01-02 Integrated Solutions Consulting, Inc. Systems and methods for generating risk assessments
US20200097663A1 (en) * 2018-09-26 2020-03-26 Clarion Co., Ltd. Vulnerability evaluation apparatus, vulnerability evaluation system, and vulnerability evaluation method
CN109508882A (en) * 2018-11-13 2019-03-22 国网经济技术研究院有限公司 A kind of Electric Power Network Planning evaluation method and system
CN110348665A (en) * 2019-04-03 2019-10-18 中国电力科学研究院有限公司 A kind of low-voltage platform area electric power system data quality evaluating method and device
CN110020815A (en) * 2019-05-07 2019-07-16 云南电网有限责任公司 A kind of comprehensive vulnerability inder calculation method of the grid nodes based on analytic network process
CN110298170A (en) * 2019-05-31 2019-10-01 国网浙江省电力有限公司宁波供电公司 A kind of Power SCADA security of system appraisal procedure considering the blind attack factor
CN111262878A (en) * 2020-02-12 2020-06-09 华北电力大学 Vulnerability analysis method for safety-level digital instrument control system of nuclear power plant

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112560061A (en) * 2020-12-18 2021-03-26 国家工业信息安全发展研究中心 Industrial Internet data safety protection capability assessment method and equipment deployment method
CN112560061B (en) * 2020-12-18 2024-05-03 国家工业信息安全发展研究中心 Industrial Internet data security protection capability assessment method and equipment deployment method
CN113228594A (en) * 2021-03-31 2021-08-06 华为技术有限公司 Method, device and equipment for determining protection scheme and computer readable storage medium
CN113228594B (en) * 2021-03-31 2022-07-29 华为技术有限公司 Method, device and equipment for determining protection scheme and computer readable storage medium
CN113191674A (en) * 2021-05-20 2021-07-30 广东电网有限责任公司 Security risk assessment method and device, storage medium and electronic equipment
CN113645185A (en) * 2021-06-24 2021-11-12 宁波工业互联网研究院有限公司 Multi-level node sharing attack tree modeling method and system
CN113595790A (en) * 2021-07-29 2021-11-02 国网电力科学研究院有限公司 Security access assessment method and device for power terminal equipment
CN113595790B (en) * 2021-07-29 2024-04-05 国网电力科学研究院有限公司 Security access evaluation method and device for power terminal equipment
CN116029613A (en) * 2023-02-17 2023-04-28 国网浙江省电力有限公司 Novel power system index data processing method and platform
CN116029613B (en) * 2023-02-17 2023-06-16 国网浙江省电力有限公司 Novel power system index data processing method and platform

Similar Documents

Publication Publication Date Title
CN112087445A (en) Electric power Internet of things security vulnerability assessment method fusing business security
CN111262722B (en) Safety monitoring method for industrial control system network
CN106992994A (en) A kind of automatically-monitored method and system of cloud service
CN106295349A (en) Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen
CN114584405B (en) Electric power terminal safety protection method and system
CN111786950A (en) Situation awareness-based network security monitoring method, device, equipment and medium
CN116366374B (en) Security assessment method, system and medium for power grid network management based on big data
CN104915600B (en) A kind of Android application securitys methods of risk assessment and device
CN103258027A (en) Context awareness service platform based on intelligent terminal
CN105867347B (en) Cross-space cascading fault detection method based on machine learning technology
CN111754241A (en) User behavior perception method, device, equipment and medium
CN107944293B (en) Fictitious assets guard method, system, equipment and storage medium
CN111931047A (en) Artificial intelligence-based black product account detection method and related device
CN115378711A (en) Industrial control network intrusion detection method and system
Xue et al. Prediction of computer network security situation based on association rules mining
CN117240632B (en) Attack detection method and system based on knowledge graph
CN114338195A (en) Web traffic anomaly detection method and device based on improved isolated forest algorithm
CN117235797A (en) Intelligent management method, device, equipment and system for big data resource access
CN110022293A (en) A kind of electric network information physics emerging system methods of risk assessment
CN111049838B (en) Black product equipment identification method and device, server and storage medium
CN110535972B (en) Centralized control and communication system, equipment and readable storage medium for platform gas detection equipment
CN111106675A (en) Intelligent distribution transformer terminal, application system thereof and security situation assessment method
CN105487936A (en) Information system security evaluation method for classified protection under cloud environment
CN114329450A (en) Data security processing method, device, equipment and storage medium
CN111160738A (en) Event processing method and device, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination