CN112468516A - Security defense method and device, electronic equipment and storage medium - Google Patents
Security defense method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112468516A CN112468516A CN202011496213.XA CN202011496213A CN112468516A CN 112468516 A CN112468516 A CN 112468516A CN 202011496213 A CN202011496213 A CN 202011496213A CN 112468516 A CN112468516 A CN 112468516A
- Authority
- CN
- China
- Prior art keywords
- communication data
- defense
- security
- detection result
- power system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 146
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000004891 communication Methods 0.000 claims abstract description 149
- 238000001514 detection method Methods 0.000 claims abstract description 78
- 230000002159 abnormal effect Effects 0.000 claims description 42
- 238000010801 machine learning Methods 0.000 claims description 7
- 230000000903 blocking effect Effects 0.000 claims description 6
- 230000002547 anomalous effect Effects 0.000 claims 2
- 238000002955 isolation Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Alarm Systems (AREA)
Abstract
The application provides a security defense method, a security defense device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring communication data in a power system; classifying the communication data according to the communication protocol of the communication data to determine the data type corresponding to the communication data; selecting a corresponding target defense rule from a preset defense rule base according to the data type corresponding to the communication data; based on the target defense rule, carrying out safety detection on the communication data and generating a safety detection result; and carrying out safety defense on the power system according to the safety detection result. According to the security defense method provided by the scheme, the corresponding defense rules are selected according to the data types of the communication data so as to carry out targeted security detection on the communication data, and then targeted security defense measures are taken, so that the security of the power system is improved.
Description
Technical Field
The present application relates to the field of power engineering control technologies, and in particular, to a security defense method and apparatus, an electronic device, and a storage medium.
Background
At present, the informatization construction of the power system is rapidly developed, which also increases the difficulty of power grid information safety protection, so that the safety defense technology of the power system becomes the key point of research.
In the prior art, a power system is generally protected from being attacked by a network attacker by using a security defense technology such as a firewall.
However, the security problem of the current power system may be caused by misoperation of internal personnel, and the security problem caused by the misoperation cannot be defended by using a firewall, so that the security of the power system cannot be guaranteed. Therefore, a security defense method capable of performing targeted security defense on the power system is urgently needed, and is of great significance for improving the security of the power system.
Disclosure of Invention
The application provides a security defense method, a security defense device, an electronic device and a storage medium, which are used for overcoming the defects that the security defense method in the prior art is low in safety and the like.
A first aspect of the present application provides a method of security defense, comprising:
acquiring communication data in a power system;
classifying the communication data according to the communication protocol of the communication data to determine the data type corresponding to the communication data;
selecting a corresponding target defense rule from a preset defense rule base according to the data type corresponding to the communication data;
based on the target defense rule, carrying out security detection on the communication data and generating a security detection result;
and carrying out safety defense on the power system according to the safety detection result.
Optionally, the performing security defense on the power system according to the security detection result includes:
and intercepting the abnormal communication data when the communication data is determined to be abnormal according to the safety detection result.
Optionally, after intercepting the abnormal communication data, the method further includes:
and generating communication data alarm information corresponding to the abnormal communication data.
Optionally, the performing security defense on the power system according to the security detection result includes:
determining terminal equipment for sending the communication data according to a source IP address in the communication data;
and when the communication data is determined to be abnormal communication data according to the safety detection result, determining that the terminal equipment is abnormal terminal equipment, and isolating and blocking the abnormal terminal equipment.
Optionally, after the abnormal terminal device is isolated and blocked, the method further includes:
and generating terminal equipment alarm information corresponding to the abnormal terminal equipment.
Optionally, the preset defense rules include security detection rules corresponding to the data types and security defense schemes corresponding to the security detection results.
Optionally, the method further includes:
and updating the defense rule base based on a preset machine learning algorithm according to a historical safety detection result and a safety defense scheme corresponding to the historical safety detection result.
A second aspect of the present application provides a security defense apparatus comprising:
the acquisition module is used for acquiring communication data in the power system;
the classification module is used for classifying the communication data according to the communication protocol of the communication data so as to determine the data type corresponding to the communication data;
the rule determining module is used for selecting a corresponding target defense rule from a preset defense rule base according to the data type corresponding to the communication data;
the detection module is used for carrying out safety detection on the communication data based on the target defense rule and generating a safety detection result;
and the defense module is used for carrying out safety defense on the power system according to the safety detection result.
Optionally, the defense module is specifically configured to:
and intercepting the abnormal communication data when the communication data is determined to be abnormal according to the safety detection result.
Optionally, the defense module is further configured to:
and generating communication data alarm information corresponding to the abnormal communication data.
Optionally, the defense module is specifically configured to:
determining terminal equipment for sending the communication data according to a source IP address in the communication data;
and when the communication data is determined to be abnormal communication data according to the safety detection result, determining that the terminal equipment is abnormal terminal equipment, and isolating and blocking the abnormal terminal equipment.
Optionally, the defense module is further configured to:
and generating terminal equipment alarm information corresponding to the abnormal terminal equipment.
Optionally, the preset defense rules include security detection rules corresponding to the data types and security defense schemes corresponding to the security detection results.
Optionally, the system further includes an update module, configured to:
and updating the defense rule base based on a preset machine learning algorithm according to a historical safety detection result and a safety defense scheme corresponding to the historical safety detection result.
A third aspect of the present application provides an electronic device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executes computer-executable instructions stored by the memory to cause the at least one processor to perform the method as set forth in the first aspect above and in various possible designs of the first aspect.
A fourth aspect of the present application provides a computer-readable storage medium having stored thereon computer-executable instructions that, when executed by a processor, implement a method as set forth in the first aspect and various possible designs of the first aspect.
This application technical scheme has following advantage:
according to the security defense method, the security defense device, the electronic equipment and the storage medium, communication data in the power system are acquired; classifying the communication data according to the communication protocol of the communication data to determine the data type corresponding to the communication data; selecting a corresponding target defense rule from a preset defense rule base according to the data type corresponding to the communication data; based on the target defense rule, carrying out safety detection on the communication data and generating a safety detection result; and carrying out safety defense on the power system according to the safety detection result. According to the security defense method provided by the scheme, the corresponding defense rules are selected according to the data types of the communication data so as to carry out targeted security detection on the communication data, and then targeted security defense measures are taken, so that the security of the power system is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained by those skilled in the art according to these drawings.
Fig. 1 is a schematic structural diagram of an electric power system on which an embodiment of the present application is based;
FIG. 2 is a schematic flow chart illustrating a security defense method according to an embodiment of the present disclosure;
FIG. 3 is a schematic structural diagram of a security defense apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the description of the following examples, "plurality" means two or more unless specifically limited otherwise.
In the prior art, a power system is generally protected from being attacked by a network attacker by using a security defense technology such as a firewall. However, the security problem of the current power system may be caused by misoperation of internal personnel, and the security problem caused by the misoperation cannot be defended by using a firewall, so that the security of the power system cannot be guaranteed.
In order to solve the above problems, the security defense method, the security defense device, the electronic device and the storage medium provided by the embodiments of the present application acquire communication data in a power system; classifying the communication data according to the communication protocol of the communication data to determine the data type corresponding to the communication data; selecting a corresponding target defense rule from a preset defense rule base according to the data type corresponding to the communication data; based on the target defense rule, carrying out safety detection on the communication data and generating a safety detection result; and carrying out safety defense on the power system according to the safety detection result. According to the security defense method provided by the scheme, the corresponding defense rules are selected according to the data types of the communication data so as to carry out targeted security detection on the communication data, and then targeted security defense measures are taken, so that the security of the power system is improved.
The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
First, a configuration of a power system based on the present application will be described:
the security defense method and device, the electronic equipment and the storage medium provided by the embodiment of the application are suitable for security defense of the power system. As shown in fig. 1, the schematic structural diagram of an electric power system based on the embodiment of the present application mainly includes a plurality of terminal devices and electronic devices for performing security defense. Specifically, the electronic device can collect communication data generated by each terminal device, perform security detection on the obtained communication data, and perform security defense on the power system according to a security monitoring result.
The embodiment of the application provides a security defense method which is used for performing security defense on a power system. The execution subject of the embodiment of the application is an electronic device, such as a server, a desktop computer, a notebook computer, a tablet computer, and other electronic devices that can be used for security defense of an electric power system.
As shown in fig. 2, a schematic flow chart of a security defense method provided in an embodiment of the present application is shown, where the method includes:
The communication data may be a message in the power system.
It should be explained that, in the current power system, a plurality of terminal devices are usually provided, and the communication data is communication data generated by the terminal devices and to be transmitted to the power system server.
Specifically, the risk type possibly caused by each communication data may be determined according to the data type corresponding to each communication data, where the risk type may include basic security, structural security, body security, application security, data security, and the like of the power system, and the specifically included risk type may be determined according to the actual situation of the applied power system, which is not limited in the embodiment of the present application.
And 203, selecting a corresponding target defense rule from a preset defense rule base according to the data type corresponding to the communication data.
The preset defense rules comprise safety detection rules corresponding to the data types and safety defense schemes corresponding to the safety detection results.
Specifically, relevant operators can preset corresponding security defense rules for various risk types by combining with professional knowledge, and store the preset security defense rules into a defense rule base. In the defense process, according to the data type corresponding to the obtained communication data, the risk type possibly caused by the communication data is determined, and then the corresponding target defense rule is selected from a preset defense rule base so as to carry out security detection on the communication data.
Specifically, in an embodiment, in order to improve the security defense efficiency of the security defense method provided in the embodiment of the present application, the defense rule base may be updated according to the historical security detection result and the security defense scheme corresponding to the historical security detection result based on a preset machine learning algorithm.
The machine learning algorithm may be a convolutional neural network algorithm or other machine learning algorithms, and the embodiment of the present application is not limited specifically.
Specifically, the occurrence frequency of the communication data of each risk type can be determined according to the historical security monitoring result, and if the occurrence frequency is high, the security defense scheme corresponding to the risk type can be optimized. For example, if the security defense scheme corresponding to the risk type is to perform warning, the security defense scheme may be upgraded from warning to direct interception when the occurrence frequency of the communication data of the risk type is high.
And 204, carrying out safety detection on the communication data based on the target defense rule, and generating a safety detection result.
The safety detection result specifically reflects the safety detection condition of the communication data, and whether the communication data is abnormal communication data or normal communication data can be determined according to the safety detection result, namely whether the communication data can cause safety risks to the power system can be judged.
And step 205, performing security defense on the power system according to the security detection result.
Specifically, in an embodiment, when the communication data is determined to be abnormal communication data according to the security detection result, the abnormal communication data may be intercepted.
Furthermore, communication data alarm information corresponding to abnormal communication data can be generated.
It should be explained that when it is determined that the communication data is abnormal communication data, only an alarm may be performed, that is, corresponding communication data alarm information is generated without interception, and a specific security defense scheme may be set by an operator in combination with professional knowledge, which is not limited in the embodiment of the present application.
Specifically, in an embodiment, in order to further improve the security defense efficiency, the terminal device that sends the communication data may be determined according to the source IP address in the communication data; and when the communication data is determined to be abnormal communication data according to the safety detection result, determining that the terminal equipment is abnormal terminal equipment, and isolating and blocking the abnormal terminal equipment.
Similarly, terminal device alarm information corresponding to the abnormal terminal device can be generated.
Specifically, it may be determined, according to the security detection result, whether the security risk of the abnormal communication data is caused by an improper operation of an internal operator or a suspected malicious attack. When the abnormal communication data is determined to be an attack sentence constructed for malicious attack by a malicious attacker, namely when the malicious attack is suspected, the terminal equipment generating the abnormal communication data can be directly isolated and blocked, so that the power system is prevented from being attacked maliciously.
Specifically, in an embodiment, the generated communication data alarm information and/or terminal device alarm information may be reported, and specifically, the communication data alarm information and/or terminal device alarm information may be reported in a short message manner, a network alarm manner, and the like, and a specific reporting manner is not limited in this embodiment of the application.
According to the security defense method provided by the embodiment of the application, the communication data in the power system is acquired; classifying the communication data according to the communication protocol of the communication data to determine the data type corresponding to the communication data; selecting a corresponding target defense rule from a preset defense rule base according to the data type corresponding to the communication data; based on the target defense rule, carrying out safety detection on the communication data and generating a safety detection result; and carrying out safety defense on the power system according to the safety detection result. According to the security defense method provided by the scheme, the corresponding defense rules are selected according to the data types of the communication data so as to carry out targeted security detection on the communication data, and then targeted security defense measures are taken, so that the security of the power system is improved, and the loss caused by security risks is reduced.
The embodiment of the application provides a security defense device, which is used for executing the security defense method provided by the embodiment.
Fig. 3 is a schematic structural diagram of a security defense apparatus according to an embodiment of the present disclosure. The security defense apparatus 30 includes an acquisition module 301, a classification module 302, a rule determination module 303, a detection module 304, and a defense module 305.
The acquiring module 301 is configured to acquire communication data in the power system; the classification module 302 is configured to classify the communication data according to a communication protocol of the communication data to determine a data type corresponding to the communication data; the rule determining module 303 is configured to select a corresponding target defense rule from a preset defense rule base according to a data type corresponding to the communication data; the detection module 304 is used for performing security detection on the communication data based on the target defense rule and generating a security detection result; and the defense module 305 is used for performing security defense on the power system according to the security detection result.
Specifically, in an embodiment, the defense module 305 is specifically configured to:
and intercepting the abnormal communication data when the communication data is determined to be the abnormal communication data according to the safety detection result.
Specifically, in one embodiment, the defense module 305 is further configured to:
and generating communication data alarm information corresponding to the abnormal communication data.
Specifically, in an embodiment, the defense module 305 is specifically configured to:
determining terminal equipment for sending communication data according to a source IP address in the communication data;
and when the communication data is determined to be abnormal communication data according to the safety detection result, determining that the terminal equipment is abnormal terminal equipment, and isolating and blocking the abnormal terminal equipment.
Specifically, in one embodiment, the defense module 305 is further configured to:
and generating terminal equipment alarm information corresponding to the abnormal terminal equipment.
Specifically, in an embodiment, the preset defense rules include security detection rules corresponding to each data type and security defense schemes corresponding to each security detection result.
Specifically, in an embodiment, the system further includes an updating module 306, configured to:
and updating the defense rule base based on a preset machine learning algorithm according to the historical safety detection result and the safety defense scheme corresponding to the historical safety detection result.
With regard to the security defense apparatus in the present embodiment, the specific manner in which each module performs operations has been described in detail in the embodiment related to the method, and will not be elaborated here.
The security defense device provided by the embodiment of the application is used for executing the security defense method provided by the embodiment, and the implementation manner and the principle of the security defense device are the same and are not repeated.
The embodiment of the application provides electronic equipment which is used for executing the security defense method provided by the embodiment.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device 40 includes: at least one processor 41 and memory 42;
the memory stores computer-executable instructions; the at least one processor executes computer-executable instructions stored by the memory, causing the at least one processor to perform a method as provided by any of the embodiments above.
The electronic device provided by the embodiment of the application is used for executing the security defense method provided by the embodiment, and the implementation manner and the principle of the electronic device are the same, and are not described again.
The embodiment of the present application provides a computer-readable storage medium, in which a computer executing instruction is stored, and when a processor executes the computer executing instruction, the security defense method provided in any one of the above embodiments is implemented.
The storage medium including the computer executable instructions of the embodiments of the present application may be used to store the computer executable instructions of the security defense method provided in the foregoing embodiments, and the implementation manner and principle thereof are the same and are not described again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. A method of security defense, comprising:
acquiring communication data in a power system;
classifying the communication data according to the communication protocol of the communication data to determine the data type corresponding to the communication data;
selecting a corresponding target defense rule from a preset defense rule base according to the data type corresponding to the communication data;
based on the target defense rule, carrying out security detection on the communication data and generating a security detection result;
and carrying out safety defense on the power system according to the safety detection result.
2. The method according to claim 1, wherein the defending the power system from the security detection result comprises:
and intercepting the abnormal communication data when the communication data is determined to be abnormal according to the safety detection result.
3. The security defense method of claim 2, wherein after intercepting the anomalous communication data, the method further comprises:
and generating communication data alarm information corresponding to the abnormal communication data.
4. The method according to claim 1, wherein the defending the power system from the security detection result comprises:
determining terminal equipment for sending the communication data according to a source IP address in the communication data;
and when the communication data is determined to be abnormal communication data according to the safety detection result, determining that the terminal equipment is abnormal terminal equipment, and isolating and blocking the abnormal terminal equipment.
5. The security defense method of claim 4, wherein after isolation blocking the anomalous terminal device, the method further comprises:
and generating terminal equipment alarm information corresponding to the abnormal terminal equipment.
6. The method according to claim 1, wherein the preset defense rules include security detection rules corresponding to each data type and security defense schemes corresponding to each security detection result.
7. The method of security defense according to claim 6, further comprising:
and updating the defense rule base based on a preset machine learning algorithm according to a historical safety detection result and a safety defense scheme corresponding to the historical safety detection result.
8. A security defense apparatus, comprising:
the acquisition module is used for acquiring communication data in the power system;
the classification module is used for classifying the communication data according to the communication protocol of the communication data so as to determine the data type corresponding to the communication data;
the rule determining module is used for selecting a corresponding target defense rule from a preset defense rule base according to the data type corresponding to the communication data;
the detection module is used for carrying out safety detection on the communication data based on the target defense rule and generating a safety detection result;
and the defense module is used for carrying out safety defense on the power system according to the safety detection result.
9. An electronic device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the method of any of claims 1-7.
10. A computer-readable storage medium having computer-executable instructions stored thereon which, when executed by a processor, implement the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011496213.XA CN112468516A (en) | 2020-12-17 | 2020-12-17 | Security defense method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011496213.XA CN112468516A (en) | 2020-12-17 | 2020-12-17 | Security defense method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112468516A true CN112468516A (en) | 2021-03-09 |
Family
ID=74803732
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011496213.XA Pending CN112468516A (en) | 2020-12-17 | 2020-12-17 | Security defense method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112468516A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113434498A (en) * | 2021-05-14 | 2021-09-24 | 国网河北省电力有限公司衡水供电分公司 | Method and device for monitoring data abnormity of database of power system and electronic equipment |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110197278A1 (en) * | 2007-01-23 | 2011-08-11 | Alcatel Lucent | Containment mechanism for potentially contaminated end systems |
| CN104298923A (en) * | 2014-09-28 | 2015-01-21 | 北京奇虎科技有限公司 | Loophole type recognition method and device |
| CN106790023A (en) * | 2016-12-14 | 2017-05-31 | 平安科技(深圳)有限公司 | Network security Alliance Defense method and apparatus |
| CN108206830A (en) * | 2017-12-30 | 2018-06-26 | 平安科技(深圳)有限公司 | Vulnerability scanning method, apparatus, computer equipment and storage medium |
| CN110113332A (en) * | 2019-04-30 | 2019-08-09 | 北京奇安信科技有限公司 | A kind of detection industry control agreement whether there is the method and device of exception |
| CN110675048A (en) * | 2019-09-19 | 2020-01-10 | 国网福建省电力有限公司 | Power data quality detection method and system |
| CN111064730A (en) * | 2019-12-23 | 2020-04-24 | 深信服科技股份有限公司 | Network security detection method, device, equipment and storage medium |
| CN111526121A (en) * | 2020-03-24 | 2020-08-11 | 杭州迪普科技股份有限公司 | Intrusion prevention method and device, electronic equipment and computer readable medium |
| CN111756697A (en) * | 2020-05-27 | 2020-10-09 | 杭州数梦工场科技有限公司 | API (application program interface) security detection method and device, storage medium and computer equipment |
| CN111752936A (en) * | 2020-06-30 | 2020-10-09 | 中国科学院西北生态环境资源研究院 | Data detection management method, device, server and readable storage medium |
| US20200372154A1 (en) * | 2019-05-21 | 2020-11-26 | Jaroona Chain Ou | Blockchain security |
-
2020
- 2020-12-17 CN CN202011496213.XA patent/CN112468516A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110197278A1 (en) * | 2007-01-23 | 2011-08-11 | Alcatel Lucent | Containment mechanism for potentially contaminated end systems |
| CN104298923A (en) * | 2014-09-28 | 2015-01-21 | 北京奇虎科技有限公司 | Loophole type recognition method and device |
| CN106790023A (en) * | 2016-12-14 | 2017-05-31 | 平安科技(深圳)有限公司 | Network security Alliance Defense method and apparatus |
| CN108206830A (en) * | 2017-12-30 | 2018-06-26 | 平安科技(深圳)有限公司 | Vulnerability scanning method, apparatus, computer equipment and storage medium |
| CN110113332A (en) * | 2019-04-30 | 2019-08-09 | 北京奇安信科技有限公司 | A kind of detection industry control agreement whether there is the method and device of exception |
| US20200372154A1 (en) * | 2019-05-21 | 2020-11-26 | Jaroona Chain Ou | Blockchain security |
| CN110675048A (en) * | 2019-09-19 | 2020-01-10 | 国网福建省电力有限公司 | Power data quality detection method and system |
| CN111064730A (en) * | 2019-12-23 | 2020-04-24 | 深信服科技股份有限公司 | Network security detection method, device, equipment and storage medium |
| CN111526121A (en) * | 2020-03-24 | 2020-08-11 | 杭州迪普科技股份有限公司 | Intrusion prevention method and device, electronic equipment and computer readable medium |
| CN111756697A (en) * | 2020-05-27 | 2020-10-09 | 杭州数梦工场科技有限公司 | API (application program interface) security detection method and device, storage medium and computer equipment |
| CN111752936A (en) * | 2020-06-30 | 2020-10-09 | 中国科学院西北生态环境资源研究院 | Data detection management method, device, server and readable storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113434498A (en) * | 2021-05-14 | 2021-09-24 | 国网河北省电力有限公司衡水供电分公司 | Method and device for monitoring data abnormity of database of power system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10122748B1 (en) | Network protection system and threat correlation engine | |
| CN112073389B (en) | Cloud host security situation awareness system, method, device and storage medium | |
| US9948667B2 (en) | Signature rule processing method, server, and intrusion prevention system | |
| US20170185785A1 (en) | System, method and apparatus for detecting vulnerabilities in electronic devices | |
| EP2828767A1 (en) | System and method for crowdsourcing of mobile application reputations | |
| WO2016208159A1 (en) | Information processing device, information processing system, information processing method, and storage medium | |
| CN103975331B (en) | It is incorporated with the safe data center's infrastructure management system for being managed infrastructure equipment | |
| CN111786986B (en) | Numerical control system network intrusion prevention system and method | |
| CN112468516A (en) | Security defense method and device, electronic equipment and storage medium | |
| US20240031407A1 (en) | Honeypot Network Management Based on Probabilistic Detection of Malicious Port Activity | |
| US20230018096A1 (en) | Analysis apparatus, analysis method, and non-transitory computer readable medium storing analysis program | |
| CN108322460B (en) | Business system flow monitoring system | |
| CN114257404B (en) | Abnormal external connection statistical alarm method, device, computer equipment and storage medium | |
| CN115834345A (en) | Alarm data processing method, device, equipment and medium | |
| US11677582B2 (en) | Detecting anomalies on a controller area network bus | |
| CN114697052B (en) | Network protection method and device | |
| CN113986843A (en) | Data risk early warning processing method and device and electronic equipment | |
| CN113127855A (en) | Safety protection system and method | |
| CN111242770B (en) | Risk equipment identification method and device, electronic equipment and readable storage medium | |
| CN116938606B (en) | Network traffic detection method and device | |
| US20230275908A1 (en) | Thumbprinting security incidents via graph embeddings | |
| US20230403294A1 (en) | Cyber security restoration engine | |
| CN117879977B (en) | Network security protection method and device, electronic equipment and storage medium | |
| CN114338237B (en) | Terminal behavior monitoring method, device, equipment, medium and computer program product | |
| CN114500024B (en) | Network asset management method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210915 Address after: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Co.,Ltd. Applicant after: STATE GRID HENAN ELECTRIC POWER Co. Applicant after: STATE GRID CORPORATION OF CHINA Applicant after: STATE GRID HENAN ELECTRIC POWER CORPORATION ELECTRIC POWER SCIENCE Research Institute Address before: 102209 18 Riverside Avenue, Changping District science and Technology City, Beijing Applicant before: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Co.,Ltd. Applicant before: STATE GRID HENAN ELECTRIC POWER Co. Applicant before: STATE GRID CORPORATION OF CHINA |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210309 |