CN112488875A - Network risk situation sensing method of nuclear power plant monitoring system and electronic equipment - Google Patents
Network risk situation sensing method of nuclear power plant monitoring system and electronic equipment Download PDFInfo
- Publication number
- CN112488875A CN112488875A CN202011429719.9A CN202011429719A CN112488875A CN 112488875 A CN112488875 A CN 112488875A CN 202011429719 A CN202011429719 A CN 202011429719A CN 112488875 A CN112488875 A CN 112488875A
- Authority
- CN
- China
- Prior art keywords
- entity
- power plant
- nuclear power
- security
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012544 monitoring process Methods 0.000 title claims abstract description 38
- 230000008447 perception Effects 0.000 claims abstract description 58
- 238000004364 calculation method Methods 0.000 claims abstract description 42
- 238000005192 partition Methods 0.000 claims abstract description 32
- 238000000638 solvent extraction Methods 0.000 claims abstract description 25
- 238000010586 diagram Methods 0.000 claims abstract description 15
- 238000004590 computer program Methods 0.000 claims description 12
- 230000003068 static effect Effects 0.000 claims description 10
- 238000011158 quantitative evaluation Methods 0.000 claims description 7
- 230000010485 coping Effects 0.000 claims description 4
- 238000003860 storage Methods 0.000 claims description 4
- 238000004519 manufacturing process Methods 0.000 description 10
- 238000007726 management method Methods 0.000 description 6
- 230000007123 defense Effects 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 3
- 238000010612 desalination reaction Methods 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000001681 protective effect Effects 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009776 industrial production Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000013316 zoning Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
- G06F16/288—Entity relationship models
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/29—Geographical information databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/04—Forecasting or optimisation specially adapted for administrative or management purposes, e.g. linear programming or "cutting stock problem"
- G06Q10/043—Optimisation of two dimensional placement, e.g. cutting of clothes or wood
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Theoretical Computer Science (AREA)
- Economics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Marketing (AREA)
- Development Economics (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Game Theory and Decision Science (AREA)
- Operations Research (AREA)
- General Health & Medical Sciences (AREA)
- Primary Health Care (AREA)
- Water Supply & Treatment (AREA)
- Public Health (AREA)
- Educational Administration (AREA)
- Remote Sensing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a network risk situation perception method and electronic equipment of a nuclear power plant monitoring system, which comprises the following steps: acquiring input data; partitioning an entity security area of the nuclear power plant, and determining partition information of the entity security area; classifying an entity security target of the nuclear power plant, and determining classification information of the entity security target; establishing a deployment diagram of entity protection equipment of a nuclear power plant; establishing a situation awareness map based on the partition information, the grading information and the deployment map; determining an incidence relation among entity protection equipment, an entity protection area and an entity protection target based on the situation awareness map; performing perception calculation according to the input data and the incidence relation to obtain a perception calculation result; and sensing the network risk situation according to the sensing calculation result.
Description
Technical Field
The invention relates to the field of nuclear power plant network monitoring, in particular to a network risk situation sensing method and electronic equipment of a nuclear power plant monitoring system.
Background
The nuclear power station is an important basic industry and a public utility which are related to the national civilization, and the safe and stable operation and the reliable supply of electric power of the nuclear power station directly relate to the national economic development and the safety of lives and properties of people, and even influence the safety and the stability. With the continuous improvement of the informatization scale of the nuclear power station, the safety threat inherent in a computer information system exists while the safety and economic operation of the nuclear power plant is promoted by taking popular commercial system software and application software as supports and taking a standard protocol as a communication basis. At present, the nuclear power plant network is frequently invaded and attacked, so that the field of security of the nuclear power plant faces new challenges.
The network space has become the fifth territory following the four territories sea, land, air and sky. The destructive effect of the network attack on the key basic equipment even exceeds the war in the traditional sense. The nuclear power plant physical protection system deeply researches and deploys the three-dimensional protection of the nuclear power plant on sea, land and air, but the relation between the network safety problem and the comprehensive protection of the physical protection system is not effectively known. The network security is the first barrier of the nuclear power plant facing the information security intrusion event, so that effective deployment and reasonable response of measures are made, and the key requirements for improving the level of the network security of the nuclear power plant are met. Secondly, the network security threat is quantitatively evaluated from the safety perspective of the nuclear power plant, high-risk network security risk factors in the nuclear security link are effectively found, effective network security overall solutions and application measures are formulated for different nuclear security levels, and the problem that the existing nuclear power plant is in urgent need of solution is solved.
In order to solve the problem, the current scheme is to judge which areas protected by the nuclear power plant security system have high risk according to the good and bad running states of the physical security equipment (non-equipment network security defects or risks).
However, the method cannot predict which systems of the nuclear power plant have high risk under the condition that the security system has network security risk; and no network security risk situation awareness exists.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method for sensing a network risk situation of a nuclear power plant monitoring system and an electronic device, aiming at the above-mentioned defects in the prior art.
The technical scheme adopted by the invention for solving the technical problems is as follows: a network risk situation perception method of a nuclear power plant monitoring system is constructed, and comprises the following steps:
acquiring input data;
partitioning an entity security area of a nuclear power plant, and determining partition information of the entity security area;
classifying an entity security target of a nuclear power plant, and determining classification information of the entity security target;
establishing a deployment diagram of entity protection equipment of a nuclear power plant;
establishing a situation awareness map based on the partition information, the grading information and the deployment map;
determining an incidence relation among the entity protection equipment, the entity protection area and the entity protection target based on the situation awareness map;
performing perception calculation according to the input data and the incidence relation to obtain a perception calculation result;
and perceiving the network risk situation according to the perception calculation result.
Wherein the input data comprises: entity guard system alarm data, security breach data, and static data.
Wherein, the partitioning an entity security area of the nuclear power plant, and the determining the partition information of the entity security area includes:
partitioning the entity security area of the nuclear power plant according to the importance of the entity security area of the nuclear power plant to obtain a partitioning result;
determining the important attribute value of each partition according to the partition result;
and the partition result and the important attribute value of each partition are partition information of the entity guard area.
Wherein, the classifying the entity protection target of the nuclear power plant, and the determining the classification information of the entity protection target comprises:
classifying the entity security target of the nuclear power plant according to the importance of the entity security target to obtain a classification result;
determining important attribute values of all levels according to the grading result;
and the grading result and the important attribute values of all the grades are the grading information of the entity protection target.
Wherein, the establishment of the deployment diagram of the entity protection equipment of the nuclear power plant comprises the following steps:
and marking the deployment position of the entity guard equipment in the map in a map manner to obtain a deployment map of the entity guard equipment.
Wherein, the performing perception calculation according to the input data and the incidence relation, and obtaining a perception calculation result comprises:
determining situation perception data according to the input data and the incidence relation;
establishing a quantitative evaluation model for network risk situation perception;
and performing perception calculation based on the situation perception data and the quantitative evaluation model of the network risk situation perception to obtain a perception calculation result.
Wherein the determining situational awareness data according to the input data and the incidence relation comprises:
determining risk classification and guard information of the entity guard target according to the entity guard system alarm data, the security vulnerability data and the static data;
determining the grading information of the defending target according to the incidence relation;
and determining the situation awareness data according to the risk classification of the entity defending target, the defending information and the grading information.
Wherein the guard information includes: the state information of the entity guard equipment, the probability of the entity guard system effectively coping with the attack and the diversity of the protection means.
Wherein the perception calculation result comprises: an alarm state;
the alarm state includes: lower level risk, intermediate level risk, higher level risk, and higher level risk.
Wherein, the perceiving the network risk situation according to the perception calculation result comprises:
and outputting an alarm signal according to the alarm state.
Wherein the situation awareness map is a dynamic map.
The invention also provides a network risk situation perception system of the nuclear power plant monitoring system, which comprises the following components:
an acquisition unit configured to acquire input data;
the system comprises a partitioning unit, a management unit and a management unit, wherein the partitioning unit is used for partitioning an entity security area of a nuclear power plant and determining partitioning information of the entity security area;
the system comprises a grading unit, a classification unit and a control unit, wherein the grading unit is used for grading an entity security target of the nuclear power plant and determining grading information of the entity security target;
the deployment unit is used for establishing a deployment diagram of entity protection equipment of the nuclear power plant;
the map generation unit is used for establishing a situation awareness map based on the partition information, the grading information and the deployment map;
the association unit is used for determining the association relationship among the entity guard equipment, the entity guard area and the entity guard target based on the situation awareness map;
the perception calculation unit is used for carrying out perception calculation according to the input data and the incidence relation to obtain a perception calculation result;
and the sensing unit is used for sensing the network risk situation according to the sensing calculation result.
The invention also provides an electronic device, which is characterized by comprising a processor and a memory, wherein the memory is used for storing a computer program, and the processor is used for executing the computer program stored in the memory to realize the network risk situation awareness method of the nuclear power plant monitoring system.
The invention also provides a storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the network risk situation awareness method of a nuclear power plant monitoring system as described above.
The network risk situation perception method of the nuclear power plant monitoring system has the following beneficial effects: the method comprises the following steps: acquiring input data; partitioning an entity security area of the nuclear power plant, and determining partition information of the entity security area; classifying an entity security target of the nuclear power plant, and determining classification information of the entity security target; establishing a deployment diagram of entity protection equipment of a nuclear power plant; establishing a situation awareness map based on the partition information, the grading information and the deployment map; determining an incidence relation among entity protection equipment, an entity protection area and an entity protection target based on the situation awareness map; performing perception calculation according to the input data and the incidence relation to obtain a perception calculation result; and sensing the network risk situation according to the sensing calculation result.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a schematic flow chart of a method for sensing a network risk situation of a nuclear power plant monitoring system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating a method for sensing a risk situation of a nuclear power plant monitoring system according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of situation awareness of a network risk situation awareness method using a nuclear power plant monitoring system according to the present invention.
Detailed Description
For a more clear understanding of the technical features, objects and effects of the present invention, embodiments of the present invention will now be described in detail with reference to the accompanying drawings.
In order to solve the problems of the existing network security method, the invention provides a network risk situation perception method of a nuclear power plant monitoring system, which combines network security risk assessment and a nuclear power plant entity protection object, carries out hierarchical management and early warning prompt according to the area and the object where the protected object is located, and visually displays the protected object to a user in a dynamic map mode according to a network security quantitative assessment model.
Referring to fig. 1 and 2, the invention provides a network risk situation awareness method of a nuclear power plant monitoring system.
Specifically, as shown in fig. 1, the method for sensing the network risk situation of the nuclear power plant monitoring system includes:
and step S101, acquiring input data.
Optionally, the input data includes: entity guard system alarm data, security breach data, and static data.
The entity guard system alarm data includes, but is not limited to, equipment failure information, abnormal alarms of the entity guard system, and the like.
Security vulnerability data includes, but is not limited to: which systems, which software has which security vulnerabilities, the risk level of such vulnerabilities (e.g., general, high risk, very high risk, etc.). It can be understood that, if a system has a bug, there may also be a patch for related bug compensation, but the patch is generally not installed in the industrial system, because no strict test is performed, although the patch can compensate the system bug, the patch may affect the stable operation of the existing industrial control system, thereby affecting the safe production, and therefore, in the actual operation, the industrial production control system is generally not patched.
The abnormal static data can be manually input field inspection abnormal static data. The network security risk is dynamically changed, and the static data refers to the security holes of the system discovered in the process of the industrial control network security inspection. For example: whether the safety protection which is required to be carried out according to the corresponding requirements of the grade protection standard has the omission or not and the risk degree of the omission; or regularly organizing experts to evaluate the industrial control system, and evaluating the evaluation rectification opinions given by the experts.
And S102, partitioning an entity security area of the nuclear power plant, and determining partition information of the entity security area.
In some embodiments, partitioning an entity security area of the nuclear power plant, and determining partition information of the entity security area includes: partitioning the entity security area of the nuclear power plant according to the importance of the entity security area of the nuclear power plant to obtain a partitioning result; determining the important attribute value of each partition according to the partition result; and the partition result and the important attribute value of each partition are partition information of the entity guard area.
Optionally, according to the importance of the physical security area of the nuclear power plant, the physical security area of the nuclear power plant may be divided into: non-surveillance Zone (ZN), surveillance Zone (ZS), protection Zone (ZP) and enhanced protection Zone (ZR), wherein the important attribute values of each zone are: the non-surveillance Zone (ZN) is class 1, the surveillance Zone (ZS) is class 2, the protection Zone (ZP) is class 3, and the enhanced protection Zone (ZR) is class 4, of which class 4 is the most important.
And S103, grading the entity security target of the nuclear power plant, and determining grading information of the entity security target.
In the embodiment of the invention, the physical security target of the nuclear power plant is a protected object (such as nuclear power plant equipment or a nuclear power plant related equipment system).
In some embodiments, the step of ranking the entity protection objective of the nuclear power plant comprises: classifying the entity security target of the nuclear power plant according to the importance of the entity security target to obtain a classification result; determining important attribute values of all levels according to the grading result; and the grading result and the important attribute values of all the grades are the grading information of the entity protection target.
Optionally, the entity security targets of the nuclear power plant are managed in groups according to the importance of the entity security targets. The entity protection target can be divided into: production management related systems, non-control related production systems, and control related production systems. The important attribute values of each level are respectively as follows: the production management related system is level 1, the non-control related production system is level 2, and the control related production system is level 3, wherein level 3 is the most important.
And step S104, establishing a deployment diagram of entity protection equipment of the nuclear power plant.
In some embodiments, establishing a deployment map of physical security devices of a nuclear power plant comprises: and marking the deployment position of the entity guard equipment in the map by a map mode to obtain a deployment map of the entity guard equipment.
It is understood that the physical security equipment of the nuclear power plant refers to the physical equipment of the nuclear power plant physical security system in order to protect the important production systems of the nuclear power plant from external damage.
Specifically, a network entity protection boundary map is drawn, entity equipment of all important production systems is calibrated in the map, and if the number of the equipment is too large, the equipment can be displayed in a grading mode (after the area map is clicked, a secondary more detailed map can be performed). Wherein the red of the icon representing the physical device indicates a fault to green indicating normal.
And S105, establishing a situation awareness map based on the partition information, the grading information and the deployment map.
Specifically, a situation awareness map can be established according to partition information of an entity protection area of the nuclear power plant, hierarchical information of an entity protection target of the nuclear power plant, and a deployment map, wherein entry controls (such as a triangular gate, an entrance guard, video monitoring, a camera and the like) are deployed at each place of the nuclear power plant to protect an entity boundary. Secondly, the entity guard system also has the protection wall, intrusion detection equipment, log audit and the like which are deployed aiming at network security.
The situation awareness map is a dynamic map, that is, the situation awareness map is dynamic, and the device can flash and the color of the area can be changed (the color can be changed according to the risk degree in the area).
And S106, determining the incidence relation among the entity protection equipment, the entity protection area and the entity protection target based on the situation awareness map.
Specifically, based on the situation awareness map, the entity protection device, the entity protection area and the entity protection target are related, that is, a mapping relation is established among the entity protection device, the entity protection area and the entity protection target in the database center, so that the entity protection device, the entity protection area and the entity protection target can be quickly inquired after the association. For example, querying an entity guard device (i.e., a monitoring device) can know where its corresponding monitoring area (i.e., an entity guard area) is, which entity guard target is protected; if the entity guard target is inquired, the cameras, the triangular gate, the entrance guard and the network security equipment which are relevant to the entity guard target can be known. Further, the purpose of association can be achieved when the camera, the triangular gate, the entrance guard and the network security device fail, the affected area, the target and the like of the failure can be clearly and quickly known.
And S107, performing perception calculation according to the input data and the association relation to obtain a perception calculation result.
In some embodiments, performing perceptual computation according to the input data and the association relationship, and obtaining a perceptual computation result includes: determining situation perception data according to the input data and the incidence relation; establishing a quantitative evaluation model for network risk situation perception; and performing perception calculation based on the situation perception data and the quantitative evaluation model of network risk situation perception to obtain a perception calculation result.
In some embodiments, determining situational awareness data based on the input data and the associative relationship comprises:
determining risk classification and guard information of an entity guard target according to the alarm data, the security vulnerability data and the static data of the entity guard system; determining the grading information of the defending target according to the incidence relation; and determining situation perception data according to the risk classification, the security information and the grading information of the entity security target.
In some embodiments, risk classification of entity defense objectives may determine the consequences that a device network risk may have upon input data, and may rank threats. The risk classification of the entity defense target can be classified into 1-5 grades according to the possible consequences caused by the equipment network, and the 4 grades are most important. Specifically, level 1: the system is compromised, but the availability of the system is not affected; and 2, stage: the availability of the information system is threatened, and the information system can be recovered in a short time or the cost of the affected system is more than 1000 ten thousand; and 3, level: the availability of the information system is threatened, so that the unit is shut down or the cost of the affected system is more than hundred million; 4, level: the cost of the damaged or affected system of the key equipment is more than 10 hundred million; and 5, stage: causing a nuclear accident, creating a risk of nuclear leakage.
Wherein the guard information includes: the state information of the entity guard equipment, the probability of the entity guard system effectively coping with the attack and the diversity of the protection means.
In some embodiments, the quantitative assessment model of network risk situation awareness may be represented by the following equation:
R=(A*C)/(Q*B*D)。
wherein:
r: the risk level to which the entity defends the target;
a: ranking (degree of importance) of entity defense objectives;
q: the state of the entity guard equipment, wherein 1 represents that the entity guard equipment operates normally, and 0 represents a fault;
b: the probability of the protection system effectively coping with the attack can be generally manually input after being evaluated by an expert: 0 to 100 percent;
c: risk classification of an entity defending target or consequence loss caused by attack (namely the level 1-5);
d: diversity of protective measures (wherein the value is 10)n(n is 0, 1, 2, … … n)), for example, if there is a protection means such as a firewall, a gate, intrusion detection, etc., n is increased by 1.
The risk level of the entity defense target can be judged according to the following intervals:
low risk level: r is more than or equal to 0 and more than or equal to 10;
lower-level risk 10< R ≦ 100;
moderate risk: r is more than 100 and less than or equal to 1000;
higher-level risk: 1000< R < 10000;
high risk grade risk: 10000< R;
therefore, the risk level can be directly determined according to the calculated R value, and the network risk situation can be directly perceived.
And S108, perceiving the network risk situation according to the perception calculation result.
In some embodiments, the perceptual computation results include: and (5) an alarm state. Wherein, the alarm state includes: lower level risk, intermediate level risk, higher level risk, and higher level risk.
That is, after the R value is calculated in step S107, the corresponding alarm state is directly output based on the R value, and an alarm signal is output based on the output alarm state. For example, the risk of the system in the area of the page display entity guard area is large, the areas and the factory building modules in the map represent the network threat risks of the areas in different colors, and after the area icon is clicked, the risks can be further checked.
The following is a description of a specific embodiment:
as shown in fig. 3, the ZP1 area, XT026 device of YA plant, is shown in red, indicating that the area is at risk for network security. Clicking on YA this icon can enter YA premises. A more detailed diagram, such as the schematic diagram indicated by the arrow in fig. 3, further details the protective equipment deployed by the physical protection system of YA plant. From fig. 3 it can be determined which device is in problem or which alarm caused a red alarm reminder in YA building in the general diagram. The alarm prompt is derived according to a calculation formula of a quantitative evaluation model.
Assuming that YA plant, the production system deployed in the plant is a desalination device, and at this time, the a value is 2, if some entity protection system of the plant fails, its Q value is 0, and the R value is infinite. Indicating that the risk is extremely high and needs to be dealt with as soon as possible. If the desalination water system in the YA plant, wherein the relational database is known to have a vulnerability in its official website or other official channels, the vulnerability risk is likely to be utilized by hackers, and has a remote control risk, and the C value thereof is 2; although there is a leak, since the desalination water system is a local area network system, the deployed network is only in YA factory, and therefore, the risk of the leak being hacked in the system is very low, and the B value after expert evaluation is 0.99. The YA plant protection means is entrance guard, the cameras and the protection wall are 3 types, and the D value is 1031000. At this time: r ═ AC/(QBD) ═ 2 × 2/(1 × 0.99 × 1000) ═ 0.004. And finally judging the risk level as low-level risk. The limit value range (upper and lower limits) of each parameter of the formula can be adjusted in the actual application process.
The invention also provides a network risk situation perception system of the nuclear power plant monitoring system, which can be used for realizing the network risk situation perception method of the nuclear power plant monitoring system disclosed by the embodiment of the invention.
Wherein, this nuclear power plant monitored control system's network risk situation perception system includes:
an acquisition unit for acquiring input data.
And the partitioning unit is used for partitioning the entity protection area of the nuclear power plant and determining the partitioning information of the entity protection area.
And the grading unit is used for grading the entity protection target of the nuclear power plant and determining the grading information of the entity protection target.
And the deployment unit is used for establishing a deployment diagram of the entity protection equipment of the nuclear power plant.
And the map generation unit is used for establishing a situation awareness map based on the partition information, the grading information and the deployment map.
And the association unit is used for determining the association relationship among the entity protection equipment, the entity protection area and the entity protection target based on the situation awareness map.
And the perception calculation unit is used for performing perception calculation according to the input data and the incidence relation to obtain a perception calculation result.
And the sensing unit is used for sensing the network risk situation according to the sensing calculation result.
The invention further provides electronic equipment which comprises a processor and a memory, wherein the memory is used for storing the computer program, and the processor is used for executing the computer program stored in the memory so as to realize the network risk situation perception method of the nuclear power plant monitoring system.
The invention also provides a storage medium on which a computer program is stored, wherein the computer program is executed by a processor to implement the steps of the network risk situation awareness method of the nuclear power plant monitoring system provided by the invention.
The network risk situation perception method of the nuclear power plant monitoring system disclosed by the embodiment of the invention can acquire static data of network flow, equipment security loopholes, system logs and security check in a physical protection system, and performs comprehensive network security analysis; meanwhile, according to the importance of a monitoring area in the protection range of the nuclear power plant physical protection system, the importance degree of the monitored system is subjected to zoning and graded management to form a dynamic map of the network security risk situation; finally, the potential risk of the physical protection capability of the nuclear power plant can be evaluated by judging the current abnormal behavior, and the network safety state in a previous physical protection system of the nuclear power plant is reminded in a map and alarm list mode.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above embodiments are merely illustrative of the technical ideas and features of the present invention, and are intended to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the scope of the present invention. All equivalent changes and modifications made within the scope of the claims of the present invention should be covered by the claims of the present invention.
Claims (14)
1. A network risk situation perception method of a nuclear power plant monitoring system is characterized by comprising the following steps:
acquiring input data;
partitioning an entity security area of a nuclear power plant, and determining partition information of the entity security area;
classifying an entity security target of a nuclear power plant, and determining classification information of the entity security target;
establishing a deployment diagram of entity protection equipment of a nuclear power plant;
establishing a situation awareness map based on the partition information, the grading information and the deployment map;
determining an incidence relation among the entity protection equipment, the entity protection area and the entity protection target based on the situation awareness map;
performing perception calculation according to the input data and the incidence relation to obtain a perception calculation result;
and perceiving the network risk situation according to the perception calculation result.
2. The cyber risk situation awareness method of nuclear power plant monitoring systems according to claim 1, wherein the input data includes: entity guard system alarm data, security breach data, and static data.
3. The method of claim 1, wherein the partitioning an entity protection area of the nuclear power plant, and the determining the partition information of the entity protection area comprises:
partitioning the entity security area of the nuclear power plant according to the importance of the entity security area of the nuclear power plant to obtain a partitioning result;
determining the important attribute value of each partition according to the partition result;
and the partition result and the important attribute value of each partition are partition information of the entity guard area.
4. The cyber risk situation awareness method of nuclear power plant monitoring systems according to claim 1, wherein the ranking of the physical security objectives of the nuclear power plant, and the determining of the ranking information of the physical security objectives comprises:
classifying the entity security target of the nuclear power plant according to the importance of the entity security target to obtain a classification result;
determining important attribute values of all levels according to the grading result;
and the grading result and the important attribute values of all the grades are the grading information of the entity protection target.
5. The cyber risk situation awareness method of nuclear power plant monitoring systems according to claim 1, wherein the establishing a deployment diagram of physical security devices of a nuclear power plant comprises:
and marking the deployment position of the entity guard equipment in the map in a map manner to obtain a deployment map of the entity guard equipment.
6. The network risk situation awareness method of the nuclear power plant monitoring system according to claim 2, wherein the performing awareness calculation according to the input data and the association relationship, and obtaining an awareness calculation result comprises:
determining situation perception data according to the input data and the incidence relation;
establishing a quantitative evaluation model for network risk situation perception;
and performing perception calculation based on the situation perception data and the quantitative evaluation model of the network risk situation perception to obtain a perception calculation result.
7. The cyber risk situation awareness method of the nuclear power plant monitoring system according to claim 6, wherein the determining situation awareness data according to the input data and the incidence relation includes:
determining risk classification and guard information of the entity guard target according to the entity guard system alarm data, the security vulnerability data and the static data;
determining the grading information of the defending target according to the incidence relation;
and determining the situation awareness data according to the risk classification of the entity defending target, the defending information and the grading information.
8. The cyber risk situation awareness method of nuclear power plant monitoring systems according to claim 7, wherein the security information includes: the state information of the entity guard equipment, the probability of the entity guard system effectively coping with the attack and the diversity of the protection means.
9. The network risk situation awareness method for a nuclear power plant monitoring system according to claim 1, wherein the awareness calculation result comprises: an alarm state;
the alarm state includes: lower level risk, intermediate level risk, higher level risk, and higher level risk.
10. The cyber risk situation awareness method of the nuclear power plant monitoring system according to claim 9, wherein the perceiving the cyber risk situation according to the perception calculation result includes:
and outputting an alarm signal according to the alarm state.
11. The cyber risk situation awareness method of nuclear power plant monitoring systems according to any of claims 1 to 10, wherein the situation awareness map is a dynamic map.
12. A nuclear power plant monitoring system's network risk situation perception system characterized in that includes:
an acquisition unit configured to acquire input data;
the system comprises a partitioning unit, a management unit and a management unit, wherein the partitioning unit is used for partitioning an entity security area of a nuclear power plant and determining partitioning information of the entity security area;
the system comprises a grading unit, a classification unit and a control unit, wherein the grading unit is used for grading an entity security target of the nuclear power plant and determining grading information of the entity security target;
the deployment unit is used for establishing a deployment diagram of entity protection equipment of the nuclear power plant;
the map generation unit is used for establishing a situation awareness map based on the partition information, the grading information and the deployment map;
the association unit is used for determining the association relationship among the entity guard equipment, the entity guard area and the entity guard target based on the situation awareness map;
the perception calculation unit is used for carrying out perception calculation according to the input data and the incidence relation to obtain a perception calculation result;
and the sensing unit is used for sensing the network risk situation according to the sensing calculation result.
13. An electronic device, comprising a processor and a memory, the memory storing a computer program, the processor being configured to execute the computer program stored by the memory to implement the network risk situation awareness method of a nuclear power plant monitoring system according to any of claims 1-11.
14. A storage medium having stored thereon a computer program, wherein the computer program, when being executed by a processor, is adapted to carry out the steps of the network risk situation awareness method of a nuclear power plant monitoring system according to any one of the claims 1-11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011429719.9A CN112488875A (en) | 2020-12-09 | 2020-12-09 | Network risk situation sensing method of nuclear power plant monitoring system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011429719.9A CN112488875A (en) | 2020-12-09 | 2020-12-09 | Network risk situation sensing method of nuclear power plant monitoring system and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112488875A true CN112488875A (en) | 2021-03-12 |
Family
ID=74940920
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011429719.9A Pending CN112488875A (en) | 2020-12-09 | 2020-12-09 | Network risk situation sensing method of nuclear power plant monitoring system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112488875A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140137257A1 (en) * | 2012-11-12 | 2014-05-15 | Board Of Regents, The University Of Texas System | System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure |
| JP2016001442A (en) * | 2014-06-12 | 2016-01-07 | 行政院環境保護署 | Map data processing of environment location evaluation and output system thereof, computer program product and method of the same |
| CN105868211A (en) * | 2015-01-22 | 2016-08-17 | 北京华烽泰特科技有限公司 | Factory displaying method |
| JP2017167761A (en) * | 2016-03-15 | 2017-09-21 | 日本精機株式会社 | Display device and plant apparatus state collection system |
| CN110058196A (en) * | 2019-05-21 | 2019-07-26 | 巴斯夫新材料有限公司 | A kind of position monitoring system in chemical plant |
| CN110232006A (en) * | 2019-05-16 | 2019-09-13 | 平安科技(深圳)有限公司 | Equipment alarm method and relevant apparatus |
| CN110443037A (en) * | 2019-08-14 | 2019-11-12 | 广州思泰信息技术有限公司 | A kind of power monitoring network security postures cognitive method based on modified AHP |
| CN111934905A (en) * | 2020-07-05 | 2020-11-13 | 上海纽盾科技股份有限公司 | Management method, client and system of network equipment in level protection |
-
2020
- 2020-12-09 CN CN202011429719.9A patent/CN112488875A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140137257A1 (en) * | 2012-11-12 | 2014-05-15 | Board Of Regents, The University Of Texas System | System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure |
| JP2016001442A (en) * | 2014-06-12 | 2016-01-07 | 行政院環境保護署 | Map data processing of environment location evaluation and output system thereof, computer program product and method of the same |
| CN105868211A (en) * | 2015-01-22 | 2016-08-17 | 北京华烽泰特科技有限公司 | Factory displaying method |
| JP2017167761A (en) * | 2016-03-15 | 2017-09-21 | 日本精機株式会社 | Display device and plant apparatus state collection system |
| CN110232006A (en) * | 2019-05-16 | 2019-09-13 | 平安科技(深圳)有限公司 | Equipment alarm method and relevant apparatus |
| CN110058196A (en) * | 2019-05-21 | 2019-07-26 | 巴斯夫新材料有限公司 | A kind of position monitoring system in chemical plant |
| CN110443037A (en) * | 2019-08-14 | 2019-11-12 | 广州思泰信息技术有限公司 | A kind of power monitoring network security postures cognitive method based on modified AHP |
| CN111934905A (en) * | 2020-07-05 | 2020-11-13 | 上海纽盾科技股份有限公司 | Management method, client and system of network equipment in level protection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107169600B (en) | Method, system, storage medium and computer device for identifying major hazard source | |
| CN111859393B (en) | Risk assessment system and method based on situation awareness alarm | |
| KR100955281B1 (en) | Security Risk Evaluation Method for Threat Management | |
| CN103312679B (en) | The detection method of senior constant threat and system | |
| CN110149327B (en) | Network security threat warning method and device, computer equipment and storage medium | |
| US9177139B2 (en) | Control system cyber security | |
| CN109889476A (en) | A kind of network safety protection method and network security protection system | |
| CN105868629B (en) | Security threat situation assessment method suitable for electric power information physical system | |
| CN113660296B (en) | Method and device for detecting anti-attack performance of industrial control system and computer equipment | |
| Maglaras et al. | Threats, countermeasures and attribution of cyber attacks on critical infrastructures | |
| Maglaras et al. | Threats, protection and attribution of cyber attacks on critical infrastructures | |
| CN111865982B (en) | Threat assessment system and method based on situation awareness alarm | |
| CN113554318A (en) | Three-dimensional visual risk intelligent management and control integrated system and method for chemical industry park | |
| CN104601553A (en) | Internet-of-things tampering invasion detection method in combination with abnormal monitoring | |
| CN106297114A (en) | A kind of invader detection method and device | |
| CN107612927B (en) | Safety detection method for power dispatching automation system | |
| Pittore et al. | Toward a loss‐driven earthquake early warning and rapid response system for Kyrgyzstan (Central Asia) | |
| CN112488875A (en) | Network risk situation sensing method of nuclear power plant monitoring system and electronic equipment | |
| CN106453235A (en) | Network security method | |
| CN108629493B (en) | Storage tank lightning stroke accident risk analysis method and system and storage medium | |
| CN110572379B (en) | Network security oriented visualization big data situation awareness analysis system key technology | |
| Johnson et al. | Physical security and cybersecurity of energy storage systems | |
| KR101278142B1 (en) | Hazardous materials storage remote alarm system using wcdma network | |
| Chernov et al. | Application of the method of determining the degree of danger of destructive actions to solve the problem of information security of APCs | |
| CN102256253A (en) | Network safety integrated management method based on WLAN (Wireless Local Area Network) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |