CN112738078A - Network safety monitoring system of railway power supply system - Google Patents
Network safety monitoring system of railway power supply system Download PDFInfo
- Publication number
- CN112738078A CN112738078A CN202011574351.5A CN202011574351A CN112738078A CN 112738078 A CN112738078 A CN 112738078A CN 202011574351 A CN202011574351 A CN 202011574351A CN 112738078 A CN112738078 A CN 112738078A
- Authority
- CN
- China
- Prior art keywords
- equipment
- network
- security
- power supply
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 90
- 230000002159 abnormal effect Effects 0.000 claims description 22
- 238000004891 communication Methods 0.000 claims description 18
- 238000005206 flow analysis Methods 0.000 claims description 15
- 238000002955 isolation Methods 0.000 claims description 11
- 238000005516 engineering process Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 3
- 230000009545 invasion Effects 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 abstract description 2
- 238000012806 monitoring device Methods 0.000 description 10
- 238000000034 method Methods 0.000 description 5
- 230000008447 perception Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 241000109539 Conchita Species 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000196324 Embryophyta Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000036039 immunity Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
The invention relates to a network safety monitoring system of a railway power supply system, which comprises the following components: the host monitoring module monitors the security events of the host equipment of the substation by sensing the security events and uploads the sensing information to the background server; the network equipment monitoring module monitors the network equipment by sensing the security event of the network equipment and uploads the sensing information to the background server; and the security equipment monitoring module monitors the security equipment by sensing the security event of the security equipment and uploads the sensing information to the background server. The system can monitor important network safety equipment of each substation of the railway more stably and comprehensively in real time on line, identify the abnormality of the system equipment in advance, improve the network safety monitoring capability of a railway power supply system and protect the data transmission safety of the railway traction substation.
Description
Technical Field
The invention relates to the technical field of network maintenance of a railway power supply system, in particular to a network safety monitoring system of the railway power supply system.
Background
The railway power supply network system is taken as an important infrastructure field, and is regarded as a first attack target of network battles by many countries, and the network security situation of the railway power supply network system is extremely severe. At present, the transformer substation network information safety protection is too much, a depth protection system depending on boundary safety is adopted, and boundary protection with physical isolation is likely to be invalid when directional attack is faced, so that a railway power supply network safety monitoring device is produced at the same time. The device can effectively acquire network security information in the transformer substation, early warn potential safety hazards, and effectively pre-judge, track and prevent network security risks.
The railway power supply network safety monitoring device is specially used for a source party of data of a railway network safety management platform and a transmitter of commands, and is responsible for acquiring safety event information of a monitored object, controlling the monitored object to execute a specified command, providing safety event data for the safety management platform and supporting corresponding service calling. The method comprises the following steps that a supporting network safety monitoring device in a railway traction substation collects objects: the system comprises a server, a workstation, a switch, a firewall, a forward isolation device, a reverse isolation device and a longitudinal encryption device. The way of acquisition varies from device to device. Host equipment such as a server, a workstation and the like collects equipment safety event information in a mode of deploying a safety monitoring client; safety equipment such as a firewall, a positive and negative isolation device, a longitudinal encryption device and the like adopts a Syslog log mode to upload equipment safety information; and for various switches, SNMP or Syslog can be adopted for collection.
The safety monitoring client runs on a managed host, collects software and hardware information and user operation information of the host in real time according to a preset strategy, and then sends the collected information to the network safety monitoring device according to a specific information format. The network security monitoring device uploads the content such as the equipment state information, the device operation information, the user operation information and the like acquired by the client to a background server or a network security management platform according to a specified format.
Generally, under the inevitable trend of intelligent development of a railway power supply system, a network safety monitoring system of the railway power supply system needs to be improved, intelligent equipment is not fully covered, and a convenient and effective monitoring means for an embedded device with a large storage amount is not provided; if the embedded devices are all connected to the network safety monitoring device, upgrading and modification of software or hardware of the embedded devices are naturally involved, and compared with the existing railway power supply system, the embedded devices are large in related quantity, large in modification engineering and high in cost, and even normal operation of the embedded devices can be influenced.
Content providing method and apparatus
The invention aims to provide a network safety monitoring system of a railway power supply system, which can monitor important network safety equipment of each substation of a railway on line more stably and comprehensively in real time, recognize the abnormality of the system equipment in advance, improve the network safety monitoring capability of the railway power supply system and protect the data transmission safety of a railway traction substation.
The technical scheme adopted by the invention is as follows:
railway power supply system network safety monitoring system, its characterized in that:
the system comprises a host monitoring module, a network equipment monitoring module and a security equipment monitoring module;
the host monitoring module monitors the security events of the host equipment of the substation by sensing the security events and uploads the sensing information to the background server;
the network equipment monitoring module monitors the network equipment by sensing the security event of the network equipment and uploads the sensing information to the background server;
and the security equipment monitoring module monitors the security equipment by sensing the security event of the security equipment and uploads the sensing information to the background server.
The host device comprises a server and a workstation;
the host monitoring module carries out host dynamic monitoring on the monitored equipment by deploying detection software on the monitored object, establishes a TCP link with the host detection software, and defaults to a port 8800 of a TCP protocol; and monitoring the startup, shutdown, read-write, illegal invasion and operation logs of the equipment in real time through port monitoring.
The network equipment comprises a data network switch and an industrial control switch;
the network equipment monitoring module monitors the switch running log in real time through an SNMP protocol, calls the power-off, running and abnormal logs of the equipment, and transmits the power-off, running and abnormal logs to the network equipment monitoring module through TCP/IP.
The security equipment comprises a firewall, a forward isolation device and a reverse isolation device;
the security equipment monitoring module adopts a standard SYSLOG protocol to carry out real-time monitoring on operation and off-line logs of a monitored object, monitoring data are sent to the security monitoring module through a network, security detection analyzes the data, and abnormal data and content are subjected to alarm processing.
The system further comprises a flow analysis module, and abnormal flow in the communication data is analyzed by deeply analyzing the captured mirror flow according to the general protocol and the power communication protocol.
The flow analysis module acquires mirror flow through SNMP, SNMP TRAP and SYSLOG protocols, the analyzed flow content mainly comprises packet loss information, abnormal flow data packets and equipment operation states, and the abnormal operation states and the abnormal data flow are subjected to alarm processing.
The flow analysis module extracts all fields in the communication protocol at the same time, including message characteristic fields, control instructions and information of both communication sides, and is used for detecting illegal messages, only the message format and instructions passing through system key authentication are legal, the legal messages pass normally, and the illegal messages pass alarm.
The system also comprises a power supply control module, and the power supply module adopting the harmonic modulation technology supplies power to the host.
The invention has the following advantages:
1. the stable operation capability of the equipment under the extreme environment is improved, and the voltage fluctuation of +/-40% of alternating current input can be borne.
2. While the monitoring device is passively monitored, active interrogation monitoring is added.
3. The method has the advantages that the immunity of the industrial control terminal equipment is enhanced, the safety of a communication network protocol is enhanced, the sensing capability of the industrial control equipment to safety threats is improved, the safety information of various equipment in the convergence system is collected, the distributed collection of the information of each local node in the whole network is realized, necessary analysis processing is carried out, the local safety information is processed nearby, and unnecessary remote network communication consumption is reduced.
4. And various control means such as blocking, isolation and the like are integrated to realize the cooperative control of the problem equipment and the problem node.
5. The method breaks through a plurality of key technologies, realizes the sensible, known, controllable and preventable network safety of the industrial control system, and thus ensures the safe and stable operation of the railway power supply network system.
Drawings
FIG. 1 is a diagram of the system of the present invention.
FIG. 2 is a schematic diagram of the implementation steps of the harmonic modulation technique power control aspect.
FIG. 3 is a schematic diagram of the implementation steps shown in the client workstation.
Detailed Description
The present invention will be described in detail with reference to specific embodiments.
The invention relates to a network safety monitoring system of a railway power supply system, which is mainly used in a substation and can monitor the network safety of various devices in the power supply system.
The system comprises a host monitoring module, a network equipment monitoring module, a security equipment monitoring module, a power supply control module and a flow analysis module. The power control module is used as a part of hardware of the equipment main body and supplies power to the whole equipment. The host monitoring module, the network equipment monitoring module and the security equipment monitoring module are used for uniformly transmitting the acquired information to the flow analysis module, and the flow analysis module is used for integrally analyzing and processing the system and transmitting the system to system software for processing and displaying. The host monitoring software is detection software on front-end computers such as workstations, data servers and the like.
The host monitoring module monitors the security events of the host equipment of the substation by sensing the security events and uploads the sensing information to the background server; the network equipment monitoring module monitors the network equipment by sensing the security event of the network equipment and uploads the sensing information to the background server; the security equipment monitoring module monitors the security equipment by sensing the security event of the security equipment and uploads the sensing information to the background server; the flow analysis module is used for analyzing abnormal flow in the communication data by deeply analyzing the captured mirror flow according to a general protocol and a power communication protocol; and the power supply control module adopts a power supply module of a harmonic modulation technology to supply power to the system component.
(1) Host computer monitoring module:
the host machine device comprises a server, a workstation and the like, the host machine monitoring module is used for carrying out host machine dynamic monitoring on the monitored device by deploying detection software on a monitored object, a TCP link is established with the host machine detection software, and a port of a TCP protocol 8800 is acquiescent. And monitoring the startup, shutdown, read-write, illegal invasion, running logs and the like of the equipment in real time through port monitoring.
(2) Network equipment monitoring module:
the network equipment comprises a data network switch, an industrial control switch and the like, and the network equipment monitoring module monitors the switch running logs in real time through an SNMP protocol, calls the power-off, running and abnormal logs of the equipment and transmits the power-off, running and abnormal logs to the network equipment monitoring module through TCP/IP.
(3) Security protection equipment monitoring module:
the security equipment comprises a firewall, a forward isolation device, a reverse isolation device and the like, the security equipment monitoring module adopts a standard SYSLOG protocol to carry out real-time monitoring on operation, off-line logs and the like of a monitored object, monitoring data are sent to the security monitoring module through a network, security detection analyzes the data, and abnormal data and content are subjected to alarm processing.
(4) A flow analysis module:
the flow analysis module acquires mirror flow through protocols such as SNMP, SNMP TRAP, SYSLOG and the like, analyzes flow contents mainly including packet loss information, abnormal flow data packets, equipment operation states and the like, and gives an alarm to abnormal operation states and abnormal data flow. The flow analysis module extracts all fields in the communication protocol at the same time, wherein the fields comprise message characteristic fields, control instructions and information of both communication parties, only the message format and the instructions which pass through the system key authentication are legal, the legal message passes normally, and the illegal message passes the alarm.
(5) The power supply control module:
and the power supply control module adopts a power supply module of a harmonic modulation technology to supply power to the host.
The invention is further illustrated with reference to the accompanying drawings:
the system comprises host monitoring software, a power supply control module, a host monitoring module, a network equipment monitoring module, a security equipment monitoring module and a flow analysis module.
(1) Host monitoring software
And reading information such as host hardware configuration, system running state, user login/exit, external network connection monitoring, hardware abnormity monitoring and the like through an operating system self-perception technology. All events occurring are sensed through the kernel layer, and a sensing module captures specific security events such as device access, user operation, important directory change, authority change and the like through an operating system standard interface (including but not limited to interface technologies such as sysfs, procfs, hotplug and the like). The running state, power loss and halt of important equipment, monitoring equipment monitoring alarm information and the like are actively acquired through active inquiry and acquisition. And the information is uploaded to a background server or a master station management platform after being summarized and analyzed.
(2) Power supply control module
Aiming at the large voltage fluctuation of railway power supply, the device adopts a power supply module of a harmonic modulation technology to supply power to a host, thereby ensuring normal operation within 40 percent of rated voltage and solving the problem of the influence of the large voltage fluctuation of a railway power supply system on a network safety monitoring device.
(3) Host monitoring module
Because the brand and the type of the main machine equipment of the railway substation are complicated, the versions of the operating system are numerous, and the installation of the main machine monitoring software has great development and implementation difficulty. For this reason, we have developed an operating system security monitoring tool independently, which supports RedHat5, RedHat6, centros 6, centros 5, Solaris10, HP-UNIXB11, Windows7, Windows xp, Windows2003, Windows2008, Windows vista, and the like.
(4) Network equipment monitoring module
The security event perception function of the network equipment mainly faces to a station control layer of a plant station or a switch of a network-related part at present, and realizes perception of the security event of the network equipment under the condition of not changing the existing firmware by relying on the existing network equipment to generally support a Simple Network Management Protocol (SNMP). The device sends oid configured to the port of the network equipment 161 and receives the information returned by the network equipment; the device monitors 162 the port, the network device actively sends a trap to the device, and the device analyzes and extracts information.
Overall, for the network device, event awareness is realized mainly through the security policy, configuration information and operation information of the device: on one hand, the running state information of the equipment is periodically uploaded in an SNMP form; on the other hand, for the security event, such as the configuration change of the device or the information of accessing the device to be online, the form of SNMP trap is adopted and the form of active triggering is adopted, so that the event perception is realized on the basis of ensuring the timeliness and the accuracy.
In order to ensure the safety of information acquisition, SNMPv3 version with higher safety is adopted to realize the information acquisition, form corresponding safety events and report the corresponding safety events to a network safety monitoring device.
(5) Security protection equipment monitoring module
For general safety protection equipment and railway electric power special security equipment, the equipment realizes autonomous perception of a safety event, realizes event perception through self security strategy, configuration information and operation information of the equipment, forms a corresponding safety event, and actively reports the safety event to a network safety monitoring device in a syslog message format (or provides a corresponding dynamic link library).
(6) Flow analysis module
By deeply analyzing the captured mirror flow according to the general protocol and the power communication protocol, the abnormal flow in the communication data can be analyzed, and meanwhile, each field in the communication protocol, including message characteristic fields, control instructions, information of both communication parties and the like, is extracted. With this information, a series of tests can be performed.
The invention is not limited to the examples, and any equivalent changes to the technical solution of the invention by a person skilled in the art after reading the description of the invention are covered by the claims of the invention.
Claims (8)
1. Railway power supply system network safety monitoring system, its characterized in that:
the system comprises a host monitoring module, a network equipment monitoring module and a security equipment monitoring module;
the host monitoring module monitors the security events of the host equipment of the substation by sensing the security events and uploads the sensing information to the background server;
the network equipment monitoring module monitors the network equipment by sensing the security event of the network equipment and uploads the sensing information to the background server;
and the security equipment monitoring module monitors the security equipment by sensing the security event of the security equipment and uploads the sensing information to the background server.
2. The network safety monitoring system of the railway power supply system according to claim 1, characterized in that:
the host device comprises a server and a workstation;
the host monitoring module carries out host dynamic monitoring on the monitored equipment by deploying detection software on the monitored object, establishes a TCP link with the host detection software, and defaults to a port 8800 of a TCP protocol; and monitoring the startup, shutdown, read-write, illegal invasion and operation logs of the equipment in real time through port monitoring.
3. The network safety monitoring system of the railway power supply system according to claim 1, characterized in that:
the network equipment comprises a data network switch and an industrial control switch;
the network equipment monitoring module monitors the switch running log in real time through an SNMP protocol, calls the power-off, running and abnormal logs of the equipment, and transmits the power-off, running and abnormal logs to the network equipment monitoring module through TCP/IP.
4. The network safety monitoring system of the railway power supply system according to claim 1, characterized in that:
the security equipment comprises a firewall, a forward isolation device and a reverse isolation device;
the security equipment monitoring module adopts a standard SYSLOG protocol to carry out real-time monitoring on operation and off-line logs of a monitored object, monitoring data are sent to the security monitoring module through a network, security detection analyzes the data, and abnormal data and content are subjected to alarm processing.
5. The network safety monitoring system of the railway power supply system according to claim 1, characterized in that:
the system further comprises a flow analysis module, and abnormal flow in the communication data is analyzed by deeply analyzing the captured mirror flow according to the general protocol and the power communication protocol.
6. The network safety monitoring system of the railway power supply system according to claim 5, wherein:
the flow analysis module acquires mirror flow through SNMP, SNMP TRAP and SYSLOG protocols, the analyzed flow content mainly comprises packet loss information, abnormal flow data packets and equipment operation states, and the abnormal operation states and the abnormal data flow are subjected to alarm processing.
7. The network safety monitoring system of the railway power supply system of claim 6, wherein:
the flow analysis module extracts all fields in the communication protocol at the same time, including message characteristic fields, control instructions and information of both communication sides, and is used for detecting illegal messages, only the message format and instructions passing through system key authentication are legal, the legal messages pass normally, and the illegal messages pass alarm.
8. The network safety monitoring system of the railway power supply system according to claim 1, characterized in that:
the system also comprises a power supply control module, and the power supply module adopting the harmonic modulation technology supplies power to the host.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011574351.5A CN112738078A (en) | 2020-12-28 | 2020-12-28 | Network safety monitoring system of railway power supply system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011574351.5A CN112738078A (en) | 2020-12-28 | 2020-12-28 | Network safety monitoring system of railway power supply system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112738078A true CN112738078A (en) | 2021-04-30 |
Family
ID=75606136
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011574351.5A Pending CN112738078A (en) | 2020-12-28 | 2020-12-28 | Network safety monitoring system of railway power supply system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112738078A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114139943A (en) * | 2021-11-30 | 2022-03-04 | 广东电网有限责任公司 | Electric power Internet of things communication safety protection system and method and readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108683549A (en) * | 2018-06-08 | 2018-10-19 | 湖北鑫英泰系统技术股份有限公司 | A kind of network security applied in electric power monitoring system monitors system |
| CN111756693A (en) * | 2020-05-20 | 2020-10-09 | 国网河北省电力有限公司电力科学研究院 | Encryption type electric power monitored control system network safety monitoring device |
-
2020
- 2020-12-28 CN CN202011574351.5A patent/CN112738078A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108683549A (en) * | 2018-06-08 | 2018-10-19 | 湖北鑫英泰系统技术股份有限公司 | A kind of network security applied in electric power monitoring system monitors system |
| CN111756693A (en) * | 2020-05-20 | 2020-10-09 | 国网河北省电力有限公司电力科学研究院 | Encryption type electric power monitored control system network safety monitoring device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114139943A (en) * | 2021-11-30 | 2022-03-04 | 广东电网有限责任公司 | Electric power Internet of things communication safety protection system and method and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104022904A (en) | Unified management platform for IT devices in distributed computer rooms | |
| CN113037745A (en) | Intelligent substation risk early warning system and method based on security situation awareness | |
| CN108769076B (en) | Data acquisition system, method and device with network isolation function | |
| CN112468592B (en) | Terminal online state detection method and system based on electric power information acquisition | |
| CN103490919A (en) | Fault management system and fault management method | |
| CN112506167B (en) | Method and system for processing abnormity of industrial network equipment | |
| CN112711514A (en) | Monitoring system, method and device of terminal equipment | |
| CN102184473A (en) | Comprehensive supervisory system for secondary power system | |
| CN111031018B (en) | Transformer substation network security monitoring client system and implementation method thereof | |
| CN111244806B (en) | Power equipment safety debugging monitoring system and processing method | |
| CN114584366B (en) | Power monitoring network safety detection system and method | |
| CN102752289A (en) | Master station for power utilization information collecting system | |
| CN112738078A (en) | Network safety monitoring system of railway power supply system | |
| CN109541495A (en) | UPS state integrated monitoring based on UPS monitoring card | |
| CN201699742U (en) | Secure access control device of remote network | |
| Meng et al. | Research and application based on network security monitoring platform and device | |
| CN115134131B (en) | Internet of things communication transmission system based on situation awareness | |
| KR102444922B1 (en) | Apparatus of controlling intelligent access for security situation recognition in smart grid | |
| KR102145421B1 (en) | Digital substation with smart gateway | |
| CN103560903A (en) | Server remote monitoring and emergency disposal system and method | |
| CN111146863A (en) | Power safety detection method for transformer substation | |
| KR102160539B1 (en) | Digital substation with smart gateway | |
| KR102160537B1 (en) | Digital substation with smart gateway | |
| CN103618623A (en) | Resource control method based on network management system | |
| Ma et al. | Construction of IoT management system for intelligent monitoring of distribution room |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210430 |
|
| RJ01 | Rejection of invention patent application after publication |