CN113301560A - Electric power Internet of things terminal control method and system - Google Patents

Abstract

The invention discloses a method and a system for controlling a power Internet of things terminal, wherein the method comprises the following steps: monitoring networking data of the power Internet of things terminal equipment in real time; acquiring authentication failure times N1, flow abnormal times N2 and quintuple abnormal times N3 in the networking data; inputting the authentication failure times N1, the flow abnormal times N2 and the quintuple abnormal times N3 as input parameters into a trusted parameter calculation model to obtain a trusted value of the power internet of things terminal equipment; and responding to the fact that the credibility value of the electric power Internet of things terminal equipment is lower than a preset value, and sending a network connection command for disconnecting and/or refusing the electric power Internet of things terminal equipment to a 5G core network. According to the method and the system disclosed by the invention, the safety of the terminal equipment in the power internet of things can be evaluated under the condition of not influencing the low time delay of the power internet of things based on the 5G technology, and the requirement on the computing capability of the credible management node can be reduced.

Description

Electric power Internet of things terminal control method and system

Technical Field

The invention belongs to the field of power Internet of things communication, and particularly relates to a power Internet of things terminal control method and system.

Background

5G is a new generation mobile communication technology, and is a key novel infrastructure for supporting the digitization, networking and intelligent transformation of the economy and society. The deep integration of 5G and vertical industries is an important development direction at present. In a power transmission line inspection scene, in order to solve the problem of low manual inspection efficiency, a large-scale machine is applied for inspection in the future, and the fault inspection is carried out by judging line defects through technologies such as computer image recognition and the like, wherein a large amount of machine inspection equipment is required to be introduced in the process; in an unmanned inspection scene of the transformer substation, the internal characteristics and the appearance images of the transformer substation equipment are collected by using a sensor and an inspection robot. Due to the complexity of substation equipment, multiple cameras are generally required to cooperatively transmit acquired image data; in a power consumer behavior perception scene, an intelligent electric meter needs to be fully utilized, resident electricity utilization side data are collected, and data mining and load identification are carried out.

In the above electric power application scenarios, a large number of internet of things electric power terminals need to access a network, and the requirements on the bearing capacity and the real-time performance of the whole network are high. The MEC (Multi-Access Edge Computing) technology has a strong advantage in data processing timeliness, and has become a 5G key technology mainly used in power application scenarios. In the edge computing, an edge server and a large number of internet of things terminals participating in resource access are involved, the characteristics of dynamic property and heterogeneity are obvious, and the edge computing is often lack of a security mechanism like cloud computing centralized control, so that the security risk of participants is increased.

Therefore, it is a significant problem to solve the security problem of the terminal device in the power internet of things and not affect the delay in the 5G network, because a large number of terminals used for collecting power grid data exist in the edge calculation in the power internet of things, how to perform security detection on the data of the terminals and analyze the data sent by the terminals in the internet of things under the condition that the network transmission performance of the internet of things is not affected is a challenge for technicians in the field or a problem to be solved urgently.

By using a credit mechanism, updating the credit value of the network node becomes an important way for screening reliable nodes and resisting internal attacks. Trust evaluation is a technical method of expressing trust by a number, where a number is referred to as a trust value. Trust assessment is widely applied to various industries at present, and the main technologies comprise Bayesian inference, (weighted) average model, Dempster-Shafer theory, subjective logic, fuzzy logic, entropy-based model, fuzzy cognitive map, game theory, cloud theory, information theory framework, PeerTrust and the like. Trust evaluation requires communication or behavior data collection by a trusted third party node, and information fusion and aggregation are performed by adopting a trust evaluation technology so as to generate a trust value. Currently, trust evaluation is not much researched in the field of edge computing, and particularly in a mobile communication network, and has not been mentioned yet.

Disclosure of Invention

In order to solve the problems, the network behavior of the power internet of things terminal in the mobile communication network is selected as a main input parameter for constructing the trust evaluation model. And taking the successful authentication times, abnormal traffic scale conditions, abnormal mobile internet log quintuple conditions and other conditions as main consideration factors of the trust evaluation model and also as an important basis for judging whether the power internet of things terminal is normal. From the viewpoints of feasibility, performance consumption, parameter acquisition and the like, the three types of parameters are more suitable trust evaluation parameters applicable to the actual network.

Specifically, the invention provides a control method for a power internet of things terminal, which comprises the following steps:

monitoring networking data of the power Internet of things terminal equipment in real time;

acquiring authentication information in the networking data, and recording authentication failure times N1 in the authentication information;

acquiring data traffic information in the networking data, inputting the data traffic information into a BP neural network model for calculation, judging whether the data traffic information is abnormal according to a calculation result, and recording the number of times of traffic abnormality N2;

acquiring quintuple information in the networking data, analyzing whether the quintuple information is abnormal or not, and recording the abnormal times N3 of the quintuple;

inputting the authentication failure times N1, the flow abnormal times N2 and the quintuple abnormal times N3 as input parameters into a trusted parameter calculation model to obtain a trusted value of the power internet of things terminal equipment; and

and responding to the situation that the credibility value of the electric power Internet of things terminal equipment is lower than a preset value, and sending a network connection command for disconnecting and/or refusing the electric power Internet of things terminal equipment to a 5G core network.

In some embodiments of the invention, the trusted parameter calculation model is:

T＝100–a*N1–b*N2–c*N3；

wherein T is a credible value, N1 is the number of authentication failures, N2 is the number of flow anomalies, N3 is the number of quintuple anomalies, and a, b, c are coefficients of a credible parameter calculation model.

In some embodiments of the invention, the coefficients a, b, c of the trusted parameter computing model are set manually from the network security environment.

In some embodiments of the invention, the coefficients a, b, c of the trusted parameter computing model are trained by a neural network or a machine learning algorithm.

In some embodiments of the present invention, the monitoring networking data of the power internet of things terminal device in real time includes:

and communication data between the power Internet of things terminal and the 5G core network are acquired in a bypass detection mode.

In some embodiments of the invention, the method further comprises:

monitoring and judging whether the service state of authentication in the 5G core network is abnormal or not in real time;

responding to the abnormal service state of the authentication, stopping the authentication failure analysis of the power Internet of things terminal and the statistics of the authentication failure times N1; and

and taking the service address of the authentication as an abnormal address of the five-tuple.

In some embodiments of the invention, the method further comprises:

monitoring and judging whether the state of the service in the 5G core network is abnormal or not in real time;

responding to the abnormal state of the business service, stopping data abnormality detection of the power Internet of things terminal and counting the flow abnormality times N2; and

and taking the address of the service as an abnormal address of the quintuple.

In some embodiments of the present invention, obtaining five-tuple information in the networking data, and analyzing whether the five-tuple information is abnormal comprises:

judging whether a target address in the quintuple of the networking data sent by the electric power Internet of things terminal corresponds to a business service address corresponding to the business type of the electric power Internet of things terminal;

and responding to the judgment result that the five-tuple exception times are not corresponding, and setting the value of the five-tuple exception times N3 as + 1.

In some embodiments of the present invention, acquiring quintuple information in the networking data, and analyzing whether the quintuple information is abnormal further includes:

judging whether the power Internet of things terminal frequently accesses a plurality of destination ports of the same destination address;

responding to a plurality of destination ports of the same destination address frequently accessed by the power internet of things terminal, and enabling the value of the quintuple exception number N3 to be + 1; and

judging whether the power Internet of things terminal frequently accesses a certain port of a plurality of destination addresses;

responding to a certain port of the electric power Internet of things terminal which frequently accesses a plurality of destination addresses, and enabling the value of the quintuple exception number N3 to be + 1.

The invention also discloses a control system of the power internet of things terminal, which specifically comprises the power internet of things terminal, a trusted management node and a 5G core network, wherein the trusted management node is configured to:

monitoring networking data of the power Internet of things terminal equipment in real time;

acquiring authentication information in the networking data, and recording authentication failure times N1 in the authentication information;

acquiring data traffic information in the networking data, inputting the data traffic information into a BP neural network model for calculation, judging whether the data traffic information is abnormal according to a calculation result, and recording the number of times of traffic abnormality N2;

acquiring quintuple information in the networking data, analyzing whether the quintuple information is abnormal or not, and recording the abnormal times N3 of the quintuple;

inputting the authentication failure times N1, the flow abnormal times N2 and the quintuple abnormal times N3 as input parameters into a trusted parameter calculation model to obtain a trusted value of the power internet of things terminal equipment; and

and responding to the situation that the credibility value of the electric power Internet of things terminal equipment is lower than a preset value, and sending a network connection command for disconnecting and/or refusing the electric power Internet of things terminal equipment to the 5G core network.

According to the method and the system for controlling the terminal of the power internet of things, networking data sent by terminal equipment in the power internet of things are monitored in real time; acquiring authentication information in the networking data, and analyzing and recording authentication failure times N1 in the authentication information; acquiring data traffic information in the networking data, inputting the data traffic information into a BP neural network model, detecting whether the data traffic is abnormal or not by means of artificial intelligence, and recording abnormal times N2; acquiring quintuple information in the networking data, analyzing whether the quintuple information is abnormal or not according to the type of the acquired information of the terminal equipment and the corresponding service type, and recording the abnormal times N3 of the quintuple; inputting the authentication failure times N1, the flow abnormal times N2 and the quintuple abnormal times N3 as input parameters into a trusted parameter calculation model to obtain a trusted value of the terminal equipment; and the method is used for judging whether the terminal equipment of the Internet of things is a normal terminal.

The whole safety detection process is completed by a trusted management node located in a bypass of the power internet of things, only a management command corresponding to the verification result is fed back to the 5G core network, other equipment of the 5G core network can know whether the state of the corresponding terminal is abnormal or not, and whether data of the abnormal terminal is received or not is selected according to a certain strategy. The whole security detection process does not affect the data transmission performance of the 5G core network. Through the high-dimensional characteristic analysis decision of the equipment abnormality in the Internet of things, the real-time safety check of a large number of terminals in the electric Internet of things is realized, and the network communication in the Internet of things is not influenced.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a flow chart of a terminal control method of the power internet of things of the invention;

fig. 2 is a structural diagram of a terminal control system of an electric power internet of things provided by the invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.

As shown in fig. 2, an aspect of the present invention provides an electric power internet of things terminal control system, which includes an electric power internet of things terminal 1, a trusted management node 2, and a 5G core network 3, where the trusted management node 2 may be configured to perform the method according to the present invention, as described in other parts of the present invention.

In this embodiment, the types of terminal devices included in the power internet of things terminal control system provided by the invention are complex and various, and for example, when the system is used in a power transmission line inspection scene, in order to solve the problem of low manual inspection efficiency, the system discriminates line defects through technologies such as computer image recognition and the like to perform fault inspection; in the unmanned inspection scene of the transformer substation, the inspection robot is used for detecting the ambient temperature and humidity of the transformer substation through a sensor; monitoring equipment for detecting the temperature and the icing condition of the transmission line on a high tower of the ultra-high voltage transmission line; or auxiliary heating equipment for heating the ultra-high voltage transmission line. These terminal devices, which are designed for efficient maintenance of the electrical power installation, are connected to a network control center located at a remote location via an ad hoc and independent network system. The network is called an electric power internet of things, the terminal equipment in the electric power internet of things is called an internet of things terminal, and the network for transmitting interactive data of the internet of things terminal and a remote control center is a core network. With the advent of the 5G technology, a remote control center for receiving and managing information collected by internet of things equipment (i.e., the power internet of things terminal 1) has good real-time performance and more sensitive sensing capability on the state of a power facility compared with a control center realized by a traditional network by virtue of the high-speed low-delay characteristic of the 5G technology.

However, under the rapid popularization of the 5G network technology, the instant security authentication of the power internet of things terminal 1 cannot be guaranteed under the existing technology, because due to the low delay characteristic of the 5G network, if a traditional security authentication mode is used, the data after passing the verification is transmitted to the control center of the core network, and under the condition that the number of the power internet of things terminals 1 is increased year by year, the traditional security authentication management technology cannot be effectively matched with the low-delay 5G network technology, so that the 5G network technology is not well-known in practical application. Therefore, in order to solve the problem, the invention provides a trusted management node 2 for performing security supervision on a terminal 1 in the power internet of things. The method has the effects that high-dimensional characteristics of data sent by the electric power Internet of things terminal 1 are detected in real time, and the abnormal electric power Internet of things terminal 1 is removed from the electric power Internet of things so as to guarantee safe operation of the electric power Internet of things. By the method, early-stage tentative attacking behaviors and destructive attacks to the power internet of things can be effectively prevented.

As shown in fig. 1, another aspect of the present invention further provides a terminal control method for an electric power internet of things, including:

s100, monitoring networking data of the power Internet of things terminal equipment 1 in real time;

step S110, obtaining authentication information in the networking data, and recording authentication failure times N1 in the authentication information;

step S120, acquiring data traffic information in the networking data, inputting the data traffic information into a BP neural network model for calculation, judging whether the data traffic is abnormal according to a calculation result, and recording abnormal times N2;

step S130, acquiring quintuple information in the networking data, analyzing whether the quintuple information is abnormal or not, and recording the abnormal times N3 of the quintuple;

step S140, inputting the authentication failure times N1, the flow abnormal times N2 and the quintuple abnormal times N3 as input parameters into a credible parameter calculation model to obtain a credible value of the electric power Internet of things terminal equipment; and

and S150, responding to the situation that the credibility value of the electric power Internet of things terminal equipment is lower than a preset value, and sending a network connection disconnection and/or rejection command of the electric power Internet of things terminal equipment to a 5G core network.

Specifically, in the embodiment of the present invention, for step S100, the trusted management node 2 monitors, in real time, networking data of all the power internet-of-things terminals 1 in the internet of things to which the power internet of things belongs, including authentication data initiated by the normal power internet-of-things terminal 1 and sensor data configured to collect a state of a power facility. Networking data of the power internet of things terminal can be intercepted in a software or hardware mode.

As for step S110, specifically, in the embodiment of the present invention, when the power internet of things terminal 1 initiates an access request to the 5G core network, after receiving the access request, the AMF (access and mobility management component of the 5G core network) in the 5G core network 3 sends an authentication response request authentication to the power internet of things terminal 1 through an AUSF (authentication and authorization service component), at this time, the power internet of things terminal 1 needs to calculate the received response request authentication, and then feeds back a calculated result as a response field to the AUSF of the 5G core network again, the AUSF verifies the response field calculated by the power internet of things terminal 1, and if the verification is passed, initiates an authentication response, and the 5G core network allows the power internet of things terminal 1 to access to the power internet of things. If the result of the response field of the electric power internet of things terminal 1 verified by the AUSF is failed, the 5G core network forbids the access of the electric power internet of things terminal 1 and feeds authentication failure information back to the electric power internet of things terminal 1.

At this time, since the trusted management node 2 constantly monitors the whole communication process, after receiving or capturing the authentication failure information sent to the power internet of things terminal 1 by the 5G core network, the trusted management node makes the authentication failure number parameter N1+1 of the power internet of things terminal 1 be recorded.

For step S120, specifically, in the embodiment of the present invention, after the power internet of things terminal 1 accesses the 5G core network, if the behavior of the power internet of things terminal 1 is normal, the power internet of things terminal will continuously send the collected corresponding data to the corresponding service address in the 5G core network. Therefore, the trusted management node 2 monitors the high-dimensional characteristics of the data sent by the power internet of things terminal 1 in real time, and inputs information including the size of the sent data, the interval frequency of the sent data, the message format of the sent data, the data type of the sent data and the like as parameters into the trained BP neural network model for judging whether the data flow of the power internet of things terminal 1 is abnormal or not.

It should be noted that, in this embodiment, the BP neural network model for determining that the data traffic of the power internet-of-things terminal 1 is abnormal is trained by a large amount of historical data of the power internet-of-things terminal, and the input parameters include: the size of the transmitted data; the spacing frequency of the transmitted data; whether a destination service address (parameter of a data message) for sending data corresponds to the function type of the power internet of things terminal 1 or not is judged, the input parameter data type is one-hot (independent) coding, 0 represents mismatch, and 1 represents match. The judgment of the parameter is referred by a data table in the trusted management node 2; the format of the data message, so-called the format of the data message, is the format of a protocol used by data sent by the power internet of things terminal 1, most of the data is usually transmitted through the HTTP protocol, and the HTTP protocol specification is met, and certainly, the communication of some terminals is a self-defined protocol which is independently realized and is transmitted by means of the TCP or UDP protocol, and meanwhile, the format of the data message is self-defined.

Therefore, the trusted management node 2 judges the high-dimensional characteristics of the data traffic sent by the power internet of things terminal 1 through the trained BP neural network model to judge whether the data traffic of the power internet of things terminal 1 is abnormal. It should be noted that the BP neural network model does not relate to the determination of security detection for the content of data traffic. Therefore, the model does not need to be too complex, and higher judgment efficiency can be achieved.

Due to the change of technologies, data sent by the power internet of things terminal 1 will become larger and larger in the future, so that the pressure of processing data based on the judgment model of the content data will become larger and higher, and the calculation cost will also become higher and higher. The model adopted by the invention is not influenced by the size of the data content.

When the result of the judgment of the trusted management node 2 through the BP neural network model is abnormal, the value +1 of the parameter N2 representing the data traffic abnormality of the power internet of things terminal 1 is used.

For step S130, specifically, in the embodiment of the present invention, the trusted management node 2 may determine whether a quintuple of the data traffic of the power internet of things terminal 1 is abnormal. The quintuple refers to: source IP, source port, transport protocol, destination port, destination IP. Since the quintuple of the data sent by the normal power internet of things terminal 1 is set at the beginning of installation in the internet of things, the quintuple theoretically sends the collected data only to the fixed service port in the 5G core network 3 in the working process. Therefore, as a normal power internet of things terminal 1, the quintuple of the power internet of things terminal 1 should be relatively stable and not change too much, and if the quintuple changes too much, the power internet of things terminal 1 is illegally tampered.

Therefore, the trusted management node 2 classifies the service type of the power internet-of-things terminal 1 and records the service type into a table corresponding to a database, when data sent by the power internet-of-things terminal 1 are obtained, the quintuple of the data flow is compared with the legal quintuple of the service type of the power internet-of-things terminal 1 in the database, and when the comparison result is consistent, the data flow of the power internet-of-things terminal 1 is normal and accords with the service use of the power internet-of-things terminal 1. When the comparison result is inconsistent, it indicates that the data sent by the power internet of things terminal 1 is wrong (basically, the probability is very small). There is a high probability that the functional role of the power internet-of-things terminal 1 is tampered with, in which case the trusted management node 2 will represent the value +1 of the parameter N3 of the quintuple exception of the power internet-of-things terminal 1.

Specifically, in the embodiment of the present invention, after analyzing and determining the networking data of the power internet-of-things terminal 1 through the above process, the trusted management node 2, after obtaining the authentication failure number N1, the flow anomaly number N2, and the quintuple anomaly number N3, inputs the parameters N1, N2, and N3 as input values into the trusted parameter calculation model, and uses the result of the trusted calculation model as the trusted value of the power internet-of-things terminal 1, and stores the trusted value into the database of the power internet-of-things terminal 1 to update the original trusted value. The tables of the database include: and the terminal identification and the credible value of the power internet of things. The electric power internet of things terminal identification represents a specific number of the electric power internet of things terminal 1 in the trusted management node 2, and the trusted value represents a trusted value of the electric power internet of things terminal 1 calculated by the trusted model of the trusted management node.

Specifically, in step S150, in the embodiment of the present invention, the trusted management node 2 determines the trusted value, and determines whether the trusted value is lower than a preset safe trusted value threshold, and if the trusted value is lower than the preset safe trusted value threshold, the trusted management node 2 warns through the network management system and initiates a response of broadcasting a network access and service request prohibiting request of the power internet-of-things terminal 1 to the entire 5G core network, so that the power internet-of-things terminal 1 is disconnected from the power internet-of-things.

In some embodiments of the invention, the trusted parameter calculation model is:

T＝100–a*N1–b*N2–c*N3；

wherein T is a credible value, N1 bit authentication failure times, N2 bit flow abnormal times, N3 is quintuple abnormal times, and a, b and c are coefficients of a credible parameter calculation model.

In this embodiment, in consideration of the number of huge terminals of the power internet of things and the huge data volume thereof, the invention provides a calculation formula of the above trusted parameter calculation model. The formula provides that the approximate range of the credibility value is 0-100, and the sensitivity of the credibility parameter calculation model can be adjusted by adjusting the corresponding coefficients a, b and c of the authentication failure times N1, the flow abnormal times N2 and the quintuple abnormal times N3 according to the network security environment.

In some embodiments of the invention, the coefficients a, b, c of the trusted parameter computing model are set manually from the network security environment.

In this embodiment, because the types of the terminals 1 of the power internet of things are rich and the number of the terminals is huge, and the geographical distribution of the terminals is complex, the calculation value of the trusted parameter calculation model cannot just meet different conditions of the power internet of things. For example, terminals for collecting electricity consumption data of residential users are distributed in residential homes, and in many cases, in order to take into consideration electricity safety factors, the power department tries to consider places which are not easily seen or touched by the users when installing the terminals. Therefore, attack and functional tampering on the terminal by a lawbreaker are not easy to be found by the public or power equipment supervision personnel, and in such a case, the cases where the authentication failure, the data traffic abnormality and the quintuple abnormality occur are different from the case where the terminal is installed in an area such as a substation or a power distribution management center, and the terminal is not a fault of the terminal equipment but is illegally attacked. Therefore, according to the control method and system for the power internet of things terminal, provided by the invention, in order to cope with different application environments, the values of the coefficients a, b and c of the credible parameter model can be increased, so that the credible value of the corresponding power internet of things terminal 1 is lower than the preset threshold value when any one of the three data N1, N2 and N3 is abnormal, and the power internet of things terminal 1 is excluded from the power internet of things. Of course, the values of a, b and c are manually changed according to the safe environment of the region.

In some embodiments of the invention, the coefficients a, b, c of the trusted parameter computing model are trained by neural networks and/or machine learning algorithms.

In this embodiment, in order to ensure the accuracy of the trusted parameter model and take the failure rate of the power internet of things terminal 1 into consideration, the normal and abnormal historical data of the power internet of things terminal 1 may be sampled, and the coefficients a, b, and c of the trusted parameter model that can better fit the terminal abnormal condition in the power internet of things are obtained by using modeling means such as machine learning or neural network through the normal and abnormal historical data, so that the determination of the power internet of things terminal 1 is more accurate.

In some embodiments of the present invention, the S100 real-time monitoring networking data of the power internet of things terminal device includes: and communication data between the power Internet of things terminal and the 5G core network are acquired in a bypass detection mode.

In this embodiment, in order to fully exert the low-latency characteristic of the 5G network, when monitoring data transmission from the power internet-of-things terminal 1 to the 5G core network, the trusted management node 2 disclosed by the present invention is different from a traditional serial mode or a mode in which a security module is used as a similar firewall, and the trusted management node 2 acquires data from the power internet-of-things terminal 1 to the 5G core network 3 in a bypass parallel mode.

Specifically, the trusted management node may be deployed on a network side (through MEC) of a 5G base station to which the power internet-of-things terminal 1 is connected according to different usage scenarios, and acquires all networking data from the power internet-of-things terminal 1 and through the 5G base station by means of data line replication or data mirroring. The networking data of the 5G base station is copied to the trusted management node 2 in a mirror image mode, and the trusted management node 2 analyzes and processes the acquired networking data. When the fact that the credibility value T of a certain electric power Internet of things terminal 1 is abnormal is analyzed, the 5G base station can be controlled to reject the access request of the electric power Internet of things terminal 1 by directly sending an access rejection instruction to the 5G base station, and the generation of network threats is forbidden from the source of data.

The MEC (Multi-Access Edge Computing) is specifically configured to transmit and process data messages of the terminal 1 of the power internet of things. The MEC is connected to a remote control center by dedicated physical lines. Therefore, in the invention, when the trusted management node is deployed near the 5G base station, the trusted management node is substantially connected with the MEC in a bypass mode, and the data passing through the MEC is obtained in a mirror image mode.

In addition, the trusted management node 2 may also be deployed at a management center side at the other end of the 5G core network, and mirror-image copies data entering and exiting the management center to the trusted management node 2. Similarly, the trusted management node 2 has no influence on data transmission at the network end of the 5G core network, and only the data mirrored and copied to the trusted management node 2 is analyzed and processed in the above security check mode.

It should be noted that, when the trusted management node 2 is deployed at the management center side, since the network data entering and exiting the management center side is relatively complex network data, in order to distinguish the data sent from the power internet of things terminal 1, the data passing through the MEC needs to be specially marked on the MEC connected to the power internet of things terminal 1, and the trusted management node 2 at the management center side performs analysis processing on the data with the special mark.

In addition, the trusted management node 2 may also be deployed on a certain platform or a certain link in the 5G core, and may be flexibly deployed according to a specific service scenario.

It should be noted that the means for bypassing the transferred mirror copy data adopted by the present invention can be implemented by hardware or software. Preferably, a hardware manner is used to implement mirror copy of a physical circuit from a data interface of a data switch of the 5G base station or the 5G core network, and copy data entering and exiting the 5G base station or the 5G core network to the trusted management node 2. The manner of the software may be subject to vulnerabilities that may exist in the system in which the software is running, increasing security risks.

In some embodiments of the present invention, the power internet of things terminal control method provided by the present invention further includes:

monitoring and judging whether the service state of authentication in the 5G core network is abnormal or not in real time;

responding to the abnormal service state of the authentication, stopping the authentication failure analysis of the power Internet of things terminal and the statistics of the authentication failure times N1; and

and taking the service address of the authentication as an abnormal address of the five-tuple.

In this embodiment, the trusted management node 2 is further configured to monitor states of the AMF and the AUSF module in the 5G core network 3, and when the AMF and the AUSF module for authentication and authorization service in the 5G core network 3 are terminated due to upgrade, according to a closed-loop concept set by the system, both the AMF and the AUSF module will send a service stop notification to the power internet of things terminal 1, and the normal power internet of things terminal 1 will stop an access request to the 5G core network, so that to reduce the operation pressure of the trusted management node 2, the authentication failure analysis on the networking data and the statistics on the authentication failure times N1 are stopped.

In addition, in this embodiment, the normal power internet of things terminal 1 may stop sending networking data to the 5G core network 3 in response to the notification, and the failed power internet of things terminal 1 or the power internet of things terminal 1 tampered for attack may continue sending illegal information to the 5G core network 3, in this case, a judgment rule is added, that is, the address of the authentication and authentication service is used as the destination IP address in the abnormal quintuple within the period of time when the authentication and authentication service is stopped, once it is found that there is still a terminal device trying to access the 5G core network, the power internet of things terminal 1 may be removed through a subsequent security mechanism.

In some embodiments of the present invention, the power internet of things terminal control method provided by the present invention further includes:

monitoring and judging whether the state of the service in the 5G core network is abnormal or not in real time;

responding to the abnormal state of the business service, stopping data abnormality detection of the power Internet of things terminal and counting the flow abnormality times N2; and

and taking the address of the service as an abnormal address of the quintuple.

In this embodiment, the trusted management node 2 monitors the state of the service module in the 5G core network 3 in real time, and when the service module in the 5G core network 3 stops operating, the trusted management node likewise sends a notification of stopping service to the power internet of things terminal 1, and the normal power internet of things terminal 1 also stops sending networking data to the 5G core network 3. Also based on the calculation pressure consideration of the trusted management node 2, the data anomaly detection and the statistics of the anomaly number N2 of the power internet of things terminal 1 corresponding to the service are stopped.

In addition, the normal power internet of things terminal 1 also stops sending the service data when the corresponding service state in the 5G core network 3 stops, and the failed power internet of things terminal 1 or the unknown device used for attack still sends data to the 5G core network 3, so that the stopped service address is used as the destination IP address of the abnormal quintuple, and once the power internet of things terminal 1 successfully authenticated still sends data to the service address, it is indicated that the power internet of things terminal 1 is either failed or is an attack device. Therefore, the terminal 1 of the power internet of things can be excluded from the power internet of things through a subsequent verification mechanism and can be checked by a maintainer.

In some embodiments of the present invention, acquiring quintuple information in the networking data, and analyzing whether the quintuple information is abnormal includes:

judging whether a target address in the quintuple of the networking data sent by the electric power internet of things terminal 1 corresponds to a business service address corresponding to the business type of the electric power internet of things terminal 1;

and responding to the judgment result that the five-tuple exception times are not corresponding, and setting the value of the five-tuple exception times N3 as + 1.

In this embodiment, a quintuple comparison table is maintained inside the trusted management node 2, and the network IP address for transmitting the predetermined service data of the power internet of things terminal 1 with different types or different services, the network IP address of the power internet of things terminal 1, and other information are respectively corresponding to each other. When it is monitored that quintuple information of networking data sent by the power internet of things terminal 1 is not matched with quintuple information set by the power internet of things terminal 1, it is indicated that the power internet of things terminal 1 does not send an address to a specified address according to a set data transmission rule, and the phenomenon can occur due to multiple reasons under the condition. For example, the power internet of things terminal 1 is not a safe device, and is an illegal device used by an illegal person for acquiring power internet of things data. Or because the set contents of the device are too early and the new service addresses do not match. Therefore, the quintuple of the networking data of the power internet of things terminal 1 needs to be compared.

In addition, when detecting that the quintuple information of the power internet of things terminal 1 is not matched with the established quintuple, the trusted management node 2 sets the value +1 of the quintuple abnormality number parameter N3 of the device.

In some embodiments of the present invention, acquiring quintuple information in the networking data, and analyzing whether the quintuple information is abnormal further includes:

judging whether the power internet of things terminal 1 frequently accesses a plurality of destination ports of the same destination address; and

responding to a plurality of destination ports of the same destination address frequently accessed by the power internet of things terminal, and enabling the value of the quintuple exception number N3 to be + 1; and

judging whether the power Internet of things terminal frequently accesses a certain port of a plurality of destination addresses;

responding to a certain port of the electric power Internet of things terminal which frequently accesses a plurality of destination addresses, and enabling the value of the quintuple exception number N3 to be + 1.

In this embodiment, the access data of the power internet-of-things terminal 1 in the power internet-of-things may not all include network quintuple, for example, when a certain power internet-of-things terminal 1 tries to sniff which ports of a certain service address located in the 5G core network 3 are open, and frequently traverses all network ports or most sensitive ports accessing the address, in this case, after acquiring the data sent by the power internet-of-things terminal 1, the IP address, the protocol type, and the port number of a packet of the sent data are analyzed and compared with a normal address stored by the trusted management node 2, and if the data are not within the normal address, the value +1 of the quintuple exception number N3 of the power internet-of-things terminal 1 is determined.

Similarly, when a certain power internet of things terminal 1 frequently accesses a certain port of a plurality of destination addresses, the value of the quintuple exception number N3 of the power internet of things terminal 1 is + 1.

In addition, the increment of the value of the quintuple exception number N3 of the power internet of things terminal 1 plus the value of the quintuple exception number of 1 can be greatly adjusted according to the sensitivity or the risk of the accessed destination address.

In the present application, the determination of the abnormal address may be implemented by maintaining a data table of normal addresses, because there may be several normal access addresses of the terminal device, and exceeding the specified normal address means that the terminal has accessed an address that the terminal does not access, that is, an abnormal address, so that the performance overhead of maintaining a normal address of a very small amount of data is very small compared to maintaining an abnormal address. The range of the abnormal address is limited by modifying the number of the normal address in the present application.

In summary, according to the method and the system for controlling the terminal of the power internet of things, the networking data sent by the terminal equipment in the power internet of things is monitored in real time in a bypass detection mode through the trusted management node 2; acquiring authentication information in the networking data, and recording the authentication failure times N1 in the authentication information; acquiring data traffic information in the networking data, inputting the data traffic information into a BP neural network model, detecting whether the data traffic is abnormal or not by means of artificial intelligence, and recording abnormal times N2; acquiring quintuple information in the networking data, analyzing whether the quintuple information is abnormal or not according to the type of the acquired information of the terminal equipment and the corresponding service type, and recording the abnormal times N3 of the quintuple; inputting the authentication failure times N1, the flow abnormal times N2 and the quintuple abnormal times N3 as input parameters into a trusted parameter calculation model to obtain a trusted value of the terminal equipment; and the method is used for judging whether the terminal equipment of the Internet of things is a normal terminal.

The whole safety detection process is completed by the trusted management node 2 located in the bypass of the power internet of things, only the management command corresponding to the verification result is fed back to the 5G core network, and the data transmission performance of the 5G core network is not affected. Through the high-dimensional characteristic analysis decision of the equipment abnormality in the Internet of things, the real-time safety check of a large number of terminals in the electric Internet of things is realized, and the network communication in the Internet of things is not influenced.

The invention has been described in an illustrative manner, and it is to be understood that the terminology which has been used is intended to be in the nature of words of description rather than of limitation. Many modifications and variations of the present invention are possible in light of the above teachings, and the invention may be practiced otherwise than as specifically described.

Claims (10)

1. A control method for a power Internet of things terminal is characterized by comprising the following steps:

monitoring networking data of the power Internet of things terminal equipment in real time;

acquiring authentication information in the networking data, and recording authentication failure times N1 in the authentication information;

acquiring data traffic information in the networking data, inputting the data traffic information into a BP neural network model for calculation, judging whether the data traffic information is abnormal according to a calculation result, and recording the number of times of traffic abnormality N2;

acquiring quintuple information in the networking data, analyzing whether the quintuple information is abnormal or not, and recording the abnormal times N3 of the quintuple;

inputting the authentication failure times N1, the flow abnormal times N2 and the quintuple abnormal times N3 as input parameters into a trusted parameter calculation model to obtain a trusted value of the power internet of things terminal equipment; and

and responding to the situation that the credibility value of the electric power Internet of things terminal equipment is lower than a preset value, and sending a network connection command for disconnecting and/or refusing the electric power Internet of things terminal equipment to a 5G core network.

2. The power internet of things terminal control method according to claim 1, wherein the credible parameter calculation model is:

T＝100–a*N1–b*N2–c*N3；

wherein T is a credible value, N1 is authentication failure times, N2 is flow abnormal times, N3 is quintuple abnormal times, and a, b and c are coefficients of a credible parameter calculation model.

3. The power internet of things terminal control method according to claim 2, wherein coefficients a, b and c of the trusted parameter calculation model are set manually according to a network security environment.

4. The power internet of things terminal control method according to claim 2, wherein the coefficients a, b and c of the credible parameter calculation model are obtained by training of a neural network or a machine learning algorithm.

5. The electric power internet of things terminal control method according to claim 1, wherein the monitoring networking data of the electric power internet of things terminal equipment in real time comprises:

and communication data between the power Internet of things terminal and the 5G core network are acquired in a bypass detection mode.

6. The power internet of things terminal control method according to claim 1, further comprising:

monitoring and judging whether the service state of authentication in the 5G core network is abnormal or not in real time;

responding to the abnormal service state of the authentication, stopping the authentication failure analysis of the power Internet of things terminal and the statistics of the authentication failure times N1; and

and taking the service address of the authentication as an abnormal address of the five-tuple.

7. The power internet of things terminal control method according to claim 6, further comprising:

monitoring and judging whether the state of the service in the 5G core network is abnormal or not in real time;

responding to the abnormal state of the business service, stopping data abnormality detection of the power Internet of things terminal and counting the flow abnormality times N2; and

and taking the address of the service as an abnormal address of the quintuple.

8. The power internet of things terminal control method according to claim 1, wherein acquiring quintuple information in the networking data, and analyzing whether the quintuple information is abnormal comprises:

judging whether a target address in the quintuple of the networking data sent by the electric power Internet of things terminal corresponds to a business service address corresponding to the business type of the electric power Internet of things terminal;

and responding to the judgment result that the five-tuple exception times are not corresponding, and setting the value of the five-tuple exception times N3 as + 1.

9. The power internet of things terminal control method according to claim 8, wherein acquiring quintuple information in the networking data and analyzing whether the quintuple information is abnormal further comprises:

judging whether the power Internet of things terminal frequently accesses a plurality of destination ports of the same destination address;

in response to the power internet of things terminal frequently accessing a plurality of destination ports of the same destination address,

the value of the five-tuple exception number N3 is + 1; and

judging whether the power Internet of things terminal frequently accesses a certain port of a plurality of destination addresses;

responding to a certain port of the electric power Internet of things terminal which frequently accesses a plurality of destination addresses, and enabling the value of the quintuple exception number N3 to be + 1.

10. The utility model provides an electric power thing networking terminal control system which characterized in that, includes electric power thing networking terminal, trusted management node and 5G core network, wherein the trusted management node configuration is used for:

monitoring networking data of the power Internet of things terminal equipment in real time;

acquiring authentication information in the networking data, and recording authentication failure times N1 in the authentication information;

acquiring data traffic information in the networking data, inputting the data traffic information into a BP neural network model for calculation, judging whether the data traffic information is abnormal according to a calculation result, and recording the number of times of traffic abnormality N2;

acquiring quintuple information in the networking data, analyzing whether the quintuple information is abnormal or not, and recording the abnormal times N3 of the quintuple;

inputting the authentication failure times N1, the flow abnormal times N2 and the quintuple abnormal times N3 as input parameters into a trusted parameter calculation model to obtain a trusted value of the power internet of things terminal equipment; and

and responding to the situation that the credibility value of the electric power Internet of things terminal equipment is lower than a preset value, and sending a network connection command for disconnecting and/or refusing the electric power Internet of things terminal equipment to the 5G core network.

Images