CN114257438B - Electric power monitoring system management method and device based on honeypot and computer equipment - Google Patents
Electric power monitoring system management method and device based on honeypot and computer equipment Download PDFInfo
- Publication number
- CN114257438B CN114257438B CN202111547215.1A CN202111547215A CN114257438B CN 114257438 B CN114257438 B CN 114257438B CN 202111547215 A CN202111547215 A CN 202111547215A CN 114257438 B CN114257438 B CN 114257438B
- Authority
- CN
- China
- Prior art keywords
- address
- page
- honey
- target
- unused
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 104
- 238000007726 management method Methods 0.000 title claims abstract description 53
- 235000012907 honey Nutrition 0.000 claims abstract description 208
- 238000013507 mapping Methods 0.000 claims abstract description 57
- 238000000034 method Methods 0.000 claims abstract description 26
- 238000004590 computer program Methods 0.000 claims abstract description 22
- 230000006399 behavior Effects 0.000 claims description 18
- 238000005259 measurement Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 claims description 4
- 230000000694 effects Effects 0.000 abstract description 4
- 238000004458 analytical method Methods 0.000 description 8
- 230000007123 defense Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000003745 diagnosis Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008450 motivation Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000087 stabilizing effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00002—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E60/00—Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/12—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment
- Y04S40/128—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment involving the use of Internet protocol
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The application relates to a honeypot-based power monitoring system management method, a honeypot-based power monitoring system management device, a honeypot-based power monitoring system management computer device, a honeypot-based power monitoring system storage medium and a honeypot-based power monitoring system management computer program product. The method comprises the steps of receiving a target honey pot page request sent by an acquisition device arranged on the edge electric equipment, acquiring a target honey pot page of a corresponding type based on a target honey pot IP address in the request, sending the target honey pot page to an access terminal through a reverse proxy channel, and managing the access terminal based on flow information of the access terminal in the target honey pot page. Compared with the traditional mode of defending only the master station, the access terminal of the access terminal has the advantages that the access terminal detects the unused IP address access behavior of the edge power equipment through the acquisition device of the edge power equipment, the corresponding honey pot IP address is obtained based on the IP address mapping, the corresponding honey pot page is obtained through the master station, the access terminal is managed through collecting the flow information of the access terminal in the honey pot page, and the effect of improving the safety of the power monitoring system is achieved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a honeypot-based power monitoring system management method, apparatus, computer device, storage medium, and computer program product.
Background
Power is one of the important resources for maintaining the normal life of residents. It is therefore desirable to maintain proper production and operation of the power system through the power monitoring system. Power monitoring systems are often subject to network attacks, resulting in a threat to the security of the power system. In order to ensure the normal operation of the power monitoring system, network attacks need to be defended. Network defense management for power monitoring systems is currently generally performed against a master station of the power monitoring system. However, the power monitoring system comprises a master station and a plurality of substations serving as boundary sites, and the current network defense is only performed on the master station, so that the comprehensive defense on the power monitoring system cannot be realized.
Therefore, the current defense management method of the power monitoring system has the defect of insufficient safety.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a honeypot-based power monitoring system management method, apparatus, computer device, computer-readable storage medium, and computer program product that can improve defense management security.
In a first aspect, the present application provides a honeypot-based power monitoring system management method applied to a master station, the method including:
receiving a target honey pot page request of which the request information contains a target honey pot IP address and which is sent by the acquisition device based on the access operation of the access terminal; the acquisition device is arranged on edge power equipment in the power monitoring system; the target honey tank IP address is obtained according to an unused IP address accessed by the edge power equipment and a preset IP address mapping table; the preset IP address mapping table comprises the correspondence between unused IP addresses of a plurality of edge power equipment and honey pot IP addresses of honey pot containers in the master station;
acquiring a target honey pot page of a type corresponding to the target honey pot IP address, and transmitting the target honey pot page to the access terminal through a reverse proxy channel; the type of the target honeypot page is determined based on the accessed network segment without using an IP address;
and acquiring flow information of the access terminal in the target honey page, and managing the access terminal based on the flow information.
In one embodiment, before the receiving the request information sent by the acquisition device includes the target honeypot page request of the target honeypot IP address, the method further includes:
Acquiring a honey pot IP address corresponding to a pre-established honey pot container;
the unused IP address of the edge power equipment sent by the acquisition device is acquired through a reverse proxy channel;
establishing a corresponding relation between the honey pot IP address and the unused IP address, obtaining a preset IP address mapping table, and sending the preset IP address mapping table to the acquisition device; the acquisition device is used for determining the target honey pot IP address corresponding to the accessed unused IP address according to the preset IP address mapping table.
In one embodiment, after the correspondence between the honeypot IP address and the unused IP address is established, the method further includes:
acquiring network segments in the unused IP address;
determining a power monitoring page of the type corresponding to the unused IP address according to the network segment;
and acquiring a honey page corresponding to the type of the power monitoring page, and mapping the honey page to a honey IP address corresponding to the unused IP address through a reverse proxy channel to obtain a corresponding relation between the honey IP address and the honey page.
In one embodiment, the power monitoring page includes at least one of a telemechanical system page, a phasor measurement page, a communication protection system page, a power control system page, a traveling wave ranging page, a fault logging page, a scheduling page, and a monitoring page.
In one embodiment, the obtaining the flow information of the access terminal in the target honeypot page includes:
and acquiring at least one of network address information of the access terminal, access time of the access terminal to the target honey pot page, type of the target honey pot page and access behavior of the access terminal in the target honey pot page as the flow information.
In one embodiment, the managing the access terminal based on the traffic information includes:
inquiring a preset address database according to the network address information, and determining a source address of the network address information according to an inquiry result; the preset address database comprises a plurality of corresponding relations between the network addresses and the source addresses;
and/or the number of the groups of groups,
acquiring the accessed times of the accessed unused IP addresses, and determining the access frequency of the access terminal based on the accessed times and the access time;
and establishing and displaying the association relation between the network address information and the access frequency.
In a second aspect, the present application provides a honeypot-based power monitoring system management device for use in a primary station, the device comprising:
The receiving module is used for receiving a target honeypot page request, the request information of which is sent by the acquisition device based on the access operation of the access terminal and contains the IP address of the target honeypot; the acquisition device is arranged on edge power equipment in the power monitoring system; the target honey tank IP address is obtained according to an unused IP address accessed by the edge power equipment and a preset IP address mapping table; the preset IP address mapping table comprises the correspondence between unused IP addresses of a plurality of edge power equipment and honey pot IP addresses of honey pot containers in the master station;
the sending module is used for obtaining a target honey pot page of a type corresponding to the target honey pot IP address and sending the target honey pot page to the access terminal through a reverse proxy channel; the type of the target honeypot page is determined based on the accessed network segment without using an IP address;
and the management module is used for acquiring the flow information of the access terminal in the target honeypot page and managing the access terminal based on the flow information.
In a third aspect, the present application provides a computer device comprising a memory storing a computer program and a processor implementing the steps of the method described above when the processor executes the computer program.
In a fourth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method described above.
In a fifth aspect, the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method described above.
According to the honey-based power monitoring system management method, the honey-based power monitoring system management device, the computer equipment, the storage medium and the computer program product, the target honey-based page request sent by the acquisition device arranged on the edge power equipment when the access operation of the access terminal is performed is received, and the acquisition device obtains the target honey-based IP address through the corresponding relation between the unused IP address and the honey-based IP address in the preset IP address mapping table; and acquiring a target honey page of a corresponding type based on the target honey IP address in the request, transmitting the target honey page to the access terminal through the reverse proxy channel, and managing the access terminal based on the flow information of the access terminal in the target honey page. Compared with the traditional defense mode of the electric power monitoring system which only defends against the master station, the access terminal of the electric power monitoring system has the advantages that the acquisition device arranged on the edge electric power equipment detects the unused IP address access behavior of the access terminal on the edge electric power equipment, the corresponding honey tank IP address is obtained based on the IP address mapping, the master station acquires the honey tank page corresponding to the honey tank IP address, the access terminal finally accesses the honey tank page, and the access terminal is managed by collecting the flow information of the access terminal in the honey tank page, so that the effect of improving the safety of the electric power monitoring system is achieved.
Drawings
FIG. 1 is an application environment diagram of a honeypot-based power monitoring system management method in one embodiment;
FIG. 2 is an application environment diagram of a honeypot-based power monitoring system management method in another embodiment;
FIG. 3 is a flow diagram of a honeypot-based power monitoring system management method in one embodiment;
FIG. 4 is a flowchart illustrating the steps of managing an access terminal in one embodiment;
FIG. 5 is a flowchart illustrating the steps of managing the access terminal according to another embodiment;
FIG. 6 is a flow chart of a honeypot-based power monitoring system management method in another embodiment;
FIG. 7 is a block diagram of a honey based power monitoring system management device in one embodiment;
fig. 8 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
The honeypot-based power monitoring system management method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Wherein the master station 102 communicates with the edge power devices 104 on the station side via a network. The data storage system may store data that the master 102 needs to process, such as traffic information for the access point. The data storage system may be integrated on the primary station 102 or may be located on the cloud or other network server. The master station 102 may receive a target honey page request sent by the acquisition device disposed on the edge electric device 104, and obtain a target honey page of a corresponding type from a target honey IP address based on the request, so that the master station 102 may send the target honey page to an access terminal through a reverse proxy channel, as a page obtained when the access terminal accesses an unused IP address of the edge electric device 104, and the master station 102 may further analyze and manage the access terminal by acquiring traffic information of the access terminal on the target honey page. In some embodiments, the above-mentioned honeypot-based power monitoring system management method may also be applied to an application environment as shown in fig. 2, where fig. 2 is an application environment diagram of the honeypot-based power monitoring system management method in another embodiment. The master station 102 is provided with a master station front-end processor, a data storage container, a master station control container, a honey pot front-end processor and a plurality of honey pot containers; the station side can be the position that edge power equipment set up, and the station can include a plurality of, and every station is provided with station collection system and different grade type honey jar containers etc.. Therefore, the master station side can realize the honey-based power monitoring system management method through communication with the plant side. Wherein the master station 102 may be, but is not limited to, a power master station in a power monitoring system. The edge power device may be an edge power device connected to the primary station in a power monitoring system.
In one embodiment, as shown in fig. 3, a honey-based power monitoring system management method is provided, and the method is applied to the master station in fig. 1 for illustration, and includes the following steps:
step S202, receiving a target honey pot page request of which the request information contains a target honey pot IP address and which is sent by the acquisition device based on the access operation of the access terminal; the acquisition device is arranged on edge power equipment in the power monitoring system; the target honey tank IP address is obtained according to the unused IP address accessed by the edge power equipment and a preset IP address mapping table; the preset IP address mapping table comprises the correspondence between unused IP addresses of the plurality of edge power devices and the honey IP addresses of the honey containers in the master station.
The power monitoring system may be a power system including a plurality of power devices, where the power monitoring system may be provided with a master station 102 and a plurality of plant stations, where the plant stations may be sites at the power monitoring edge, that is, the plant stations may be an edge power device. The acquisition device may be a device provided in an edge power apparatus, such as a station acquisition device in a station. The collection device may store a preset IP address mapping table. Wherein the IP (Internet Protocol, internetworking protocol) may be a network layer protocol in the TCP/IP architecture. The preset IP address mapping table may store a correspondence between an unused IP address of the edge power device where the collecting device is located and a honey pot IP address in a honey pot container in the master station, where there may be multiple unused IP addresses, and then there may be multiple correspondence. Honeypots can be a technology for cheating an attacker, and by arranging a host, network service or information serving as a bait, the attacker is induced to attack the honeypots, so that the attack behaviors can be captured and analyzed, tools and methods used by the attacker are known, attack intention and motivation are presumed, the defender can clearly know security threats faced by the defender, and the security protection capability of an actual system is enhanced through technical and management means.
The access terminal can be a party attacking the power monitoring system, and when the access terminal attacks the power monitoring system from the boundary site, the acquisition device in the edge power equipment of the boundary site can detect the attack behavior of the access terminal and process the attack behavior correspondingly. For example, the access terminal may access an unused IP address in the edge power device, the acquisition device may detect the access behavior, and query a preset IP address mapping table by using the accessed unused IP address to obtain a corresponding target honey pot IP address, and jump the address accessed by the access terminal from the unused IP address to the target honey pot IP address. After the acquisition device detects the attack behavior of the access terminal and determines the target honeypot IP address, the acquisition device may request the master station 102 for a corresponding target honeypot page. For example, the acquisition device may send a target honey page request carrying a target honey IP address to the master station 102, and the master station 102 may receive the target honey page request sent by the acquisition device and obtain the target honey IP address carried therein.
Step S204, obtaining a target honey pot page of a type corresponding to the IP address of the target honey pot, and sending the target honey pot page to an access terminal through a reverse proxy channel; the type of the target honeypot page is determined based on the network segment that is accessed for which the IP address is not used.
The target honeypot IP address may be an address carried in a target honeypot page request sent by a collecting device located at a boundary site. After receiving the target honey pot IP address sent by the collecting device, the master station 102 may obtain a target honey pot page of a corresponding type based on the target honey pot IP address, and send the target honey pot page to the access end through the reverse proxy channel, as a browsing page of the access end. For example, the master station 102 may pre-construct a correspondence between the unused IP address and the honeypot IP address, determine the type of the honeypot page corresponding to the unused IP address according to the network segment of the unused IP address, and allocate the honeypot page of the type to the corresponding honeypot IP address, so that the master station 102 may store the correspondence between the honeypot IP address and the honeypot page, and thus the master station 102 may query and obtain the target honeypot page of the corresponding type based on the target honeypot IP address sent by the acquisition device. The reverse proxy channel is used for setting up a reverse tunnel between the master station system and the dock mirror image of the acquisition device, and is used for communication of reverse proxy service and distributing the induced flow to the actual honeypot. The reverse proxy channel may be implemented by a reverse proxy server located between the user and the target server, but for the user, the reverse proxy server is equivalent to the target server, i.e. the user directly accesses the reverse proxy server to obtain the resources of the target server. Meanwhile, the user does not need to know the address of the target server or make any setting at the user side. Reverse proxy servers are commonly used as Web acceleration, i.e., using reverse proxy as a front-end of Web server to reduce network and server load and improve access efficiency.
Step S206, obtaining the flow information of the access terminal in the target honeypot page, and managing the access terminal based on the flow information.
When the access end attacks the unused IP address of the edge power device, the master station 102 may send the target honeypot page to the access end as a page actually accessed by the access end, so as to prevent the access end from attacking the unused IP address. The behavior operation of the access terminal in the target honeypot page can generate corresponding flow information, and the master station 102 can collect the flow information and analyze and manage the access terminal based on the collected flow information.
In the honey-based power monitoring system management method, a target honey-based page request sent by an acquisition device arranged on an edge power device when an access terminal accesses the honey-based power monitoring system is received, wherein the acquisition device obtains a target honey-based IP address through a corresponding relation between an unused IP address and a honey-based IP address in a preset IP address mapping table; and acquiring a target honey page of a corresponding type based on the target honey IP address in the request, transmitting the target honey page to the access terminal through the reverse proxy channel, and managing the access terminal based on the flow information of the access terminal in the target honey page. Compared with the traditional defense mode of the electric power monitoring system which only defends against the master station, the access terminal of the electric power monitoring system has the advantages that the acquisition device arranged on the edge electric power equipment detects the unused IP address access behavior of the access terminal on the edge electric power equipment, the corresponding honey tank IP address is obtained based on the IP address mapping, the master station acquires the honey tank page corresponding to the honey tank IP address, the access terminal finally accesses the honey tank page, and the access terminal is managed by collecting the flow information of the access terminal in the honey tank page, so that the effect of improving the safety of the electric power monitoring system is achieved.
In one embodiment, before receiving the target honeypot page request that the request information sent by the acquisition device includes the target honeypot IP address, the method further includes: acquiring a honey pot IP address corresponding to a pre-established honey pot container; the unused IP address of the edge power equipment sent by the acquisition device is acquired through the reverse proxy channel; establishing a corresponding relation between the honey pot IP address and the unused IP address, obtaining a preset IP address mapping table, and sending the preset IP address mapping table to the acquisition device; the acquisition device is used for determining the IP address of the target honeypot corresponding to the accessed unused IP address according to the preset IP address mapping table.
In this embodiment, the master station 102 may pre-establish a preset IP address mapping table containing the correspondence between the unused IP address and the honeypot IP address. A plurality of honey containers may be constructed in the master station 102, each honey container having a different honey IP address, so that the master station 102 may obtain a plurality of honey IP addresses. The collection device arranged in the edge power device can collect unused IP addresses of the edge power device and send the collected unused IP addresses to the master station 102, the master station 102 can acquire the unused IP addresses sent by the collection device through the reverse proxy channel, the master station 102 can establish a corresponding relation between the honey pot IP addresses and the unused IP addresses to obtain a preset IP address mapping table and send the preset IP address mapping table to the collection device, and therefore the collection device can determine the target honey pot IP address corresponding to the accessed unused IP addresses based on the preset IP address mapping table when the access terminal attacks.
Specifically, the edge power equipment serving as the plant station can acquire unused IP addresses in each professional network segment through the plant station situation awareness acquisition device, wherein each professional network segment represents a page of a different type. The acquisition device transmits the unused IP address information to the master station 102 via a reverse proxy channel between the master station 102 and the plant. The master station 102 performs one-to-many mapping on the container address of the master station 102, that is, the honey tank IP address, and the unused IP address through the defense management module, so that the master station 102 can establish a master station container-plant station address mapping routing table as the preset IP address mapping table. The master station 102 may send the preset IP address mapping table to the collection device of the corresponding station through the reverse proxy channel. Therefore, the edge power equipment serving as the plant station can construct a master station container mapping for the acquired unused IP addresses through the acquisition device, and when the access end accesses the unused IP addresses, the acquisition device can obtain the corresponding target honey pot IP addresses based on the preset IP address mapping table and jump to the target honey pot IP addresses through the reverse proxy channel.
Through the embodiment, the master station 102 can construct the corresponding relationship between the unused IP address and the honey tank IP address of the edge electric device and store the corresponding relationship in the acquisition device, so that when the access end attacks the edge electric device, the acquisition device can directly jump to the corresponding honey tank IP address, thereby improving the safety of the electric power monitoring system.
In one embodiment, after establishing the correspondence between the honeypot IP address and the unused IP address, the method further includes: acquiring network segments in unused IP addresses; determining a power monitoring page of a type corresponding to the unused IP address according to the network segment; and obtaining a honey page corresponding to the type of the power monitoring page, and mapping the honey page to a honey IP address corresponding to the unused IP address through a reverse proxy channel to obtain the corresponding relationship between the honey IP address and the honey page.
In this embodiment, the master station 102 may construct a correspondence between unused IP addresses and honey IP addresses, where each honey IP may be an IP address corresponding to each honey container of the master station 102 framework, and after the master station 102 allocates an IP address to each honey container, the master station 102 may also allocate a corresponding honey page for the honey IP address. The honey page corresponding to each honey IP address may be determined based on the unused IP address corresponding to the honey IP address. The IP address may be composed of multiple parts, including segments. The master station 102 may obtain a network segment in the unused IP address and determine a power monitor page of a type corresponding to the unused IP address according to the network segment. And obtaining a honey page corresponding to the type of the power monitoring page, and mapping the honey page to a honey IP address corresponding to the unused IP address through a reverse proxy channel, so that the master station 102 can construct a correspondence between the honey IP address and the honey page.
The types of the power monitoring page can comprise a plurality of types. For example, in one embodiment, the power monitoring page includes at least one of a tele-system page, a phasor measurement page, a guarantor system page, a power control system page, a traveling wave ranging page, a fault logging page, a scheduling page, and a monitoring page. The remote control system page can be a page for realizing monitoring and controlling operation of the dispatching end to the controlled end equipment. The PMU (phasor measurement unit, phasor measurement device) may be a synchronous phasor measurement device for measuring phasor data such as voltage phase, current phase, etc. of the junction point of the power system. The security information can be used for collecting real-time/non-real-time operation, configuration and fault information of intelligent equipment such as substation relay protection, a recorder, a safety automatic device and the like. The stabilizing system page can be a power control system, and when the system is in an emergency state, various emergency control measures are executed to restore the system to a normal running state. The traveling wave ranging may be a system for measuring a fault distance using a time difference in traveling wave traveling between a fault point and a measurement point. The fault wave recording can be a dispatching end power grid fault diagnosis system based on fault wave recording information, and the fault wave recording system is used for recording the state of the electric quantity and judging whether protection acts correctly or not. The scheduling command may be a system that issues scheduling operation commands. The on-line monitoring can be used for real-time monitoring and alarm diagnosis of the state of the power transformation equipment.
The master station 102 may build a corresponding honey container for each type of power monitoring page and build a corresponding type of honey page based on network segments that do not use IP addresses. Specifically, the master station 102 constructs honey pages of different professions in the power monitoring system through the container management module. For example, when the power monitoring pages have 8 types, the master station 102 may construct 8 different grid-related professional honeypot pages using the dock container technology, where the professional honeypot pages constructed by the master station 102 include power monitoring individual grid-related professional pages: telecontrol, PMU, security, stability, traveling wave ranging, fault wave recording, dispatching and commanding, on-line monitoring and the like, so that the master station 102 can adopt different addresses and resources, and the unified server is used for centralized management to form resource sharing. The profession may characterize, among other things, the types of honeypot pages and power monitoring pages. And the master station container management module is used for managing the honey pot pages of different containers in the same server at the master station side, and comprises honey pot trapping network segments, trapping IP, trapping ports, honey pot container ID, configuration specification of parameters and the like. The master station 102 may determine the power monitoring page type to which it belongs based on the network segment for which the IP address is not used. For example, master station 102 will collect XX.1.X.0/28 as telemechanical without using IP address specialty type; collecting XX.1.x.16/28 unused IP address professional type as PMU; the collected XX.1.x.32/28 unused IP address professional type is a security; the collected XX.1.x.48/28 special type of unused IP address is stable; the collected XX.1.x.64/29 unused IP address professional type is travelling wave ranging; the collected XX.1.x.80/27 unused IP address professional type is fault wave recording; the collected XX.1.x.96/29 unused IP address professional type is dispatch command; the collected XX.1.x.112/28 unused IP address professional type is online monitoring. Therefore, the master station 102 can judge the professional type corresponding to the network segment of the unused IP address according to the preset IP address mapping table in the station situation awareness acquisition device and the routing table established by the master station 102, and map the professional page to the corresponding unused IP address through the reverse proxy channel.
The master station 102 may also construct a honey container master station through a container, where the honey map address may be xx.2.X.1.0/29, where the mapping between each type of honey IP address and unused IP addresses may be as follows:
XX.2.x.1.1 (Master station side) -XX.1.x.1/28 (factory station side) tele-motion
XX.2.x.1.16 (Master station side) -XX.1.x.2/28 (factory station side) PMU
XX.2.x.1.32 (Master station side) -XX.1.x.3/28 (factory station side) Security
XX.2.x.1.48 (Master station side) -XX.1.x.4/28 (factory station side) is stable
XX.2.x.1.64 (Master station side) -XX.1.x.5/28 (factory station side) travelling wave ranging
XX.2.x.1.80 (Master station side) -XX.1.x.6/28 (factory station side) fault recording
XX.2.x.1.96 (Master station side) -XX.1.x.7/28 (factory station side) scheduling Command
On-line monitoring of XX.2.x.1.112 (Master station side) -XX.1.x.8/28 (factory station side)
Therefore, the master station 102 can determine the special type of the power grid without using the IP address based on the mapping relation, construct the honey page of the corresponding type, and allocate the honey page to the honey IP address corresponding to the unused IP address.
Through the above embodiment, the master station 102 may construct a honey page of a corresponding type based on the type of the power monitoring page without using the IP address, and allocate the honey page to the corresponding honey IP address, so that when the access end attacks the edge power device, the access end may jump to the corresponding honey page, thereby improving the security of the power monitoring system.
In one embodiment, obtaining flow information of an access terminal in a target honeypot page includes: and acquiring at least one of network address information of an access terminal, access time of the access terminal to a target honeypot page, type of the target honeypot page and access behavior of the access terminal in the target honeypot page as flow information.
In this embodiment, the access terminal may be an attacker, and when the access terminal wants to access an unused IP address of the edge power device, the master station 102 may return a target honeypot IP page to the access terminal through a preset IP address mapping table, so that the access terminal accesses the target honeypot IP page. For analysis and data statistics of the aggressor, the master station 102 may obtain at least one of network address information of the access terminal, access time of the access terminal to the target honeypot page, type of the target honeypot page, and access behavior of the access terminal in the target honeypot page, as flow information of the access terminal. The traffic information may be sent to the master station 102 by the acquisition device.
For example, the acquisition device can be deployed at the plant side for collecting unused IP addresses of each network segment, mapping the unused IP addresses to the master honeypot page, and deploying a acquisition device docker mirror image. The acquisition device dock mirror image can be deployed in the acquisition device, classified storage and mirror image display are carried out on each main station honey pot page, and the acquired attack flow is drained to the honey pot storage database. The master station 102 can construct a honey storage database, and behavior access flow collected by the master station 102 is accessed into the honey storage database through the drainage device. The honey pot storage database can store network address information such as IP address, MAC address and the like of the access terminal, so that attack address tracing classification can be performed; the attack time period can also be stored, so that attack time period analysis is performed; the honey storage database can also comprise attack access sites and accessed power grid professional information trend analysis, and the high-frequency relevance of attack address sources and attack sites is mined together with attack addresses; the master station 102 may analyze the attack behavior of the access terminal based on the various traffic information in the honeypot storage database.
Through the embodiment, the master station 102 can obtain the flow information generated by the behavior of the access terminal in the target honey page through drainage of the acquisition device, so that the master station 102 can analyze and count the access terminal based on the flow information, and the safety of the power monitoring system is improved.
In one embodiment, managing the access terminal based on the traffic information includes: inquiring a preset address database according to the network address information, and determining a source address of the network address information according to an inquiry result; the preset address database comprises a plurality of corresponding relations between network addresses and source addresses; and/or, acquiring the accessed times of the accessed unused IP addresses, and determining the access frequency of the access terminal based on the accessed times and the access time; and establishing and displaying the association relation between the network address information and the access frequency.
In this embodiment, the primary station 102 may analyze the traffic information. The master station 102 may query a preset address database based on the network address information to determine the source address of the network address information. The preset address database stores the corresponding relation between a plurality of network addresses and source addresses. Specifically, the above-mentioned honeypot storage database stores access traffic of an attacker, and the master station 102 may classify source addresses and destination addresses of the traffic, where the source addresses are included in the attack threat address library. In addition, the master station 102 can also compare the attack address feature library address with the IP address library information to locate the source of the attack IP address.
In addition, the master station 102 may also obtain the number of times of access to the accessed unused IP address, and determine the access frequency of the access terminal based on the number of times of access and the access time of each access, so that the master station 102 may establish an association relationship between the network address information and the access frequency. Specifically, the master station 102 may classify the accessed destination address in the edge power device into an attacked professional address library, and count the frequency of attacked access of each professional honeypot page; and tracing and correlating the attack threat address library with the attacked professional address library, and establishing correlation between the attack threat and the attacked power grid professional type.
In addition, the master station 102 may also display the analysis results, as shown in fig. 4, where fig. 4 is a schematic flow chart of an access end management step in an embodiment. The master station 102 may defend through honeypots, perform state display on attacks by the attacking party in real time, display attack traceability analysis, monitor honeypot state, and monitor container state. For attack tracing analysis, the information shown by the master station 102 may be shown in fig. 5, and fig. 5 is a schematic flow chart of an access management step in another embodiment. Master station 102 may present the attacked professional addresses that have been accessed by the respective attack threat addresses. The master station 102 can also count attack threat addresses, namely access time frequency bands different from the attacked professional addresses, and dynamically display the frequency of the attacked professional addresses in different time periods, namely the statistics of the attack IP and the attacked professional frequency; the master station 102 may also expose a period of high frequency threat to the attacked grid specialty, a means of attacking IP high frequency attacks, and an exposure to vulnerability to the attacked honeypot.
Through the above embodiment, the master station 102 may perform various analyses and displays on the attack behaviors of the access terminal based on the traffic information of the access terminal, thereby improving the security of the power monitoring system.
In one embodiment, as shown in fig. 6, fig. 6 is a flow chart of a honeypot-based power monitoring system management method in another embodiment. The master station 102 is provided with a master station front-end processor, the plant station is provided with a plant station acquisition device container, and the plant station acquires an unused IP address field of the plant station through the acquisition device container and sends the IP address field to the master station control container. The master station 102 obtains unused IP addresses through the data proxy, constructs a honey map routing table, constructs a web-related professional honey page through master station container management, and maps the honey page into corresponding honey IP addresses through a reverse proxy channel according to the honey map routing table. The actual page that is made accessible by the attacker is the honeypot page provided by the master station 102.
Through the embodiment, the access behavior of the access end to the unused IP address of the edge power equipment is detected through the acquisition device arranged on the edge power equipment, the corresponding honey tank IP address is obtained based on the IP address mapping, the honey tank page corresponding to the honey tank IP address is obtained through the master station, the honey tank page is finally accessed by the access end, and the access end is managed through collecting the flow information of the access end in the honey tank page, so that the effect of improving the safety of the power monitoring system is achieved.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a honeypot-based power monitoring system management device for realizing the honeypot-based power monitoring system management method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of the one or more honeypot-based power monitoring system management devices provided below may be referred to the limitation of the honeypot-based power monitoring system management method hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 7, there is provided a honeypot-based power monitoring system management apparatus, including: a receiving module 500, a transmitting module 502, and a managing module 504, wherein:
the receiving module 500 is configured to receive a target honeypot page request that is sent by the acquisition device based on an access operation of the access terminal and that the request information includes a target honeypot IP address; the acquisition device is arranged on edge power equipment in the power monitoring system; the target honey tank IP address is obtained according to the unused IP address accessed by the edge power equipment and a preset IP address mapping table; the preset IP address mapping table comprises the correspondence between unused IP addresses of the plurality of edge power devices and the honey IP addresses of the honey containers in the master station.
The sending module 502 is configured to obtain a target honeypot page corresponding to the target honeypot IP address, and send the target honeypot page to the access terminal through the reverse proxy channel; the type of the target honeypot page is determined based on the network segment that is accessed for which the IP address is not used.
And the management module 504 is configured to obtain flow information of the access terminal in the target honeypot page, and manage the access terminal based on the flow information.
In one embodiment, the apparatus further comprises: the first construction module is used for acquiring a honey pot IP address corresponding to a pre-established honey pot container; the unused IP address of the edge power equipment sent by the acquisition device is acquired through the reverse proxy channel; establishing a corresponding relation between the honey pot IP address and the unused IP address, obtaining a preset IP address mapping table, and sending the preset IP address mapping table to the acquisition device; the acquisition device is used for determining the IP address of the target honeypot corresponding to the accessed unused IP address according to the preset IP address mapping table.
In one embodiment, the apparatus further comprises: the second construction module is used for acquiring network segments in the unused IP addresses; determining a power monitoring page of a type corresponding to the unused IP address according to the network segment; and obtaining a honey page corresponding to the type of the power monitoring page, and mapping the honey page to a honey IP address corresponding to the unused IP address through a reverse proxy channel to obtain the corresponding relationship between the honey IP address and the honey page.
In one embodiment, the management module 504 is specifically configured to obtain, as the traffic information, at least one of network address information of the access terminal, access time of the access terminal to the target honeypot page, type of the target honeypot page, and access behavior of the access terminal in the target honeypot page.
In one embodiment, the management module 504 is specifically configured to query a preset address database according to the network address information, and determine a source address of the network address information according to the query result; the preset address database comprises a plurality of corresponding relations between network addresses and source addresses.
In one embodiment, the management module 504 is specifically configured to obtain the number of times the accessed unused IP address is accessed, and determine the access frequency of the access terminal based on the number of times the accessed IP address is accessed and the access time; and establishing and displaying the association relation between the network address information and the access frequency.
The various modules in the honeypot-based power monitoring system management device described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a master station, the internal structure of which may be as shown in FIG. 8. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program when executed by a processor implements a honeypot-based power monitoring system management method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in fig. 8 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided that includes a memory having a computer program stored therein and a processor that when executing the computer program implements the honey-based power monitoring system management method described above.
In one embodiment, a computer readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the honeypot-based power monitoring system management method described above.
In one embodiment, a computer program product is provided, comprising a computer program that when executed by a processor implements the honey-based power monitoring system management method described above.
It should be noted that, user information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.
Claims (10)
1. A honeypot-based power monitoring system management method, characterized by being applied to a master station, the method comprising:
receiving a target honey pot page request of which the request information contains a target honey pot IP address and which is sent by the acquisition device based on the access operation of the access terminal; the acquisition device is arranged on edge power equipment in the power monitoring system; the target honey tank IP address is obtained according to an unused IP address accessed by the edge power equipment and a preset IP address mapping table; the preset IP address mapping table comprises the correspondence between unused IP addresses of a plurality of edge power equipment and honey pot IP addresses of honey pot containers in the master station;
Acquiring a target honey pot page of a type corresponding to the target honey pot IP address, and transmitting the target honey pot page to the access terminal through a reverse proxy channel; the type of the target honeypot page is determined based on the accessed network segment of the unused IP address, and the determining process comprises the following steps: acquiring network segments in the unused IP address; determining a power monitoring page of the type corresponding to the unused IP address according to the network segment; the network segments are in one-to-one correspondence with the types of the power monitoring pages; obtaining a honey page corresponding to the type of the power monitoring page, and mapping the honey page to a honey IP address corresponding to the unused IP address through a reverse proxy channel to obtain a corresponding relation between the honey IP address and the honey page; the unused IP addresses of different network segments correspond to different types of target honeypot pages;
acquiring the flow information of the access terminal in the target honeypot page, managing the access terminal based on the flow information, and comprising: acquiring the accessed times of the accessed unused IP addresses, and determining the access frequency of the access terminal based on the accessed times and the access time; and establishing an association relation between the network address information of the access terminal and the access frequency, and establishing an association relation between the network address information of the access terminal and the power grid professional type corresponding to the unused IP address.
2. The method of claim 1, wherein before receiving the request message sent by the acquisition device, the request message including the target honeypot page request of the target honeypot IP address, further comprises:
acquiring a honey pot IP address corresponding to a pre-established honey pot container;
the unused IP address of the edge power equipment sent by the acquisition device is acquired through a reverse proxy channel;
establishing a corresponding relation between the honey pot IP address and the unused IP address, obtaining a preset IP address mapping table, and sending the preset IP address mapping table to the acquisition device; the acquisition device is used for determining the target honey pot IP address corresponding to the accessed unused IP address according to the preset IP address mapping table.
3. The method of claim 1, wherein the power monitoring page comprises at least one of a tele-system page, a phasor measurement page, a guarantor system page, a power control system page, a traveling wave ranging page, a fault logging page, a scheduling page, and a monitoring page.
4. The method of claim 1, wherein the obtaining the traffic information of the access terminal in the target honeypot page includes:
And acquiring at least one of network address information of the access terminal, access time of the access terminal to the target honey pot page, type of the target honey pot page and access behavior of the access terminal in the target honey pot page as the flow information.
5. The method of claim 4, wherein managing the access terminal based on the traffic information comprises:
inquiring a preset address database according to the network address information, and determining a source address of the network address information according to an inquiry result; the preset address database comprises a plurality of corresponding relations between the network addresses and the source addresses.
6. The method of claim 4, wherein managing the access terminal based on the traffic information comprises:
and displaying the association relation between the network address information and the access frequency.
7. A honeypot-based power monitoring system management device for use in a primary station, the device comprising:
the receiving module is used for receiving a target honeypot page request, the request information of which is sent by the acquisition device based on the access operation of the access terminal and contains the IP address of the target honeypot; the acquisition device is arranged on edge power equipment in the power monitoring system; the target honey tank IP address is obtained according to an unused IP address accessed by the edge power equipment and a preset IP address mapping table; the preset IP address mapping table comprises the correspondence between unused IP addresses of a plurality of edge power equipment and honey pot IP addresses of honey pot containers in the master station; the unused IP addresses of different network segments correspond to different types of target honeypot pages;
The sending module is used for obtaining a target honey pot page of a type corresponding to the target honey pot IP address and sending the target honey pot page to the access terminal through a reverse proxy channel; the type of the target honeypot page is determined based on the network segments of the accessed unused IP addresses, and the determining process is to acquire the network segments in the unused IP addresses; determining a power monitoring page of the type corresponding to the unused IP address according to the network segment; the network segments are in one-to-one correspondence with the types of the power monitoring pages; obtaining a honey page corresponding to the type of the power monitoring page, and mapping the honey page to a honey IP address corresponding to the unused IP address through a reverse proxy channel to obtain a corresponding relation between the honey IP address and the honey page;
the management module is used for acquiring the flow information of the access terminal in the target honeypot page, managing the access terminal based on the flow information, specifically, acquiring the accessed times of the accessed unused IP addresses, and determining the access frequency of the access terminal based on the accessed times and the access time; and establishing an association relation between the network address information of the access terminal and the access frequency, and establishing an association relation between the network address information of the access terminal and the power grid professional type corresponding to the unused IP address.
8. The apparatus of claim 7, wherein the apparatus further comprises: a first building block for:
acquiring a honey pot IP address corresponding to a pre-established honey pot container;
the unused IP address of the edge power equipment sent by the acquisition device is acquired through a reverse proxy channel;
establishing a corresponding relation between the honey pot IP address and the unused IP address, obtaining a preset IP address mapping table, and sending the preset IP address mapping table to the acquisition device; the acquisition device is used for determining the target honey pot IP address corresponding to the accessed unused IP address according to the preset IP address mapping table.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111547215.1A CN114257438B (en) | 2021-12-16 | 2021-12-16 | Electric power monitoring system management method and device based on honeypot and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111547215.1A CN114257438B (en) | 2021-12-16 | 2021-12-16 | Electric power monitoring system management method and device based on honeypot and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114257438A CN114257438A (en) | 2022-03-29 |
| CN114257438B true CN114257438B (en) | 2024-01-23 |
Family
ID=80795437
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111547215.1A Active CN114257438B (en) | 2021-12-16 | 2021-12-16 | Electric power monitoring system management method and device based on honeypot and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114257438B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116112200B (en) * | 2022-11-11 | 2024-03-26 | 南方电网数字电网研究院有限公司 | Method, device, computer equipment and storage medium for detecting longitudinal access of power distribution network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
| CN112995162A (en) * | 2021-02-07 | 2021-06-18 | 深信服科技股份有限公司 | Network traffic processing method and device, electronic equipment and storage medium |
| CN113285926A (en) * | 2021-04-26 | 2021-08-20 | 南方电网数字电网研究院有限公司 | Honey pot trapping method and device for power monitoring system and computer equipment |
| CN113645234A (en) * | 2021-08-10 | 2021-11-12 | 东方财富信息股份有限公司 | Honeypot-based network defense method, system, medium and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140096229A1 (en) * | 2012-09-28 | 2014-04-03 | Juniper Networks, Inc. | Virtual honeypot |
-
2021
- 2021-12-16 CN CN202111547215.1A patent/CN114257438B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
| CN112995162A (en) * | 2021-02-07 | 2021-06-18 | 深信服科技股份有限公司 | Network traffic processing method and device, electronic equipment and storage medium |
| CN113285926A (en) * | 2021-04-26 | 2021-08-20 | 南方电网数字电网研究院有限公司 | Honey pot trapping method and device for power monitoring system and computer equipment |
| CN113645234A (en) * | 2021-08-10 | 2021-11-12 | 东方财富信息股份有限公司 | Honeypot-based network defense method, system, medium and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114257438A (en) | 2022-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Fog computing: Issues and challenges in security and forensics | |
| US10031671B2 (en) | Method, apparatus, and system for calculating identification threshold to distinguish cold data and hot data | |
| CN103150687B (en) | Electric network structure vulnerability real-time evaluation system | |
| Davoody-Beni et al. | Application of IoT in smart grid: Challenges and solutions | |
| Rao et al. | A paradigm shift from cloud to fog computing | |
| CN103152352A (en) | Perfect information security and forensics monitoring method and system based on cloud computing environment | |
| KR20140119561A (en) | System and method for big data aggregaton in sensor network | |
| Saenko et al. | Parallel processing of big heterogeneous data for security monitoring of IoT networks | |
| CN113285926B (en) | Honey pot trapping method and device for power monitoring system and computer equipment | |
| CN110995785A (en) | Low-voltage distribution network cloud platform based on Internet of things | |
| Wang et al. | A centralized HIDS framework for private cloud | |
| Kenner et al. | Comparison of smart grid architectures for monitoring and analyzing power grid data via Modbus and REST | |
| CN114257438B (en) | Electric power monitoring system management method and device based on honeypot and computer equipment | |
| Verma et al. | A comparative study based on different energy saving mechanisms based on green internet of things (GIoT) | |
| CN106301843A (en) | A kind of cloud platform safeguards system and method | |
| Yang et al. | On construction of a network log management system using ELK Stack with Ceph | |
| CN208046653U (en) | A kind of electric power monitoring system network security monitoring main website plateform system | |
| CN104038360A (en) | Network management realization system and network management realization method based on novel access controller architecture | |
| Lin et al. | Security function virtualization based moving target defense of SDN-enabled smart grid | |
| CN108414889A (en) | The detection of power grid isolated island, the method and device for determining isolated island group | |
| CN114598511B (en) | Real-time monitoring system of network involved | |
| Xu et al. | Cyberspace surveying and mapping: Hierarchical model and resource formalization | |
| CN112769620B (en) | Network deployment method, equipment and computer readable storage medium | |
| CN105653529A (en) | Storage management system, device and method | |
| Dai et al. | Electrical fire monitoring IoT framework for ancient architectural complex leveraging edge computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230809 Address after: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province Applicant after: China Southern Power Grid Digital Platform Technology (Guangdong) Co.,Ltd. Address before: Room 86, room 406, No.1, Yichuang street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province Applicant before: Southern Power Grid Digital Grid Research Institute Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |