CN114301621A - Intelligent substation and network communication safety control method and device thereof - Google Patents
Intelligent substation and network communication safety control method and device thereof Download PDFInfo
- Publication number
- CN114301621A CN114301621A CN202111361869.5A CN202111361869A CN114301621A CN 114301621 A CN114301621 A CN 114301621A CN 202111361869 A CN202111361869 A CN 202111361869A CN 114301621 A CN114301621 A CN 114301621A
- Authority
- CN
- China
- Prior art keywords
- message
- network communication
- audit
- station
- intelligent substation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 266
- 238000000034 method Methods 0.000 title claims abstract description 79
- 238000012550 audit Methods 0.000 claims abstract description 149
- 238000012545 processing Methods 0.000 claims abstract description 81
- 230000002159 abnormal effect Effects 0.000 claims abstract description 76
- 230000005540 biological transmission Effects 0.000 claims abstract description 42
- 230000003993 interaction Effects 0.000 claims abstract description 19
- 241000272814 Anser sp. Species 0.000 claims 3
- 239000010410 layer Substances 0.000 description 36
- 230000008569 process Effects 0.000 description 23
- 230000006870 function Effects 0.000 description 21
- 230000007246 mechanism Effects 0.000 description 12
- 238000007726 management method Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000011229 interlayer Substances 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 125000006850 spacer group Chemical group 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E60/00—Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/16—Electric power substations
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an intelligent substation and a network communication safety control method and a network communication safety control device thereof, wherein the control method comprises the following steps: acquiring a network communication message; when a network communication message enters the station, determining the type of the network communication message entering the station; when the network communication message in the access station is determined to be a service message according to the type of the network communication message in the access station, performing security audit and abnormal audit on the service message to obtain a normal message passing the security audit and the abnormal audit; and performing integrity and repeatability audit on the normal message, and performing data interaction processing on the compliance message passing the integrity and repeatability audit. Therefore, the control method carries out data safety processing on data entering and exiting the intelligent substation, ensures the safety of network data transmission, avoids the problem of data message time delay exceeding caused by using the safety strategies of external authentication equipment and safety equipment, and ensures that the data transmission meets the requirement of standard standards on data delay.
Description
Technical Field
The invention relates to the technical field of intelligent substations, in particular to a network communication safety control method of an intelligent substation, a computer readable storage medium, the intelligent substation and a network communication safety control device of the intelligent substation.
Background
The intelligent substation uses IEC61850 standard communication, the standard is the only global universal standard in the field of power system automation, the engineering operation standardization of the intelligent substation is realized, and the engineering implementation of the intelligent substation becomes standard, uniform and transparent. The IEC61850 series of standards has 10 general classes and 14 standards, and specifically defines 3-layer network structures such as station control layer, bay layer and network layer, and defines communication interfaces between layers. The data acquisition, the equipment function control and the like are all realized in a network communication mode, so that potential safety hazards such as network intrusion exist.
In the related technology, the communication of the intelligent substation is based on a TCP/IP network, and is likely to be attacked by viruses and hackers which take the network as a main transmission path, most application systems of the power information workstations adopt Windows platforms, Intelligent Electronic Devices (IEDs) in the stations have no safety cores, and a plurality of potential safety hazards exist; and secondly, application systems such as a human-machine interface (HMI), control, maintenance, planning and construction can be directly accessed to a station control layer network of the intelligent substation through a gateway, and related information in the station can be directly accessed.
Therefore, both the intra-substation communication and the external communication of the intelligent substation face security threats, and especially when the intelligent substation is connected to a public network communication facility, the intelligent substation is more vulnerable to network attacks than a substation local area network which is closed in a relatively isolated manner.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art. Therefore, a first objective of the present invention is to provide a network communication security control method for an intelligent substation, which can perform data security processing on data entering and exiting the intelligent substation, so as to ensure security of network data transmission, avoid the problem of standard exceeding of data packet delay caused by a security policy of an external authentication device and a security device used in a switch, and ensure that data transmission meets the requirement of a standard on data delay.
A second object of the invention is to propose a computer-readable storage medium.
The third purpose of the invention is to provide an intelligent substation.
The fourth purpose of the invention is to provide a network communication safety control device of an intelligent substation.
In order to achieve the above object, an embodiment of a first aspect of the present invention provides a network communication security control method for an intelligent substation, including: acquiring a network communication message; when a network communication message enters the station, determining the type of the network communication message entering the station; when the network communication message in the access station is determined to be a service message according to the type of the network communication message in the access station, performing security audit and abnormal audit on the service message to obtain a normal message passing the security audit and the abnormal audit; and performing integrity and repeatability audit on the normal message, and performing data interaction processing on the compliance message passing the integrity and repeatability audit.
According to the network communication safety control method of the intelligent substation, the network communication message is obtained, when the network communication message enters the station, the type of the network communication message entering the station is determined, and when the network communication message entering the station is determined to be the service message according to the type of the network communication message entering the station, safety audit and abnormal audit are conducted on the service message, a normal message passing the safety audit and the abnormal audit is obtained, integrity and repeatability audit are conducted on the normal message, and data interaction processing is conducted on the compliance message passing the integrity and the repeatability audit. Therefore, the control method carries out data safety processing on data entering and exiting the intelligent substation, ensures the safety of network data transmission, avoids the problem of data message time delay exceeding caused by using the safety strategies of external authentication equipment and safety equipment, and ensures that the data transmission meets the requirement of standard standards on data delay.
In addition, the network communication security control method for the intelligent substation according to the above embodiment of the present invention may further have the following additional technical features:
according to one embodiment of the invention, the security audit and the exception audit are carried out on the service message, which comprises the following steps: and performing security audit on the service message, and performing abnormal audit on the legal message when the service message is determined to be the legal message according to a security audit result so as to determine a normal message meeting a preset communication standard.
According to an embodiment of the present invention, when performing security audit on a service packet, the method further includes: when the service message is an illegal message entering from the outside, carrying out network disconnection processing on the access port; when the service message is an illegal message transmitted in the station, the fault judgment is carried out on the equipment connected with the access port, and the standby line switching processing is carried out when the equipment is in fault.
According to an embodiment of the present invention, when performing an exception check on a legal packet, the method further includes: and when the legal message is determined to be an abnormal message which does not meet the preset communication specification, discarding the abnormal message.
According to an embodiment of the present invention, the service Message includes one or more of a GOOSE (Generic Object Oriented Substation Event) Message, an SV (Sampled Value) Message, and an MMS (manufacturing Message Specification) Message.
According to an embodiment of the present invention, when performing integrity and repeatability audit on a normal message, the method further includes: when the SV message is determined to be incomplete, repairing the incomplete SV message, discarding the SV message which cannot be repaired, and requesting the original address to retransmit; and when the GOOSE message is subjected to duplicate checking processing, discarding the determined duplicate GOOSE message.
According to an embodiment of the present invention, the data interaction processing on the compliance message passing the integrity and the repeatability audit includes: when the compliance message which passes the integrity and the repeatability is sent to the outside of the station, the compliance message which passes the integrity and the repeatability is sent to the safety encryption module through the communication module for data encryption processing, the compliance message which passes the data encryption processing is received through the communication module, and the compliance message which passes the data encryption processing is sent out through the communication module.
According to one embodiment of the invention, prior to entry of the network communication message into the station, the method further comprises: if the network communication message is acquired through the inter-station data interface, the network communication message is sent to the security encryption module through the communication module to be decrypted, the decrypted network communication message is received through the communication module, and the decrypted network communication message is sent to the station through the communication module.
According to one embodiment of the invention, when the network communication message in the incoming station is determined to be a non-service message according to the type of the network communication message in the incoming station, the data transparent transmission processing is carried out on the non-service message.
In order to achieve the above object, a second aspect of the present invention provides a computer-readable storage medium, on which a network communication security control program of an intelligent substation is stored, where the network communication security control program of the intelligent substation is executed by a processor to implement the above network communication security control method of the intelligent substation.
According to the computer-readable storage medium of the embodiment of the invention, the processor executes the network communication security control program of the intelligent substation stored on the processor to realize the network communication security control method of the intelligent substation, so that data security processing is performed on data entering and exiting the intelligent substation, the network data transmission security is ensured, meanwhile, the problem that the data message time delay exceeds the standard due to the use of a security strategy of an external authentication device and a security device is avoided, and the data transmission is ensured to meet the requirement of a standard on data time delay.
In order to achieve the above object, an intelligent substation provided in an embodiment of a third aspect of the present invention includes a memory, a processor, and a network communication security control program of the intelligent substation, where the network communication security control program is stored in the memory and is executable on the processor, and when the processor executes the network communication security control program of the intelligent substation, the network communication security control method of the intelligent substation is implemented.
According to the intelligent substation, when the processor executes the network communication security control program of the intelligent substation, the network communication security control method of the intelligent substation is realized, so that data security processing is performed on data entering and exiting the intelligent substation, the network data transmission security is ensured, the problem that the data message time delay exceeds the standard due to the use of a security strategy of an external authentication device and a security device of a switch is avoided, and the data transmission is ensured to meet the requirement of a standard on data delay.
In order to achieve the above object, a fourth aspect of the present invention provides a network communication security control apparatus for an intelligent substation, including: the acquisition module is used for acquiring the network communication message; the determining module is used for determining the type of the network communication message entering the station when the network communication message enters the station; the safety audit module is used for carrying out safety audit on the service message when the determining module determines that the network communication message in the incoming station is the service message according to the type of the network communication message in the incoming station; the abnormal auditing module is used for performing abnormal auditing on the service message subjected to the safety auditing by the safety auditing module to obtain a normal message passing the abnormal auditing; and the processing module is used for performing integrity and repeatability audit on the normal message and performing data interaction processing on the compliance message which passes the integrity and repeatability audit.
According to the network communication safety control device of the intelligent substation, the network communication message is obtained through the obtaining module, when the network communication message enters the station, the type of the network communication message entering the station is determined through the determining module, when the determining module determines that the network communication message entering the station is a service message according to the type of the network communication message entering the station, the service message is subjected to safety audit through the safety audit module, the service message subjected to safety audit through the safety audit module is subjected to abnormal audit through the abnormal audit module, a normal message subjected to abnormal audit is obtained, the integrity and repeatability audit are carried out on the normal message through the processing module, and data interaction processing is carried out on the compliance message subjected to the integrity and the repeatability audit. Therefore, the device carries out data safety processing on data entering and exiting the intelligent substation, ensures the safety of network data transmission, avoids the problem that the time delay of data messages exceeds the standard caused by using the safety strategies of external authentication equipment and safety equipment, and ensures that the data transmission meets the requirement of standard standards on data delay.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a flowchart of a network communication security control method of an intelligent substation according to an embodiment of the present invention;
fig. 2 is a network structure diagram of an intelligent substation according to an embodiment of the present invention;
FIG. 3 is a block diagram of a data channel with a secure encryption module according to an embodiment of the present invention;
FIG. 4 is a network diagram of a site level network according to an embodiment of the present invention;
FIG. 5 is a process level network diagram of one embodiment of the present invention;
fig. 6 is a block schematic diagram of an intelligent substation according to an embodiment of the present invention;
fig. 7 is a block diagram of a network communication security control device of an intelligent substation according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
The network communication security control method for an intelligent substation, the computer-readable storage medium, the intelligent substation, and the network communication security control apparatus for the intelligent substation according to the embodiments of the present invention are described below with reference to the accompanying drawings.
Fig. 1 is a flowchart of a network communication security control method of an intelligent substation according to an embodiment of the present invention.
In one embodiment of the present invention, as shown in fig. 2, the national grid intelligent substation may include three layer network structures, which are: a station control layer, a spacer layer, and a process layer.
The station control layer equipment is responsible for summarizing real-time data information of the whole station, sending related data to a dispatching or remote control center, meanwhile, executing received dispatching or control center commands to the process layer equipment and the spacer layer equipment, and has the function of a man-machine system. In the figure, a functional module A and a functional module B are station control layer equipment of different intervals of a transformer substation, and mainly comprise a monitoring host, an operator workstation, a telecontrol workstation, an engineer workstation, a GPS time synchronization device and the like. The station control layer provides a man-machine interface for operation in the station, realizes management control on the interlayer equipment, and communicates with a dispatching center or a control center through a power data network.
The interlayer equipment comprises secondary equipment such as a protection measurement and control device, a fault recording device, a metering device and the like, and has the main functions of collecting the real-time data of the process layer of the interval, transmitting the real-time data to the station control layer equipment through a network, receiving a control operation command sent by the station control layer and realizing the function of starting and stopping transmission of the operation command. The spacing layer also has the functions of protecting and controlling primary equipment, and completing the control functions of operation locking, operation synchronization and the like of the spacing layer.
The process layer is the intersection of the primary equipment and the secondary equipment and mainly completes three functions of electric quantity measurement, equipment state detection and operation control command execution. And converting the alternating current analog quantity, the direct current analog quantity and the state quantity into digital signals, providing the digital signals to an upper layer, and receiving and executing a control command issued by the upper layer.
At present, network construction of a transformer substation follows a security policy of 'horizontal isolation', namely, an intranet of the transformer substation is completely physically isolated from the external Internet, but a security policy of 'longitudinal encryption' of data is not adopted. And the substation is not completely disconnected with external data, but is subjected to data interaction and transmission with the outside through a private network, so that the intelligent substation communication network is not safe.
At present, in an intelligent substation, IEC61850 is used, station control layer MMS (manufacturing message Standard) communication, process layer GOOSE (communication model object substation event) and SV (sampling value) communication are all adopted, a basic communication mechanism without safety defense measures is adopted, data entering and leaving the substation are not encrypted and decrypted, and the risks of invasion and remote control cannot be guaranteed. As an international standard based on a universal network communication platform, IEC61850 also faces the same threat to computer networks of IEC 61850-based substations. Communication over an intelligent substation network faces four threats including: (1) eavesdropping: an attacker eavesdrops communication contents of other people from the network; (2) intercepting: an attacker intentionally interrupts others' communications over the network; (3) counterfeiting: the attacker forges the information and transmits on the network; (4) tampering: an attacker deliberately tampers with the messages transmitted over the network.
In addition, along with the development of the intelligent substation, a plurality of novel devices such as merging units and intelligent terminals are developed, except various abnormal communications which may occur in operation, abnormal communications caused by certain defects also exist in the application improvement process of the novel devices, all the abnormal communications can cause unpredictable behaviors of the devices, and the stability of the devices is reduced.
In addition, the process layer network uses ethernet technology for data communication transmission, and data needs to have a certain delay in the network transmission process. According to the specification of the IEC61850 standard, when data in a station is transmitted in a switch, the average time delay value is less than 10us, and the time delay jitter of the switch is less than 1 us. If the switch for transmitting data in the station adopts a general external authentication encryption device to perform security authentication and data encryption processing, the delay index of data transmission in the station is affected, and the data frame loss caused by the queue head blockage of the message is caused in serious cases. Once the critical control data is lost, immeasurable loss and even safety accidents are brought to secondary equipment in the transformer substation.
In order to solve the problems, the invention provides a network communication security control method of an intelligent substation, which is used for carrying out hierarchical response and processing on data entering a switch, and ensuring the real-time performance of data transmission by adopting a non-encryption or even data transparent transmission mode on the data transmitted in a station; meanwhile, data entering and exiting the transformer substation are mostly information messages for information query and report, the real-time requirement is low, but the information amount is important, and therefore data information entering and exiting the transformer substation needs to be encrypted.
As shown in fig. 1, the network communication security control method for an intelligent substation according to the embodiment of the present invention may include the following steps:
and S1, acquiring the network communication message.
Specifically, as shown in fig. 3, a communication module 1 of the intelligent substation is connected with an intra-station data interface 2 and an inter-station interface 3 respectively, and is connected with a management interface 4 through a management module 5, the communication module 1 realizes intra-station data interaction through the intra-station data interface 2, and is connected with a remote control center through the inter-station interface 3, so as to realize inter-station data transmission. The communication module receives external data (network communication message) in the form of message through the intra-station data interface 2 and the inter-station interface 3.
S2, determining a type of the network communication message entering the station when the network communication message enters the station.
That is, when a network message enters the power station through the communication module, the message type of the network message is firstly identified. The network communication Message types include non-service messages such as a general Address Resolution Protocol (ARP) Message or an Internet Control Message Protocol (ICMP), and non-service messages such as a GOOSE Message, an SV Message, and an MMS Message.
And S3, when the network communication message in the incoming station is determined to be the service message according to the type of the network communication message in the incoming station, performing security audit and abnormal audit on the service message to obtain a normal message passing the security audit and the abnormal audit. The service message comprises one or more of a GOOSE message, an SV message and an MMS message.
According to one embodiment of the invention, when the network communication message in the incoming station is determined to be a non-service message according to the type of the network communication message in the incoming station, the data transparent transmission processing is carried out on the non-service message.
Specifically, after the type of the received network communication message is identified according to the above steps, if the type of the network communication message is a non-service message (a conventional message), the network communication message is directly forwarded, that is, data transparent transmission processing is performed, and the data transparent transmission processing is sent to a corresponding address through a communication module. If the network communication message type is a service message (such as a GOOSE message, an SV message, an MMS message, and the like), security audit and abnormal audit are required to be performed, so as to ensure reliability and real-time performance of data transmission. After safety audit and abnormal audit, determining whether the service message is a normal message or not according to an audit result, wherein when the audit result shows that the service message is the normal message, the normal message is processed in the next step; and when the auditing result shows that the service message is an abnormal message, adopting a corresponding message processing mode according to the abnormal type of the message.
According to one embodiment of the invention, the security audit and the exception audit are carried out on the service message, which comprises the following steps: and performing security audit on the service message, and performing abnormal audit on the legal message when the service message is determined to be the legal message according to a security audit result so as to determine a normal message meeting a preset communication standard. The preset communication specification can be applied according to actual conditions.
According to an embodiment of the present invention, when performing security audit on a service packet, the method further includes: when the service message is an illegal message entering from the outside, carrying out network disconnection processing on the access port; when the service message is an illegal message transmitted in the station, the fault judgment is carried out on the equipment connected with the access port, and the standby line switching processing is carried out when the equipment is in fault.
According to an embodiment of the present invention, when performing an exception check on a legal packet, the method further includes: and when the legal message is determined to be an abnormal message which does not meet the preset communication specification, discarding the abnormal message.
Specifically, the system presets audit content of device operation safety requirements, namely a communication access policy, wherein a communication allowable range is limited. After the network communication message type is confirmed to be the service message, firstly, security audit is carried out on the service message, and whether the service message is definitely forbidden and is not in an allowable range is judged. If the service message sent outside the station is not the network communication message which is definitely forbidden and within the allowed range, the service message is considered not to influence the communication safety, and is a legal message, and abnormal audit is continuously carried out on the legal message. If the service message sent outside the station is a network communication message which is definitely forbidden or not in the allowed range, the service message is considered to influence the communication safety and is an illegal message, the illegal message is processed, the system presets a communication control strategy which is a measure required to be taken when the safety problem is found, for example, the communication control strategy can process two safety levels according to the outside-station message and the inside-station message, if the illegal message identified by the safety audit is the outside-station message input through an interface between stations, the communication module is used for carrying out communication service rejection and communication disconnection processing on an IP (Internet protocol) and MAC (media access control) address or a data interface (outside-station interface) for sending the illegal message, and carrying out network disconnection processing. If the illegal message is an in-station message input through an in-station data interface, firstly, judging whether the illegal identification is caused by equipment failure connected with the in-station data interface through a safety audit module, if the illegal identification is caused by the equipment failure, switching a standby circuit to prevent the network from being disconnected, and if the illegal identification is not caused by the input equipment failure, performing network disconnection processing.
And when the service message sent outside the station passes the safety audit and is counted as a legal service message, the abnormal audit analysis is continued, and when the legal service message meets the preset communication standard, the service message is considered as a normal message. For example, taking the preset communication specification as the IEC61850 communication specification as an example, in the abnormal audit process, the system analyzes the legal message according to the IEC61850 communication specification, judges whether the legal message meets the IEC61850 communication specification, if so, the legal message is a normal message, and can continue data transmission; if not, the message is an abnormal message and is directly discarded.
It can be understood that the above-mentioned abnormal audit content may include the validity of message format, the correctness of coding, and the correctness of communication mechanism. The correctness of the auditing mechanism mainly analyzes the GOOSE and SV communication messages, and comprises a GOOSE change uploading trapezoidal time mechanism, a GOOSE burst, a GOOSE virtual change and abnormal change, GOOSE overtime, SV overtime and SV data jumping.
In addition, a real-time early warning module can be arranged in the power exchanging station, and processing results in the safety audit and abnormal audit processes are reported to the real-time early warning module in real time. For example, the above-mentioned security audit records the audit result and processing measure of the illegal message in a log mode and submits the result to the real-time early warning module, the abnormal audit records the port number (in-station data interface, out-station interface) and the MAC address of the abnormal message, and after completely recording the original message and time in a log mode as the audit result, directly discards the abnormal message to avoid further processing by the device function, and reduces the influence of the abnormal message on the device function, thereby improving the stability of the device function, and submitting the audit result to the real-time early warning module.
And S4, performing integrity and repeatability audit on the normal message, and performing data interaction processing on the compliance message passing the integrity and repeatability audit.
Specifically, the normal message obtained through the security examination and the exception examination is continuously examined for completeness and repeatability, when the normal message is a complete and non-repetitive message, the normal message is determined to be a compliance message, the compliance message is sent back to the communication module again, and the communication module sends the compliance message to the designated port according to the message address to perform normal data exchange.
According to an embodiment of the present invention, when performing integrity and repeatability audit on a normal message, the method further includes: when the SV message is determined to be incomplete, repairing the incomplete SV message, discarding the SV message which cannot be repaired, and requesting the original address to retransmit; and when the GOOSE message is subjected to duplicate checking processing, discarding the determined duplicate GOOSE message.
Specifically, when the SV message is determined to be incomplete, a repairing operation is performed according to a message rule, if the SV message cannot be repaired according to the message rule, the communication module requests the message original address equipment to resend the service message, and the incomplete SV message is discarded, wherein when the service message is received again, security audit, abnormal audit, integrity and repeatability audit still need to be performed according to the steps. And for the GOOSE message, if multiple GOOSE messages of the same address are received within the preset time, judging whether the multiple GOOSE messages belong to the repeatedly transmitted messages or not, if the multiple GOOSE messages belong to the repeatedly transmitted GOOSE messages, directly judging the multiple GOOSE messages as abnormal messages to discard the abnormal messages, and if the multiple GOOSE messages do not belong to the repeatedly transmitted GOOSE messages, transmitting the GOOSE messages.
In addition, in the process of checking the integrity and repeatability of the normal message, the port numbers (external interface and internal data interface) and the MAC addresses of the discarded SV message and the GOOSE message sent repeatedly can be recorded, and the auditing result is submitted to the real-time early warning module after being recorded in a log mode.
The real-time early warning module can also submit the early warning information submitted in the safety audit, the abnormal audit, the integrity and the repeatability audit to an information management module of the intelligent substation equipment. The information management module sends the information to a man-machine interaction interface, or directly sends the information to terminal communication equipment worn by maintenance personnel through a special network, and the management personnel is reminded of illegal data, so that the management personnel can report faults and give a safety alarm in time.
Therefore, when the network security problem of data entering and leaving a station is solved, if the data in the station has abnormal messages or is invaded illegally in an artificial physical connection mode, wrong information judgment can be brought to the station control layer equipment, whether the data messages in the whole network are complete and repeated or not is judged through security audit, abnormal audit, integrity and repeatability audit, whether the data messages meet the IEC61850 standard or not is judged, and meanwhile, a real-time early warning module is needed to report abnormal warning in the station network.
To improve data security, in one embodiment of the present invention, a security encryption module 6 is disposed between the communication module 1 and the external interface 3, as shown in fig. 3. The communication module 1 is a switching chip component and is responsible for communication of network data, the security encryption module 6 realizes the functions of data identification and encryption and decryption of the outgoing and incoming transformer substations in network communication by a special state-secret encryption chip component, and ensures that data security is not influenced even if the data is intercepted. In the data interaction process, the station control layer switch and the switch outside the station can carry out encryption negotiation through an Internet Protocol Security (IPsec) Protocol, a secret key meeting the national secret standard is generated by the Security encryption module 6 through encryption calculation, and the secret key is exchanged with the switch which is interconnected outside the station and uses the same encryption module and supports the IPsec function through the inter-station interface 3. Data to be sent out of the station by the communication module 1 or received data out of the station are sent to the security encryption module 6 for encryption and decryption of the data, the data after encryption and decryption are sent back to the communication module 1 by the security encryption module 6 for further processing.
Therefore, data safety processing measures are carried out on data entering and exiting the transformer substation by the intelligent transformer substation equipment, the effect of guaranteeing network data transmission safety is achieved, the problem that data message time delay exceeds standard due to the fact that a safety strategy of a security device and an external authentication device of a switch is used is avoided, a safety audit module with a safety audit function, an abnormal audit module with an abnormal audit function, a special edge calculation module with integrity and repeatability audit and a safety encryption module are integrated in the switch, and all the modules are connected by using a chip internal bus mode or a high-speed bus such as PCIE. Each module has a single function, is clearly divided into work, is not influenced by uncertain time delay caused by similar interrupt instructions, and ensures that the data can meet the requirement of the IEC61850 standard on data time delay even if the data is processed by a safety strategy.
According to one embodiment of the invention, prior to entry of a network communication message into a station, the method of controlling further comprises: if the network communication message is acquired through the inter-station data interface, the network communication message is sent to the security encryption module through the communication module to be decrypted, the decrypted network communication message is received through the communication module, and the decrypted network communication message is sent to the station through the communication module.
That is to say, if the network communication message is an outbound message sent to the communication module through the inter-station interface, the communication module first forwards the outbound message to the security encryption module for decryption, the security encryption module returns the decrypted outbound message to the communication module, and the communication module performs the control operation on the decrypted message.
According to an embodiment of the present invention, the data interaction processing on the compliance message passing the integrity and the repeatability audit includes: when the compliance message which passes the integrity and the repeatability is sent to the outside of the station, the compliance message which passes the integrity and the repeatability is sent to the safety encryption module through the communication module for data encryption processing, the compliance message which passes the data encryption processing is received through the communication module, and the compliance message which passes the data encryption processing is sent out through the communication module.
Specifically, for the compliance message that is checked by the security control method, if the compliance message needs to be sent out through the inter-station interface, the communication module firstly forwards the compliance message to the security encryption module for data encryption, the security encryption module forwards the encrypted message back to the communication module, and then the communication module sends out the encrypted compliance message through the inter-station interface.
In an intelligent substation adopting an IEC61850 standard, a three-layer two-network architecture is adopted, wherein the three layers refer to a station control layer, a bay layer and a process layer; two networks refer to a process level network and a station level network. The industrial Ethernet switch of the 'two networks' adopts the communication method of the invention, adds the security encryption, the security audit, the abnormal audit, the integrity and the repeatability audit and the real-time early warning, can better ensure the network security of the intelligent substation, and can also make the judgment correctly even if the intelligent substation is illegally invaded by data outside the substation or the primary equipment of the process level terminal has a fault, thereby avoiding the error operation of sending by mistake.
For example, in a network of a station control layer as shown in fig. 4, data exchange between an ingress and an egress station and a remote control center needs to be completed in a security encryption module of an ethernet switch. And simultaneously, auditing the legality of the network communication message and reporting the illegal message in real time in an early warning way. The data propagated in the process layer network shown in fig. 5 is audited for message validity, completeness, repeatability and real-time warning processing of illegal messages.
In summary, the network communication security control method for the intelligent substation is used for monitoring the security and the security of the network communication data of the equipment of the intelligent substation in real time and carrying out encryption and defense from the perspective of network communication security and stable operation of the equipment, and a data encryption mechanism is adopted for carrying out data encryption and decryption processing on the data entering and exiting the intelligent substation, so that the leakage and the intrusion of message data are prevented, and a hacker intrusion event is prevented. In the operation process, firstly, the network communication message is obtained through the communication module, if the network communication message is input through the external interface of the station, the communication module forwards the network communication message to the security encryption module for decryption, and the decrypted message is sent back to the communication module. The decrypted outside-station messages input by the outside-station interface and the decrypted inside-station messages input by the inside-station data interface are respectively subjected to message type analysis, a message classification processing mechanism is adopted, if the non-service messages are subjected to data transparent transmission processing, safety audit and abnormal audit are carried out on the service messages, the reliability and the real-time performance of data transmission are ensured, the illegal and abnormal communication of the equipment in a bottom layer communication link is restrained and filtered, and the safety and the stability of the operation of the intelligent substation are improved.
Meanwhile, an emergency hierarchical response mechanism is established, a direct network disconnection and alarm reporting mechanism is adopted to process illegal messages outside stations, and a message discarding, fault diagnosis and alarm reporting mechanism is adopted to process illegal or abnormal messages between stations. The safety audit and the abnormal audit are mainly used for analyzing whether the messages meet the standard or not, processing the messages which do not meet the standard, reporting statistical results to the real-time early warning module, carrying out completeness and repeatability audit on the messages which meet the rule, namely normal messages, and sending the messages to the communication module for continuous transmission after carrying out repair operation on non-repeated GOOSE messages and incomplete SV messages in the audit process.
And establishing a message retransmission detection mechanism in the integrity and repeatability auditing process, auditing the service message, judging whether the message belongs to a repeatedly transmitted fault message, and processing the message after judgment instead of completely responding and forwarding. Namely, time examination is carried out on the GOOSE message, the GOOSE message is judged to be the GOOSE message which is sent repeatedly, forwarding is not carried out, and the GOOSE message is discarded. And discarding the incomplete SV message which cannot be repaired, requesting the original address to resend the message through the communication module, namely adopting a retransmission mechanism, and reporting the information of the illegal message and the discarding operation to the real-time early warning module.
The real-time early warning module is used for collecting abnormal alarms and logs of safety audit, abnormal audit and integrity and repeatability audit, timely reporting the alarms to the management module to be sent to the man-machine interface or sending alarm information to handheld terminal equipment of maintenance personnel through a wireless private network, the management module is used for realizing functions of configuration, management, rule issuing of the whole functions of the switch, storage of the real-time early warning information and the like, namely, an alarm timely uploading mechanism is adopted in the operation process, a unidirectional alarm reporting system is implanted in the switch, the alarm information recorded in the logs is timely reported to the man-machine interface, or the alarm information is notified to the handheld terminal equipment of the maintenance personnel through a special network, and therefore illegal and abnormal conditions are prevented.
When the message needs to be sent to the outside of the station, the approved compliance message is firstly forwarded to the security encryption module through the communication module to be encrypted, then the encrypted message is sent back to the communication module, and the communication module sends the message to the corresponding address through the inter-station interface.
Therefore, the security control method enables data of the intelligent substation to be difficult to steal and analyze due to the encryption system, achieves data identification and encryption and decryption functions of the intelligent substation in and out of network communication, ensures that data security and data security in a power grid cannot be affected even if the data is intercepted, simplifies a communication data flow to the maximum extent, and can effectively guarantee transmission delay of the data.
In summary, according to the network communication security control method of the intelligent substation of the embodiment of the present invention, first, a network communication packet is obtained, when the network communication packet enters the station, the type of the network communication packet in the station is determined, then, when the network communication packet in the station is determined to be a service packet according to the type of the network communication packet in the station, security audit and abnormal audit are performed on the service packet, a normal packet passing the security audit and the abnormal audit is obtained, and finally, integrity and repeatability audit are performed on the normal packet, and data interaction processing is performed on a compliance packet passing the integrity and the repeatability audit. Therefore, the control method carries out data safety processing on data entering and exiting the intelligent substation, ensures the safety of network data transmission, avoids the problem of data message time delay exceeding caused by using the safety strategies of external authentication equipment and safety equipment, and ensures that the data transmission meets the requirement of standard standards on data delay.
The invention further provides a computer readable storage medium corresponding to the above embodiment.
The computer readable storage medium of the embodiment of the invention stores the network communication security control program of the intelligent substation, and the network communication security control program of the intelligent substation is executed by the processor to realize the network communication security control method of the intelligent substation.
According to the computer-readable storage medium of the embodiment of the invention, the processor executes the network communication security control program of the intelligent substation stored on the processor to realize the network communication security control method of the intelligent substation, so that data security processing is performed on data entering and exiting the intelligent substation, the network data transmission security is ensured, meanwhile, the problem that the data message time delay exceeds the standard due to the use of a security strategy of an external authentication device and a security device is avoided, and the data transmission is ensured to meet the requirement of a standard on data time delay.
Corresponding to the embodiment, the invention further provides an intelligent substation.
As shown in fig. 6, the intelligent substation 200 according to the embodiment of the present invention includes a memory 210, a processor 220, and a network communication security control program of the intelligent substation that is stored in the memory 210 and is executable on the processor 220, and when the processor executes the network communication security control program of the intelligent substation, the network communication security control method of the intelligent substation is implemented.
According to the intelligent substation, when the processor executes the network communication security control program of the intelligent substation, the network communication security control method of the intelligent substation is realized, so that data security processing is performed on data entering and exiting the intelligent substation, the network data transmission security is ensured, meanwhile, the problem that the data message time delay exceeds the standard due to the use of the security strategy of external authentication equipment and security equipment is avoided, and the data transmission is ensured to meet the requirement of the standard on the data delay.
Corresponding to the embodiment, the invention further provides a network communication safety control device of the intelligent substation.
As shown in fig. 7, the network communication security control apparatus according to the embodiment of the present invention includes: the system comprises an acquisition module 10, a determination module 20, a security audit module 30, an exception audit module 40 and a processing module 50.
The obtaining module 10 is configured to obtain a network communication packet. The determining module 20 is configured to determine a type of network communication message entering the station when the network communication message enters the station. The security audit module 30 is configured to perform security audit on the service packet when the determining module determines that the network communication packet in the ingress station is the service packet according to the type of the network communication packet in the ingress station. The abnormal auditing module 40 is used for performing abnormal auditing on the service message subjected to the safety auditing by the safety auditing module to obtain a normal message passing the abnormal auditing. The processing module 50 is configured to perform integrity and repeatability audit on the normal message, and perform data interaction processing on the compliance message that passes the integrity and repeatability audit.
According to an embodiment of the present invention, the security audit module 30 is configured to perform security audit on the service packet, and determine that the service packet is a legal packet according to a security audit result; the abnormal auditing module 40 is used for performing abnormal auditing on the legal message to determine a normal message meeting the preset communication specification.
According to an embodiment of the present invention, when performing security audit on the service packet, the security audit module 30 is further specifically configured to: when the service message is an illegal message entering from the outside, carrying out network disconnection processing on an access port; and when the service message is an illegal message transmitted in the station, carrying out fault judgment on equipment connected with the access port, and carrying out standby line switching processing when the equipment fails.
According to an embodiment of the present invention, when performing the exception audit on the legal packet, the exception audit module 40 is further configured to: and when the legal message is determined to be an abnormal message which does not meet the preset communication specification, discarding the abnormal message.
According to one embodiment of the invention, the service message comprises one or more of a GOOSE message, an SV message and an MMS message.
According to an embodiment of the present invention, when the processing module 50 performs integrity and repeatability audit on the normal packet, the processing module is further specifically configured to: when the SV message is determined to be incomplete, repairing the incomplete SV message, discarding the SV message which cannot be repaired, and requesting the original address to retransmit; and when the GOOSE message is subjected to duplicate checking processing, discarding the determined duplicate GOOSE message.
According to an embodiment of the present invention, the processing module 50 performs data interaction processing on the compliance packet that passes the integrity and the repeatability audit, specifically, is configured to: when the compliance message which passes the integrity and the repeatability is sent to the outside of the station, the compliance message which passes the integrity and the repeatability is sent to the safety encryption module through the communication module for data encryption processing, the compliance message which passes the data encryption processing is received through the communication module, and the compliance message which passes the data encryption processing is sent out through the communication module.
According to an embodiment of the present invention, before the network communication packet enters the inbound, the obtaining module 10 is further configured to: and if the network communication message is acquired through the inter-station data interface, the network communication message is sent to a security encryption module for decryption through a communication module, the decrypted network communication message is received through the communication module, and the decrypted network communication message is sent to the station through the communication module.
According to an embodiment of the present invention, when determining that the network communication packet in the ingress station is a non-service packet according to the type of the network communication packet in the ingress station, the determining module 20 performs data transparent transmission processing on the non-service packet.
It should be noted that, for details that are not disclosed in the network communication security control apparatus of the intelligent substation according to the embodiment of the present invention, please refer to details that are disclosed in the network communication security control method of the intelligent substation according to the above embodiment of the present invention, and details are not described here again.
According to the network communication safety control device of the intelligent substation, the network communication message is obtained through the obtaining module, the type of the network communication message entering the station is determined when the network communication message enters the station through the determining module, the safety audit is carried out on the service message when the network communication message entering the station is determined to be the service message through the determining module according to the type of the network communication message entering the station through the safety audit module, the abnormal audit is carried out on the service message which is subjected to the safety audit through the safety audit module through the abnormal audit module to obtain the normal message which is subjected to the abnormal audit, the integrity and the repeatability audit are carried out on the normal message through the processing module, and the data interaction processing is carried out on the compliance message which is subjected to the integrity and the repeatability, so that the data safety processing is carried out on the data entering and exiting the intelligent substation, and the network data transmission safety is ensured, meanwhile, the problem that the time delay of the data message exceeds the standard due to the use of the security strategy of the external authentication equipment and the security equipment is avoided, and the requirement of the data transmission on the data delay is met.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or they may be connected internally or in any other suitable relationship, unless expressly stated otherwise. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (12)
1. A network communication safety control method of an intelligent substation is characterized by comprising the following steps:
acquiring a network communication message;
when the network communication message enters the station, determining the type of the network communication message entering the station;
when the network communication message in the access station is determined to be a service message according to the type of the network communication message in the access station, performing security audit and abnormal audit on the service message to obtain a normal message passing the security audit and the abnormal audit;
and performing integrity and repeatability audit on the normal message, and performing data interaction processing on the compliance message passing the integrity and repeatability audit.
2. The network communication security control method of the intelligent substation according to claim 1, wherein performing security audit and exception audit on the service packet includes:
and performing security audit on the service message, and performing abnormal audit on the legal message when the service message is determined to be the legal message according to a security audit result so as to determine a normal message meeting a preset communication standard.
3. The network communication security control method of the intelligent substation according to claim 2, wherein when performing security audit on the service packet, the method further comprises:
when the service message is an illegal message entering from the outside, carrying out network disconnection processing on an access port;
and when the service message is an illegal message transmitted in the station, carrying out fault judgment on equipment connected with the access port, and carrying out standby line switching processing when the equipment fails.
4. The network communication security control method of an intelligent substation according to claim 2, wherein when performing an abnormal audit on the legitimate packet, the method further comprises:
and when the legal message is determined to be an abnormal message which does not meet the preset communication specification, discarding the abnormal message.
5. The network communication security control method of the intelligent substation according to any one of claims 1 to 4, wherein the service message comprises one or more of a GOOSE message, an SV message and an MMS message.
6. The network communication security control method of the intelligent substation according to claim 5, wherein when the normal message is subjected to integrity and repeatability audit, the method further comprises:
when the SV message is determined to be incomplete, repairing the incomplete SV message, discarding the SV message which cannot be repaired, and requesting the original address to retransmit;
and when the GOOSE message is subjected to duplicate checking processing, discarding the determined duplicate GOOSE message.
7. The network communication security control method of the intelligent substation according to any one of claims 1 to 4, wherein performing data interaction processing on the compliance message that passes integrity and repeatability audit comprises:
when the compliance message which passes the integrity and the repeatability is sent to the outside of the station, the compliance message which passes the integrity and the repeatability is sent to the safety encryption module through the communication module for data encryption processing, the compliance message which passes the data encryption processing is received through the communication module, and the compliance message which passes the data encryption processing is sent out through the communication module.
8. The network communication security control method of the intelligent substation according to any one of claims 1-4, characterized in that before the network communication message enters into the station, the method further comprises:
and if the network communication message is acquired through the inter-station data interface, the network communication message is sent to be decrypted through the communication module, the decrypted network communication message is received through the communication module, and the decrypted network communication message is sent to the station through the communication module.
9. The network communication security control method of the intelligent substation according to any one of claims 1 to 4, wherein when the network communication message in the ingress is determined to be a non-service message according to the type of the network communication message in the ingress, the non-service message is subjected to data transparent transmission processing.
10. A computer-readable storage medium, on which a network communication security control program of an intelligent substation is stored, which, when executed by a processor, implements the network communication security control method of the intelligent substation according to any one of claims 1 to 9.
11. An intelligent substation, characterized by comprising a memory, a processor and a network communication security control program of the intelligent substation stored on the memory and operable on the processor, wherein the processor implements the network communication security control method of the intelligent substation according to any one of claims 1 to 9 when executing the network communication security control program of the intelligent substation.
12. A network communication safety control device of an intelligent substation is characterized by comprising:
the acquisition module is used for acquiring the network communication message;
the determining module is used for determining the type of the network communication message entering the station when the network communication message enters the station;
the safety audit module is used for carrying out safety audit on the service message when the determining module determines that the network communication message in the access station is the service message according to the type of the network communication message in the access station;
the abnormal auditing module is used for performing abnormal auditing on the service message subjected to the safety auditing by the safety auditing module to obtain a normal message passing the abnormal auditing;
and the processing module is used for performing integrity and repeatability audit on the normal message and performing data interaction processing on the compliance message passing the integrity and repeatability audit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111361869.5A CN114301621A (en) | 2021-11-17 | 2021-11-17 | Intelligent substation and network communication safety control method and device thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111361869.5A CN114301621A (en) | 2021-11-17 | 2021-11-17 | Intelligent substation and network communication safety control method and device thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114301621A true CN114301621A (en) | 2022-04-08 |
Family
ID=80966471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111361869.5A Pending CN114301621A (en) | 2021-11-17 | 2021-11-17 | Intelligent substation and network communication safety control method and device thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301621A (en) |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020184527A1 (en) * | 2001-06-01 | 2002-12-05 | Chun Jon Andre | Intelligent secure data manipulation apparatus and method |
| KR100750377B1 (en) * | 2006-05-09 | 2007-08-17 | 한정보통신 주식회사 | Network security system based system on chip and method thereof |
| KR101375813B1 (en) * | 2012-09-13 | 2014-03-20 | 한국전력공사 | Active security sensing device and method for intrusion detection and audit of digital substation |
| WO2014090025A1 (en) * | 2012-12-11 | 2014-06-19 | 国网上海市电力公司 | On-line and off-line integrated analysis and testing method for smart substation |
| CN105337954A (en) * | 2014-10-22 | 2016-02-17 | 航天恒星科技有限公司 | Method and device for encryption and decryption of IP message in satellite communication |
| CN105449863A (en) * | 2015-12-16 | 2016-03-30 | 北京四方继保自动化股份有限公司 | Network communication safety and stability method of intelligent substation |
| CN105552853A (en) * | 2015-12-16 | 2016-05-04 | 国网安徽省电力公司 | Intelligent alarm and comprehensive judgment method of intelligent substation |
| CN107483444A (en) * | 2017-08-22 | 2017-12-15 | 北京邮电大学 | A kind of intelligent grid information transmission security protector and safety protecting method |
| CN109391613A (en) * | 2018-09-06 | 2019-02-26 | 国网山东省电力公司电力科技研究院 | A kind of intelligent substation method for auditing safely based on SCD parsing |
| CN109446200A (en) * | 2018-10-30 | 2019-03-08 | 中国银联股份有限公司 | A kind of method and device of data processing |
| CN109639503A (en) * | 2019-01-03 | 2019-04-16 | 南京南瑞继保电气有限公司 | A kind of exception message retrospect implementation method based on Substation Process layer network device |
| CN110086776A (en) * | 2019-03-22 | 2019-08-02 | 国网河南省电力公司经济技术研究院 | Intelligent substation Network Intrusion Detection System and detection method based on deep learning |
| CN110958266A (en) * | 2019-12-16 | 2020-04-03 | 中国南方电网有限责任公司 | Data processing method, system, computer device and storage medium |
| CN111245862A (en) * | 2020-02-25 | 2020-06-05 | 无锡艾立德智能科技有限公司 | System for safely receiving and sending terminal data of Internet of things |
| CN111682642A (en) * | 2020-06-06 | 2020-09-18 | 南京理工大学 | Lightweight intelligent substation information abnormality detection system and method thereof |
| CN111901356A (en) * | 2020-08-05 | 2020-11-06 | 湖南能创科技有限责任公司 | Intelligent substation process layer network storm suppression method and device and electronic equipment |
| CN112217795A (en) * | 2020-09-07 | 2021-01-12 | 国家电网有限公司 | Method and device for managing communication safety of intelligent electric meter |
| CN113037745A (en) * | 2021-03-06 | 2021-06-25 | 国网河北省电力有限公司信息通信分公司 | Intelligent substation risk early warning system and method based on security situation awareness |
-
2021
- 2021-11-17 CN CN202111361869.5A patent/CN114301621A/en active Pending
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020184527A1 (en) * | 2001-06-01 | 2002-12-05 | Chun Jon Andre | Intelligent secure data manipulation apparatus and method |
| KR100750377B1 (en) * | 2006-05-09 | 2007-08-17 | 한정보통신 주식회사 | Network security system based system on chip and method thereof |
| KR101375813B1 (en) * | 2012-09-13 | 2014-03-20 | 한국전력공사 | Active security sensing device and method for intrusion detection and audit of digital substation |
| WO2014090025A1 (en) * | 2012-12-11 | 2014-06-19 | 国网上海市电力公司 | On-line and off-line integrated analysis and testing method for smart substation |
| CN105337954A (en) * | 2014-10-22 | 2016-02-17 | 航天恒星科技有限公司 | Method and device for encryption and decryption of IP message in satellite communication |
| CN105449863A (en) * | 2015-12-16 | 2016-03-30 | 北京四方继保自动化股份有限公司 | Network communication safety and stability method of intelligent substation |
| CN105552853A (en) * | 2015-12-16 | 2016-05-04 | 国网安徽省电力公司 | Intelligent alarm and comprehensive judgment method of intelligent substation |
| CN107483444A (en) * | 2017-08-22 | 2017-12-15 | 北京邮电大学 | A kind of intelligent grid information transmission security protector and safety protecting method |
| CN109391613A (en) * | 2018-09-06 | 2019-02-26 | 国网山东省电力公司电力科技研究院 | A kind of intelligent substation method for auditing safely based on SCD parsing |
| CN109446200A (en) * | 2018-10-30 | 2019-03-08 | 中国银联股份有限公司 | A kind of method and device of data processing |
| CN109639503A (en) * | 2019-01-03 | 2019-04-16 | 南京南瑞继保电气有限公司 | A kind of exception message retrospect implementation method based on Substation Process layer network device |
| CN110086776A (en) * | 2019-03-22 | 2019-08-02 | 国网河南省电力公司经济技术研究院 | Intelligent substation Network Intrusion Detection System and detection method based on deep learning |
| CN110958266A (en) * | 2019-12-16 | 2020-04-03 | 中国南方电网有限责任公司 | Data processing method, system, computer device and storage medium |
| CN111245862A (en) * | 2020-02-25 | 2020-06-05 | 无锡艾立德智能科技有限公司 | System for safely receiving and sending terminal data of Internet of things |
| CN111682642A (en) * | 2020-06-06 | 2020-09-18 | 南京理工大学 | Lightweight intelligent substation information abnormality detection system and method thereof |
| CN111901356A (en) * | 2020-08-05 | 2020-11-06 | 湖南能创科技有限责任公司 | Intelligent substation process layer network storm suppression method and device and electronic equipment |
| CN112217795A (en) * | 2020-09-07 | 2021-01-12 | 国家电网有限公司 | Method and device for managing communication safety of intelligent electric meter |
| CN113037745A (en) * | 2021-03-06 | 2021-06-25 | 国网河北省电力有限公司信息通信分公司 | Intelligent substation risk early warning system and method based on security situation awareness |
Non-Patent Citations (4)
| Title |
|---|
| 周华良;郑玉平;姚吉文;姜雷;谢黎;王凯;: "面向智能变电站二次设备的网络报文管控技术", 电力系统自动化, no. 19 * |
| 杨漾;黄小庆;曹一家;张志丹;何杰;: "变电站通信报文安全认证及其实时性仿真", 电力系统自动化, no. 13 * |
| 王保义;王民安;张少敏;: "一种基于GCM的智能变电站报文安全传输方法", 电力系统自动化, no. 03 * |
| 王向群;黄治;: "智能变电站中的通信安全技术", 电力系统通信, no. 08, 10 August 2012 (2012-08-10) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2721801B1 (en) | Security measures for the smart grid | |
| Yang et al. | Multidimensional intrusion detection system for IEC 61850-based SCADA networks | |
| Hong et al. | Detection of cyber intrusions using network-based multicast messages for substation automation | |
| CN105812387A (en) | Unidirectional safe data exchange device | |
| CN103457791B (en) | A kind of intelligent substation network samples and the self-diagnosing method of control link | |
| Parvania et al. | Hybrid control network intrusion detection systems for automated power distribution systems | |
| CN108494672A (en) | A kind of industrial communication gateway, industrial data security isolation system and method | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN113037745A (en) | Intelligent substation risk early warning system and method based on security situation awareness | |
| CN214306527U (en) | Gas pipe network scheduling monitoring network safety system | |
| CN112738063A (en) | Industrial control system network safety monitoring platform | |
| CN106161330A (en) | A kind of security isolation system being applied to PROFINET EPA | |
| CN114301621A (en) | Intelligent substation and network communication safety control method and device thereof | |
| Zhou et al. | Mind the gap: Security analysis of metro platform screen door system | |
| Rakas et al. | Cyber security issues in conductor temperature and meteorological measurement based DLR system | |
| CN112187729A (en) | Operation permission safety management and control system and method | |
| Yang et al. | Cybersecurity testing technology in smart substations | |
| Weerathunga et al. | Securing IEDs against cyber threats in critical substation automation and industrial control systems | |
| CN102970188A (en) | 110kV digital transformer substation security network | |
| Qassim et al. | An anomaly detection technique for deception attacks in industrial control systems | |
| CN215912109U (en) | Industrial control network architecture for real-time detection of network data traffic and attack | |
| Wei et al. | Research on information security testing technology for smart Substations | |
| Zhang et al. | Key Issues in Designing Cyber Security Proxy Gateways for Digital Substation Non-immune Bay Layers | |
| KR102160537B1 (en) | Digital substation with smart gateway | |
| CN110011873B (en) | Method, device and medium for detecting working state of IP-free equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |