CN114466064A - Transformer substation network security agent method and device and readable storage medium - Google Patents
Transformer substation network security agent method and device and readable storage medium Download PDFInfo
- Publication number
- CN114466064A CN114466064A CN202111677356.5A CN202111677356A CN114466064A CN 114466064 A CN114466064 A CN 114466064A CN 202111677356 A CN202111677356 A CN 202111677356A CN 114466064 A CN114466064 A CN 114466064A
- Authority
- CN
- China
- Prior art keywords
- network
- substation
- network security
- transformer substation
- log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 97
- 238000001514 detection method Methods 0.000 claims abstract description 14
- 239000003795 chemical substances by application Substances 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 9
- 230000006854 communication Effects 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 2
- 230000000977 initiatory effect Effects 0.000 claims 1
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 10
- 238000012544 monitoring process Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
Images
Landscapes
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
The invention relates to a technical scheme based on a transformer substation network security proxy method, a transformer substation network security proxy device and a readable medium, which comprises the following steps: responding to a network security detection request, and starting a main process; and starting a plurality of subprocesses through the main process to acquire logs, process protocols and send and receive messages of the transformer substation system. The beneficial effects of the invention are as follows: and all network security events are collected in time, so that omission is avoided, and influence on network security is avoided. The system configuration is flexible, newly added events are simply added, and debugging is convenient.
Description
Technical Field
The invention relates to the field of electric power and computers, in particular to a transformer substation network security agent-based method, a transformer substation network security agent-based device and a readable medium.
Background
With the emphasis of a power grid system on network security, a device required to be operated on site by a transformer substation must be accessed to a network security monitoring background according to a standard, and security events of the device, such as network up/down, usb device insertion/extraction and the like, are uploaded in real time.
In the prior art, monitoring and management of network security events of a power grid system are omitted, or the implementation mode is complex and is not easy to configure.
Disclosure of Invention
The invention aims to solve at least one of the technical problems in the prior art, and provides a network security agent method, a device and a readable medium based on a transformer substation, which can timely collect all network security events, avoid omission and avoid influencing network security.
The technical scheme of the invention comprises a transformer substation network-based security agent method, which is characterized by comprising the following steps: responding to a network security detection request, and starting a main process; and starting a plurality of subprocesses through the main process to acquire logs, process protocols and send and receive messages of the transformer substation system.
According to the substation-based network security agent method, the step of starting the main process in response to the network security detection request comprises the following steps: and reading a configuration file, and managing the sub-process state by the main process according to the configuration file, wherein the sub-process is started and stopped.
According to the transformer substation-based network security agent method, the configuration file comprises equipment identification, a network security port, message sending configuration, detection configuration, a white list and connection configuration.
According to the transformer substation-based network security agent method, the subprocesses comprise a protocol processing process, a log collection service process, a log collection working process and a remote communication process, and the subprocesses are used for executing and processing log collection, protocol processing and message receiving and sending of a transformer substation system.
According to the substation-based network security agent method, the protocol processing sub-thread comprises the following steps: reading the configuration file, initializing a sending buffer area, and acquiring system information of the transformer substation; checking port information, network connection information, serial port states and a buffer file header of the transformer substation system information through the configuration file, and writing a detection result as a mark into a sending message, wherein the message also comprises a system log; and acquiring the system log and the mark of the receiving buffer area, generating a message and storing the message to the sending buffer area.
According to the substation-based network security agent method, the log collection service process comprises the following steps: and receiving the connection of the system log process of the transformer substation, and starting a log collection working process every time one system log is connected.
According to the substation network-based security agent method, the log collection work process is used for receiving the system logs of the power distribution station and writing the system logs into the receiving buffer area.
According to the substation-based network security agent method, the remote communication process comprises the following steps: and establishing network connection with the network security background according to the network security detection request issued by the network security background, and acquiring the message from the sending buffer area and executing sending.
The technical scheme of the invention also comprises a substation network-based security agent device which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, and is characterized in that the processor executes any one of the method steps.
The present invention also includes a computer-readable storage medium, in which a computer program is stored, wherein the computer program, when executed by a processor, implements any of the method steps.
The invention has the beneficial effects that: and all network security events are collected in time, so that omission is avoided, and influence on network security is avoided. The system configuration is flexible, newly added events are simply added, and debugging is convenient.
Drawings
The invention is further described below with reference to the accompanying drawings and examples;
fig. 1 is a flowchart illustrating a substation network security agent-based method according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a substation network security agent according to an embodiment of the present invention.
FIG. 3 is a schematic diagram of a configuration file according to an embodiment of the present invention.
Fig. 4 is a schematic diagram illustrating a workflow of a protocol processing process according to an embodiment of the present invention.
FIG. 5 is a schematic diagram illustrating a workflow of a log collection service process according to an embodiment of the present invention.
FIG. 6 is a flowchart illustrating a management process according to an embodiment of the present invention.
Fig. 7 is a schematic diagram illustrating a background communication process according to an embodiment of the present invention.
FIG. 8 is a flowchart illustrating a log collection process according to an embodiment of the present invention.
Fig. 9 shows a schematic view of an apparatus according to an embodiment of the invention.
Detailed Description
Reference will now be made in detail to the present preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to like elements throughout.
In the description of the present invention, the meaning of a plurality of means is one or more, the meaning of a plurality of means is two or more, and larger, smaller, larger, etc. are understood as excluding the number, and larger, smaller, inner, etc. are understood as including the number.
In the description of the present invention, the consecutive reference numbers of the method steps are for convenience of examination and understanding, and the implementation order between the steps is adjusted without affecting the technical effect achieved by the technical solution of the present invention by combining the whole technical solution of the present invention and the logical relationship between the steps.
In the description of the present invention, unless otherwise explicitly defined, terms such as set, etc. should be broadly construed, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the detailed contents of the technical solutions.
Fig. 1 is a flowchart illustrating a substation network security agent-based method according to an embodiment of the present invention.
The process comprises the following steps:
s100, responding to a network security detection request, and starting a main process;
and S200, starting a plurality of subprocesses through the main process to acquire logs, process protocols and send and receive messages of the transformer substation system.
Fig. 2 is a schematic diagram of a substation network security agent according to an embodiment of the present invention. It includes:
referring to fig. 6, a tcp _ agent _ ctl (management process, i.e., host process) process is responsible for starting and closing other processes (background communication process tcp _ client, protocol processing process tcp _ prot, log collection service process tcp _ server, log collection work process res _ data).
Illustratively, referring to the working schematic diagram of fig. 4, the protocol processing process tcp _ prot process is responsible for the processing of protocol processing and information collection.
The protocol processing process is mainly to take out data from the receiving buffer, process the data and put the processed data into the sending buffer.
Collecting information, processing and detecting system change (such as inserting a U disk and the like), processing messages, and writing the messages into system logs.
Illustratively, referring to the working diagram of FIG. 5, the tcp _ server process accepts connections from the rsyslog syslog process, and starts the child process, res _ data, process each time there is a connection.
Illustratively, referring to the operation diagram of fig. 8, the res _ data process receives the rsyslog message and stores the rsyslog message in the receiving buffer.
Illustratively, referring to the operation diagram of fig. 7, the tcp _ client process connects to the 8800 port, receives control commands from the network security backend (type II), and sends data of the buffer to the network security backend (type II).
In some embodiments, the shared buffer comprises a receive buffer and a transmit buffer.
In some embodiments, the configuration file refers to fig. 3, which includes device identification, network security port, messaging configuration, detection configuration, white list, and connection configuration, which may be adjusted according to the security check request.
Fig. 9 shows a schematic view of an apparatus according to an embodiment of the invention. The apparatus comprises a memory 100 and a processor 901, wherein the processor 902 stores a computer program for performing: responding to a network security detection request, and starting a main process; and starting a plurality of subprocesses through the main process to acquire logs, process protocols and send and receive messages of the transformer substation system.
An embodiment of the present invention further provides a computer-readable storage medium, where the storage medium stores a program, and the program is executed by a processor to implement the substation-based network security agent method as described above.
It should be recognized that the method steps in embodiments of the present invention may be embodied or carried out by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The method may use standard programming techniques. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.
Claims (10)
1. A transformer substation network-based security agent method is characterized by comprising the following steps:
responding to a network security detection request, and starting a main process;
and starting a plurality of subprocesses through the main process to acquire logs, process protocols and send and receive messages of the transformer substation system.
2. The substation network-based security broker method of claim 1, wherein the initiating a master process in response to a network security detection request comprises:
and reading a configuration file, and managing the sub-process state by the main process according to the configuration file, wherein the sub-process is started and stopped.
3. The substation network-based security broker method of claim 1 wherein the configuration files include device identification, network security ports, messaging configuration, detection configuration, white lists and connection configuration.
4. The substation network-based security agent method according to claim 1, wherein the subprocesses include a protocol processing process, a log collection service process, a log collection work process and a remote communication process, and the subprocesses are used for executing processing of log collection, protocol processing and messaging of the substation system.
5. The substation network-based security broker method of claim 4, wherein the protocol processing sub-thread comprises:
reading the configuration file, initializing a sending buffer area, and acquiring system information of the transformer substation;
checking port information, network connection information, serial port states and a buffer file header of the transformer substation system information through the configuration file, and writing a detection result as a mark into a sending message, wherein the message also comprises a system log;
and acquiring the system log and the mark of the receiving buffer area, generating a message and storing the message to the sending buffer area.
6. The substation network-based security broker method of claim 4, wherein the log collection service process comprises:
and receiving the connection of the system log process of the transformer substation, and starting a log collection working process every time one system log is connected.
7. The substation network-based security broker method of claim 4, wherein the log collection work process is configured to receive a system log of the distribution substation and write the system log into a receive buffer.
8. The substation network-based security broker method of claim 4, wherein the remote communication process comprises:
and establishing network connection with the network security background according to the network security detection request issued by the network security background, and acquiring the message from the sending buffer area and executing sending.
9. A substation-based network security broker apparatus comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the method steps of any of claims 1-8.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111677356.5A CN114466064A (en) | 2021-12-31 | 2021-12-31 | Transformer substation network security agent method and device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111677356.5A CN114466064A (en) | 2021-12-31 | 2021-12-31 | Transformer substation network security agent method and device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114466064A true CN114466064A (en) | 2022-05-10 |
Family
ID=81407578
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111677356.5A Pending CN114466064A (en) | 2021-12-31 | 2021-12-31 | Transformer substation network security agent method and device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114466064A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160094620A1 (en) * | 2014-09-26 | 2016-03-31 | Lenovo Enterprise Solutions (Singapore) Pte, Ltd. | Scalable logging control for distributed network devices |
| CN107566334A (en) * | 2017-07-17 | 2018-01-09 | 全球能源互联网研究院有限公司 | A kind of distribution terminal safety monitoring method and device realized based on agency |
| CN110768846A (en) * | 2019-10-31 | 2020-02-07 | 国网四川省电力公司阿坝供电公司 | Intelligent substation network safety protection system |
| CN111031018A (en) * | 2019-12-02 | 2020-04-17 | 国电南瑞科技股份有限公司 | Transformer substation network security monitoring client system and implementation method thereof |
| CN111338893A (en) * | 2020-02-20 | 2020-06-26 | 深圳市腾讯计算机系统有限公司 | Process log processing method and device, computer equipment and storage medium |
| US20210051180A1 (en) * | 2019-08-13 | 2021-02-18 | Secure Telligence LLC | Methods, systems, and devices related to managing in-home network security using artificial intelligence service to select among a plurality of security functions for processing |
| CN112732475A (en) * | 2021-01-13 | 2021-04-30 | 北京字节跳动网络技术有限公司 | Log collection method and device, electronic equipment and storage medium |
-
2021
- 2021-12-31 CN CN202111677356.5A patent/CN114466064A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160094620A1 (en) * | 2014-09-26 | 2016-03-31 | Lenovo Enterprise Solutions (Singapore) Pte, Ltd. | Scalable logging control for distributed network devices |
| CN107566334A (en) * | 2017-07-17 | 2018-01-09 | 全球能源互联网研究院有限公司 | A kind of distribution terminal safety monitoring method and device realized based on agency |
| US20210051180A1 (en) * | 2019-08-13 | 2021-02-18 | Secure Telligence LLC | Methods, systems, and devices related to managing in-home network security using artificial intelligence service to select among a plurality of security functions for processing |
| CN110768846A (en) * | 2019-10-31 | 2020-02-07 | 国网四川省电力公司阿坝供电公司 | Intelligent substation network safety protection system |
| CN111031018A (en) * | 2019-12-02 | 2020-04-17 | 国电南瑞科技股份有限公司 | Transformer substation network security monitoring client system and implementation method thereof |
| CN111338893A (en) * | 2020-02-20 | 2020-06-26 | 深圳市腾讯计算机系统有限公司 | Process log processing method and device, computer equipment and storage medium |
| CN112732475A (en) * | 2021-01-13 | 2021-04-30 | 北京字节跳动网络技术有限公司 | Log collection method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108600193B (en) | Industrial control honeypot identification method based on machine learning | |
| CN111726420A (en) | Communication method, device, equipment and storage medium based on RPA | |
| CN103176924B (en) | The log information collection method of output device and output device | |
| CN111866016A (en) | Log analysis method and system | |
| CN109002424B (en) | File format conversion method and device, computer equipment and storage medium | |
| CN101488890B (en) | Method and system for network attack test | |
| CN102497427A (en) | Method and device for realizing data acquisition services of renewable energy source monitoring system | |
| CN107153539B (en) | File interface system | |
| CN103778024A (en) | Server system and message processing method thereof | |
| CN110830443A (en) | Method and system for remotely monitoring equipment state | |
| CN104967667B (en) | A kind of software stability test remote monitoring system based on cloud service | |
| CN114466064A (en) | Transformer substation network security agent method and device and readable storage medium | |
| CN110995538B (en) | Network data acquisition method, device, system, equipment and storage medium | |
| CN112422564A (en) | Protocol testing method, device, storage medium and electronic device | |
| CN115543755A (en) | Performance monitoring method, device, system, equipment and medium | |
| CN109460194A (en) | A kind of storage array monitoring system and method | |
| CN112950447B (en) | Resource scheduling method, device, server and storage medium | |
| CN113329001A (en) | Network threat discovery method based on abnormal behavior of user side | |
| CN114461598A (en) | Protocol log collection method, system and storage medium | |
| CN112415404A (en) | Battery pack testing method and battery pack testing device | |
| CN117112543B (en) | Big data information management system and method | |
| CN117376187B (en) | Communication protocol detection method and detection system | |
| CN111027095B (en) | Method, device and equipment for identifying private data and readable storage medium | |
| CN116844707A (en) | Medical equipment management method and system based on Internet of things | |
| CN114785723A (en) | Performance monitoring method and system of web system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |