CN114584399B - Distributed heat supply network and photovoltaic data acquisition method and system - Google Patents

Distributed heat supply network and photovoltaic data acquisition method and system Download PDF

Info

Publication number
CN114584399B
CN114584399B CN202210462280.2A CN202210462280A CN114584399B CN 114584399 B CN114584399 B CN 114584399B CN 202210462280 A CN202210462280 A CN 202210462280A CN 114584399 B CN114584399 B CN 114584399B
Authority
CN
China
Prior art keywords
data
module
network
heat supply
photovoltaic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210462280.2A
Other languages
Chinese (zh)
Other versions
CN114584399A (en
Inventor
苏新民
罗海光
钱开荣
牛晨晖
杜润华
王连泰
李锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaneng International Power Jiangsu Energy Development Co Ltd
Original Assignee
Huaneng International Power Jiangsu Energy Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaneng International Power Jiangsu Energy Development Co Ltd filed Critical Huaneng International Power Jiangsu Energy Development Co Ltd
Priority to CN202210462280.2A priority Critical patent/CN114584399B/en
Publication of CN114584399A publication Critical patent/CN114584399A/en
Application granted granted Critical
Publication of CN114584399B publication Critical patent/CN114584399B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q9/00Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a system for acquiring distributed heat supply network and photovoltaic data.A first data is acquired through an external network module, an acquisition interface client program in a network connection module calls an interface driving program to initiate a connection request to the external network module, and the first data is transmitted to the network connection module; the network connection module sends a connection request to the intranet module, establishes connection and transmits the cached data of the extranet module to the intranet module; therefore, the intranet module obtains the first data from the extranet module through the network connection module; the first data enters an acquisition interface server of the intranet module and is transmitted to a real-time database agent, and the storage of the data in a database is finished; the network safety requirement is met, the limitation of data transmission quantity of the internet and the intranet of a company is avoided, the heat supply network and the photovoltaic data are transmitted to the intranet of the company, and the improvement of the enterprise operation management efficiency is facilitated. The invention can be widely applied to industrial internet.

Description

Distributed heat supply network and photovoltaic data acquisition method and system
Technical Field
The invention relates to the technical field of network data safety transmission, in particular to a distributed heat supply network and a photovoltaic data acquisition method and system.
Background
In recent years, in order to improve the management efficiency, enterprises operating the heat supply network system in the power plant need to collect, count and settle data through the internet, however, because of the requirement of the network security level protection of the power system, the intranet and the internet (extranet) of the company are physically isolated, the intranet and extranet module data of the company cannot be mutually transmitted and exchanged, the heat supply network and photovoltaic data of each power plant cannot be transmitted to the intranet of the regional company in real time, the regional company cannot master the real-time data of the regional heat supply network and photovoltaic in real time, in order to master and count the conditions of production real-time data, financial settlement and the like of the heat supply network system and photovoltaic power stations (distributed photovoltaic is gradually increased along with the requirement of the structural transformation of the power enterprise) contained in each enterprise in real time, the lean management requirement of the regional company is met, the heat supply network and photovoltaic data of each enterprise need to be uniformly transmitted to the regional company, the problems of the prior art need to be clarified.
Effective basic measures for network security technology guarantee are needed to be taken for realizing data transmission, a network interconnection foundation is realized, and meanwhile, a safe and efficient interconnection protocol is adopted to develop a corresponding application system, so that all heat supply network and photovoltaic data of each power plant are transmitted to an intranet of a regional company in real time, and the regional company grasps real-time operation conditions of the regional heat supply network and photovoltaic in real time. When a heat supply network and photovoltaic data are transmitted to a company intranet, the problems that network data safety risks exist in the application of the prior art, the data transmission quantity of the internet and the company intranet is limited and the like need to be solved.
Disclosure of Invention
This section is for the purpose of summarizing some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. In this section, as well as in the abstract and the title of the invention of this application, simplifications or omissions may be made to avoid obscuring the purpose of the section, the abstract and the title, and such simplifications or omissions are not intended to limit the scope of the invention.
The present invention has been made in view of the above-mentioned conventional problems.
Therefore, the technical problem solved by the invention is as follows: the problems that the network data security risk exists in the application of the prior art, the data transmission quantity of the internet and the intranet of a company is limited and the like need to be solved.
In order to solve the technical problems, the invention provides the following technical scheme: a distributed heat supply network and photovoltaic data acquisition method comprises the steps that first data are acquired through an external network module, an acquisition interface client program in a network connection module calls an interface driving program to initiate a connection request for the external network module, and the first data are transmitted to the network connection module;
the network connection module initiates a connection request to the intranet module, establishes connection and transmits the cached data of the extranet module to the intranet module; therefore, the intranet module acquires first data from the extranet module through the network connection module;
and the first data enters an acquisition interface server of the intranet module and is transmitted to a real-time database agent to finish data storage.
As a preferred scheme of the method for acquiring distributed heat supply network and photovoltaic data of the present invention, the first data includes heat supply network and photovoltaic data, the heat supply network and photovoltaic data are acquired by the external network module, and after the network connection module initiates a connection request to the external network module and establishes a connection, the heat supply network and photovoltaic data are transmitted to the network connection module.
As a preferred scheme of the method for collecting distributed heat supply network and photovoltaic data of the present invention, the network connection module is used to connect the external network module and the internal network module, a network buffer area is formed between the external network module and the internal network module by setting an intrusion protection device and an isolation device, and the whole data collection request is initiated from the network connection module of the security buffer area, thereby fundamentally preventing data in the external network module from directly entering the network connection module and the internal network module.
The optimal scheme of the distributed heat supply network and photovoltaic data acquisition method is based on a TCP/IP transmission protocol and a Modbus TCP communication protocol, the method is connected with a heat supply network and a photovoltaic data acquisition interface of an external network module through an interface driving program, and the heat supply network and photovoltaic data are acquired and called through an acquisition interface client program;
the first data is transmitted through an intrusion prevention device: if the code of the data is the same as the code in the virus database, the data is identified as a virus code, and the network intrusion prevention device blocks the virus code; if the first data is the same as the intrusion prevention feature code, the first data is identified as malicious code, and the network intrusion prevention device intercepts the first data; if the code is different from the code and the intrusion prevention feature code in the virus database, the security detection is passed, and then the acquisition interface client program checks whether abnormal data exists in the first data, if the data quality is unqualified, the acquisition interface client program discards the abnormal packet and sends a retransmission instruction to the interface driver program; and if the data quality is qualified, caching the first data by the acquisition interface client program.
As a preferred scheme of the method for collecting distributed heat supply network and photovoltaic data of the present invention, the intranet module eliminates the difference of the first data written in by using a real-time database agent when different real-time databases are used.
The invention provides the following technical scheme: a distributed heat supply network and photovoltaic data acquisition system using the distributed heat supply network and photovoltaic data acquisition method comprises: the system comprises an external network module, a data acquisition module and a data transmission module, wherein the external network module is used for acquiring first data and transmitting the first data;
the network connection module is connected with the external network module through a Modbus TCP protocol and used for sending a request to the external network module and caching first data;
the system comprises an intranet module, a network connection module and a collection interface client program, wherein the intranet module is connected with the network connection module, the network connection module comprises an interface driving program and a collection interface client program, the collection interface client program calls the interface driving program through an internal program to initiate a connection request for the extranet module, and the first data are transmitted to the network connection module; the network connection module initiates a connection request to the intranet module, establishes connection and transmits the cached data of the extranet module to the intranet module.
As a preferred scheme of the distributed heat supply network and photovoltaic data acquisition system, the intranet module comprises an acquisition interface server and a real-time database agent, and the acquisition interface server is connected with the real-time database agent through an internal program;
and the real-time database agent calls the acquisition interface server through an internal program to transmit the data to a real-time database for storage.
As a preferred scheme of the system for collecting distributed heat supply network and photovoltaic data of the present invention, the external network module is connected to the network connection module through the intrusion prevention device, the network router and the network switch, the intrusion prevention device and the isolation device are connected between the network connection module and the internal network module.
As a preferred scheme of the distributed heat supply network and photovoltaic data acquisition system, an interface driving program is connected with an acquisition interface client program through an internal program; and the acquisition interface client program initiates a calling instruction to the interface driver program, connects the heat supply network and the photovoltaic data acquisition interface of the external network module, and transmits the heat supply network and the photovoltaic data to the network connection module for caching.
As a preferred scheme of the distributed heat supply network and photovoltaic data acquisition system of the present invention, the real-time database agent is used to eliminate the difference of data written by different real-time databases, shield communication obstacles caused by different real-time databases, and monitor data of the heat supply network and photovoltaic.
The invention has the beneficial effects that: the intranet can be safely connected with the Internet, the data of the extranet module can be safely transmitted to the network connection module, the first data acquired from the extranet module are transmitted to the intranet of the regional company by the network connection module in real time, and the data transmission is safer, quicker and more convenient; meanwhile, the high-reliability connection-oriented TCP protocol connection is initiated from a high-safety region to a low-safety region in combination with the network safety requirement, and the rapid and simple Modbus TCP protocol of the industrial Ethernet is applied to transmit data, so that the network safety requirement is realized, the limitation of data transmission quantity of the Internet and a company intranet can be avoided, and the heat supply network and the photovoltaic data are safely and efficiently transmitted to the company intranet. The invention can be applied to industrial Internet.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise. Wherein:
fig. 1 is a schematic basic flow chart of a distributed heat supply network and photovoltaic data acquisition method according to a first embodiment of the present invention;
fig. 2 is a topological diagram of a distributed heat supply network and photovoltaic data acquisition method according to a first embodiment of the present invention;
fig. 3 is a schematic structural diagram of a distributed heat supply network and photovoltaic data acquisition system according to a second embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, specific embodiments accompanied with figures are described in detail below, and it is apparent that the described embodiments are a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making creative efforts based on the embodiments of the present invention, shall fall within the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways than those specifically described and will be readily apparent to those of ordinary skill in the art without departing from the spirit of the present invention, and therefore the present invention is not limited to the specific embodiments disclosed below.
Furthermore, the references herein to "one embodiment" or "an embodiment" refer to a particular feature, structure, or characteristic that may be included in at least one implementation of the present invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
While the present invention has been described in detail with reference to the drawings, the cross-sectional views illustrating the structure of the device are not enlarged partially in a general scale for convenience of illustration, and the drawings are only exemplary and should not be construed as limiting the scope of the present invention. In addition, the three-dimensional dimensions of length, width and depth should be included in the actual fabrication.
Meanwhile, in the description of the present invention, it should be noted that the terms "upper, lower, inner and outer" and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of describing the present invention and simplifying the description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation and operate, and thus, cannot be construed as limiting the present invention. Furthermore, the terms first, second, or third are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The terms "mounted, connected and connected" in the present invention are to be understood broadly, unless otherwise explicitly specified or limited, for example: can be fixedly connected, detachably connected or integrally connected; they may be mechanically, electrically, or directly connected, or indirectly connected through intervening media, or may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Example 1
Referring to fig. 1 and 2, in an embodiment of the present invention, a distributed heat supply network and photovoltaic data acquisition method is provided, including:
s1: acquiring first data through the extranet module 100 and transmitting the first data to the network connection module 200; the specific process comprises the following steps: the first data is collected through the external network module 100, and the collection interface client 202 (supporting the multi-protocol interface) in the network connection module 200 calls the interface driver 201 (using the modbus-tcp protocol) to initiate a connection request to the external network module 100, so as to transmit the first data to the network connection module 200.
The link is provided with a comprehensive intrusion protection device with routing function, firewall and intrusion protection function, so that the safety of data transmission is improved, each device in the network is correctly installed and debugged, and the smoothness of the link is ensured. The comprehensive intrusion prevention device is externally connected with a communication or telecommunication two-way INTERNET link to realize the connection with the INTERNET. One link route of the intrusion prevention device is set to be accessed only by a VPN, the other link route is set to be the route only in the outgoing direction, the routes in the links have the incoming, outgoing and bidirectional directions, and the setting of the outgoing only means that tcp/ip can only be initiated to the Internet from the local; meanwhile, the intrusion protection device, the isolation device, the network router and the switch all adopt home-made equipment, the network security of the home-made equipment is higher than that of imported equipment, and the network router is a product of different manufacturers, so that the security of the equipment such as the intrusion protection device, the isolation device, the network router and the switch is ensured.
The first data includes heat supply network and photovoltaic data, and the heat supply network and photovoltaic data are collected by the external network module 100 and transmitted to the network connection module 200.
The network connection module 200 is used for connecting the external network module 100 and the internal network module 300, a network buffer area is formed between the external network module 100 and the internal network module 300 by arranging an intrusion protection device and an isolation device, and the whole data acquisition request is initiated from the network connection module 200 of the security buffer area, so that the data in the external network module 100 is fundamentally prevented from directly entering the network connection module 200 and the internal network module 300, and the network security is greatly improved.
The network connection module 200 and the intranet module 300 are interconnected by adopting a physical isolation device, and are strictly forbidden to be logically isolated by a protocol mode, so that the safety is favorably improved. And the security policies of the intrusion prevention device adopt an access white list. The acquisition interface server adopts a domestic super-fusion virtualization server.
The network connection module 200 connects the external network module 100 and the internal network module 300 based on a TCP/IP transmission protocol and a Modbus TCP communication protocol, an acquisition interface client 202 (supporting a multi-protocol interface) in the network connection module 200 calls an interface driver 201 (the driver uses a Modbus TCP protocol) to initiate a connection request to the external network module 100, and the external network module 100 acquires heat supply network and photovoltaic data and transmits and caches the data to the network connection module 200 in response to the request of the network connection module 200; due to the intrusion prevention device and the isolation device, the data of the external network module 100 including the heat supply network and the photovoltaic data can not directly enter the internal network module 300 through the network connection module 200, thereby preventing malicious codes in the external network module 100 from entering the internal network module 300 through the network connection module 200 and improving the safety of the internal network module 300.
S2: the network connection module 200 sends a connection request to the intranet module 300, establishes connection, and transmits the cached data of the extranet module 100 to the intranet module 300; thereby, the intranet module 300 obtains the first data from the extranet module 100 through the network connection module 200.
Based on a TCP/IP transmission protocol and a Modbus TCP communication protocol, an interface driver 201 is called through an interface client program 202 to initiate a connection request for the external network module 100, a heat supply network and a photovoltaic data acquisition interface of the external network module 100 are connected, and heat supply network and photovoltaic data of the external network module 100 are acquired; antivirus software is arranged in the network connection module 200 (interface server), and the first data is scanned through the antivirus software; malicious codes in the first data are prevented from affecting the security of the data in the intranet module 300.
Based on a TCP/IP transmission protocol and a Modbus TCP communication protocol, sending a connection request to the external network module 100 through the network connection module 200, wherein the connection request comprises an IP address (destination address) of a heat supply network or a photovoltaic power station specified by the heat supply network and the photovoltaic data;
matching the IP address of the heat supply network or the photovoltaic power station in the connection request with the IP address of the heat supply network or the photovoltaic power station: if the IP address of the heat supply network or the photovoltaic power station in the connection request is not matched with the IP address of the heat supply network or the photovoltaic power station, continuing matching; until the IP address of the heat supply network or the photovoltaic power station in the connection request is matched with the IP address of the heat supply network or the photovoltaic power station, the TCP connection can not be established until the addresses are matched.
The network connection module 200 sends a connection request to the intranet module 300 and establishes connection; transmitting the data cached in the network connection module 200 to the intranet module 300; thereby, the intranet module 300 obtains the first data from the extranet module 100 through the network connection module 200. The intrusion prevention device and the isolation device in the link improve the security of the intranet module 300.
In the process of establishing and transmitting the link, if the code of the data is the same as the code in the virus database, the data is identified as a virus code, and the network intrusion prevention device blocks the code; if the intrusion prevention feature codes are the same as the intrusion prevention feature codes, the malicious codes are identified, and the network intrusion prevention device intercepts data;
if the code is different from the code and the intrusion prevention feature code in the virus database, the acquisition interface client-side program 202 checks whether the first data has abnormal data, and if the data quality is not qualified, the acquisition interface client-side program 202 discards the abnormal packet and initiates a retransmission instruction.
Data containing malicious code is blocked from penetrating or attacking intranet module 300 by a physical isolation device (also called a gatekeeper).
The network connection module 200 can update the virus database in time by automatically downloading the virus update database, so that the identification capability of the virus database on virus codes is ensured, and the safety of data communication is improved.
S3: the first data enters the acquisition interface server 301 of the intranet module 300 and is transmitted to the real-time database agent 302, so that the database storage is completed.
Because most of the existing networks use TCP/IP, high-speed data exchange of industrial Ethernet can be realized by using a Modbus TCP protocol (which can be used for communication of a management network, a real-time monitoring network and field equipment) on an application layer, connection-oriented TCP protocol connection based on high reliability is initiated from a high-safety region to a low-safety region, and the MODBUS protocol which is high-speed and simple in industrial Ethernet is applied, so that the network safety requirement is realized, and the application requirement is met.
The real-time database agent 302 is used for eliminating the difference of data written in different real-time databases, shielding communication obstacles caused by different real-time databases, and monitoring data of a heat supply network and photovoltaic. The first data without abnormal data and malicious codes can be input into the acquisition interface server 301 from the acquisition interface client program 202 through the intrusion prevention device and the isolation device, so that the heat supply network and the photovoltaic data are transmitted to the intranet of the company in real time, the production and operation requirements of the company are met, and the management efficiency is improved.
Example 2
Referring to fig. 3, for a second embodiment of the present invention, a distributed heat supply network and photovoltaic data acquisition system is provided, which includes an external network module 100, where the external network module 100 is configured to acquire first data and transmit the first data; the network connection module 200 is connected to the external network module 100 through a Modbus TCP protocol, and the network connection module 200 initiates a connection request to the external network module 100 and caches the first data called by the external network module 100 to the network connection module 200. The intranet module 300 is connected to the network connection module 200, and the network connection module 200 issues a connection request to the intranet module 300 and transmits the first data cached in the connection module 200 to the intranet module 300.
The first data comprise heat supply network and photovoltaic data, the heat supply network data comprise heat supply information for supplying heat to users, the photovoltaic data comprise power generation data of each photovoltaic power station, the power generation data comprise power generation amount, power and total power generation amount, and the heat supply network and the photovoltaic data are transmitted to the network connection module 200 after the collection request is sent by the network connection module 200 through the external network module 100. By installing hardware basic equipment and configuring a safety interconnection protocol, a safe and efficient interconnection network foundation is made for a data acquisition interface, and the safety and efficient interconnection network foundation comprises a network isolation device, a firewall, an intrusion prevention system and the like.
The network connection module 200 comprises an interface driver 201 and an acquisition interface client 202; the interface driver 201 is connected with a heat supply network and a photovoltaic data acquisition interface of the external network module 100, and the acquisition interface client side program 202 calls the interface driver 201 to initiate a connection request for the external network module 100, acquire first data, and perform caching and scanning; meanwhile, the acquisition interface client 202 checks the data quality of the first data in the interface driver 201, if the data quality is qualified, the data is transmitted, and if the data quality is not qualified, the data is discarded and the data is required to be retransmitted.
The intranet module 300 comprises an acquisition interface server 301 and a real-time database agent 302, wherein the acquisition interface server 301 and the real-time database agent 302 are connected through an internal program; the acquisition interface server 301 is configured to receive the first data sent by the acquisition interface client 202, and implement real-time transmission of the heat supply network and the photovoltaic data to the company intranet, so as to meet the management and management requirements and improve the management efficiency.
Further, the acquisition interface client 202 initiates connection to the acquisition interface server 301 in a communication manner, and after the connection is successful, the first data cached in the network connection module 200 is sent to the acquisition interface server 301, and the real-time database proxy 302 calls the acquisition interface server 301 through an internal program to transmit the data to the real-time database for storage.
The extranet module 100 is connected to the network connection module 200 through an intrusion prevention device (including firewall, anti-virus, intrusion prevention function) and a network router, a network switch, and a network switch, an intrusion prevention device and an isolation device are connected between the network connection module 200 and the intranet module 300.
By providing the intrusion prevention device and the isolation device, a network buffer (i.e., the network connection module 200) is formed between the external network module 100 and the internal network module 300. The direct access between the extranet module 100 and the intranet module 300 can be avoided through the network buffer area, which is beneficial to improving the security of data transmission between the extranet module 100 and the intranet module 300.
Data packets transmitted from the extranet module 100 to the interface driver 201 and the collection interface client 202 to the collection interface server 301 are subjected to data packet feature code detection by different network security devices:
an intrusion prevention device (characteristic intrusion code detection and virus code detection) is required to be arranged between the interface driver 201 and the external network module 100, antivirus software is arranged in the network connection module 200, and in the process of establishing a link and transmitting data, if the code of the data is the same as the code in a virus database, the data is identified as a virus code, and the network intrusion prevention device blocks the data; if the intrusion prevention characteristic codes are the same as the intrusion prevention characteristic codes, the malicious codes are identified, and the network intrusion prevention device intercepts the data packet;
the acquisition interface client-side program 202 calls the interface driver 201 to initiate a request to the extranet module 100 to acquire heat supply network and photovoltaic data, the network connection module 200 scans the heat supply network and photovoltaic data, and if abnormal data does not exist after the heat supply network and photovoltaic data are scanned, the network connection module 200 initiates a request to the intranet module 300 to establish a link between the network connection module 200 and the intranet module 300; the security data enters the intranet module 300 through the intrusion prevention device and the isolation device. Based on a TCP/IP transmission protocol and a Modbus TCP communication protocol, the interface driver 201 is connected with a heat supply network and photovoltaic data acquisition interface of the external network module 100, the interface driver 201 is called by the interface client program 202 to initiate a request to the external network module 100, and heat supply network and photovoltaic data in the external network module 100 are cached to the interface client program 202.
Because most of the existing networks use TCP/IP, the high-speed data exchange of the industrial Ethernet can be realized by using a Modbus TCP protocol (which can be used for communication of a management network, a real-time monitoring network and field equipment) on an application layer, the connection of the TCP protocol based on high reliability and connection facing is initiated from a high-safety region to a low-safety region, and the MODBUS protocol which is high-speed and simple is applied to the industrial Ethernet, thereby not only realizing the network safety requirement, but also meeting the application requirement; the intranet module 300 further includes a real-time database agent 302, and the real-time database agent 302 is configured to eliminate differences between data written by different real-time databases, shield communication barriers caused by the different real-time databases, and monitor data of a heat supply network and a photovoltaic network. The first data without abnormal data and malicious codes can be input into the acquisition interface server 301 from the acquisition interface client program 202 through the intrusion prevention device and the isolation device, so that the heat supply network and the photovoltaic data are transmitted to the intranet of the company in real time, the production and operation requirements of the company are met, and the management efficiency is improved.
By adopting the network security interconnection foundation, an acquisition interface driver 201 and an acquisition interface client 202 which are interconnected with a front-end heating system and based on a Modbus TCP communication protocol are developed.
Table 1: photovoltaic power plant data sheet.
Figure DEST_PATH_IMAGE002
Testing the data of the heat supply management and charging system: an internet heat supply management and charging system is installed on the external network module 100, and heat supply network and photovoltaic data are collected; the method comprises the steps that through a network connection module 200, the hot network and photovoltaic data are collected and cached, safety detection is carried out on the hot network and photovoltaic data without malicious codes through an invasion and internal and external network isolation device, the hot network and photovoltaic data pass through an internal and external network isolation device (a gateway), the hot network and photovoltaic data are sent to an intranet module 300 and stored in a Rython real-time database; the real-time supervision system realizes the calculation, statistical analysis and display of the heat supply data of each plant.
Table 2: nanjing power plant heat supply network data table
Figure DEST_PATH_IMAGE004
Figure DEST_PATH_IMAGE006
Figure DEST_PATH_IMAGE008
Figure DEST_PATH_IMAGE010
Figure DEST_PATH_IMAGE012
Figure DEST_PATH_IMAGE014
Figure DEST_PATH_IMAGE016
Figure DEST_PATH_IMAGE018
Figure DEST_PATH_IMAGE020
TABLE 3 acquisition of heat supply network, photovoltaic data (comparison table)
Prior art (originating from the external network to the buffer) My technology (originating from buffer to extranet interface machine)
Time-of-flight ductility >15ms <1ms
Packet loss rate 1% 0%
Table 3 is a comparison table between the prior art and the prior art, where the prior art initiates a request from the extranet module 100, and data is transmitted to the buffer, and the prior art initiates a connection request from the buffer, and then the extranet module collects information and buffers the information to the buffer, and obtains the data according to experimental simulation, where the data transmission delay of the prior art is less than 1ms, which greatly improves the transmission speed and is much greater than >15ms of the prior art; improvement in office efficiency can be exhibited from the side; secondly, the packet loss rate of the technology of our party is 0%, and the packet loss rate of the prior art is 1%; the reliability of data transmission is greatly improved.
As a comparison of the present invention with the prior art:
in the prior art, a request is generally sent from the internet, an intranet server performs static address mapping on a router and is matched with security systems such as a firewall and the like; adopting FTP non-real time transmission or UDP connectionless protocol to transmit data; the method is characterized in that a data safety buffer area is arranged between an intranet and the Internet, a link request is initiated from the safe and credible buffer area, network physical isolation is adopted, and a firewall and an intrusion protection system are matched, so that the problems of applying a Modbus TCP protocol from a local area network to the Internet are solved, and the requirements of distributed heat supply network and photovoltaic data acquisition in the Internet are met. Compared with the traditional method that a request is sent from the Internet, the server performs static address mapping on the router and is matched with security systems such as a firewall and the like, so that the method is safer and more reliable; compared with the traditional transmission protocol in the Internet, the Modbus TCP communication protocol is adopted to acquire the transmission protocol, so that the large data transmission quantity is realized. All the systems adopt home-made devices, so that the network security risk is further reduced.
It should be recognized that embodiments of the present invention can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. Standard programming techniques, including non-transitory computer-readable storage media configured with a computer program, may be used to implement in the computer program, where the storage media so configured cause a computer to operate in a specific and predefined manner, according to the methods and figures described in the detailed description. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the methods may be implemented in any type of computing platform operatively connected to a suitable connection, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein. A computer program can be applied to input data to perform the functions described herein to transform the input data to generate output data that is stored to non-volatile memory. The output information may also be applied to one or more output devices, such as a display. In a preferred embodiment of the invention, the transformed data represents physical and tangible objects, including particular visual depictions of physical and tangible objects produced on a display.
As used in this application, the terms "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being: a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of example, both an application running on a computing device and the computing device can be a component. One or more components can reside within a process and/or thread of execution and a component can be localized on one computer and/or distributed between two or more computers. In addition, these components can execute from various computer readable media having various data structures thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from one component interacting with another component in a local system, distributed system, and/or across a network such as the internet with other systems by way of the signal).
It should be noted that the above-mentioned embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, which should be covered by the claims of the present invention.

Claims (7)

1. A method for collecting distributed heat supply network and photovoltaic data is characterized in that: comprises the steps of (a) preparing a mixture of a plurality of raw materials,
acquiring first data through an external network module (100), calling an interface driver (201) by an acquisition interface client program (202) in a network connection module (200) to initiate a connection request for the external network module (100), and transmitting the first data to the network connection module (200);
the network connection module (200) initiates a connection request to the intranet module (300), establishes connection and transmits the cached data of the extranet module (100) to the intranet module (300); therefore, the intranet module (300) obtains first data from the extranet module (100) through the network connection module (200);
the first data enters an acquisition interface server (301) of the intranet module (300) and is transmitted to a real-time database agent (302) to finish data storage;
the first data comprise heat supply network and photovoltaic data, the heat supply network and photovoltaic data are collected through the external network module (100), and after a connection request for the external network module (100) is initiated and connection is established by the network connection module (200), the heat supply network and photovoltaic data are transmitted to the network connection module (200);
the network connection module (200) is used for connecting the external network module (100) and the internal network module (300), a network buffer area is formed between the external network module (100) and the internal network module (300) by arranging an intrusion protection device and an isolation device, and the whole data acquisition request is initiated from the network connection module (200) of the security buffer area, so that data in the external network module (100) is fundamentally prevented from directly entering the network connection module (200) and the internal network module (300);
based on a TCP/IP transmission protocol and a Modbus TCP communication protocol, a heat supply network and a photovoltaic data acquisition interface of an external network module (100) are connected through an interface driver (201), and heat supply network and photovoltaic data are acquired and called through an acquisition interface client program (202);
the first data is transmitted through an intrusion prevention device: if the code of the data is the same as the code in the virus database, the data is identified as a virus code, and the network intrusion prevention device blocks the virus code; if the first data is the same as the intrusion prevention feature code, the first data is identified as malicious code, and the network intrusion prevention device intercepts the first data; if the code is different from the code and the intrusion prevention feature code in the virus database, the acquisition interface client program (202) checks whether abnormal data exists in the first data through security detection, and if the data quality is unqualified, the acquisition interface client program (202) discards the abnormal packet and initiates a retransmission instruction to the interface driver program (201); if the data quality is qualified, the acquisition interface client program (202) caches the first data.
2. The method for collecting distributed heat supply network and photovoltaic data according to claim 1, wherein: the intranet module (300) eliminates the difference of the written first data through the real-time database agent (302) when different real-time databases are adopted.
3. A system for acquiring distributed heat supply network and photovoltaic data, comprising the method for acquiring distributed heat supply network and photovoltaic data according to claim 2, further comprising:
the system comprises an external network module (100), a data acquisition module and a data transmission module, wherein the external network module (100) is used for acquiring first data and transmitting the first data;
the network connection module (200) is connected with the external network module (100) through a Modbus TCP protocol and used for initiating a request to the external network module (100) and caching first data;
the intranet module (300) is connected with the network connection module (200), the network connection module (200) comprises an interface driver (201) and a collection interface client program (202), the collection interface client program (202) calls the interface driver (201) to initiate a connection request for the extranet module (100) through an internal program, and the first data are transmitted to the network connection module (200); the network connection module (200) initiates a connection request to the intranet module (300), establishes connection, and transmits the cached data of the extranet module (100) to the intranet module (300).
4. The distributed heat grid, photovoltaic data acquisition system of claim 3, wherein: the intranet module (300) comprises an acquisition interface server (301) and a real-time database agent (302), wherein the acquisition interface server (301) is connected with the real-time database agent (302) through an internal program;
the method comprises the steps that a collection interface client program (202) initiates connection to a collection interface server (301) in a communication mode, first data cached in a network connection module (200) are sent to the collection interface server (301) after connection is successful, and a real-time database agent (302) calls the collection interface server (301) through an internal program to transmit the data to a real-time database for storage.
5. The distributed heat grid, photovoltaic data acquisition system of claim 4, wherein: the outer net module (100) is connected with the network connection module (200) through an intrusion prevention device, a network router and a network switch, and the network connection module (200) is connected with the network switch, the intrusion prevention device and an isolation device between the inner net module (300).
6. The distributed heat grid, photovoltaic data acquisition system of claim 5, wherein: the interface driver (201) is connected with the acquisition interface client program (202) through an internal program; the acquisition interface client program (202) initiates a calling instruction to the interface driver program (201), connects the heat supply network and the photovoltaic data acquisition interface of the external network module (100), and transmits the heat supply network and the photovoltaic data cache to the network connection module (200).
7. The distributed heat grid, photovoltaic data acquisition system of claim 6, wherein: the real-time database agent (302) is used for eliminating the difference of data written in different real-time databases, shielding communication barriers brought by different real-time databases and monitoring data of a heat supply network and photovoltaic.
CN202210462280.2A 2022-04-29 2022-04-29 Distributed heat supply network and photovoltaic data acquisition method and system Active CN114584399B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210462280.2A CN114584399B (en) 2022-04-29 2022-04-29 Distributed heat supply network and photovoltaic data acquisition method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210462280.2A CN114584399B (en) 2022-04-29 2022-04-29 Distributed heat supply network and photovoltaic data acquisition method and system

Publications (2)

Publication Number Publication Date
CN114584399A CN114584399A (en) 2022-06-03
CN114584399B true CN114584399B (en) 2022-08-12

Family

ID=81785229

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210462280.2A Active CN114584399B (en) 2022-04-29 2022-04-29 Distributed heat supply network and photovoltaic data acquisition method and system

Country Status (1)

Country Link
CN (1) CN114584399B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571398A (en) * 2004-04-29 2005-01-26 上海交通大学 Network safety isolating and information exchanging system and method based on proxy mapping
CN104009956A (en) * 2013-02-22 2014-08-27 杭州海康威视数字技术股份有限公司 Communication method based on embedded multi-core co-processing gatekeeper system
CN204046641U (en) * 2014-03-26 2014-12-24 太原罗克佳华工业有限公司 A kind of Secure isolation gateway supporting multi-protocol data acquisition
CN106506510A (en) * 2016-11-18 2017-03-15 江苏方天电力技术有限公司 Dynamic vibration signal data inter-network lock Transmission system and its method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7149862B2 (en) * 2002-11-18 2006-12-12 Arm Limited Access control in a data processing apparatus
CN105991520A (en) * 2015-01-29 2016-10-05 朗新科技股份有限公司 Inner/outer network interaction method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571398A (en) * 2004-04-29 2005-01-26 上海交通大学 Network safety isolating and information exchanging system and method based on proxy mapping
CN104009956A (en) * 2013-02-22 2014-08-27 杭州海康威视数字技术股份有限公司 Communication method based on embedded multi-core co-processing gatekeeper system
CN204046641U (en) * 2014-03-26 2014-12-24 太原罗克佳华工业有限公司 A kind of Secure isolation gateway supporting multi-protocol data acquisition
CN106506510A (en) * 2016-11-18 2017-03-15 江苏方天电力技术有限公司 Dynamic vibration signal data inter-network lock Transmission system and its method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《CATV通信技术在中国用电信息采集领域的应用与研究》;宋晓卉等;《电气应用》;20131231;正文第2节 *
《基于网络隔离的信息采集解决方案》;汪兴刚;《计算机安全》;20011231;全文 *

Also Published As

Publication number Publication date
CN114584399A (en) 2022-06-03

Similar Documents

Publication Publication Date Title
US7464407B2 (en) Attack defending system and attack defending method
US20160323304A1 (en) Information processing apparatus, method and computer-readable medium
CN103795632B (en) Data message transmission method, related equipment and system
CN105429957A (en) IP address jump safety communication method based on SDN framework
CN107888613B (en) Management system based on cloud platform
CN110351233A (en) A kind of two-way transparent transmission technology based on safety isolation network gate
CN105282172A (en) Uniprocessing system based on hardware data transformation technology and network security isolation method thereof
CN102984165B (en) Wireless network secure supervisory control system and method
CN113783871A (en) Micro-isolation protection system adopting zero trust architecture and protection method thereof
CN114584399B (en) Distributed heat supply network and photovoltaic data acquisition method and system
CN112422348B (en) Power information data acquisition communication system and method
CN113992368A (en) Honeypot cluster detection method and system based on directional drainage
CN102143173A (en) Method and system for defending distributed denial of service (Ddos) attacks and gateway equipment
EP4167524A1 (en) Local network device connection control
CN114189858B (en) Asymmetric encryption-based power 5G public network secure transmission method
Han et al. Sliding-mode observers for real-time DDoS detection
CN105827470A (en) Method and device for identifying abnormal network interconnection traffic
KR100539760B1 (en) System and method for inducing installing agent using internet access control
CN105516096A (en) Botnet network discovery technology and apparatus
JP2001077857A (en) Filtering processing device, network provided with it and its storage medium
CN106789864B (en) Message anti-attack method and device
Usuzaki et al. A proposal of highly responsive distributed Denial-of-Service attacks detection using Real-Time burst detection method
CN114726824B (en) Wireless broadband router, message processing and domain name resolution method and device
CN108055659A (en) Data processing method and system, the equipment of a kind of terminal device
CN111800670B (en) Video network access system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant