CN114760154A - Data isolation transmission method based on power carrier across safety zones and communication robot - Google Patents
Data isolation transmission method based on power carrier across safety zones and communication robot Download PDFInfo
- Publication number
- CN114760154A CN114760154A CN202210669545.6A CN202210669545A CN114760154A CN 114760154 A CN114760154 A CN 114760154A CN 202210669545 A CN202210669545 A CN 202210669545A CN 114760154 A CN114760154 A CN 114760154A
- Authority
- CN
- China
- Prior art keywords
- communication robot
- data
- virtual container
- communication
- host system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B3/00—Line transmission systems
- H04B3/54—Systems for transmission via power distribution lines
- H04B3/542—Systems for transmission via power distribution lines the information being in digital form
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Alarm Systems (AREA)
- Manipulator (AREA)
Abstract
The invention discloses a data isolation transmission method based on power carrier waves crossing a safety zone and a communication robot, which can realize the following steps: the communication robot carries out data exchange with charging pile through power line carrier communication, no longer needs wireless communication and does not relate to external network, prevents the network security problem, utilizes virtual container and private agreement to carry out data isolation transmission simultaneously, realizes the safe transmission of data is patrolled and examined between the safety interval, can avoid network security invasion risk and virus propagation risk, has greatly improved and has patrolled and examined efficiency and data security.
Description
Technical Field
The invention relates to the field of safe transmission of data, in particular to a data isolation transmission method and a communication robot based on power carrier waves crossing a safe area.
Background
The intranet network planning of the power monitoring system adopts a partitioning scheme for data safety consideration during design, and is divided into an intranet first area, an intranet second area and an intranet third area according to different safety grades. The three intranet network areas are provided with isolation measures, so that the safety of data transmission is ensured. The three network areas of the equipment such as the host computer are usually deployed in a unified power monitoring system machine room for unified power supply management. Software and hardware running conditions need to be monitored so as to discover abnormality as early as possible and maintain stability of a power grid. Meanwhile, due to the information safety consideration, the wireless equipment is not allowed to be used in the power monitoring system machine room.
And the traditional intelligent inspection robot usually adopts a wireless network to transmit data when executing an inspection task, if the wireless network is invaded by the outside, the wireless network invades an electric power inner network, great network risks can be generated in a safety zone, and the running stability and safety of a power grid production system are influenced, so that the data transmission by the wireless network is not feasible in the safety zone. Even if offline inspection is carried out, the robot operating system needs to be reinstalled before switching the intranet network area every time, so that the efficiency is low, and errors are easy to occur.
Therefore, there is an urgent need for an information handling method capable of performing data transfer among a first region, a second region, and a third region in an electric power intranet, and it is necessary that viruses are not transmitted among the regions in the data transfer and transmission processes, so that the data transmission safety is improved without reducing the work efficiency.
Disclosure of Invention
The invention provides a data isolation transmission method and a communication robot based on power carrier cross-safety zones, aiming at the problem that the prior art can not meet the cross-safety data transmission safety requirements among safety zones.
The technical scheme of the invention is as follows:
a data isolation transmission method based on power carrier waves crossing safety zones is applied to a communication robot and comprises the following steps:
the communication robot establishes a virtual container before being connected with the charging piles, wherein each safety zone is provided with at least one charging pile;
the communication robot establishes power carrier communication after being connected with the charging pile, the virtual container exchanges data with the charging pile, and a host system of the communication robot exchanges data with the virtual container through a private protocol and waits for an inspection task to be issued;
if the host system of the communication robot extracts the routing inspection task from the virtual container, the connection with the charging pile is disconnected, and the virtual container is closed and deleted;
the communication robot patrols and examines a target safety area according to an inspection task, data exchange is carried out through a charging pile of a corresponding safety area and a newly-built virtual container when the communication robot is in network connection with equipment to be inspected in the inspection process, the corresponding virtual container is deleted after the network connection is disconnected, and the step of creating the virtual container in the first step is returned after the inspection task is completed.
The invention can completely meet the requirement of the machine room safety regulation with the requirement of mutual safety isolation of multiple network areas, and replaces wireless network transmission by using a power carrier communication technology and a charging pile.
Preferably, the deploying a trusted computing module in the host system of the communication robot, before creating the virtual container, performs trusted verification such as security detection and security processing on the host system of the communication robot, and ensures that the host system program operating environment of the communication robot is secure and trusted, includes: the method has the advantages that credible verification is conducted on system programs, application programs, important configuration parameters and the like of a host system of the communication robot, meanwhile, the functions of credible reference library, unknown program immunization, credible audit management, software version management, credible module self-protection and the like are achieved, active immunization on malicious codes is achieved, the purpose of active defense is achieved, and system reinstallation or system maintenance is conducted when a file is found to be abnormal so as to confirm that potential safety hazards do not exist. The content and type range of the files required by the communication robot are limited, so that the work of checking whether abnormal files exist is relatively easy, and the step can ensure that the communication robot has a safe system internal environment before working.
Preferably, in the private protocol, the task parameters and the data exchange format are limited, a white list of key names and value types which can pass the checking is created, and the key names and the value types outside the white list cannot pass the checking; when the host system exchanges data with the virtual container through the private protocol, the virtual container only returns the data of which the key name and the value type pass the check. The content and type range of files stored in a general computer or equipment are various, so that whether the files are abnormal or not is difficult to judge by key names and value types, and a complex virus detection process is usually required; however, in the scheme, the communication robot only needs to acquire and transmit polling data, so that the ranges of the key names and the value types are relatively fixed, and transmission of other files can be directly blocked by setting the white list, so that virus propagation is isolated.
Preferably, when the host system exchanges data with the virtual container through a private protocol, if data with a key name and a value type outside a white list are found in the virtual container, a secondary container is generated according to a mirror image of the virtual container, alarm information is generated in the host system and received and processed by operation and maintenance personnel, and after the data of the secondary container are extracted by the operation and maintenance personnel, the secondary container is deleted by itself, and credible verification such as security detection and security processing is performed on the host system of the communication robot.
In the process of executing the inspection task, once high-level safety alarm is found, the inspection task needs to be interrupted immediately, an emergency report is generated and sent to a background host, and emergency alarm prompt is carried out. The existence of the private protocol and the virtual container can isolate virus propagation, but cannot help to rapidly process viruses, so that in order to further improve data transmission safety, all suspicious files need to be rapidly and effectively analyzed.
Preferably, the routing inspection of the target safety area comprises: and checking the hardware appearance of the equipment to be checked and checking the equipment running condition of the equipment to be checked.
Preferably, the hardware appearance comprises the conditions of on/off of an indicator light and heating of the equipment, and the hardware appearance for checking the equipment to be checked comprises the following steps: detecting the color and the position of an indicator light of equipment to be detected in real time by adopting a target detection convolutional neural network based on deep learning; and detecting the temperature and the heating position of the equipment by adopting a thermal imaging technology. The method comprises the steps of adopting a deep learning convolutional neural network detection algorithm, taking PyTorch or yolov3 as a deep learning training framework, collecting image data of an indicator lamp of a server in an inspection machine room, marking and manufacturing a VOC data set by using LabelImg software, classifying the indicator lamps with different colors, and then training a network model to realize an indicator lamp detection function.
Preferably, the method for checking the operation condition of the equipment to be checked comprises the following steps: the communication robot and the equipment to be detected establish power line carrier communication, a virtual container of the communication robot acquires the use conditions including equipment CPU and memory, equipment process operation conditions, service system data correctness and the like by using an operation and maintenance script, and after the virtual container reads data and calculates, a host system of the communication robot reads a result from the virtual container. The operation and maintenance script can be various types of scripts such as shell, python, windows batch script and the like, for example, system CPU information including but not limited to CPU usage, CPU load can be collected by using the shell script, memory information including but not limited to the number of memories used by an application program, MEM usage and the size of a Swap area (Swap) usage can be collected, disk information including but not limited to the amount of data read from a hard disk to a physical memory per second on average, the amount of data written from the physical memory to the hard disk per second on average, and network information including but not limited to traffic and packet volume can be collected.
The invention also provides a communication robot which comprises a processing unit, a power carrier unit and a patrol unit and is used for executing the data isolation transmission method based on the power carrier crossing safety zone.
Preferably, the communication robot includes a plurality of physically isolated IPs, and is capable of registering using different IPs when performing power carrier communication.
The operation equipment in the cabinet comprises safety zone servers, and the zones are not communicated with each other through a network. The robot uses power line carrier communication, has no external wifi, and needs to support a plurality of physically non-communicated IP (corresponding to each safety zone); when the robot is charged, the robots need to use the IP of different areas respectively, the servers in all the areas are remotely logged in to execute shell scripts, the scripts automatically calculate the service conditions of the servers, such as a CPU (central processing unit), an internal memory and the like, and the scripts push generated result files to a certain directory of the robot.
Preferably, the communication robot is provided with a laser radar and a depth camera, the laser radar is used for constructing a grid map, the depth camera is used for detecting obstacles, and the communication robot can autonomously avoid environmental obstacles in a path by combining with a SLAM algorithm to realize dynamic path planning and positioning. The SLAM technology of the communication robot can help the communication robot to establish an environment map And complete self positioning at the same time, help the communication robot to realize autonomous navigation, And ensure the safe operation of the communication robot in a region. The advantages of using the laser radar as the sensor are that the obtained information is fast and accurate, the error model is simple, the indoor and outdoor stability is high, and the engineering practicability is strong.
The substantial effects of the present invention include: by using the power carrier technology, the multi-charging-pile collaborative design and the virtual container technology, under the condition of strictly complying with the safety regulations of the communication machine room of the power intranet, the safe transmission of the patrol data in a safe interval is realized, the network safety invasion risk and the virus propagation risk can be avoided, and the patrol efficiency and the data safety are greatly improved.
Drawings
Fig. 1 is a frame diagram of a communication scheme of a communication robot and a charging pile according to an embodiment of the present invention;
fig. 2 is a flow chart of data isolation transmission according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions will be clearly and completely described below with reference to the embodiments, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
It should be understood that, in the various embodiments of the present invention, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the internal logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
It should be understood that in the present application, "comprising" and "having" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that, in the present invention, "a plurality" means two or more. "and/or" is merely an association describing an associated object, meaning that three relationships may exist, for example, and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "comprises A, B and C" and "comprises A, B, C" means that A, B, C all comprise, "comprises A, B or C" means comprise one of A, B, C, "comprises A, B and/or C" means comprise any 1 or any 2 or 3 of A, B, C.
The technical solution of the present invention will be described in detail below with specific examples. Embodiments may be combined with each other and some details of the same or similar concepts or processes may not be repeated in some embodiments.
The embodiment is as follows:
as shown in fig. 1, hardware support of the data isolation method requires that each safety zone is provided with a charging pile, the communication robot comprises three physically isolated IPs which respectively correspond to a first zone, a second zone and a third zone, and a safety first zone server, a safety second zone server and a safety third zone server are not communicated with each other. The robot uses power line carrier communication, has no wifi external amplifier, and needs to support 3 physically non-communicated IPs (corresponding to a first zone, a second zone and a third zone); when the robot is charged, 3 IPs are required to be used respectively, servers in each area are remotely logged in to execute shell scripts, the scripts automatically calculate the service conditions of a server CPU, a memory and the like, and the scripts push generated result files to a certain ftp directory of the robot.
In the embodiment, the communication robot is provided with the laser radar and the depth camera, the laser radar is used for constructing the grid map, the depth camera is used for detecting obstacles, and the SLAM algorithm is combined to autonomously avoid environmental obstacles in a path, so that dynamic path planning and positioning are realized. The SLAM technology of the communication robot can help the communication robot to establish an environment map And complete self positioning at the same time, help the communication robot to realize autonomous navigation, And ensure the safe operation of the communication robot in a region. The advantages of using the laser radar as the sensor are that the obtained information is fast and accurate, the error model is simple, the indoor and outdoor stability is high, and the engineering practicability is strong.
And after receiving the polling task of the background host, the robot leaves the charging pile, offline polling is carried out, after the polling is finished, the robot returns to the charging pile in the area 3, and the background host actively acquires polling data of the robot and issues a polling report.
The data isolation transmission method of the embodiment comprises the following steps:
the communication robot establishes a virtual container before being connected with the charging piles, wherein each safety zone is provided with at least one charging pile;
the communication robot establishes power carrier communication after being connected with the charging pile, the virtual container exchanges data with the charging pile, and a host system of the communication robot exchanges data with the virtual container through a private protocol and waits for an inspection task to be issued;
if the host system of the communication robot extracts the routing inspection task from the virtual container, disconnecting the host system from the charging pile, and closing and deleting the virtual container;
the communication robot patrols and examines the target safety zone, data exchange is carried out through the charging pile and the newly-built virtual container in the corresponding safety zone when the communication robot is in network connection with the equipment to be inspected in the patrolling and examining process, the virtual container is deleted after the network connection is broken, and the first step is returned after the patrolling and examining task is completed.
A complete data isolation transmission flow chart is shown in fig. 2: the background W detects that the robot R is in a charging standby state at the three-area charging pile position; the background W issues a zone server inspection task T to a container C1 of the robot R; the robot R communicates with the container C1, stores the information of the task T into a local file system through a private protocol, and leaves the three-area charging pile; the robot closes and deletes container C1; changing the network configuration to a region according to the task T content; and instantiating the container C2, docking a charging pile in one area, and continuing to operate according to the preset scheme in fig. 2.
In the embodiment, a Docker container technology is adopted, the virus prevention level of a computer can be enhanced, the power intranet management standard is obeyed, and a control system of the robot is not directly communicated with an intranet host computer, but the container is used as a communication isolation module. When the robot needs to acquire the information of the intranet host, a container is instantiated in the operating system, instruction data are sent to the container through a private protocol, and the container is used for executing communication with the intranet host. Because the container is instantiated directly from the image file, the container will not carry a virus as long as the image file is secure. The mirror image file can be used after being subjected to antivirus processing by professional antivirus software.
And the container is in butt joint with a target intranet host according to the instruction, and the operation information of the host is obtained. The container then sends the inspection data to the robot control system via a proprietary protocol. And after receiving the routing inspection data returned by the container through the private protocol, the robot control system closes and deletes the container. If the container is infected by the virus in the intranet when the container is accessed to the intranet, the virus in the container cannot infect the robot operating system through the proprietary protocol because the container and the robot control system are the proprietary protocol. And the virus in the container can be eliminated along with the active closing and the deletion of the container by the robot operating system. The next time the inspection service is performed, the robot operating system instantiates a new container from the mirror image.
This embodiment can accord with the requirement that has the computer lab safety regulation of many net districts safety isolation demand completely, through using power line carrier communication technique and filling electric pile, under each circumstances that net district keeps apart each other in intranet, guarantees host equipment's data transfer and communication safety, with the help of keeping apart container and private agreement simultaneously, prevents the infection and the propagation of virus, consequently does not need the system of reinstalling every time, improves efficiency of patrolling and examining by a wide margin.
In this embodiment, the host system of the communication robot deploys the trusted computing module, and before the virtual container is created, trusted verification such as security detection and security processing is performed on the host system of the communication robot, so as to ensure the security and the trust of the program operating environment of the host system of the communication robot. The method comprises the following steps: the system program, the application program, the important configuration parameters and the like of the host system of the communication robot are verified in a credible mode, and meanwhile the system program, the application program, the important configuration parameters and the like have the functions of a credible reference library, unknown program immunization, credible audit management, software version management, credible module self-protection and the like, active immunization on malicious codes is achieved, and the purpose of active defense is achieved. And if the file is found to be abnormal, reinstalling the system or maintaining the system to confirm that the potential safety hazard does not exist. The content and type range of the files required by the communication robot are limited, so that the work of checking whether abnormal files exist is relatively easy, and the step can ensure that the communication robot has a safe system internal environment before working.
In this embodiment, in the private protocol, the task parameters and the data exchange format are limited, and a legal key name and a value type are specified in the white list, so that an illegal key name and value cannot pass the check; when the host system exchanges data with the virtual container through the private protocol, the virtual container only returns the data of which the key name and the value type pass the check. The content and type range of files stored in a general computer or equipment are various, so that whether the files are abnormal or not is difficult to judge by key names and value types, and a complex virus detection process is usually required; however, in the scheme, only the communication robot is required to process the polling data, so that the ranges of the key names and the value types are relatively fixed, and the transmission of other files can be directly blocked by setting the form of the white list, so that the virus propagation is isolated.
In this embodiment, when the host system exchanges data with the virtual container through the private protocol, if the virtual container finds that the data has an illegal key name and value, the host system generates a secondary container according to the mirror image of the virtual container, generates alarm information in the host system, and the alarm information is received and processed by operation and maintenance personnel.
In the process of executing the inspection task, once high-level safety alarm is found, the inspection task needs to be interrupted immediately, an emergency report is generated and sent to a background host, and emergency alarm prompt is carried out. The existence of the private protocol and the virtual container can isolate virus propagation, but cannot help to rapidly process viruses, so that in order to further improve data transmission safety, all suspicious files need to be rapidly and effectively analyzed.
In this embodiment, relate to and go out and equipment condition of generating heat to pilot lamp and patrol and examine, include: detecting the color and the position of an indicator light of equipment to be detected in real time by adopting a target detection convolutional neural network based on deep learning; and detecting the temperature and the heating position of the equipment by adopting thermal imaging. The method comprises the steps of adopting a deep learning convolutional neural network detection algorithm, taking PyTorch or yolov3 as a deep learning training frame, collecting image data of indicator lights of a server in an inspection machine room, marking and manufacturing a VOC (volatile organic compound) data set by using LabelImg software, classifying the indicator lights with different colors, then training a network model to realize the indicator light detection function, converting a pt weight file of PyTorch into a weights file if the reasoning speed of the model needs to be improved, and then performing network forward reasoning calculation by using a TensorRT reasoning optimizer to perfect the indicator light detection function.
In this embodiment, relate to patrolling and examining to equipment operation conditions, include: the communication robot establishes power line carrier communication with the equipment to be detected, the virtual container of the communication robot acquires the use conditions including equipment CPU and memory by using the operation and maintenance script, and the virtual container is read from the virtual container by the host system of the communication robot after reading and calculating. The operation and maintenance script can be various types of scripts such as shell, python, windows batch script and the like, for example, system CPU information including but not limited to CPU usage, CPU load and the like can be collected by using the shell script, memory information including but not limited to the number of memories used by an application program, MEM usage and the size of a Swap area (Swap) usage can be collected, disk information including but not limited to the amount of data read from a hard disk to a physical memory per second on average, the amount of data written from the physical memory to the hard disk per second on average, and network information including but not limited to traffic and packet volume can be collected.
The substantial effects of the present embodiment include: by using the power line carrier technology, the multi-charging-pile collaborative design and the virtual container technology, under the condition of strictly following the safety regulations of the communication machine room of the power intranet, the safe transmission of the inspection data in a safe interval is realized, the network safety invasion risk and the virus propagation risk can be avoided, and the inspection efficiency and the data safety are greatly improved.
Through the description of the above embodiments, those skilled in the art will understand that, for convenience and simplicity of description, only the division of the above functional modules is used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of a specific device is divided into different functional modules to complete all or part of the above described functions.
In the embodiments provided in this application, it should be understood that the disclosed structures and methods may be implemented in other ways. For example, the above-described embodiments with respect to structures are merely illustrative, and for example, a module or a unit may be divided into only one logic function, and may have another division manner in actual implementation, for example, a plurality of units or components may be combined or may be integrated into another structure, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, structures or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed to a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A data isolation transmission method based on power carrier waves crossing safety zones is applied to a communication robot and is characterized by comprising the following steps:
the communication robot establishes a virtual container before being connected with the charging piles, wherein each safety zone is provided with at least one charging pile;
after the communication robot is connected with the charging pile, power carrier communication is established, the virtual container and the charging pile perform data exchange, and a host system of the communication robot performs data exchange with the virtual container through a private protocol and waits for issuing of a routing inspection task;
if the host system of the communication robot extracts the routing inspection task from the virtual container, disconnecting the host system from the charging pile, and closing and deleting the virtual container;
the communication robot patrols and examines a target safety area according to a patrol and examine task, and when in patrol and examine process and the equipment to be examined are in network connection, data exchange is carried out through the charging pile of the corresponding safety area and the newly-built virtual container, and after the network connection is broken, the corresponding virtual container is deleted, and after the patrol and examine task is completed, the step of creating the virtual container is returned to.
2. The method for data isolation transmission across the security zone based on the power carrier according to claim 1, wherein the host system of the communication robot deploys a trusted computing module, and before the virtual container is created, the trusted computing module performs trusted verification including security detection and security processing on the host system of the communication robot, so as to ensure that the running environment of the host system program of the communication robot is secure and trusted, and the method includes: at least carrying out credible verification on a system program, an application program and important configuration parameters of a host system of the communication robot, realizing active immunization on malicious codes to achieve the purpose of active defense, and carrying out system reinstallation or system maintenance when finding file abnormality so as to confirm that no potential safety hazard exists.
3. The data isolation transmission method based on the power carrier across the safety zone according to claim 2, wherein in the private protocol, a task parameter and a data exchange format are limited, a white list of key names and value types which can pass the check is created, and the key names and the value types outside the white list cannot pass the check; when the host system exchanges data with the virtual container through the private protocol, the virtual container only returns the data of which the key name and the value type pass the check.
4. The data isolation transmission method based on the power carrier across the security zones according to claim 3, wherein when the host system exchanges data with the virtual container through a private protocol, if the data is found to have a key name and a value type outside a white list in the virtual container, a secondary container is generated according to a mirror image of the virtual container, alarm information is generated in the host system and is received and processed by operation and maintenance personnel, and when the data of the secondary container is extracted by the operation and maintenance personnel, the secondary container is deleted by itself, and trusted verification including security detection and security processing is performed on the host system of the communication robot.
5. The power carrier-based data isolation transmission method across safe zones according to claim 1 or 2, wherein the polling of the target safe zone comprises: and checking the hardware appearance of the equipment to be checked and checking the equipment running condition of the equipment to be checked.
6. The data isolation transmission method across the safety zone based on the power carrier according to claim 5, wherein the hardware appearance includes on/off of an indicator light and heating of the device, and the checking the hardware appearance of the device to be detected includes: the target detection convolutional neural network based on deep learning is adopted to detect the color and the position of an indicator light of equipment to be detected in real time, and the thermal imaging technology is adopted to detect the temperature and the heating position of the equipment.
7. The method for data isolation transmission across the security zone based on the power carrier according to claim 5, wherein the checking the device operation condition of the device to be checked includes: the communication robot and the equipment to be detected establish power line carrier communication, a virtual container of the communication robot acquires the use condition including an equipment CPU (central processing unit) and a memory, the equipment process operation condition and the correctness of service system data by using an operation and maintenance script, and a host system of the communication robot reads a result from the virtual container after the virtual container reads and calculates the data.
8. A communication robot comprises a processing unit, a power carrier unit and a patrol inspection unit, and is characterized by being used for executing the data isolation transmission method based on power carrier crossing safety zones according to any one of claims 1-7.
9. A communication robot as claimed in claim 8, wherein the communication robot includes a plurality of physically isolated IPs, and can perform registration using different IPs when performing power carrier communication.
10. The communication robot of claim 8, wherein the communication robot is provided with a laser radar and a depth camera, the laser radar is used for constructing a grid map, the depth camera is used for detecting obstacles, and the communication robot is combined with a SLAM algorithm to autonomously avoid environmental obstacles in a path, so that dynamic path planning and positioning are realized.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210669545.6A CN114760154B (en) | 2022-06-14 | 2022-06-14 | Data isolation transmission method based on power carrier across safety zones and communication robot |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210669545.6A CN114760154B (en) | 2022-06-14 | 2022-06-14 | Data isolation transmission method based on power carrier across safety zones and communication robot |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114760154A true CN114760154A (en) | 2022-07-15 |
CN114760154B CN114760154B (en) | 2022-08-19 |
Family
ID=82336709
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210669545.6A Active CN114760154B (en) | 2022-06-14 | 2022-06-14 | Data isolation transmission method based on power carrier across safety zones and communication robot |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114760154B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015120753A1 (en) * | 2014-02-12 | 2015-08-20 | 韩磊 | Electric vehicle battery pack replacement system consisting of computers, internet, multiple robots |
US9729579B1 (en) * | 2015-04-27 | 2017-08-08 | Symantec Corporation | Systems and methods for increasing security on computing systems that launch application containers |
CN107069856A (en) * | 2017-03-29 | 2017-08-18 | 武汉大学 | Crusing robot intelligence continuation of the journey wireless charging system and its charging method |
CN107124037A (en) * | 2017-04-13 | 2017-09-01 | 贵州电网有限责任公司电力科学研究院 | A kind of intelligent substation inspection system and error comprehensive diagnosis method based on multi-data source |
CN109922106A (en) * | 2017-12-13 | 2019-06-21 | 中标软件有限公司 | The cloud cell phone system realized based on Docker container |
US20210012011A1 (en) * | 2019-07-11 | 2021-01-14 | International Business Machines Corporation | Blackbox security for containers |
CN112783518A (en) * | 2021-01-26 | 2021-05-11 | 电子科技大学 | Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method |
CN113612502A (en) * | 2021-06-22 | 2021-11-05 | 苏州大学 | Automatic charging electrode carrier communication circuit of robot |
-
2022
- 2022-06-14 CN CN202210669545.6A patent/CN114760154B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015120753A1 (en) * | 2014-02-12 | 2015-08-20 | 韩磊 | Electric vehicle battery pack replacement system consisting of computers, internet, multiple robots |
US9729579B1 (en) * | 2015-04-27 | 2017-08-08 | Symantec Corporation | Systems and methods for increasing security on computing systems that launch application containers |
CN107069856A (en) * | 2017-03-29 | 2017-08-18 | 武汉大学 | Crusing robot intelligence continuation of the journey wireless charging system and its charging method |
CN107124037A (en) * | 2017-04-13 | 2017-09-01 | 贵州电网有限责任公司电力科学研究院 | A kind of intelligent substation inspection system and error comprehensive diagnosis method based on multi-data source |
CN109922106A (en) * | 2017-12-13 | 2019-06-21 | 中标软件有限公司 | The cloud cell phone system realized based on Docker container |
US20210012011A1 (en) * | 2019-07-11 | 2021-01-14 | International Business Machines Corporation | Blackbox security for containers |
CN112783518A (en) * | 2021-01-26 | 2021-05-11 | 电子科技大学 | Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method |
CN113612502A (en) * | 2021-06-22 | 2021-11-05 | 苏州大学 | Automatic charging electrode carrier communication circuit of robot |
Non-Patent Citations (2)
Title |
---|
F. LUMPP: "A Container-based Design Methodology for Robotic Applications on", 《2021 FORUM ON SPECIFICATION & DESIGN LANGUAGES (FDL)》 * |
彭向阳等: "变电站机器人智能巡检技术及应用效果", 《高压电器》 * |
Also Published As
Publication number | Publication date |
---|---|
CN114760154B (en) | 2022-08-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN114584405B (en) | Electric power terminal safety protection method and system | |
CN102594620B (en) | Linkable distributed network intrusion detection method based on behavior description | |
CN105493060B (en) | Sweet end Active Network Security | |
US20170093910A1 (en) | Dynamic security mechanisms | |
CN108370370A (en) | System and method for passively assessing industrial security boundary | |
CN112164049B (en) | Method and device for monitoring illegal construction | |
CN110968941A (en) | Unmanned aerial vehicle control platform and control method based on airspace safety assessment | |
CN106101130A (en) | A kind of network malicious data detection method, Apparatus and system | |
Labib et al. | Trustworthiness in iot–a standards gap analysis on security, data protection and privacy | |
Lekidis et al. | Electricity infrastructure inspection using AI and edge platform-based UAVs | |
CN105867347B (en) | Cross-space cascading fault detection method based on machine learning technology | |
CN116781412A (en) | Automatic defense method based on abnormal behaviors | |
Li et al. | Using data mining methods to detect simulated intrusions on a modbus network | |
Xu et al. | MSICST: Multiple-Scenario Industrial Control System Testbed for Security Research. | |
US20200127973A1 (en) | Integrated behavior-based infrastructure command validation | |
Tao et al. | Experience and lessons in building an ics security testbed | |
CN105429996A (en) | Method for intelligently finding and locating address translation equipment | |
CN114760154B (en) | Data isolation transmission method based on power carrier across safety zones and communication robot | |
CN109639658A (en) | The data transmission method and device of firewall for electric power secondary system O&M | |
Ferrão et al. | STUART: ReSilient archiTecture to dynamically manage Unmanned aeriAl vehicle networks under atTack | |
CN107608752B (en) | Threat information response and disposal method and system based on virtual machine introspection | |
CN116192495B (en) | Design method, system, equipment and medium of honey farm of power monitoring system | |
Mumrez et al. | Comparative Study on Smart Grid Security Testbeds Using MITRE ATT&CK Matrix | |
Zhao et al. | An analysis of internet of things computer network security and remote control technology | |
Jiménez-González et al. | An integrated testbed for heterogeneous mobile robots and other cooperating objects |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |