CN114760154B - Data isolation transmission method based on power carrier across safety zones and communication robot - Google Patents
Data isolation transmission method based on power carrier across safety zones and communication robot Download PDFInfo
- Publication number
- CN114760154B CN114760154B CN202210669545.6A CN202210669545A CN114760154B CN 114760154 B CN114760154 B CN 114760154B CN 202210669545 A CN202210669545 A CN 202210669545A CN 114760154 B CN114760154 B CN 114760154B
- Authority
- CN
- China
- Prior art keywords
- communication robot
- data
- virtual container
- communication
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B3/00—Line transmission systems
- H04B3/54—Systems for transmission via power distribution lines
- H04B3/542—Systems for transmission via power distribution lines the information being in digital form
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention discloses a data isolation transmission method and a communication robot based on power carrier across safety zones, which can realize that: the communication robot carries out data exchange with charging pile through power line carrier communication, no longer needs wireless communication and does not relate to external network, prevents the network security problem, utilizes virtual container and private agreement to carry out data isolation transmission simultaneously, realizes the safe transmission of data is patrolled and examined between the safety interval, can avoid network security invasion risk and virus propagation risk, has greatly improved and has patrolled and examined efficiency and data security.
Description
Technical Field
The invention relates to the field of safe data transmission, in particular to a power carrier-based cross-safety-zone data isolation transmission method and a communication robot.
Background
The intranet network planning of the power monitoring system adopts a partitioning scheme in design due to data safety consideration, and is divided into an intranet one-region, an intranet two-region and an intranet three-region according to different safety levels. Three intranet net district have isolation measure each other, ensure data transmission's security. The three network areas of the equipment such as the host computer are usually deployed in a unified power monitoring system machine room for unified power supply management. Software and hardware running conditions need to be monitored so as to discover abnormality as early as possible and maintain stability of a power grid. Meanwhile, due to the information safety consideration, the wireless equipment is not allowed to be used in the power monitoring system room.
And the traditional intelligent inspection robot usually adopts a wireless network to transmit data when executing an inspection task, if the wireless network is invaded by the outside, the wireless network invades an electric power intranet, great network risks can be generated in a safety zone, and the running stability and safety of a power grid production system are influenced, so that the data transmission by the wireless network is not feasible in the safety zone. Even if offline inspection is carried out, the robot operating system needs to be reinstalled before switching the intranet network area every time, so that the efficiency is low, and errors are easy to occur.
Therefore, there is an urgent need for an information handling method capable of performing data transfer among a first region, a second region, and a third region in an electric power intranet, and it is necessary that viruses are not transmitted among the regions in the data transfer and transmission processes, so that the data transmission safety is improved without reducing the work efficiency.
Disclosure of Invention
The invention provides a data isolation transmission method and a communication robot based on power carrier cross-safety zones, aiming at the problem that the prior art can not meet the cross-safety data transmission safety requirements among safety zones.
The technical scheme of the invention is as follows:
a data isolation transmission method based on power carrier waves crossing safety zones is applied to a communication robot and comprises the following steps:
the communication robot establishes a virtual container before being connected with the charging piles, wherein each safety zone is provided with at least one charging pile;
the communication robot establishes power carrier communication after being connected with the charging pile, the virtual container exchanges data with the charging pile, and a host system of the communication robot exchanges data with the virtual container through a private protocol and waits for an inspection task to be issued;
if the host system of the communication robot extracts the routing inspection task from the virtual container, the connection with the charging pile is disconnected, and the virtual container is closed and deleted;
the communication robot patrols and examines a target safety area according to a patrol and examine task, exchanges data through a charging pile of a corresponding safety area and a newly-built virtual container when being in network connection with equipment to be examined in the patrol and examine process, deletes the corresponding virtual container after the network connection is broken, and returns to the step of creating the virtual container in the first step after the patrol and examine task is completed.
The invention can completely meet the requirement of the machine room safety regulation with the requirement of mutual safety isolation of multiple network areas, and replaces wireless network transmission by using a power carrier communication technology and a charging pile.
Preferably, the deploying a trusted computing module in the host system of the communication robot, before creating the virtual container, performs trusted verification such as security detection and security processing on the host system of the communication robot, and ensures that the host system program operating environment of the communication robot is secure and trusted, includes: the method is used for carrying out credible verification on a system program, an application program, important configuration parameters and the like of a host system of the communication robot, and meanwhile has the functions of a credible reference library, unknown program immunization, credible audit management, software version management, credible module self-protection and the like, so that active immunization on malicious codes is realized, the purpose of active defense is achieved, and system reinstallation or system maintenance is carried out when a file is abnormal, so that the potential safety hazard does not exist. The content and type range of the files required by the communication robot are limited, so that the work of checking whether abnormal files exist is relatively easy, and the step can ensure that the communication robot has a safe system internal environment before working.
Preferably, in the private protocol, the task parameters and the data exchange format are limited, a white list of key names and value types which can pass the checking is created, and the key names and the value types outside the white list cannot pass the checking; when the host system exchanges data with the virtual container through the private protocol, the virtual container only returns the data of which the key name and the value type pass the check. The content and type range of files stored in a general computer or equipment are various, so that whether the files are abnormal or not is difficult to judge by key names and value types, and a complex virus detection process is usually required; however, in the scheme, the communication robot only needs to acquire and transmit the routing inspection data, so that the ranges of the key names and the value types are relatively fixed, and the transmission of other files can be directly blocked by setting the white list, so that the virus propagation is isolated.
Preferably, when the host system exchanges data with the virtual container through a private protocol, if data with a key name and a value type outside a white list are found in the virtual container, a secondary container is generated according to a mirror image of the virtual container, alarm information is generated in the host system and received and processed by operation and maintenance personnel, and after the data of the secondary container is extracted by the operation and maintenance personnel, the secondary container is deleted by self, and credible verification such as security detection and security processing is performed on the host system of the communication robot.
In the process of executing the inspection task, once high-level safety alarm is found, the inspection task needs to be interrupted immediately, an emergency report is generated and sent to a background host, and emergency alarm prompt is carried out. The existence of the private protocol and the virtual container can isolate virus propagation, but cannot help to rapidly process viruses, so that in order to further improve data transmission safety, all suspicious files need to be rapidly and effectively analyzed.
Preferably, the inspecting the target security zone includes: and checking the hardware appearance of the equipment to be checked and the equipment running condition of the equipment to be checked.
Preferably, the hardware appearance comprises the conditions of on/off of an indicator light and heating of the equipment, and the hardware appearance for checking the equipment to be checked comprises the following steps: detecting the color and the position of an indicator light of equipment to be detected in real time by adopting a target detection convolutional neural network based on deep learning; and detecting the temperature and the heating position of the equipment by adopting a thermal imaging technology. The method comprises the steps of adopting a deep learning convolutional neural network detection algorithm, taking PyTorch or yolov3 as a deep learning training frame, collecting image data of indicator lamps of a server in an inspection machine room, marking and manufacturing a VOC (volatile organic compound) data set by using LabelImg software, classifying the indicator lamps with different colors, and then training a network model to realize an indicator lamp detection function.
Preferably, the method for checking the operation condition of the equipment to be checked comprises the following steps: the communication robot and the equipment to be detected establish power line carrier communication, a virtual container of the communication robot acquires the use conditions including equipment CPU and memory, the equipment process operation condition, the correctness of service system data and the like by using an operation and maintenance script, and after the virtual container reads data and calculates, a host system of the communication robot reads a result from the virtual container. The operation and maintenance script can be a shell script, a python script, a windows batch script and other scripts of various types, for example, system CPU information including but not limited to CPU usage and CPU load can be collected by using the shell script, memory information including but not limited to the number of memories used by an application program, MEM usage and the size of used Swap area (Swap) can be collected, disk information including but not limited to the amount of data read from a hard disk to a physical memory per second on average, the amount of data written from the physical memory to the hard disk per second on average, and network information including but not limited to traffic and packet amount can be collected.
The invention also provides a communication robot which comprises a processing unit, a power carrier unit and a patrol unit and is used for executing the data isolation transmission method based on the power carrier crossing safety zone.
Preferably, the communication robot includes a plurality of physically isolated IPs, and is capable of registering using different IPs when performing power carrier communication.
The operation equipment in the cabinet comprises safety zone servers, and the zones are not communicated with each other through a network. The robot uses power line carrier communication, has no wifi external amplifier and needs to support a plurality of physically non-communicated IPs (corresponding to each safety zone); when the robot is charged, the robots need to use the IP of different areas respectively, the servers in all the areas are remotely logged in to execute shell scripts, the scripts automatically calculate the service conditions of the servers, such as a CPU (central processing unit), an internal memory and the like, and the scripts push generated result files to a certain directory of the robot.
Preferably, the communication robot is provided with a laser radar and a depth camera, the laser radar is used for constructing a grid map, the depth camera is used for detecting obstacles, and the communication robot can autonomously avoid environmental obstacles in a path by combining with a SLAM algorithm to realize dynamic path planning and positioning. The SLAM technology of the communication robot can help the communication robot to establish an environment map And complete self positioning at the same time, help the communication robot to realize autonomous navigation, And ensure the safe operation of the communication robot in a region. The advantages of using the laser radar as the sensor are that the obtained information is fast and accurate, the error model is simple, the indoor and outdoor stability is high, and the engineering practicability is strong.
The substantial effects of the invention include: by using the power line carrier technology, the multi-charging-pile collaborative design and the virtual container technology, under the condition of strictly following the safety regulations of the communication machine room of the power intranet, the safe transmission of the inspection data in a safe interval is realized, the network safety invasion risk and the virus propagation risk can be avoided, and the inspection efficiency and the data safety are greatly improved.
Drawings
Fig. 1 is a frame diagram of a communication scheme of a communication robot and a charging pile according to an embodiment of the present invention;
fig. 2 is a flow chart of data isolation transmission according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions will be clearly and completely described below with reference to the embodiments, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the internal logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
It should be understood that in the present application, "comprising" and "having" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that, in the present invention, "a plurality" means two or more. "and/or" is merely an association relationship describing an associated object, meaning that there may be three relationships, for example, and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "comprises A, B and C" and "comprises A, B, C" means that all three of A, B, C comprise, "comprises A, B or C" means that one of A, B, C comprises, "comprises A, B and/or C" means that any 1 or any 2 or 3 of A, B, C comprises.
The technical solution of the present invention will be described in detail below with specific examples. Embodiments may be combined with each other and descriptions of the same or similar concepts or processes may be omitted in some embodiments.
Example (b):
as shown in fig. 1, hardware support of the data isolation method requires that each security zone is provided with a charging pile, the communication robot comprises three physically isolated IPs which respectively correspond to a first zone, a second zone and a third zone, and a security first zone server, a security second zone server and a security third zone server are disconnected from each other in a network. The robot uses power line carrier communication, has no wifi external amplifier, and needs to support 3 physically non-communicated IPs (corresponding to a first zone, a second zone and a third zone); when the robot is charged, 3 IPs are needed to be used respectively, a server in each area is remotely logged in to execute a shell script, the service conditions of a CPU (central processing unit), a memory and the like of the server are automatically calculated by the script, and the script pushes a generated result file to a certain ftp directory of the robot.
In the embodiment, the communication robot is provided with the laser radar and the depth camera, the laser radar is used for constructing the grid map, the depth camera is used for detecting obstacles, and the SLAM algorithm is combined to autonomously avoid environmental obstacles in a path, so that dynamic path planning and positioning are realized. The SLAM technology of the communication robot can help the communication robot to establish an environment map And complete self positioning, help the communication robot to realize autonomous navigation, And ensure the safe operation of the communication robot in an area. The advantages of using the laser radar as the sensor are that the obtained information is fast and accurate, the error model is simple, the indoor and outdoor stability is high, and the engineering practicability is strong.
And after receiving the polling task of the background host, the robot leaves the charging pile, offline polling is carried out, after the polling is finished, the robot returns to the charging pile in the area 3, and the background host actively acquires polling data of the robot and issues a polling report.
The data isolation transmission method of the embodiment comprises the following steps:
the communication robot establishes a virtual container before being connected with the charging piles, wherein each safety zone is provided with at least one charging pile;
the communication robot establishes power carrier communication after being connected with the charging pile, the virtual container exchanges data with the charging pile, and a host system of the communication robot exchanges data with the virtual container through a private protocol and waits for an inspection task to be issued;
if the host system of the communication robot extracts the routing inspection task from the virtual container, the connection with the charging pile is disconnected, and the virtual container is closed and deleted;
the communication robot patrols and examines a target safety area, data exchange is carried out through charging piles and newly-built virtual containers of the corresponding safety area when the communication robot is in network connection with equipment to be inspected in the patrolling and examining process, the virtual containers are deleted after the network connection is broken, and the first step is returned after the patrolling and examining task is completed.
A complete data isolation transmission flow chart is shown in fig. 2: the background W detects that the robot R is in a charging standby state at the three-area charging pile position; the background W issues a zone server inspection task T to a container C1 of the robot R; the robot R communicates with the container C1, stores the information of the task T into a local file system through a private protocol, and leaves the three-area charging pile; the robot closes and deletes container C1; changing the network configuration to a region according to the task T content; and instantiating a container C2, connecting the charging piles of one area, and continuing to work according to the preset scheme in FIG. 2.
In the embodiment, a Docker container technology is adopted, the computer virus prevention level can be enhanced, the power intranet management specification is obeyed, and the control system of the robot is not directly communicated with an intranet host, but the container is used as a communication isolation module. When the robot needs to acquire the information of the intranet host, a container is instantiated in the operating system, instruction data are sent to the container through a private protocol, and the container executes communication with the intranet host. Because the container is instantiated directly from the image file, the container will not carry a virus as long as the image file is secure. The mirror image file can be used after being subjected to antivirus processing by professional antivirus software.
And the container is in butt joint with a target intranet host according to the instruction, and the operation information of the host is obtained. The container then sends the inspection data to the robot control system via a proprietary protocol. And after receiving the patrol data returned by the container through the private protocol, the robot control system closes and deletes the container. If the container is accessed to an intranet and is infected by the virus in the intranet, the virus in the container cannot infect the robot operating system through the private protocol because the container and the robot control system are in the private protocol. And the virus in the container can be eliminated along with the active closing and the deletion of the container by the robot operating system. The next time the inspection service is performed, the robot operating system instantiates a new container from the mirror image.
This embodiment can accord with the requirement that has the computer lab safety regulation of many net districts safety isolation demand completely, through using power line carrier communication technique and filling electric pile, under each circumstances that net district keeps apart each other in intranet, guarantees host equipment's data transfer and communication safety, with the help of keeping apart container and private agreement simultaneously, prevents the infection and the propagation of virus, consequently does not need the system of reinstalling every time, improves efficiency of patrolling and examining by a wide margin.
In this embodiment, the host system of the communication robot deploys the trusted computing module, and before the virtual container is created, trusted verification such as security detection and security processing is performed on the host system of the communication robot, so as to ensure the security and the trust of the program operating environment of the host system of the communication robot. The method comprises the following steps: the system program, the application program, the important configuration parameters and the like of the host system of the communication robot are verified in a credible mode, and meanwhile the system program, the application program, the important configuration parameters and the like have the functions of credible reference library, unknown program immunity, credible audit management, software version management, credible module self-protection and the like, active immunity of malicious codes is achieved, and the purpose of active defense is achieved. And if the file is found to be abnormal, reinstalling the system or maintaining the system to confirm that the potential safety hazard does not exist. The content and type range of the files required by the communication robot are limited, so that the work of checking whether abnormal files exist is relatively easy, and the step can ensure that the communication robot has a safe system internal environment before working.
In this embodiment, in the private protocol, the task parameters and the data exchange format are limited, legal key names and value types are specified in the white list, and illegal key names and values cannot pass the check; when the host system exchanges data with the virtual container through the private protocol, the virtual container only returns the data of which the key name and the value type pass the check. The content and type range of files stored in a general computer or equipment are various, so that whether the files are abnormal or not is difficult to judge by key names and value types, and a complex virus detection process is usually required; in the scheme, only the communication robot is required to process the polling data, so that the ranges of the key names and the value types are relatively fixed, and the transmission of other files can be directly blocked by setting the white list, so that the virus propagation is isolated.
In this embodiment, when the host system exchanges data with the virtual container through the private protocol, if the virtual container finds that the data has an illegal key name and value, the host system generates a secondary container according to the mirror image of the virtual container, generates alarm information in the host system, and the alarm information is received and processed by operation and maintenance personnel.
In the process of executing the inspection task, once high-level safety alarm is found, the inspection task needs to be interrupted immediately, an emergency report is generated and sent to a background host, and emergency alarm prompt is carried out. The existence of the private protocol and the virtual container can isolate virus propagation, but cannot help to rapidly process viruses, so that in order to further improve data transmission safety, all suspicious files need to be rapidly and effectively analyzed.
In this embodiment, relate to and go out and equipment condition of generating heat to pilot lamp and patrol and examine, include: detecting the color and the position of an indicator light of equipment to be detected in real time by adopting a target detection convolutional neural network based on deep learning; and detecting the temperature and the heating position of the equipment by adopting thermal imaging. The method comprises the steps of adopting a deep learning convolutional neural network detection algorithm, taking PyTorch or yolov3 as a deep learning training frame, collecting image data of indicator lamps of a server in an inspection machine room, marking and manufacturing a VOC data set by using LabelImg software, classifying the indicator lamps with different colors, then training a network model to realize an indicator lamp detection function, converting a pt weight file of PyTorch into a weights file if the model reasoning speed needs to be improved, and then performing network forward reasoning calculation by using a TensorRT reasoning optimizer to perfect the indicator lamp detection function.
In this embodiment, relate to patrolling and examining to equipment behavior, include: the communication robot establishes power line carrier communication with the equipment to be detected, the virtual container of the communication robot acquires the use conditions including equipment CPU and memory by using the operation and maintenance script, and the virtual container is read from the virtual container by the host system of the communication robot after reading and calculating. The operation and maintenance script can be various types of scripts such as shell, python, windows batch script and the like, for example, system CPU information including but not limited to CPU usage, CPU load and the like can be collected by using the shell script, memory information including but not limited to the number of memories used by an application program, MEM usage and the size of a Swap area (Swap) usage can be collected, disk information including but not limited to the amount of data read from a hard disk to a physical memory per second on average, the amount of data written from the physical memory to the hard disk per second on average, and network information including but not limited to traffic and packet volume can be collected.
The substantial effects of the present embodiment include: by using the power carrier technology, the multi-charging-pile collaborative design and the virtual container technology, under the condition of strictly complying with the safety regulations of the communication machine room of the power intranet, the safe transmission of the patrol data in a safe interval is realized, the network safety invasion risk and the virus propagation risk can be avoided, and the patrol efficiency and the data safety are greatly improved.
Through the description of the above embodiments, those skilled in the art will understand that, for convenience and simplicity of description, only the division of the above functional modules is used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of a specific device is divided into different functional modules to complete all or part of the above described functions.
In the embodiments provided in the present application, it should be understood that the disclosed structures and methods may be implemented in other ways. For example, the above-described embodiments with respect to structures are merely illustrative, and for example, a module or a unit may be divided into only one type of logic function, and may have another division manner in actual implementation, for example, multiple units or components may be combined or may be integrated into another structure, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, structures or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed to a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A data isolation transmission method based on power carrier waves crossing safety zones is applied to a communication robot and is characterized by comprising the following steps:
the communication robot establishes a virtual container before being connected with the charging piles, wherein each safety zone is provided with at least one charging pile;
after the communication robot is connected with the charging pile, power carrier communication is established, the virtual container and the charging pile perform data exchange, and a host system of the communication robot performs data exchange with the virtual container through a private protocol and waits for issuing of a routing inspection task;
if the host system of the communication robot extracts the routing inspection task from the virtual container, the connection with the charging pile is disconnected, and the virtual container is closed and deleted;
the communication robot patrols and examines a target safety area according to an inspection task, data exchange is carried out through a charging pile and a newly-built virtual container of the corresponding safety area when the communication robot is in network connection with equipment to be inspected in the inspection process, the corresponding virtual container is deleted after the network connection is disconnected, and the step of creating the virtual container is returned after the inspection task is completed.
2. The data isolation transmission method based on power carrier wave crossing safety zone according to claim 1, wherein the host system of the communication robot deploys a trusted computing module, before creating the virtual container, the host system of the communication robot is subjected to trusted verification including safety detection and safety processing, and the secure trust of the host system program running environment of the communication robot is ensured, including: at least carrying out credible verification on a system program, an application program and important configuration parameters of a host system of the communication robot, realizing active immunization on malicious codes, achieving the purpose of active defense, and carrying out system reinstallation or system maintenance when finding file abnormality so as to confirm that potential safety hazards do not exist.
3. The data isolation transmission method based on the power carrier across the security zone according to claim 2, wherein in the private protocol, task parameters and data exchange formats are limited, a white list of key names and value types that can pass the check is created, and key names and value types outside the white list cannot pass the check; when the host system exchanges data with the virtual container through the private protocol, the virtual container only returns the data of which the key name and the value type pass the check.
4. The data isolation transmission method based on the power carrier across the security zone according to claim 3, wherein when the host system exchanges data with the virtual container through a private protocol, if the virtual container finds that the data has a key name and a value type outside a white list, a secondary container is generated according to a mirror image of the virtual container, alarm information is generated in the host system and received and processed by operation and maintenance personnel, and when the data of the secondary container is extracted by the operation and maintenance personnel, the secondary container is deleted by itself, and the host system of the communication robot is subjected to credible verification including security detection and security processing.
5. The data isolation transmission method based on power carrier across safety zones according to claim 1 or 2, wherein the patrol of the target safety zone comprises: and checking the hardware appearance of the equipment to be checked and checking the equipment running condition of the equipment to be checked.
6. The data isolation transmission method based on power carrier across safety zones as claimed in claim 5, wherein the hardware appearance includes on/off of indicator lights and heating condition of the device, and the checking the hardware appearance of the device to be checked includes: the target detection convolutional neural network based on deep learning is adopted to detect the color and the position of an indicator light of equipment to be detected in real time, and the thermal imaging technology is adopted to detect the temperature and the heating position of the equipment.
7. The data isolation transmission method across the security zone based on the power carrier according to claim 5, wherein the checking the device operation condition of the device to be checked comprises: the communication robot and the equipment to be detected establish power line carrier communication, a virtual container of the communication robot acquires the use condition including equipment CPU and memory, the equipment process operation condition and the correctness of service system data by using an operation and maintenance script, and a host system of the communication robot reads a result from the virtual container after the virtual container reads the data and calculates the data.
8. A communication robot, which comprises a processing unit, a power carrier unit and a patrol unit, and is characterized by being used for executing the data isolation transmission method based on the power carrier crossing safety zone according to any one of claims 1-7.
9. The communication robot according to claim 8, wherein the communication robot includes a plurality of physically isolated IPs, and is capable of performing registration using different IPs when performing power carrier communication.
10. The communication robot of claim 8, wherein the communication robot is provided with a laser radar and a depth camera, the laser radar is used for constructing a grid map, the depth camera is used for detecting obstacles, and the communication robot is combined with a SLAM algorithm to autonomously avoid environmental obstacles in a path, so that dynamic path planning and positioning are realized.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210669545.6A CN114760154B (en) | 2022-06-14 | 2022-06-14 | Data isolation transmission method based on power carrier across safety zones and communication robot |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210669545.6A CN114760154B (en) | 2022-06-14 | 2022-06-14 | Data isolation transmission method based on power carrier across safety zones and communication robot |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114760154A CN114760154A (en) | 2022-07-15 |
| CN114760154B true CN114760154B (en) | 2022-08-19 |
Family
ID=82336709
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210669545.6A Active CN114760154B (en) | 2022-06-14 | 2022-06-14 | Data isolation transmission method based on power carrier across safety zones and communication robot |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114760154B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015120753A1 (en) * | 2014-02-12 | 2015-08-20 | 韩磊 | Electric vehicle battery pack replacement system consisting of computers, internet, multiple robots |
| US9729579B1 (en) * | 2015-04-27 | 2017-08-08 | Symantec Corporation | Systems and methods for increasing security on computing systems that launch application containers |
| CN107069856A (en) * | 2017-03-29 | 2017-08-18 | 武汉大学 | Crusing robot intelligence continuation of the journey wireless charging system and its charging method |
| CN107124037A (en) * | 2017-04-13 | 2017-09-01 | 贵州电网有限责任公司电力科学研究院 | A kind of intelligent substation inspection system and error comprehensive diagnosis method based on multi-data source |
| CN109922106A (en) * | 2017-12-13 | 2019-06-21 | 中标软件有限公司 | The cloud cell phone system realized based on Docker container |
| CN112783518A (en) * | 2021-01-26 | 2021-05-11 | 电子科技大学 | Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method |
| CN113612502A (en) * | 2021-06-22 | 2021-11-05 | 苏州大学 | Automatic charging electrode carrier communication circuit of robot |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11409880B2 (en) * | 2019-07-11 | 2022-08-09 | International Business Machines Corporation | Blackbox security for containers |
-
2022
- 2022-06-14 CN CN202210669545.6A patent/CN114760154B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015120753A1 (en) * | 2014-02-12 | 2015-08-20 | 韩磊 | Electric vehicle battery pack replacement system consisting of computers, internet, multiple robots |
| US9729579B1 (en) * | 2015-04-27 | 2017-08-08 | Symantec Corporation | Systems and methods for increasing security on computing systems that launch application containers |
| CN107069856A (en) * | 2017-03-29 | 2017-08-18 | 武汉大学 | Crusing robot intelligence continuation of the journey wireless charging system and its charging method |
| CN107124037A (en) * | 2017-04-13 | 2017-09-01 | 贵州电网有限责任公司电力科学研究院 | A kind of intelligent substation inspection system and error comprehensive diagnosis method based on multi-data source |
| CN109922106A (en) * | 2017-12-13 | 2019-06-21 | 中标软件有限公司 | The cloud cell phone system realized based on Docker container |
| CN112783518A (en) * | 2021-01-26 | 2021-05-11 | 电子科技大学 | Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method |
| CN113612502A (en) * | 2021-06-22 | 2021-11-05 | 苏州大学 | Automatic charging electrode carrier communication circuit of robot |
Non-Patent Citations (2)
| Title |
|---|
| A Container-based Design Methodology for Robotic Applications on;F. Lumpp;《2021 Forum on specification & Design Languages (FDL)》;20211026;全文 * |
| 变电站机器人智能巡检技术及应用效果;彭向阳等;《高压电器》;20190416(第04期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114760154A (en) | 2022-07-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102594620B (en) | Linkable distributed network intrusion detection method based on behavior description | |
| CN105493060B (en) | Sweet end Active Network Security | |
| US10050978B2 (en) | Systems and methods for securing command and data interfaces to sensors and devices through the use of a protected security zone | |
| US20170093910A1 (en) | Dynamic security mechanisms | |
| CN108370370A (en) | System and method for passively assessing industrial security boundary | |
| Xie et al. | Physical and cybersecurity in a smart grid environment | |
| CN110968941A (en) | Unmanned aerial vehicle control platform and control method based on airspace safety assessment | |
| CN114584405A (en) | Electric power terminal safety protection method and system | |
| CN106101130A (en) | A kind of network malicious data detection method, Apparatus and system | |
| CN112164049A (en) | Illegal construction monitoring method and device | |
| Li et al. | Using data mining methods to detect simulated intrusions on a modbus network | |
| Desnitsky et al. | Simulation and assessment of battery depletion attacks on unmanned aerial vehicles for crisis management infrastructures | |
| Lekidis et al. | Electricity infrastructure inspection using AI and edge platform-based UAVs | |
| CN114760154B (en) | Data isolation transmission method based on power carrier across safety zones and communication robot | |
| Shar et al. | Dronlomaly: runtime detection of anomalous drone behaviors via log analysis and deep learning | |
| US11706192B2 (en) | Integrated behavior-based infrastructure command validation | |
| CN116781412A (en) | Automatic defense method based on abnormal behaviors | |
| CN107608752B (en) | Threat information response and disposal method and system based on virtual machine introspection | |
| Jones et al. | Intrusion detection & response using an unsupervised artificial neural network on a single board computer for building control resilience | |
| Ferrão et al. | STUART: ReSilient archiTecture to dynamically manage Unmanned aeriAl vehicle networks under atTack | |
| Jiménez-González et al. | An integrated testbed for heterogeneous mobile robots and other cooperating objects | |
| Hill et al. | Using bro with a simulation model to detect cyber-physical attacks in a nuclear reactor | |
| Basan et al. | Exploring Security Testing Methods for Cyber-Physical Systems | |
| CN116192495B (en) | Design method, system, equipment and medium of honey farm of power monitoring system | |
| Mumrez et al. | Comparative Study on Smart Grid Security Testbeds Using MITRE ATT&CK Matrix |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |