CN115242502B - Method, device, equipment and medium for evaluating network security risk of power system - Google Patents

Method, device, equipment and medium for evaluating network security risk of power system Download PDF

Info

Publication number
CN115242502B
CN115242502B CN202210861929.8A CN202210861929A CN115242502B CN 115242502 B CN115242502 B CN 115242502B CN 202210861929 A CN202210861929 A CN 202210861929A CN 115242502 B CN115242502 B CN 115242502B
Authority
CN
China
Prior art keywords
network security
power system
result
attack
external
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210861929.8A
Other languages
Chinese (zh)
Other versions
CN115242502A (en
Inventor
李伟青
黄翠莲
潘旭扬
石扬
叶汇镓
谢彬凌
饶巨为
梅咏武
魏煌
魏存良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Meizhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Meizhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Meizhou Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN202210861929.8A priority Critical patent/CN115242502B/en
Publication of CN115242502A publication Critical patent/CN115242502A/en
Application granted granted Critical
Publication of CN115242502B publication Critical patent/CN115242502B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method, a device, equipment and a medium for evaluating network security risk of a power system, which comprise the following steps: acquiring relevant equipment information of target power equipment in a working state in a power system at different acquisition moments; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, which are acquired at corresponding acquisition moments; according to the relevant equipment information, determining a network security evaluation result of the power system; if the network security evaluation result meets the security performance requirement, collecting an attack event detected by target protection equipment in the power system within a preset time period; and updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events. The method is beneficial to improving the accuracy and reliability of the network security risk evaluation result, and further is beneficial to realizing accurate perception of the security state of the power system.

Description

Method, device, equipment and medium for evaluating network security risk of power system
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a medium for evaluating network security risk of an electric power system.
Background
With the digital transformation of the power grid, new technologies such as cloud computing, big data, internet of things, 5G and the like play an increasingly important role in the power grid industry. 5G, IPv technology realizes high-speed and friendly access of new energy and power electronic equipment; the technical supports such as edge calculation, the Internet of things and the like realize on-site decision making and value added service; big data, cloud computing, artificial intelligence and other technologies, the realization can enable production management and production decision, and the power monitoring system under the new technology provides a technical foundation for supporting safe and stable operation of a power grid, advancing new energy and building a considerable, measurable and controllable capacity system of system regulation resources.
However, it is found in practice that network security hidden hazards of the new technology, such as network fusion, transmission security, vulnerability defects, etc., will bring new risks in fusion applications with the new power system. At present, based on new requirements of network security of a novel power system, a mechanism for effectively evaluating the existing security guarantee capability is still lacking in the industry, accurate perception of the system security situation cannot be realized, and potential safety hazards are difficult to discover and eliminate in time.
In view of such challenges and current situations, how to make a cyber-security risk assessment to achieve accurate perception of the security state of a system becomes an important challenge for the security management work of a novel power system.
Disclosure of Invention
The invention provides a method, a device, equipment and a medium for evaluating network security risk of an electric power system, which are used for improving the accuracy of network security risk evaluation results and further facilitating the realization of accurate perception of the security state of the electric power system.
The invention discloses a network security risk evaluation method for an electric power system, which comprises the following steps:
acquiring relevant equipment information of target power equipment in a working state in a power system at different acquisition moments; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, which are acquired at corresponding acquisition moments;
according to the relevant equipment information, determining a network security evaluation result of the power system;
if the network security evaluation result meets the security performance requirement, collecting an attack event detected by target protection equipment in the power system within a preset time period;
And updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events.
As an optional implementation manner, in the first aspect of the present invention, the updating the network security evaluation result according to the external attack protection result of at least part of the external attack events includes:
screening target external attack events meeting preset security performance evaluation conditions from the external attack events of the attack events;
generating an external attack protection result of the power system according to all the target external attack events;
and updating the network security evaluation result according to the external attack protection result.
As an optional implementation manner, in the first aspect of the present invention, the generating, according to all the target external attack events, an external attack protection result of the power system includes:
acquiring a target attack object corresponding to the target external attack event and attack response data of the target attack object; the attack response data comprise protection process information and protection result information aiming at corresponding target external attack events;
And generating an external attack protection result of the power system according to the attack response data of the target attack object.
As an optional implementation manner, in the first aspect of the present invention, the updating the network security evaluation result according to the external attack protection result of at least part of the external attack events includes:
judging whether the external protection performance of the power system meets the external protection requirement according to the external attack protection result to obtain a judgment result;
generating a correction value of the network security evaluation result according to the judgment result; wherein the correction values include a positive correction value and a negative correction value;
and updating the network security evaluation result according to the correction value.
As an alternative embodiment, in the first aspect of the invention,
and generating a correction value of the network security evaluation result according to the judgment result, wherein the correction value comprises the following components:
if the external protection performance of the power system meets the external protection requirement, determining the correction value as a forward correction value;
and if the external protection performance of the power system does not meet the external protection requirement, determining that the correction value is a negative correction value.
As an alternative embodiment, in the first aspect of the present invention, the method further includes:
if the network security evaluation result does not meet the security performance requirement, acquiring index evaluation results corresponding to different evaluation indexes of the network security evaluation result;
and according to the index evaluation results, carrying out safety performance optimization on the power system.
In a first aspect of the present invention, the optimizing the safety performance of the electric power system according to each of the index evaluation results includes:
determining a safety performance influence factor and power equipment to be optimized corresponding to the safety performance influence factor according to each index evaluation result;
and according to the target restoration strategy corresponding to the safety performance influence factor, carrying out safety performance optimization on the power equipment to be optimized.
The second aspect of the invention discloses a network security risk evaluation device for an electric power system, which comprises:
the related equipment information acquisition module is used for acquiring related equipment information of target power equipment in a working state in the power system at different acquisition moments; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, which are acquired at corresponding acquisition moments;
The network security evaluation result determining module is used for determining a network security evaluation result of the power system according to the relevant equipment information;
the attack event acquisition module is used for acquiring an attack event detected by target protection equipment in the power system within a preset time period if the network security evaluation result meets the security performance requirement;
and the network security evaluation result updating module is used for updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events.
The third aspect of the invention discloses a network security risk evaluation device for an electric power system, which comprises:
a memory storing executable program code;
a processor coupled to the memory;
the processor invokes the executable program code stored in the memory to perform some or all of the steps in any of the power system cyber-security risk assessment methods as disclosed in the first aspect of the present invention.
A fourth aspect of the present invention discloses a computer storage medium storing computer instructions for performing part or all of the steps in the network security risk assessment method for an electrical power system as disclosed in the first aspect of the present invention when the computer instructions are invoked.
According to the embodiment of the invention, the related equipment information of the target power equipment in the working state in the power system at different acquisition moments is obtained; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, which are acquired at corresponding acquisition moments; according to the relevant equipment information, determining a network security evaluation result of the power system; if the network security evaluation result meets the security performance requirement, collecting an attack event detected by target protection equipment in the power system within a preset time period; and updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events. Therefore, the invention can refer to the relevant equipment information corresponding to the target power equipment in the working state in the process of determining the network security evaluation result of the corresponding power system, thereby avoiding the situation that the corresponding network security evaluation result is inaccurate due to the excessively single reference information in the corresponding network security evaluation process, being beneficial to improving the accuracy and reliability of the network security risk evaluation result and further being beneficial to realizing the accurate perception of the security state of the power system. In addition, whether the safety performance of the power system meets the requirement can be judged according to the network safety evaluation result, and under the condition that the corresponding safety performance meets the requirement is judged according to the network safety evaluation result, the matched updating operation of the network safety evaluation result is further realized according to the related information of the external attack event, so that the accuracy of the network safety evaluation result is further improved.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a method for evaluating network security risk of an electric power system according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of another method for evaluating network security risk of an electric power system according to the second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a network security risk evaluation device for an electric power system according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a network security risk evaluation device for an electric power system according to a fourth embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms first, second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, apparatus, article, port, or end that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, port, or end.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
The invention discloses an intelligent determination method and device for network security performance, which can evaluate or determine the security performance of a security network in advance after the security network is established, and is beneficial to realizing the enhancement of the network security performance so as to reduce the probability of malicious attack of the security network in practical application and further improve the information security. The following will describe in detail.
Example 1
Fig. 1 is a flow chart of a network security risk evaluation method for an electric power system according to a first embodiment of the present invention, where the embodiment is suitable for performing network security risk evaluation on the electric power system according to device information of corresponding electric power devices in a working state. The method can be executed by a power system network security risk evaluation device, the device can be realized in a software and/or hardware form, the device can be configured in power system network security risk evaluation equipment, and can also be configured in a management server corresponding to a power system, and the management server can be a local server or a cloud server. As shown in fig. 1, the method for evaluating the network security risk of the power system may include the following steps:
S101, acquiring relevant equipment information of target power equipment in a working state in a power system at different acquisition moments; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, wherein the working state parameters, the working result parameters and the equipment state parameters are acquired at corresponding acquisition moments.
The operating state parameter may be parameter information indicating whether the target power device is in an operating state. The working result parameters may be parameter information corresponding to each execution result after each process is executed by the target power device. The device state parameters may be information of parameters corresponding to states of the corresponding target power device during operation.
S102, determining a network security evaluation result of the power system according to the relevant equipment information.
The network security evaluation result may include a network security level or a network security score, etc.
Specifically, a mapping relationship between relevant device information and a network security evaluation result may be established in advance. Specifically, based on the mapping relationship, a corresponding network security evaluation result can be matched according to the acquired related equipment information, and the matched network security evaluation result is used as a network security evaluation result of a corresponding power system.
Illustratively, determining the network security assessment result of the power system according to each piece of relevant equipment information may include: inputting relevant equipment information of all the target power equipment into a predetermined network security evaluation model to obtain multi-dimensional evaluation information corresponding to the power system, wherein the multi-dimensional evaluation information comprises a plurality of evaluation indexes and evaluation results corresponding to each evaluation index; and determining the network security evaluation result of the power system according to the multi-dimensional evaluation information and in combination with a preset security evaluation result determining mode.
The multi-dimensional evaluation information comprises a plurality of evaluation indexes and evaluation results corresponding to the evaluation indexes. Optionally, the evaluation index may include at least one of a response time index, a response efficiency index, an emergency detection index, an emergency processing index, a maximum duration index, a power consumption index, and a synergistic effect index with other circuit devices, which is not limited in the embodiment of the present invention. Further alternatively, the evaluation result corresponding to each evaluation index may be specifically an evaluation score or an evaluation grade, or the like, and is not particularly limited herein.
It should be specifically noted that the network security evaluation model is obtained by training the existing evaluation model based on a large number of sample labeling data corresponding to the electric power system, where the large number of sample labeling data may include a plurality of sample indexes and specific conditions corresponding to each sample index, and further, each sample labeling data further includes multi-dimensional sample evaluation information that is manually labeled.
Specifically, the preset security evaluation result determining manner may be a mapping relationship between each piece of multidimensional evaluation information and the corresponding security evaluation result. Correspondingly, based on the mapping relation, the corresponding safety rating result can be matched according to the obtained multi-dimensional evaluation information corresponding to the corresponding power system, and the matched safety rating result is used as the network safety rating result of the corresponding power system.
It can be understood that relevant equipment information of all the target power equipment is input into a predetermined network security evaluation model to obtain multi-dimensional evaluation information corresponding to the power system, so that in the process of determining a corresponding network security evaluation result, the corresponding multi-dimensional evaluation information can be directly output according to the corresponding network security evaluation model, the situation that a larger calculated amount is generated due to the fact that the relevant equipment information is calculated by adopting an excessively complex algorithm is avoided, the determination efficiency of the corresponding multi-dimensional evaluation information is effectively improved, and the determination efficiency of the corresponding network security evaluation result is improved. In addition, the network security evaluation result of the corresponding power system is determined by the determined multi-dimensional evaluation information in combination with a preset security evaluation result determination mode, so that the situation that the obtained corresponding result is inaccurate due to the fact that the corresponding network security evaluation result is directly determined according to the related equipment information is avoided, and the accuracy and reliability of determining the corresponding network security evaluation result are improved while multi-dimensional comprehensive evaluation of the corresponding network security risk is realized.
Illustratively, each evaluation index corresponds to a different weight value, and the network security evaluation results of the power system can be obtained by carrying out weighted summation on the evaluation results corresponding to all the evaluation indexes. Further, the weight value corresponding to the evaluation index is comprehensively determined according to the application scene of the power system, the scale of the power system, the type of the power system, different safety performance requirements of the power system and the like.
And S103, if the network security evaluation result meets the security performance requirement, collecting an attack event detected by the target protection equipment in the power system within a preset time period.
The attack event may include an internal attack event and an external attack event, among others. The internal attack event may be an attack event initiated based on an internal network of the corresponding power system. The external attack event may be an attack event initiated based on a corresponding power system external network. The attack event may include at least one of a network attack event, a harmful program event, an information leakage event, and the like. The network attack event may be an information security event that attacks the system by using configuration defects, protocol defects, program defects or using a violent manner of the information system through a network or other technical means, and causes abnormality of the corresponding system or causes potential hazard to the current operation of the corresponding system. The nuisance program events may be intentional fabrication, propagating nuisance programs, or informational security events resulting from exposure to nuisance programs. The information leakage event may be an information security event caused by tampering, impersonation, leakage or theft of information in the corresponding system through a network or other technical means.
Specifically, a correspondence relationship between the corresponding network security evaluation result and the security performance requirement may be preset. Correspondingly, based on the corresponding relation, whether the network security evaluation result meets the corresponding security performance requirement can be determined according to the determined network security evaluation result. Correspondingly, when the network security evaluation result meets the corresponding security performance requirement, the attack event detected by the corresponding target device in the preset time period can be acquired by searching log data generated by the corresponding power system in the operation process.
S104, updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events.
The external attack event protection result may be a result for characterizing whether the corresponding power system successfully protects against the external attack event, for example, protection success or protection failure may be performed.
Specifically, identification information for identifying external attack events may be preset, and according to the identification information, all detected attack events may be traversed to determine external attack events included in all attack events. Correspondingly, based on the determined at least partial external attack event, the corresponding external attack protection result is searched in the log of the system operation, and based on the pre-established mapping relation between each external attack protection result and the corresponding network security evaluation result, the corresponding network security evaluation result is matched so as to update the previously determined network security evaluation result.
Illustratively, updating the network security evaluation result according to the external attack protection result of at least part of the external attack events may include: screening target external attack events meeting preset security performance evaluation conditions from the external attack events of the attack events; generating an external attack protection result of the power system according to all the target external attack events; and updating the network security evaluation result according to the external attack protection result.
The preset security performance evaluation condition may be a preset rule for judging whether the corresponding attack event has the security performance evaluation qualification, and the rule may be adjusted according to actual needs, which is not limited herein specifically.
Specifically, based on a preset security performance evaluation condition, traversing each determined external attack event to screen each external attack event meeting the preset security performance evaluation condition, and taking each external attack event as a target external attack event. Accordingly, according to the corresponding target external attack event, an event record associated with the target external attack event can be searched in the running log of the system, and based on the event record, an external attack protection result corresponding to each target external attack event can be determined. Correspondingly, based on the mapping relation between different pre-established external attack protection results and corresponding network security evaluation results, according to the determined external attack protection results corresponding to each target external attack event, matching the corresponding network security evaluation results so as to update the previously determined network security evaluation results.
It can be understood that the target external attack event meeting the preset security performance evaluation condition is screened from the external attack events of the attack events; generating an external attack protection result of the power system according to all the target external attack events; and updating the network security evaluation result according to the external attack protection result. According to the method, in the process of updating the corresponding network security evaluation result, the corresponding external attack event can be screened, and only the external attack event meeting the corresponding preset security performance evaluation condition is taken as a reference, so that the problem of large calculation amount caused by referencing all external attack events is avoided, the process of updating the corresponding network security evaluation result is simplified, and the updating efficiency of the corresponding network security evaluation result is improved.
In an alternative embodiment, after screening the target external attack event satisfying the security performance evaluation condition from all the external attack events, the following operations may be further performed: judging whether the attack type of the target external attack event comprises a target key protection type corresponding to the power system, and triggering to execute subsequent operations when the judgment result is yes; and when the judgment result is negative, continuously triggering and executing all the attack events detected by the target protection equipment in the acquisition power system within a preset time period, or determining the event type of the absent external attack event based on the attack type of the target external attack event and the target key protection type corresponding to the power system, simulating the matched external attack event based on the event type, and updating the simulated external attack event to all the target external attack events, thereby being beneficial to improving the comprehensiveness of the target external attack event. The target critical protection type may be a preset type of attack event of the power system that needs to perform critical protection. The target critical protection type may be adaptively set according to the characteristics of the corresponding power system, which is not limited herein, for example, the target critical protection type corresponding to the high voltage power supply and the target critical protection type corresponding to the low voltage power supply are different.
Illustratively, generating the external attack protection result of the power system according to all the target external attack events may include: acquiring a target attack object corresponding to the target external attack event and attack response data of the target attack object; the attack response data comprise protection process information and protection result information aiming at corresponding target external attack events; and generating an external attack protection result of the power system according to the attack response data of the target attack object.
The target attack object may be a module included in the corresponding power system, which is attacked by the target external attack event. The attack response data may be data information corresponding to the target attack object in the process of responding to the external event of the corresponding target attack. The protection procedure information may be information generated in the course of protecting the corresponding target attack event. The guard result information may be information indicating whether the guard of the corresponding target attack event is successful or not, and may include guard success or guard failure, for example.
Specifically, a mapping relationship between different target external attack events, target attack objects, and locations where attack response data of the target objects are stored may be established in advance. Correspondingly, based on the mapping relation, the corresponding target attack object can be matched according to the determined target external attack event, and the position of the target attack object, where attack response data is stored, is determined. According to the stored position of the attack response data, the corresponding attack response data can be acquired. Correspondingly, the corresponding external attack protection result can be matched according to the obtained attack response data based on the pre-established mapping relation between different attack response data and the external attack protection result, and the matched external attack protection result is used as the external attack protection result of the corresponding power system.
It can be understood that, by acquiring the target attack object corresponding to the target external attack event and attack response data of the target attack object; the attack response data comprise protection process information and protection result information aiming at corresponding target external attack events; and generating an external attack protection result of the power system according to the attack response data of the target attack object. According to the method, in the process of determining the external attack protection result of the corresponding power system, the attack response data corresponding to the target attack object corresponding to the corresponding target attack event can be used as a reference basis, so that the generation mechanism of the corresponding external attack protection result is further perfected, and the accuracy of the generated external attack protection result is improved.
Illustratively, updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events comprises: judging whether the external protection performance of the power system meets the external protection requirement according to the external attack protection result to obtain a judgment result; generating a correction value of the network security evaluation result according to the judgment result; wherein the correction values include a positive correction value and a negative correction value; and updating the network security evaluation result according to the correction value.
The external protection performance may be a protection level for the target external attack event, and may include at least one of very good, normal, poor, and bad, for example. The external protection requirement may be any protection level corresponding to the external protection performance, and may be set according to the actual requirement of the power system, which is not limited herein. The forward correction value may be a correction value that needs to be determined when the corresponding evaluation value of the corresponding network security evaluation result is increased. The negative correction value may be a correction value that needs to be determined when the corresponding evaluation value of the corresponding network security evaluation result is lowered. The corresponding evaluation value of the network security evaluation result may be an evaluation grade, a rating score, or the like. The judgment result may be a gap between the external protection performance of the power system and the corresponding external protection requirement, for example, the degree that the external protection performance of the power system is higher than the external protection requirement, the degree that the external protection performance of the power system is lower than the external protection requirement, or the external protection performance of the power system just meets the external protection requirement, etc.
Specifically, a first mapping relationship between different external protection results and external protection performance and a second mapping relationship between different judgment results and correction values of corresponding network security evaluation results may be established in advance. Correspondingly, based on the first mapping relation, according to the generated external attack protection result of the power system, the corresponding external protection performance is matched, the matched external protection performance is compared with the corresponding external protection requirement, so that the gap between the external protection performance of the power system and the corresponding external protection requirement is determined, and the gap is used as a corresponding judgment result. Correspondingly, based on the second mapping relation, the corresponding correction value can be matched according to the determined judging result, and the matched correction value is used as the correction value of the network safety evaluation result of the corresponding power system. Correspondingly, the corresponding network security evaluation result can be corrected according to the correction value, so that the network security evaluation result is updated.
It can be understood that, according to the external attack protection result, whether the external protection performance of the electric power system meets the external protection requirement is judged, so as to obtain a judgment result; generating a correction value of the network security evaluation result according to the judgment result; and the correction value comprises a positive correction value and a negative correction value, and the network security evaluation result is updated according to the correction value. According to the method, in the process of updating the corresponding network security evaluation result, the matched correction value can be generated based on whether the external attack protection result meets the external protection requirement, and the correction of the network security evaluation result is realized based on the correction value, so that the accuracy of the determined correction value is facilitated, and the accuracy of the network security evaluation result is further facilitated to be improved.
Illustratively, generating the correction value of the network security evaluation result according to the determination result may include: if the external protection performance of the power system meets the external protection requirement, determining the correction value as a forward correction value; and if the external protection performance of the power system does not meet the external protection requirement, determining that the correction value is a negative correction value.
In particular, the determined external protection performance of the power system may be compared with the corresponding external protection requirements. Correspondingly, if the corresponding external protection performance meets the external protection requirement, the corresponding correction value can be determined to be a forward correction value; if the corresponding external protection performance is judged to not meet the external protection requirement, the corresponding correction value can be determined to be a negative correction value.
It is understood that the correction value is determined to be a forward correction value by satisfying the external protection requirement at the external protection performance of the power system; and when the external protection performance of the power system does not meet the external protection requirement, determining that the correction value is a negative correction value, so that in the process of determining the correction value of the network security evaluation result, the type of the corresponding correction value can be determined pertinently according to the specific relation between the external protection performance of the corresponding power system and the external protection requirement, thereby correcting the corresponding network security evaluation result pertinently, and further improving the efficiency and reliability of correcting the corresponding network security evaluation result.
According to the embodiment of the invention, the related equipment information of the target power equipment in the working state in the power system at different acquisition moments is obtained; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, which are acquired at corresponding acquisition moments; according to the relevant equipment information, determining a network security evaluation result of the power system; if the network security evaluation result meets the security performance requirement, collecting an attack event detected by target protection equipment in the power system within a preset time period; and updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events. Therefore, the invention can reference the relevant equipment information corresponding to the target power equipment in the working state in the process of determining the network security evaluation result of the corresponding power system, thereby avoiding the situation that the corresponding network security evaluation result is inaccurate due to the excessively single reference information in the corresponding network security evaluation process, and being beneficial to improving the accuracy and reliability of the network security risk evaluation result. In addition, whether the safety performance of the power system meets the requirement can be judged according to the network safety evaluation result, and under the condition that the corresponding safety performance meets the requirement is judged according to the network safety evaluation result, the matched updating operation of the network safety evaluation result is further realized according to the related information of the external attack event, so that the accuracy of the network safety evaluation result is further improved.
Example two
Fig. 2 is a flow chart of another method for evaluating network security risk of an electric power system according to a second embodiment of the present invention, which is further optimized based on the above embodiments. It should be noted that, in the embodiments of the present invention, parts that are not described in detail may be referred to in the related description of other embodiments.
Further, "if the network security evaluation result does not meet the security performance requirement," the index evaluation result corresponding to different evaluation indexes of the network security evaluation result is obtained, and the security performance of the power system is optimized according to each index evaluation result, so as to optimize the security performance of the power system corresponding to the network security evaluation result not meeting the security performance requirement.
As shown in fig. 2, the method for evaluating the network security risk of the power system may include the following steps:
s210, acquiring relevant equipment information of target power equipment in a working state in a power system at different acquisition moments; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, wherein the working state parameters, the working result parameters and the equipment state parameters are acquired at corresponding acquisition moments.
S220, determining a network security evaluation result of the power system according to the relevant equipment information;
and S230, if the network security evaluation result meets the security performance requirement, collecting an attack event detected by the target protection equipment in the power system within a preset time period.
S240, updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events.
S250, if the network security evaluation result does not meet the security performance requirement, acquiring index evaluation results corresponding to different evaluation indexes of the network security evaluation result.
And S260, optimizing the safety performance of the power system according to the index evaluation results.
Specifically, a mapping relationship between each index evaluation result and different security performance optimization modes may be established in advance. Correspondingly, based on the obtained index evaluation results, the corresponding safety performance optimization mode can be matched, and the safety performance of the corresponding power system is optimized according to the matched safety performance optimization mode.
Illustratively, optimizing the safety performance of the electric power system according to each index evaluation result may include: determining a safety performance influence factor and power equipment to be optimized corresponding to the safety performance influence factor according to each index evaluation result; and according to the target restoration strategy corresponding to the safety performance influence factor, carrying out safety performance optimization on the power equipment to be optimized.
The safety performance influencing factor may be a parameter that negatively influences the safety performance of the respective power system. The security performance impact factor may reflect vulnerabilities occurring in the corresponding power device.
Specifically, a first mapping relationship among each index evaluation result, the safety performance influence factors and the corresponding power equipment to be optimized, and a second mapping relationship among different safety performance influence factors and the corresponding target repair strategies may be established in advance. Correspondingly, based on the first mapping relation, corresponding safety performance influence factors can be matched according to the acquired index evaluation results, and corresponding power equipment to be optimized can be further determined according to the matched safety performance influence factors. Correspondingly, based on the corresponding second mapping relation, the corresponding target restoration strategy can be matched according to the matched safety performance influence factor, and the safety performance of the corresponding power equipment to be optimized can be optimized according to the matched target restoration strategy.
It can be understood that the safety performance influence factors and the power equipment to be optimized corresponding to the safety performance influence factors are determined according to the index evaluation results; and according to the target restoration strategy corresponding to the safety performance influence factor, carrying out safety performance optimization on the power equipment to be optimized. According to the method, when the safety performance of the corresponding power system is optimized, the corresponding safety performance influence factors can be determined according to the index evaluation results, and the corresponding target restoration strategies are determined according to the safety performance influence factors, so that the power equipment to be optimized is optimized in a targeted manner, the safety performance optimization mechanism of the corresponding power system is enriched and perfected, the condition that the safety performance of the power system is not optimized thoroughly due to the fact that the corresponding power equipment cannot be restored in a targeted manner is avoided, and the accuracy and the reliability of the safety performance optimization of the corresponding power system are improved.
Illustratively, acquiring the target repair policy corresponding to the security performance impact factor may include: judging whether a restoration strategy matched with the safety performance influence factor exists in a restoration strategy library which is generated in advance for the electric power system; if yes, determining a repair strategy matched with the security performance influence factor in the repair strategy library as the target repair strategy; and if not, screening a repair strategy which is matched with the electric power system and the safety performance influence factor from a shared repair strategy library, and taking the repair strategy as a target repair strategy corresponding to the safety performance influence factor.
The shared repair policy library is formed by repair policies provided by a plurality of different types of power systems and aiming at different security performance influence factors, and when the different types of power systems provide the repair policies aiming at the different security performance influence factors, the different types of power systems also need to provide repair results of repairing the different security performance influence factors through corresponding repair policies, so as to judge whether the corresponding repair policies can be added into the shared repair policy library or judge whether the universality of the corresponding repair policies meets preset universality conditions according to the repair results.
It can be appreciated that by judging whether a restoration policy matching the safety performance influence factor exists in a restoration policy library which is generated in advance for the electric power system; if yes, determining a repair strategy matched with the security performance influence factor in the repair strategy library as the target repair strategy; and if not, screening a repair strategy which is matched with the electric power system and the safety performance influence factor from a shared repair strategy library, and taking the repair strategy as a target repair strategy corresponding to the safety performance influence factor. By the method, when the corresponding target repair strategy is determined, the situation that the corresponding security performance optimization process cannot be smoothly performed due to the fact that the corresponding repair strategy cannot be matched from a repair strategy library which is generated in advance in the corresponding power system is effectively avoided, and therefore stability in the process of performing security performance optimization on the corresponding power system is effectively improved.
According to the embodiment of the invention, the index evaluation results corresponding to different evaluation indexes of the network security evaluation result are obtained when the network security evaluation result does not meet the security performance requirement, and the security performance of the power system is optimized according to each index evaluation result. According to the method, when the safety evaluation result of the corresponding network does not meet the safety performance requirement, the safety performance of the power system can be optimized according to the corresponding index evaluation result in time, so that the situation that potential safety hazards are generated due to the fact that the operation of safety performance optimization of the corresponding power system is not adopted in time is avoided, and further the safety operation of the corresponding power system is guaranteed. In addition, according to the evaluation results of the indexes, the safety performance of the power system can be optimized in a targeted manner, so that the efficiency of optimizing the safety performance of the corresponding power system can be improved.
Example III
Fig. 3 is a schematic structural diagram of a network security risk evaluation device for an electric power system according to a third embodiment of the present invention, where the present embodiment is suitable for performing network security risk evaluation on the electric power system according to device information of corresponding electric power devices in a working state. The device can be realized in a software and/or hardware form, can be configured in network security risk evaluation equipment of the power system, and can also be configured in a management server corresponding to the power system, wherein the management server can be a local server or a cloud server, and the embodiment of the invention is not limited. As shown in fig. 3, the apparatus may include:
the related device information obtaining module 310 is configured to obtain related device information of a target power device in a working state in a power system at different collection moments; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, which are acquired at corresponding acquisition moments;
a network security evaluation result determining module 320, configured to determine a network security evaluation result of the power system according to each piece of relevant device information;
An attack event collection module 330, configured to collect an attack event detected by a target protection device in the power system within a preset time period if the network security evaluation result meets a security performance requirement;
and the network security evaluation result updating module 340 is configured to update the network security evaluation result according to the external attack protection result of at least part of the external attack events.
According to the embodiment of the invention, the related equipment information corresponding to the target power equipment in the working state can be referred in the process of determining the network security evaluation result of the corresponding power system, so that the situation that the corresponding network security evaluation result is inaccurate due to the fact that the reference information is too single in the corresponding network security evaluation process is avoided, and the accuracy and reliability of the network security risk evaluation result are improved. In addition, whether the safety performance of the power system meets the requirement can be judged according to the network safety evaluation result, and under the condition that the corresponding safety performance meets the requirement is judged according to the network safety evaluation result, the matched updating operation of the network safety evaluation result is further realized according to the related information of the external attack event, so that the accuracy of the network safety evaluation result is further improved.
Optionally, the network security evaluation result updating module 340 may include:
the target external attack event screening unit is used for screening target external attack events meeting preset security performance evaluation conditions from the external attack events of the attack events;
an external attack protection result generating unit, configured to generate an external attack protection result of the power system according to all the target external attack events;
and the first updating unit is used for updating the network security evaluation result according to the external attack protection result.
Optionally, the external attack protection result generating unit may include:
an attack response data acquisition subunit, configured to acquire a target attack object corresponding to the target external attack event and attack response data of the target attack object; the attack response data comprise protection process information and protection result information aiming at corresponding target external attack events;
and the external attack result generation subunit is used for generating an external attack protection result of the power system according to the attack response data of the target attack object.
Optionally, the network security evaluation result updating module 340 may further include:
The judging result obtaining unit is used for judging whether the external protection performance of the power system meets the external protection requirement according to the external attack protection result to obtain a judging result;
a correction value generating unit, configured to generate a correction value of the network security evaluation result according to the determination result; wherein the correction values include a positive correction value and a negative correction value;
and the second updating unit is used for updating the network security evaluation result according to the correction value.
Alternatively, the correction value generation unit may include:
the positive correction value determining subunit is used for determining the correction value as a positive correction value if the external protection performance of the power system meets the external protection requirement;
and the negative correction value determining subunit is used for determining the correction value as a negative correction value if the external protection performance of the power system does not meet the external protection requirement.
Optionally, the apparatus may further include:
an index evaluation result obtaining module 350, configured to obtain an index evaluation result corresponding to different evaluation indexes of the network security evaluation result if the network security evaluation result does not meet the security performance requirement;
The safety performance optimization module 360 is configured to optimize safety performance of the power system according to each of the index evaluation results.
Optionally, the security performance optimization module 360 may include:
the index evaluation result analysis unit is used for determining a safety performance influence factor and the power equipment to be optimized corresponding to the safety performance influence factor according to each index evaluation result;
and the safety performance optimization unit is used for optimizing the safety performance of the power equipment to be optimized according to the target restoration strategy corresponding to the safety performance influence factor.
The power system network security risk evaluation device provided by the embodiment of the invention can execute any power system network security risk evaluation method provided by the embodiment of the invention, and has the functional modules and beneficial effects corresponding to the execution of the power system network security risk evaluation method. Reference may be made to the description of any other embodiment of the invention for details not described in this embodiment.
Example IV
Referring to fig. 4, fig. 4 is a schematic structural diagram of a network security risk evaluation device for an electric power system according to an embodiment of the present invention. The device described in fig. 4 may be integrated in a circuit device of the power system, or may be integrated in a management server corresponding to the power system, where the management server may be a local server or a cloud server, and the embodiment of the present invention is not limited. As shown in fig. 4, the apparatus may include:
A memory 401 storing executable program codes;
a processor 402 coupled with the memory 401;
the processor 402 invokes executable program codes stored in the memory 401 to perform some or all of the steps in the electric power system network security risk assessment method disclosed in the first or second embodiment of the present invention.
Example five
The embodiment of the invention discloses a computer storage medium which stores computer instructions for executing part or all of the steps in the power system network security risk evaluation method disclosed in the first embodiment or the second embodiment of the invention when the computer instructions are called.
The apparatus embodiments described above are merely illustrative, wherein the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above detailed description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course by means of hardware. Based on such understanding, the foregoing technical solutions may be embodied essentially or in part in the form of a software product that may be stored in a computer-readable storage medium including Read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), one-time programmable Read-Only Memory (OTPROM), electrically erasable programmable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM) or other optical disc Memory, magnetic disc Memory, tape Memory, or any other medium that can be used for computer-readable carrying or storing data.
Finally, it should be noted that: the embodiment of the invention discloses a method and a device for evaluating network security risk of an electric power system, which are disclosed by the embodiment of the invention and are only used for illustrating the technical scheme of the invention, but not limiting the technical scheme; although the invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that; the technical scheme recorded in the various embodiments can be modified or part of technical features in the technical scheme can be replaced equivalently; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims (9)

1. A method for evaluating network security risk of an electric power system, the method comprising:
acquiring relevant equipment information of target power equipment in a working state in a power system at different acquisition moments; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, which are acquired at corresponding acquisition moments;
according to the relevant equipment information, determining a network security evaluation result of the power system;
If the network security evaluation result meets the security performance requirement, collecting an attack event detected by target protection equipment in the power system within a preset time period;
updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events;
wherein, the updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events includes:
judging whether the external protection performance of the power system meets the external protection requirement according to the external attack protection result to obtain a judgment result; the external protection performance is a protection level for a target external attack event, and the judgment result is a gap between the external protection performance of the power system and the external protection requirement;
generating a correction value of the network security evaluation result according to the judgment result; wherein the correction values include a positive correction value and a negative correction value; the positive correction value is a correction value to be determined when the corresponding evaluation value of the network security evaluation result is improved, and the negative correction value is a correction value to be determined when the corresponding evaluation value of the network security evaluation result is reduced;
And updating the network security evaluation result according to the correction value.
2. The method according to claim 1, wherein updating the network security evaluation result according to the external attack protection result of at least part of the attack events comprises:
screening target external attack events meeting preset security performance evaluation conditions from the external attack events of the attack events;
generating an external attack protection result of the power system according to all the target external attack events;
and updating the network security evaluation result according to the external attack protection result.
3. The method of claim 2, wherein generating the external attack protection result of the power system according to all the target external attack events comprises:
acquiring a target attack object corresponding to the target external attack event and attack response data of the target attack object; the attack response data comprise protection process information and protection result information aiming at corresponding target external attack events;
and generating an external attack protection result of the power system according to the attack response data of the target attack object.
4. The method according to claim 1, wherein generating the correction value of the network security evaluation result according to the determination result includes:
if the external protection performance of the power system meets the external protection requirement, determining the correction value as a forward correction value;
and if the external protection performance of the power system does not meet the external protection requirement, determining that the correction value is a negative correction value.
5. The method according to any one of claims 1-4, further comprising:
if the network security evaluation result does not meet the security performance requirement, acquiring index evaluation results corresponding to different evaluation indexes of the network security evaluation result;
and according to the index evaluation results, carrying out safety performance optimization on the power system.
6. The method of claim 5, wherein the optimizing the safety performance of the power system according to each of the index evaluation results comprises:
determining a safety performance influence factor and power equipment to be optimized corresponding to the safety performance influence factor according to each index evaluation result;
and according to the target restoration strategy corresponding to the safety performance influence factor, carrying out safety performance optimization on the power equipment to be optimized.
7. A power system network security risk evaluation device, comprising:
the related equipment information acquisition module is used for acquiring related equipment information of target power equipment in a working state in the power system at different acquisition moments; the related equipment information of the target power equipment comprises at least one of working state parameters, working result parameters and equipment state parameters of the target power equipment, which are acquired at corresponding acquisition moments;
the network security evaluation result determining module is used for determining a network security evaluation result of the power system according to the relevant equipment information;
the attack event acquisition module is used for acquiring an attack event detected by target protection equipment in the power system within a preset time period if the network security evaluation result meets the security performance requirement;
the network security evaluation result updating module is used for updating the network security evaluation result according to the external attack protection result of at least part of the external attack events in the attack events;
the network security evaluation result updating module comprises:
the judging result obtaining unit is used for judging whether the external protection performance of the power system meets the external protection requirement according to the external attack protection result to obtain a judging result; the external protection performance is a protection level for a target external attack event, and the judgment result is a gap between the external protection performance of the power system and the external protection requirement;
A judging result obtaining unit, configured to generate a correction value of the network security evaluation result according to the judging result; wherein the correction values include a positive correction value and a negative correction value; the positive correction value is a correction value to be determined when the corresponding evaluation value of the network security evaluation result is improved, and the negative correction value is a correction value to be determined when the corresponding evaluation value of the network security evaluation result is reduced;
and the second updating unit is used for updating the network security evaluation result according to the correction value.
8. An electrical power system network security risk assessment device, the device comprising:
a memory storing executable program code;
a processor coupled to the memory;
the processor invokes the executable program code stored in the memory to perform the electrical power system network security risk assessment method of any one of claims 1-6.
9. A computer storage medium storing computer instructions for performing the electrical power system network security risk assessment method according to any one of claims 1-6 when invoked.
CN202210861929.8A 2022-07-21 2022-07-21 Method, device, equipment and medium for evaluating network security risk of power system Active CN115242502B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210861929.8A CN115242502B (en) 2022-07-21 2022-07-21 Method, device, equipment and medium for evaluating network security risk of power system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210861929.8A CN115242502B (en) 2022-07-21 2022-07-21 Method, device, equipment and medium for evaluating network security risk of power system

Publications (2)

Publication Number Publication Date
CN115242502A CN115242502A (en) 2022-10-25
CN115242502B true CN115242502B (en) 2024-03-08

Family

ID=83674755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210861929.8A Active CN115242502B (en) 2022-07-21 2022-07-21 Method, device, equipment and medium for evaluating network security risk of power system

Country Status (1)

Country Link
CN (1) CN115242502B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102821007A (en) * 2012-08-06 2012-12-12 河南科技大学 Network security situation awareness system based on self-discipline computing and processing method thereof
CN105119874A (en) * 2015-06-17 2015-12-02 广东电网有限责任公司信息中心 Method for evaluating validity of information safety protection system
CN109547242A (en) * 2018-11-15 2019-03-29 北京计算机技术及应用研究所 Network security efficiency evaluation method based on attacking and defending incidence matrix
US10868825B1 (en) * 2018-08-14 2020-12-15 Architecture Technology Corporation Cybersecurity and threat assessment platform for computing environments
WO2021253899A1 (en) * 2020-06-16 2021-12-23 深信服科技股份有限公司 Targeted attack detection method and apparatus, and computer-readable storage medium
CN114338214A (en) * 2021-12-31 2022-04-12 中国联合网络通信集团有限公司 Risk control method and system
CN114493339A (en) * 2022-02-15 2022-05-13 国网河北省电力有限公司电力科学研究院 Power grid information safety early warning system based on data feature extraction

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11206278B2 (en) * 2019-01-29 2021-12-21 Battelle Memorial Institute Risk-informed autonomous adaptive cyber controllers

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102821007A (en) * 2012-08-06 2012-12-12 河南科技大学 Network security situation awareness system based on self-discipline computing and processing method thereof
CN105119874A (en) * 2015-06-17 2015-12-02 广东电网有限责任公司信息中心 Method for evaluating validity of information safety protection system
US10868825B1 (en) * 2018-08-14 2020-12-15 Architecture Technology Corporation Cybersecurity and threat assessment platform for computing environments
CN109547242A (en) * 2018-11-15 2019-03-29 北京计算机技术及应用研究所 Network security efficiency evaluation method based on attacking and defending incidence matrix
WO2021253899A1 (en) * 2020-06-16 2021-12-23 深信服科技股份有限公司 Targeted attack detection method and apparatus, and computer-readable storage medium
CN114338214A (en) * 2021-12-31 2022-04-12 中国联合网络通信集团有限公司 Risk control method and system
CN114493339A (en) * 2022-02-15 2022-05-13 国网河北省电力有限公司电力科学研究院 Power grid information safety early warning system based on data feature extraction

Also Published As

Publication number Publication date
CN115242502A (en) 2022-10-25

Similar Documents

Publication Publication Date Title
CN110149327B (en) Network security threat warning method and device, computer equipment and storage medium
Yi et al. An intelligent communication warning vulnerability detection algorithm based on IoT technology
CN112749097B (en) Performance evaluation method and device for fuzzy test tool
CN117879970B (en) Network security protection method and system
CN112818351A (en) Industrial control system-oriented vulnerability priority analysis method, system, equipment and storage medium
EP3623983A1 (en) Method and device for identifying security threats, storage medium, processor and terminal
CN116319099A (en) Multi-terminal financial data management method and system
CN117834308B (en) Network security situation awareness method, system and medium
CN114726642B (en) Quantification system based on network threat of power monitoring system
CN111586028B (en) Abnormal login evaluation method and device, server and storage medium
CN118200190B (en) Network performance monitoring and maintaining method, system and medium based on artificial intelligence
CN105825130B (en) A kind of information security method for early warning and device
CN109005152B (en) Method and system for evaluating attack hazards of source-network-load system
CN115242502B (en) Method, device, equipment and medium for evaluating network security risk of power system
CN113778806A (en) Method, device, equipment and storage medium for processing safety alarm event
CN111091285B (en) Electric power terminal equipment safety risk body construction method
CN116708157A (en) Computer security operation and maintenance service system
CN108989335B (en) Protection method and equipment for electric power information physical fusion system
CN114237665B (en) Patch updating method, device, computing equipment and storage medium
CN112464249A (en) Asset equipment attack vulnerability repairing method, device, equipment and storage medium
Fu et al. A Study of Evaluation Methods of WEB Security Threats Based on Multi-stage Attack
JP2019220132A (en) System and method of adapting patterns of dangerous behavior of programs to computer systems of users
Kpoze et al. Cybersecurity Risk Assessment for Beninese Power Grid SCADA system
CN118427671B (en) Deep learning-based server security risk identification method and system
Wang et al. Analysis of the Debugging Model Based on Probabilistic State Transition.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant