CN115242686A - Power secondary equipment network communication fault detection system and method - Google Patents

Power secondary equipment network communication fault detection system and method Download PDF

Info

Publication number
CN115242686A
CN115242686A CN202211043040.5A CN202211043040A CN115242686A CN 115242686 A CN115242686 A CN 115242686A CN 202211043040 A CN202211043040 A CN 202211043040A CN 115242686 A CN115242686 A CN 115242686A
Authority
CN
China
Prior art keywords
network
flow
data
address
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211043040.5A
Other languages
Chinese (zh)
Inventor
雷宇
谭棕宝
陈忠颖
苏杰锋
梁志豪
陈宇力
赵菲
何娅
曾致超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Zhaoqing Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Zhaoqing Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Zhaoqing Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN202211043040.5A priority Critical patent/CN115242686A/en
Publication of CN115242686A publication Critical patent/CN115242686A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0888Throughput
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Abstract

The invention relates to the technical field of network communication, and discloses a system and a method for detecting network communication faults of electric power secondary equipment, wherein the method comprises the steps of acquiring a network data packet of a network communication layer of the secondary equipment, analyzing the network data packet to obtain analyzed data, and if the protocol type is judged not to be a preset protocol type, generating a first alarm signal according to the corresponding protocol type and a source-destination address; generating a second alarm signal according to the corresponding data content and the source destination address; flow peak data in a network communication layer is also obtained, and if the flow peak data is judged to exceed a preset flow threshold value, a flow alarm signal is generated; and identifying the network storm fault according to the flow peak data, really generating a network storm source corresponding to the network storm fault, and generating a third alarm signal according to the network storm source. Therefore, whether the transmission data of the network transmission layer of the secondary equipment is effective and legal can be judged, and the fault diagnosis functionality is improved.

Description

Power secondary equipment network communication fault detection system and method
Technical Field
The invention relates to the technical field of network communication, in particular to a system and a method for detecting network communication faults of electric power secondary equipment.
Background
With the popularization of networks, network communication operation and maintenance become an important task, communication interruption or accidental faults often occur in the network communication of secondary equipment between a front-end processor of a power system dispatching master station and a remote machine of a transformer substation in the operation process, the normal operation of an automatic system is seriously affected, and in order to prevent network risks and ensure the safe and reliable operation of the network communication of the power automatic system, the network faults need to be early warned and illegal network equipment intrusion needs to be detected in real time.
Due to the fact that operation and maintenance personnel lack practical and safe network detection and diagnosis tools based on the linux operating system platform, the communication fault reasons of the secondary equipment cannot be analyzed and positioned quickly, and troubleshooting is delayed. The existing network communication fault diagnosis and analysis tool has single function and is difficult to judge whether the transmission data of the network transmission layer of the secondary equipment is effective and legal.
Disclosure of Invention
The invention provides a system and a method for detecting network communication faults of power secondary equipment, which solve the technical problems that the network communication fault diagnosis function is single, and whether the transmission data of a network transmission layer of the secondary equipment is effective or not and the validity is difficult to judge.
In view of this, the first aspect of the present invention provides a system for detecting network communication failure of power secondary equipment, including: the system comprises a network data acquisition module, a network analysis module, a network data diagnosis module, a flow statistic analysis module, a network storm detection module and an alarm module;
the network data acquisition module is used for acquiring a network data packet of a network communication layer of the secondary equipment and sending the network data packet to the network analysis module;
the network analysis module is used for analyzing the network data packet to obtain analysis data, and the analysis data comprises a protocol type, data content and a source and destination address; sending the analysis data to the network data diagnosis module;
the network data diagnosis module is used for judging whether the protocol type is a preset protocol type or not, and if the protocol type is not judged to be the preset protocol type, generating a first alarm signal according to the corresponding protocol type and a source-destination address and sending the first alarm signal to the alarm module; if the protocol type is judged to be a preset protocol type, judging whether the data content conforms to a preset protocol condition or not according to the protocol type, and if the data content does not conform to the preset protocol condition, generating a second alarm signal according to the corresponding data content and a source-destination address and sending the second alarm signal to the alarm module;
the flow statistic analysis module is used for acquiring flow peak data in the network communication layer, judging whether the flow peak data exceeds a preset flow threshold value, and if the flow peak data exceeds the preset flow threshold value, generating a flow alarm signal and sending the flow alarm signal to the alarm module; the system is also used for sending the traffic peak data to the network storm detection module;
the network storm detection module is used for identifying a network storm fault according to the flow peak data, really generating a network storm source corresponding to the network storm fault, and generating a third alarm signal according to the network storm source and sending the third alarm signal to the alarm module;
the alarm module is used for alarming according to the first alarm signal, the second alarm signal, the third alarm signal and the flow alarm signal.
Preferably, the system further comprises a display module, and the flow statistic analysis module is further configured to fit a change curve between the flow peak data and time according to the flow peak data and corresponding time, and further configured to send the change curve between the flow peak data and time to the display module for display.
Preferably, the system further includes an IP detection module, configured to obtain an IP address of a user accessing the secondary device, and match the IP address of the user in a preset white list, where the preset white list includes a legal IP address, and if matching fails, determine the corresponding IP address of the user as an illegal IP address, and further configured to generate an IP alarm signal according to the illegal IP address, and send the IP alarm signal to an alarm module for alarming.
Preferably, the system further comprises: and the storage module is used for storing the network data packet and the traffic peak data.
Preferably, the network storm detecting module is specifically configured to perform traffic integration on the traffic peak data in a preset period to obtain a total traffic of a network communication layer, perform traffic integration on the traffic peak data of the same IP address in the preset period to obtain a traffic of a corresponding IP address, compare a ratio between a traffic of the IP address and the total traffic of the network communication layer with a preset ratio, and determine that a network storm fault occurs if the ratio between the traffic of the IP address and the total traffic of the network communication layer is greater than the preset ratio, and determine a network storm source according to the corresponding IP address.
In a second aspect, the invention provides a method for detecting a network communication fault of power secondary equipment, which comprises the following steps:
collecting network data packets of a network communication layer of secondary equipment;
analyzing the network data packet to obtain analysis data, wherein the analysis data comprises a protocol type, data content and a source and destination address;
judging whether the protocol type is a preset protocol type or not, and if the protocol type is judged not to be the preset protocol type, generating a first alarm signal according to the corresponding protocol type and a source-destination address to alarm; if the protocol type is judged to be the preset protocol type, judging whether the data content conforms to the preset protocol stipulation condition or not according to the protocol type, and if the data content does not conform to the preset protocol stipulation condition, generating a second alarm signal according to the corresponding data content and a source destination address to alarm;
acquiring flow peak data in the network communication layer, judging whether the flow peak data exceeds a preset flow threshold value, and generating a flow alarm signal to alarm if the flow peak data exceeds the preset flow threshold value;
and identifying the network storm fault according to the flow peak data, determining a network storm source corresponding to the network storm fault, and generating a third alarm signal according to the network storm source to alarm.
Preferably, the method further comprises:
and fitting a change curve between the flow peak data and the time according to the flow peak data and the corresponding time, and displaying the change curve between the flow peak data and the time.
Preferably, the method further comprises:
and acquiring a user IP address for accessing the secondary equipment, matching the user IP address in a preset white list, wherein the preset white list comprises a legal IP address, if the matching fails, judging the corresponding user IP address as an illegal IP address, and generating an IP alarm signal according to the illegal IP address to alarm.
Preferably, the method further comprises: and storing the network data packet and the traffic peak data.
Preferably, the step of identifying the network storm fault according to the traffic peak data, and determining the network storm source corresponding to the network storm fault specifically includes:
performing flow integration on the flow peak data in a preset period to obtain the total flow of a network communication layer;
performing flow integration on the flow peak data of the same IP address in a preset period to obtain the flow of the corresponding IP address;
and comparing the ratio of the flow of the IP address to the total flow of the network communication layer with a preset ratio, if the ratio of the flow of the IP address to the total flow of the network communication layer is greater than the preset ratio, judging that a network storm fault occurs, and determining a network storm source according to the corresponding IP address.
According to the technical scheme, the invention has the following advantages:
the method comprises the steps of acquiring a network data packet of a network communication layer of secondary equipment, analyzing the network data packet to obtain analyzed data, judging whether the protocol type is a preset protocol type or not by the aid of the analyzed data which comprises the protocol type, data content and a source destination address, and generating a first alarm signal according to the corresponding protocol type and the source destination address if the protocol type is judged not to be the preset protocol type; if the protocol type is judged to be the preset protocol type, judging whether the data content conforms to the preset protocol stipulation condition or not according to the protocol type, and if the data content does not conform to the preset protocol stipulation condition, generating a second alarm signal according to the corresponding data content and the source destination address; the method comprises the steps that flow peak data in a network communication layer are also obtained, whether the flow peak data exceed a preset flow threshold value or not is judged, and if the flow peak data exceed the preset flow threshold value is judged, a flow alarm signal is generated; and identifying the network storm fault according to the flow peak data, determining a network storm source corresponding to the network storm fault, and generating a third alarm signal according to the network storm source. Therefore, whether the transmission data of the network transmission layer of the secondary equipment is effective or not and the validity can be judged, and the functionality of fault diagnosis is improved.
Drawings
Fig. 1 is a schematic structural diagram of a network communication fault detection system of a power secondary device according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for detecting a network communication fault of a power secondary device according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
For easy understanding, referring to fig. 1, the present invention provides a system for detecting a network communication fault of a power secondary device, including: the system comprises a network data acquisition module 100, a network analysis module 200, a network data diagnosis module 300, a flow statistic analysis module 400, a network storm detection module 500 and an alarm module 600;
the network data acquisition module 100 is configured to acquire a network data packet of a network communication layer of the secondary device, and send the network data packet to the network analysis module 200;
it is understood that, in order to capture as many network packets as possible in the network communication layer, the acquisition network card may be set to a promiscuous mode.
The network analysis module 200 is configured to analyze the network data packet to obtain analysis data, where the analysis data includes a protocol type, data content, and a source and destination address; the parsed data is sent to the network data diagnostic module 300.
The protocol type is a network transmission protocol or a transfer protocol for short, and includes Telnet, FTP, SMTP, HTTP, DNS, etc., a transfer protocol is required for messages between different programs in the operating system to ensure that both parties can communicate, and the data format, field, length, etc. of the data content corresponding to different protocol types have different protocols.
The network data diagnosis module 300 is configured to determine whether the protocol type is a preset protocol type, and if the protocol type is not the preset protocol type, generate a first alarm signal according to the corresponding protocol type and the source-destination address, and send the first alarm signal to the alarm module 600; if the protocol type is judged to be the preset protocol type, judging whether the data content conforms to the preset protocol condition according to the protocol type, and if the data content does not conform to the preset protocol condition, generating a second alarm signal according to the corresponding data content and the source destination address and sending the second alarm signal to an alarm module 600;
it can be understood that the data content may be analyzed according to the protocol type, so as to obtain a data field length, a data type, a data size, and the like, and then it is determined whether the actual data content is consistent with the theoretical data content in the protocol type, if not, it is determined that the data content is abnormal, and a second alarm signal is generated according to the corresponding data content and the source destination address and sent to the alarm module 600.
The flow statistic analysis module 400 is configured to obtain flow peak data in the network communication layer, determine whether the flow peak data exceeds a preset flow threshold, and generate a flow alarm signal and send the flow alarm signal to the alarm module 600 if the flow peak data exceeds the preset flow threshold; and is further configured to send the traffic peak data to the network storm detection module 500;
the network storm detecting module 500 is configured to identify a network storm fault according to the traffic peak data, determine a network storm source corresponding to the network storm fault, generate a third alarm signal according to the network storm source, and send the third alarm signal to the alarm module 600;
it can be understood that a network storm fault may occur due to a decrease in network performance and even network breakdown caused by the data frame being spread by a large number of copies in a network segment.
The alarm module 600 is configured to alarm according to the first alarm signal, the second alarm signal, the third alarm signal, and the flow alarm signal.
The embodiment provides a network communication fault detection system for secondary power equipment, which is characterized in that a network data packet of a network communication layer of the secondary power equipment is acquired, the network data packet is analyzed to obtain analysis data, the analysis data comprises a protocol type, data content and a source destination address, whether the protocol type is a preset protocol type is judged, and if the protocol type is not judged to be the preset protocol type, a first alarm signal is generated according to the corresponding protocol type and the source destination address; if the protocol type is judged to be the preset protocol type, judging whether the data content conforms to the preset protocol stipulation condition or not according to the protocol type, and if the data content does not conform to the preset protocol stipulation condition, generating a second alarm signal according to the corresponding data content and the source destination address; the method comprises the steps that flow peak data in a network communication layer are also obtained, whether the flow peak data exceed a preset flow threshold value or not is judged, and if the flow peak data exceed the preset flow threshold value is judged, a flow alarm signal is generated; and identifying the network storm fault according to the flow peak data, determining a network storm source corresponding to the network storm fault, and generating a third alarm signal according to the network storm source. Therefore, whether the transmission data of the network transmission layer of the secondary equipment is effective and legal can be judged, and the fault diagnosis functionality is improved.
In a specific embodiment, the system further includes a display module, and the flow statistical analysis module is further configured to fit a variation curve between the flow peak data and time according to the flow peak data and the corresponding time, and further configured to send the variation curve between the flow peak data and time to the display module for display.
It can be understood that the flow peak data and the corresponding time are fitted to a change curve between the flow peak data and the time, so that a user can look up and analyze data of other modules, the network operation state is observed through the counted performance indexes, the network change trend is analyzed, factors influencing the network performance are found out, and the network fault is predicted.
In a specific embodiment, the system further includes an IP detection module, configured to obtain an IP address of a user accessing the secondary device, and match the IP address of the user in a preset white list, where the preset white list includes a legal IP address, and if the matching fails, determine the corresponding IP address of the user as an illegal IP address, and further configured to generate an IP alarm signal according to the illegal IP address, and send the IP alarm signal to the alarm module for alarm.
It will be appreciated that by checking for illegitimate IP addresses, network security may be improved.
In one embodiment, the system further comprises: and the storage module is used for storing the network data packet and the traffic peak data.
The network data packet and the traffic peak data may be stored in a log format.
In a specific embodiment, the network storm detecting module is specifically configured to perform traffic integration on traffic peak data in a preset period to obtain a total traffic of a network communication layer, perform traffic integration on the traffic peak data of the same IP address in the preset period to obtain a traffic of a corresponding IP address, compare a ratio between the traffic of the IP address and the total traffic of the network communication layer with a preset ratio, and determine that a network storm fault occurs if the ratio between the traffic of the IP address and the total traffic of the network communication layer is greater than the preset ratio, and determine a network storm source according to the corresponding IP address.
The threshold value of the ratio can be preset, and the preset ratio can be dynamically compensated according to historical data so as to improve the judgment accuracy. Meanwhile, in another example, network failures may be handled hierarchically according to the number of failures.
The above is a detailed description of an embodiment of a system for detecting a network communication fault of a power secondary device according to the present invention, and the following is a detailed description of an embodiment of a method for detecting a network communication fault of a power secondary device according to the present invention.
For convenience of understanding, please refer to fig. 2, the method for detecting a network communication fault of a power secondary device according to the present invention includes the following steps:
s1, collecting a network data packet of a network communication layer of secondary equipment;
s2, analyzing the network data packet to obtain analyzed data, wherein the analyzed data comprises a protocol type, data content and a source and destination address;
s3, judging whether the protocol type is a preset protocol type or not, and if the protocol type is judged not to be the preset protocol type, generating a first alarm signal according to the corresponding protocol type and the source and destination address to alarm; if the protocol type is judged to be the preset protocol type, judging whether the data content conforms to the preset protocol condition or not according to the protocol type, and if the data content does not conform to the preset protocol condition, generating a second alarm signal according to the corresponding data content and the source destination address to alarm;
s4, obtaining flow peak data in a network communication layer, judging whether the flow peak data exceeds a preset flow threshold value, and if the flow peak data exceeds the preset flow threshold value, generating a flow alarm signal to alarm;
and S5, identifying the network storm fault according to the flow peak data, determining a network storm source corresponding to the network storm fault, and generating a third alarm signal according to the network storm source to alarm.
In one embodiment, the method further comprises:
and fitting a change curve between the flow peak data and the time according to the flow peak data and the corresponding time, and displaying the change curve between the flow peak data and the time.
In one embodiment, the method further comprises:
and acquiring a user IP address for accessing the secondary equipment, matching the user IP address in a preset white list, wherein the preset white list comprises a legal IP address, judging the corresponding user IP address as an illegal IP address if the matching fails, and generating an IP alarm signal according to the illegal IP address to alarm.
In one embodiment, the method further comprises: storing the network data packets and the traffic peak data.
In one embodiment, the step of identifying the network storm fault according to the traffic peak data, and determining the network storm source corresponding to the network storm fault specifically includes:
performing flow integration on the flow peak data in a preset period to obtain the total flow of a network communication layer;
performing flow integration on the flow peak data of the same IP address in a preset period to obtain the flow of the corresponding IP address;
and comparing the ratio of the flow of the IP address to the total flow of the network communication layer with a preset ratio, if the ratio of the flow of the IP address to the total flow of the network communication layer is greater than the preset ratio, judging that a network storm fault occurs, and determining a network storm source according to the corresponding IP address.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the method described above may refer to the corresponding process in the foregoing system embodiment, and is not described herein again.
The invention provides a method for detecting network communication faults of electric power secondary equipment, which comprises the steps of acquiring a network data packet of a network communication layer of the secondary equipment, analyzing the network data packet to obtain analyzed data, judging whether the protocol type is a preset protocol type or not by judging whether the protocol type is the preset protocol type or not by the aid of the analyzed data which comprise the protocol type, data content and a source destination address, and generating a first alarm signal according to the corresponding protocol type and the source destination address if the protocol type is judged not to be the preset protocol type; if the protocol type is judged to be the preset protocol type, judging whether the data content conforms to the preset protocol stipulation condition or not according to the protocol type, and if the data content does not conform to the preset protocol stipulation condition, generating a second alarm signal according to the corresponding data content and the source destination address; flow peak data in a network communication layer is also obtained, whether the flow peak data exceeds a preset flow threshold value or not is judged, and if the flow peak data exceeds the preset flow threshold value, a flow alarm signal is generated; and identifying the network storm fault according to the flow peak data, determining a network storm source corresponding to the network storm fault, and generating a third alarm signal according to the network storm source. Therefore, whether the transmission data of the network transmission layer of the secondary equipment is effective and legal can be judged, and the fault diagnosis functionality is improved.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. The utility model provides a power secondary equipment network communication fault detection system which characterized in that includes: the system comprises a network data acquisition module, a network analysis module, a network data diagnosis module, a flow statistic analysis module, a network storm detection module and an alarm module;
the network data acquisition module is used for acquiring a network data packet of a network communication layer of the secondary equipment and sending the network data packet to the network analysis module;
the network analysis module is used for analyzing the network data packet to obtain analysis data, and the analysis data comprises a protocol type, data content and a source destination address; sending the analysis data to the network data diagnosis module;
the network data diagnosis module is used for judging whether the protocol type is a preset protocol type or not, and if the protocol type is not judged to be the preset protocol type, generating a first alarm signal according to the corresponding protocol type and a source-destination address and sending the first alarm signal to the alarm module; if the protocol type is judged to be a preset protocol type, judging whether the data content conforms to a preset protocol condition or not according to the protocol type, and if the data content does not conform to the preset protocol condition, generating a second alarm signal according to the corresponding data content and a source-destination address and sending the second alarm signal to the alarm module;
the flow statistic analysis module is used for acquiring flow peak data in the network communication layer, judging whether the flow peak data exceeds a preset flow threshold value, and if the flow peak data exceeds the preset flow threshold value, generating a flow alarm signal and sending the flow alarm signal to the alarm module; the system is also used for sending the traffic peak data to the network storm detection module;
the network storm detection module is used for identifying a network storm fault according to the flow peak data, really generating a network storm source corresponding to the network storm fault, and generating a third alarm signal according to the network storm source and sending the third alarm signal to the alarm module;
the alarm module is used for alarming according to the first alarm signal, the second alarm signal, the third alarm signal and the flow alarm signal.
2. The system according to claim 1, further comprising a display module, wherein the flow statistic analysis module is further configured to fit a variation curve between the flow peak data and time according to the flow peak data and corresponding time, and further configured to send the variation curve between the flow peak data and time to the display module for display.
3. The power secondary equipment network communication fault detection system of claim 1, further comprising an IP detection module, configured to obtain an IP address of a user accessing the secondary equipment, match the IP address of the user in a preset white list, where the preset white list includes a legal IP address, and if the matching fails, determine the corresponding IP address of the user as an illegal IP address, and further configured to generate an IP alarm signal according to the illegal IP address and send the IP alarm signal to an alarm module for alarm.
4. The power secondary equipment network communication fault detection system of claim 1, further comprising: and the storage module is used for storing the network data packet and the traffic peak data.
5. The system according to claim 1, wherein the network storm detection module is specifically configured to perform traffic integration on the traffic peak data in a preset period to obtain a total traffic of a network communication layer, perform traffic integration on the traffic peak data of the same IP address in the preset period to obtain a traffic of a corresponding IP address, compare a preset ratio with a ratio between the traffic of the IP address and the total traffic of the network communication layer, determine that a network storm fault occurs if the ratio between the traffic of the IP address and the total traffic of the network communication layer is greater than the preset ratio, and determine a network storm source according to the corresponding IP address.
6. A method for detecting network communication faults of power secondary equipment is characterized by comprising the following steps:
collecting network data packets of a network communication layer of secondary equipment;
analyzing the network data packet to obtain analysis data, wherein the analysis data comprises a protocol type, data content and a source and destination address;
judging whether the protocol type is a preset protocol type or not, and if the protocol type is judged not to be the preset protocol type, generating a first alarm signal according to the corresponding protocol type and a source-destination address to alarm; if the protocol type is judged to be the preset protocol type, judging whether the data content conforms to a preset protocol condition or not according to the protocol type, and if the data content does not conform to the preset protocol condition, generating a second alarm signal according to the corresponding data content and a source destination address to alarm;
acquiring flow peak data in the network communication layer, judging whether the flow peak data exceeds a preset flow threshold value, and generating a flow alarm signal to alarm if the flow peak data exceeds the preset flow threshold value;
and identifying the network storm fault according to the flow peak data, really generating a network storm source corresponding to the network storm fault, and generating a third alarm signal according to the network storm source to alarm.
7. The power secondary equipment network communication fault detection method according to claim 6, further comprising:
and fitting a change curve between the flow peak data and the time according to the flow peak data and the corresponding time, and displaying the change curve between the flow peak data and the time.
8. The power secondary equipment network communication fault detection method according to claim 6, further comprising:
and acquiring a user IP address for accessing the secondary equipment, matching the user IP address in a preset white list, wherein the preset white list comprises a legal IP address, if the matching fails, judging the corresponding user IP address as an illegal IP address, and generating an IP alarm signal according to the illegal IP address to alarm.
9. The power secondary equipment network communication fault detection method according to claim 6, further comprising: and storing the network data packet and the traffic peak data.
10. The method according to claim 6, wherein the step of identifying the network storm fault according to the traffic peak data includes the steps of:
performing flow integration on the flow peak data in a preset period to obtain the total flow of the network communication layer;
performing flow integration on the flow peak data of the same IP address in a preset period to obtain the flow of the corresponding IP address;
and comparing the ratio of the flow of the IP address to the total flow of the network communication layer with a preset ratio, if the ratio of the flow of the IP address to the total flow of the network communication layer is greater than the preset ratio, judging that a network storm fault occurs, and determining a network storm source according to the corresponding IP address.
CN202211043040.5A 2022-08-29 2022-08-29 Power secondary equipment network communication fault detection system and method Pending CN115242686A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211043040.5A CN115242686A (en) 2022-08-29 2022-08-29 Power secondary equipment network communication fault detection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211043040.5A CN115242686A (en) 2022-08-29 2022-08-29 Power secondary equipment network communication fault detection system and method

Publications (1)

Publication Number Publication Date
CN115242686A true CN115242686A (en) 2022-10-25

Family

ID=83681585

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211043040.5A Pending CN115242686A (en) 2022-08-29 2022-08-29 Power secondary equipment network communication fault detection system and method

Country Status (1)

Country Link
CN (1) CN115242686A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941534A (en) * 2022-12-08 2023-04-07 贵州电网有限责任公司 Network storm source tracing method for local area network of power system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941534A (en) * 2022-12-08 2023-04-07 贵州电网有限责任公司 Network storm source tracing method for local area network of power system

Similar Documents

Publication Publication Date Title
CN108055148B (en) Automatic traceable power wireless private network management diagnosis method
US8789182B2 (en) Security event logging in process control
CN101448277B (en) Method, system and device for processing wireless access network faults
EP2755416B1 (en) Method and apparatus for remotely locating wireless network fault
CN111049843A (en) Intelligent substation network abnormal flow analysis method
KR101375813B1 (en) Active security sensing device and method for intrusion detection and audit of digital substation
CN1866951B (en) Method and system for detecting shared access host machine in network
CN110417623B (en) Fault diagnosis method for Ethernet switch of intelligent substation
CA2493525A1 (en) Method and apparatus for outage measurement
CN104579818A (en) Detection method of network anomaly message of intelligent substation
CN111431864A (en) Internet of vehicles monitoring system, method and device and readable storage medium
US20080144523A1 (en) Traffic Monitoring Apparatus, Entry Managing Apparatus, and Network System
CN115242686A (en) Power secondary equipment network communication fault detection system and method
CN111490903A (en) Network data acquisition and processing method and device
CN105306246A (en) Method, device and server for automatic answering of network complaints
CN115001877A (en) Big data based information security operation and maintenance management system and method
CN113225342B (en) Communication abnormality detection method and device, electronic equipment and storage medium
CN218387540U (en) Electric power secondary equipment network communication fault detection system
CN116708224A (en) Network equipment health evaluation method, device and storage medium
US10338544B2 (en) Communication configuration analysis in process control systems
CN109587025B (en) Port self-learning intelligent substation switch
CN101222498B (en) Method for improving network security
CN114338074B (en) Automatic detection method and detection system for IP white list of power distribution terminal
CN113612647B (en) Alarm processing method and device
CN115174189A (en) Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination