CN115828233A - Data encapsulation method for dynamic security detection system of power grid - Google Patents
Data encapsulation method for dynamic security detection system of power grid Download PDFInfo
- Publication number
- CN115828233A CN115828233A CN202211445227.8A CN202211445227A CN115828233A CN 115828233 A CN115828233 A CN 115828233A CN 202211445227 A CN202211445227 A CN 202211445227A CN 115828233 A CN115828233 A CN 115828233A
- Authority
- CN
- China
- Prior art keywords
- data
- array
- attack
- paradigm
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention relates to the related technologies of power network security detection and data mining and packaging thereof, and discloses a data packaging method of a power grid dynamic security detection system. The method effectively packages the data of the attack behaviors faced and potentially faced by the power grid information system on the basis of the real valence attack parameter sequence, and lays a data foundation for the security inspection and the security protection of the high-precision power grid information system.
Description
Technical Field
The invention relates to the technical field of power grid power, in particular to a related technology of power network security attack and defense detection and data processing.
Background
At present, with the more frequent occurrence of network intrusion attack events in industrial control systems, especially power systems, scientific research personnel in academia and power grid enterprises become highly concerned about the information physical security problem. Foreign research institutions carry out deep research on the implementation mode and the safety protection system of network attacks in the power grid at the beginning of the 21 st century. The research institutes of China have also continuously researched the information safety problem in the electric power system, such as the system platform oriented to information-physical fusion, the simulation platform of the power grid information physical fusion system and the like. On the other hand, the national network company holds network security discussion meetings for many times, aims to improve the core capability of network security, and macroscopically researches a new method to solve the problem of security of a power grid information system. At present, the electric power information network in China is deployed according to the principle of 'safe partition, network special, transverse isolation and longitudinal authentication', and the safe partition is completed by utilizing passive defense devices such as physical isolation, logical isolation, firewalls and the like. However, these methods cannot defend against all possible intrusion attacks due to their limited protection capabilities and the diversification of network intrusion attacks. With the common application of information communication technology in each link of the power grid, the sources of information security problems become more complex and diversified.
Meanwhile, the current working situation of the power grid company is embodied in that the degree of unavoidable office dependence on an information network system is higher and higher, on one hand, the scale of an internal network is larger and larger, on the other hand, various working operation sub-networks of the power grid with different sizes are built by taking working contents as distinction, and on the other hand, the intersection of the power grid system and the internet is larger and larger. The information system carried on the network system of the power grid company is also very different in service logic and implementation means; how to ensure the security of the network system and the information system and data carried by the network system also becomes the focus of the power information security work.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a data encapsulation method for a dynamic security detection system of a power grid, which is used for carrying out data encapsulation on the attack behaviors faced and potentially faced by a power grid information system on the basis of a real valence attack parameter sequence.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows.
A systematic data encapsulation method for power grid attack and defense dynamic security detection is characterized in that an attack behavior clustering parameter recombination array with real attack parameter distinguishing utility identification is constructed based on network attack original data, attack behaviors are pre-mapped to the attack behavior clustering parameter recombination array through sequential continuous application of a preset data processing paradigm, then a two-dimensional equivalent traversal combination number-level difference data processing paradigm is adopted to carry out data parameter processing on the pre-mapped array, and data encapsulation is carried out on the attack behaviors which are faced by a power grid information system and are potentially faced according to comparison between data parameters and a preset threshold value or self-organization comparison inside the data parameters.
As a preferred technical solution of the present invention, the method for pre-mapping the attack behavior to the attack behavior clustering parameter reorganization array by sequentially and continuously applying the preset data processing paradigm specifically includes a three-level data paradigm: the 'zero-order orthogonal linear data projection paradigm' is a data progression, a recombined data filling process and a normalized row-column pre-specified data processing paradigm on an attack behavior clustering parameter recombination array.
As a preferred technical scheme of the invention, a first-level data paradigm is applied with data progression corresponding to a 'zeroth-order orthogonal linear data projection paradigm' on an attack behavior clustering parameter reorganization array, an attack behavior and attack behavior clustering parameter reorganization array (replacing an attack parameter initial clustering array) faced and potentially faced by a power grid information system is mapped on a blank configuration data array through the 'zeroth-order orthogonal linear data projection paradigm' respectively to obtain a two-dimensional configuration data array with a specific number of bits, and the two-dimensional configuration data array is recorded as an mxl configuration data array, wherein m and l correspond to the attack behavior and attack behavior clustering parameter reorganization array respectively;
as a preferred technical scheme of the invention, the second-level data paradigm applies a corresponding data filling process to obtain an attack behavior reorganization executable data array, the reorganization is to perform data filling on all attack behaviors in any attack behavior clustering parameter reorganization array in sequence, the executable data is a data marking code, the data marking code is converted from natural semantic description data based on the attack behaviors under the attack behavior clustering parameter reorganization array, as the subsequent data processing and optimizing process and each data processing paradigm only concern about the difference and the similarity of the attack behaviors under the attack behavior clustering parameter reorganization array, the data marking code is adopted to replace the natural semantic description of the attack behaviors under the attack behavior clustering parameter reorganization array, and the replaced data marking code is any executable data marking and selected from English letters, greece letters, arabic numerals, chinese characters and other conventional data marking;
as a preferred technical solution of the present invention, the third-level data paradigm applies a corresponding and new "normalized rank pre-specified data processing paradigm", wherein m data dimensions are specified to be expanded into rows in the horizontal direction, and l data dimensions are expanded into columns in the vertical direction; when any attack behavior or any combination of a plurality of attack behaviors is subjected to data processing paradigm application, the corresponding data processing object is presented as one group or a plurality of groups of data; when any clustering parameter or any combination of a plurality of clustering parameters is subjected to data processing paradigm application, the corresponding data processing objects are presented as one group or a plurality of groups of row data; the row-column cross data configuration is derived from an orthogonal data processing paradigm of an initial process of data mapping; here, the data processing object is an "executable data marker" constructed in the data filling process; and after the dimension is specified by the specification, the row and column marking data are read-only data, and a data transposition processing paradigm is established in advance for a data processing process needing row and column data conversion.
As a preferred technical solution of the present invention, the method further includes a fourth-level data paradigm of pre-mapping the attack behavior to the attack behavior clustering parameter reorganization array by sequentially and continuously applying the preset data processing paradigm: and the data transposition processing paradigm is used for performing transposition operation processing on the m multiplied by l configuration data array, thereby providing a standard data application format for a subsequent two-dimensional equivalent traversal combination number level difference data processing paradigm.
As a preferred technical solution of the present invention, the data parameterization processing is performed on the pre-mapped array using a "two-dimensional equivalent traversal combined number-level difference data processing paradigm", and specifically includes three progressive data processing steps: the method comprises the steps of firstly constructing a combined number processing process of a two-dimensional peer-to-peer data structure, secondly performing level difference data tabulation on each group of 2 x l configuration executable data tag arrays in cm2, and thirdly combining each group of 1 x l configuration (0,1) numerical value arrays through a sigma operator.
As a preferred technical scheme of the present invention, the first step specifically is:
constructing a combined number processing process of a two-dimensional peer-to-peer data structure, wherein the two-dimensional peer-to-peer takes the transposed row data as a basic dimension, two optional lines of data are taken as a second dimension, and two data pairs in the same row on the two lines of data form a group of two-dimensional peer-to-peer data pairs, so that each group of two-dimensional peer-to-peer data subarray obtained by construction contains 2l magnitude data or correspondingly contains l magnitude two-dimensional peer-to-peer data pairs; then, globally applying the two-dimensional peer-to-peer data pair to a complete m multiplied by l configuration executable data marking array constructed based on an attack behavior recombination executable data array, wherein a two-dimensional combination number applying mode is adopted for global application, and because the number array is transposed, the global two-dimensional combination applies corresponding cm2 magnitude:
the data units here are not single values, but are arrays of executable data markers in a 2 × l configuration corresponding to a set of two-dimensional, peer-to-peer data sub-arrays.
As a preferred technical solution of the present invention, the second step specifically is:
and (3) performing level difference data representation on each group of 2 × l configuration executable data mark arrays in cm2, and adopting the same data processing process as the global traversal combined numerical level difference data processing paradigm, namely: returning data 1, if any two data individuals selected in the same row of data objects are identical; returning data 0, if any two data individuals selected in the same row of data objects are different; the level difference data table shows that each group of 2 × l configuration executable data mark arrays are listed as 1 × l configuration (0,1) numerical value arrays; the step difference data table is obtained by performing step difference data table on the whole attack behavior recombination executable data array
Magnitude 1 × l configuration (0,1) numerical array.
As a preferred technical solution of the present invention, the third step specifically is: thirdly, combining each group of 1 × l configuration (0,1) numerical arrays through a sigma operator to obtain a fine difference target parameter j capable of reflecting the difference of two attack behaviors;
the mapping chain is as follows: j → 1 × l configuration (0,1) numerical array → 2 × l configuration can perform data tagging array → the attack behavior faced and potentially faced by the grid information system.
As an optimal technical solution of the present invention, the attack-protection multi-mapping data encapsulation processing is performed on the attack behaviors faced and potentially faced by the power grid information system according to the comparison between the data parameter and the preset threshold, specifically: and comparing the target parameter j representing the fine difference degree of the two attack behaviors with a preset difference degree threshold, packaging the two groups of attack behaviors into a group of mapping objects when the target parameter j is lower than the threshold, and dividing the two attack behaviors represented by the j higher than the difference degree threshold into independent mapping objects.
As a preferable technical solution of the present invention, the electricity is collated according to "internal self-organizing comparison based on data parameter valueThe network information system carries out attack-protection multi-mapping data encapsulation processing on the attack behaviors faced and potentially faced by the network information system, and the difference between the attack behaviors faced and potentially faced by the network information system and the preset threshold value is that a self-organization threshold value is adopted to replace a set threshold value, all fine difference degree target parameter values j are firstly constructed into a set C, and the data capacity of the set C is
Sorting the numerical values in the set C according to the numerical values, setting a percentage parameter, and performing data cutting on the set C to obtain a self-organization threshold value, wherein when the percentage parameter adopts a percentage range, the self-organization threshold value corresponds to a threshold value range; the percentage parameter is set to 60%, 50% -70%, other values or value ranges.
Adopt the produced beneficial effect of above-mentioned technical scheme to lie in: according to the invention, data encapsulation is carried out on the power grid attack behavior clustering parameter recombination array with real valence and attack behaviors faced by a power grid information system and potentially faced by the power grid information system, and a data basis is laid for development of high-precision specialized and dynamic power grid security inspection security tool modules. The beneficial effects are as follows.
The first two-stage data processing paradigm of the pre-mapping of the attack behavior to the attack behavior clustering parameter reorganization array has the following technical advantages: the first-order normal form and the second-order normal form correspond to a zero-order orthogonal linear data projection normal form and an attack behavior global executable data array in the initial parameter array data construction respectively, and specifically, the zero-order orthogonal linear data projection normal form is directly quoted, so the technical advantage of the zero-order orthogonal linear data projection normal form is consistent with the technical advantage of the zero-order orthogonal linear data projection normal form; for the attack behavior global executable data array, the global is replaced by the recombination, and the rest data processing modes and processes are kept consistent, so that all technical advantages are also reserved. The zero-order orthogonal linear data projection paradigm has the following technical advantages: the method has the technical advantages that the orthogonal and linear characteristics of attack behavior parameters are discovered and discovered fundamentally, meanwhile, the data bits are set artificially, the compatible union of the orthogonal data processing normal form, the linear data processing normal form and the zeroth order data processing normal form is realized, independent data groups projected in a blank data array are mutually expanded along different orthogonal data dimensions, numerical values are sequentially mapped onto the blank data bits on the selected orthogonal dimensions, the initial ends of k =2 data columns formed after orthogonal and linear projection (because one end of the data columns is manually designated as the initial end in advance) are set to be gathered to the original point of the blank data array but do not occupy the original point, k orthogonal dimension data lines radiated according to the original point are formed, and a direct data structure foundation is laid for the construction of a subsequent standard label system. Finally, it is worth noting that the zeroth order orthogonal linear data projection paradigm is introduced in different data processing links in sequence in the present study. The construction of the attack behavior global executable data array has the following technical advantages: firstly, an orthogonal and linear data processing paradigm of a zero-order orthogonal linear data projection paradigm is directly adopted, and conforms to data bits of k =2 zero-order data arrays, and orders of filled data on any dimension are counted from 1 in sequence, so that a labeling system has good normalization; secondly, as the zero-order orthogonal linear data projection paradigm is adopted, data filling in place can be directly carried out once on any attack parameter for all attack behaviors in sequence, so that the data array and subsequent data processing have good global property; finally, according to the overall reality of the data configuration, a label conversion model is provided for the filling data through careful research, on one hand, the following data processing and optimization processes and each data processing paradigm only concern about the difference and the sameness of the attack behavior under the attack parameter initial clustering array, so that the data marking codes are considered to be suitable for replacing the natural semantic description of the attack behavior under the attack parameter initial clustering array, and meanwhile, the data marking codes capable of meeting the difference representation are quite common, so that the data conversion is quite easy to realize, for example, the most common English letters such as English letters can meet the data conversion requirements under most situations (a double-letter mode can be adopted after the number of letters is exceeded, and the like). Finally, similar to the zeroth order orthogonal linear data projection paradigm, the zeroth order orthogonal linear data projection paradigm is introduced in different data processing links in the study.
The third-level and fourth-level data processing paradigms with the attack behavior pre-mapped to the attack behavior clustering parameter recombination array have the following technical advantages; the normalized pre-specification processing has the following technical advantages: before the 'two-dimensional equal traversal combined number level difference data processing paradigm' can perform data application processing on the attack behavior pre-map data array, the specification of the pre-mapped data array is necessary, because the dimension k of the data array constructed in the prior art is set to be more than or equal to 2, and for the condition that the k is not equal to 1, the label of the data dimension is an ordered arrangement formed by a plurality of numerical values, and compared with a simple combination, the label has orderliness, so the label sequence of the label must be determined, otherwise, the disorder is easy to occur in the subsequent data reference and processing process; in our data system, since initial k =2, it is only necessary to perform rank assignment to satisfy the requirement. The data transposition processing paradigm has the following technical advantages: the data transposition processing paradigm is an attachment to the normalized pre-specified processing, the former is directly triggered by the latter, and the construction of the transposition processing paradigm is necessary because the subsequent data processing has many possible row-column combinations, and the specification defines the degree of rotation of the data array, and a data processing process capable of solving this limitation must be constructed. Through detailed research and comparison of a team, a transposed paradigm is finally selected from processes such as a double transposed paradigm, a four-quadrant rotation, a degree traversal rotation and a continuous rotation paradigm, is simple enough, and can meet the current data processing requirements (for the subsequent situation that k is larger than or equal to 3, appropriate selection is carried out from other paradigms, or a brand-new processing paradigm is constructed).
The technical advantage of the two-dimensional peer-to-peer traversal combined level difference data processing paradigm is: the method is characterized in that the packaging selection of the attack behaviors faced and potentially faced by a power grid information system is represented as the comparison of a single data threshold through a series of data processing on the whole, a target parameter j representing the fine difference degree of the two attack behaviors is compared with a calibration difference degree threshold, and the mapping chain is as follows: j → 1 × l configuration (0,1) numerical array → 2 × l configuration can execute data marking array → attack behaviors faced and potentially faced by the power grid information system; when the difference degree is lower than the threshold, two groups of attack behaviors are packaged into a group of mapping objects, and the two attack behaviors represented by j higher than the difference degree threshold are divided into independent mapping objects (the calibration threshold can be selected from various options, such as a "pre-specified threshold" or a "self-organization threshold" determined in the research). Similarly, the processing paradigm also meets the requirements of datamation, objectivity, normalization and quantization, has expanded adaptability and adjustable elasticity, can adjust attack parameters, attack behaviors and comparison thresholds of a data base according to needs aiming at different protection purposes or based on different network environments, and keeps complete consistent applicability of data optimization and processing processes before and after adjustment because only the data base and the comparison thresholds are changed. In comparison with the single linear data process, the two-dimensional peer-to-peer traversal combined numerical difference data processing paradigm comprises at least two dimensions (and allows for the subsequent addition of other dimensions) of an attack behavior clustering parameter reorganization array and an attack behavior faced and potentially faced by a power grid information system.
The technical advantage of the first step of the two-dimensional peer-to-peer traversal combined level difference data processing is that: for k =2, where a two-dimensional multi-linear data combination in a matrix form is to be processed, we adopt a combination number model, firstly fix the restructuring parameter dimension, and then perform a sufficient amount of optional 2 operations from the attack behavior, in fact, this sufficient amount is generally performed in a traversal form, and perform global traversal on a complete m × l configuration executable data tag array constructed by an "attack behavior restructuring executable data array", and since the data array is not very large in general, a common server is sufficient to support the global data traversal (the operation process is in milliseconds); therefore, on the premise of being feasible in calculation, two-dimensional overall planning is carried out on all data, and objective data basis is provided for the accuracy and credibility of the final j residual value.
The technical advantages of the second step and the third step of the two-dimensional equivalent traversal combined number level difference data processing are as follows: in the step, the advantages and the data results of the first step are fully utilized, and it is noted that the overall situation is not subjected to secondary traversal, only the output result of the first step is subjected to single-thread application of the returned data rule, and the calculation process is almost completed instantly; the results we obtained are directly numerically represented and the binary model was chosen: 0. 1, the characterization of a data processing result is very remarkable; and moreover, a direct foundation is laid for data combination in the third step, so that the third step can be directly subjected to data summation, and the fine expression of the obtained parameter j on the difference degree of the two attack behaviors is not influenced or reduced.
The technical advantages of threshold setting are: the threshold value is set by manual designation generally, and basically, the threshold value is set according to the objective current situation of the safety protection of the power grid information system and the corresponding safety protection requirement; in any case, there are inevitable subjective factors inside; therefore, a brand-new data processing model of 'internal self-organization comparison based on data parameters' is developed, and the difference of the 'comparison between the data parameters and the preset threshold' is that a self-organization threshold is adopted to replace the set threshold, and the core of self-organization is 'head and tail pinching' type self-comparison in a data set. The development of the data processing model completely eliminates human factors for threshold value specification, and realizes objectivity and quantification of determination. In application, the data processing method can be used alone or combined with an artificial pre-specified model as a pre-specified auxiliary reference index.
Detailed Description
In the following description of embodiments, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
Example 1
The first-stage data normal form is applied to data progression on an attack behavior clustering parameter reorganization array corresponding to a zero-order orthogonal linear data projection normal form, an attack behavior and attack behavior clustering parameter reorganization array (replacing an attack parameter initial clustering array) faced and potentially faced by a power grid information system is mapped to a blank configuration data array through the zero-order orthogonal linear data projection normal form respectively to obtain a two-dimensional configuration data array with a specific number of bits, and the two-dimensional configuration data array is recorded as an mxl configuration data array, wherein m and l correspond to the attack behavior and attack behavior clustering parameter reorganization array respectively; specifically, the method comprises the following steps:
establishing a blank data array, mapping an attack behavior and attack behavior clustering parameter reorganization array faced and potentially faced by a power grid information system to the blank configuration data array through a zero-order orthogonal linear data projection paradigm to obtain a two-dimensional configuration data array with a specific number of bits, and recording the two-dimensional configuration data array as an mxl configuration data array, wherein m and l correspond to the attack behavior and attack behavior clustering parameter reorganization array respectively; the "zero order orthogonal linear data projection paradigm" is set to the sum of the following data processing paradigms: (1) orthogonal data processing paradigm: the projected data sets are mutually independent, spread along different data dimensions on a blank data array and are mutually orthogonal; (2) linear data processing paradigm: on the basis of an orthogonal data processing paradigm, numerical values contained in any projected data set are sequentially mapped to blank data bits on a selected orthogonal dimension, and the linear structure of the blank data bits after projection is unchanged; (3) zero order data processing paradigm: for k data columns formed after orthogonal and linear projection, one end of each data column is manually appointed to be a starting end, the starting ends of the k data columns are set to gather to the original point of the blank data array but do not occupy the original point, and k orthogonal dimensional lines radiating according to the original point are formed. The data operation corresponding to the zeroth order of the data processing paradigm (3) is to mark the original data bit of the blank data array, which is usually set as the top left initial data bit, as 0, and then the data bit labels of the k projected orthogonal data columns are all 0, so that the subsequent data filling forms a canonical label system starting from the number 1. K in the data processing paradigm (3) is assigned a value of 2 and corresponds to the following two data dimensions, respectively: attack behavior aggregation (and single attack), and attack behavior clustering parameter reorganization array (and single parameter).
Here, the application of the zero-order orthogonal linear data projection paradigm to the attack behavior clustering parameter reorganization array has the following advantages: the method has the advantages that the orthogonal and linear characteristics of attack behavior parameters are discovered and discovered fundamentally, meanwhile, the data bits are set artificially, the compatible combination of the orthogonal data processing normal form, the linear data processing normal form and the zeroth-order data processing normal form is realized, independent data groups projected in a blank data array are mutually expanded along different orthogonal data dimensions, numerical values are sequentially mapped onto the blank data bits on the selected orthogonal dimensions, the initial ends of k =2 data columns formed after orthogonal and linear projection (because one end of the data columns is manually designated as the initial end in advance) are set to be gathered to the original point of the blank data array but do not occupy the original point, k orthogonal dimensional data lines radiated according to the original point are formed, and a direct data structure basis is laid for the construction of a standard label system. (obviously, another advantage is the consistency of the data processing and data configuration architecture, i.e., maintaining consistent isomorphism with the initial array processing process).
It is worth mentioning that: the attack behavior clustering parameter reorganization array is constructed based on an attack parameter initial clustering array, the construction of the attack parameter initial clustering array is relatively simple, the existing attack parameters are collected after appropriate data configuration is selected, then certain parameters which have more real characteristic utility for attack behaviors faced and potentially faced by a power grid information system are selected as data objects, and the clustering parameter reorganization array is constructed after appropriate data configuration is selected. Currently, or prior to our research, it is common to manually specify and select recombination parameters; the manual designation is convenient, but the defects are also obvious, such as quantization errors caused by subjectivity and the like. The development of better recombination index data optimization and processing process also has important practical significance.
Example 2
Based on the mxl two-dimensional configuration data array obtained in the embodiment 1, further performing second-level data paradigm processing, and obtaining an "attack behavior reorganization executable data array" through a data filling process, where the reorganization is to perform data filling on attack behaviors faced and potentially faced by all power grid information systems sequentially under any attack behavior clustering parameter reorganization array, and the "executable" data is a data mark code, and the data mark code is converted from "natural semantic description data" based on attack behaviors under the attack behavior clustering parameter reorganization array.
The construction of the attack behavior reorganization executable data array has the following advantages: the method directly adopts an orthogonal and linear data processing paradigm of a zero-order orthogonal linear data projection paradigm, conforms to data bits of k =2 zero-order data arrays, and sequentially counts orders of the filled data on any dimension from 1, so that a labeling system has good normalization; secondly, because a zero-order orthogonal linear data projection paradigm is adopted, all attack behaviors can be directly filled with data once in place at any attack parameter in sequence, so that the data array and subsequent data processing have good global property; finally, according to the overall reality of the data configuration, a label conversion model is provided for the filling data through careful research, on one hand, the following data processing and optimization processes and each data processing paradigm only concern about the difference and the sameness of the attack behaviors under the attack parameter initial clustering array, so that the data marking codes are considered to be suitable for replacing the natural semantic description of the attack behaviors under the attack parameter initial clustering array, and meanwhile, the data marking codes capable of meeting the difference representation are quite common, so that the data conversion is quite easy to realize, for example, the most common English letters such as English letters can meet the data conversion requirements under most of conditions; a double letter mode may be used after the number of letters is exceeded, and so on. (Again, another advantage is the consistency of the data processing and data configuration hierarchy, i.e., maintaining consistent isomorphism with the initial array processing process).
Example 3
The third-level data paradigm applies a corresponding brand-new normalized row-column pre-specified data processing paradigm, and as the established blank configuration data and the 'zero-order orthogonal linear data projection paradigm' are mapped to obtain an mxl two-dimensional configuration data array, wherein m and l correspond to an attack behavior and a recombination array respectively, row-column specification of a binary number array forms a basis for normalized application of a subsequent data processing paradigm, m data dimensions are specified to be expanded into rows according to the horizontal direction, and l data dimensions are expanded into columns according to the vertical direction; when any attack behavior or any combination of a plurality of attack behaviors is subjected to data processing paradigm application, the corresponding data processing objects are presented as one group or a plurality of groups of data; when any clustering parameter or any combination of a plurality of clustering parameters is subjected to data processing paradigm application, the corresponding data processing objects are presented as one group or a plurality of groups of row data; the row-column intersection data configuration herein is derived from the "orthogonal data processing paradigm" of the data mapping period; here, the data processing object is an "executable data marker" constructed in the second-level data filling process; and after the dimension is specified by the specification, the row and column marking data are read-only data, and a data transposition processing paradigm is established in advance for a data processing process needing row and column data conversion.
The normalized pre-specification process has the following advantages: before the 'two-dimensional equal traversal combined number-level difference data processing paradigm' can carry out data application processing on the attack behavior recombination pre-mapping, specification designation of the data array is necessary, because the dimension k of the data array constructed by the former is set to be more than or equal to 2, and for the condition that k is not equal to 1, the label of the data dimension is an ordered arrangement formed by a plurality of values, and compared with a pure combination, the label has ordering, so the label order must be determined, otherwise, disorder is easy to occur in the subsequent data reference and processing process; in our data system, since initial k =2, it is only necessary to perform rank assignment to satisfy the requirement.
Example 4
The fourth-level data paradigm corresponds to a data transposition processing paradigm, and transposition operation processing is carried out on the mxl configuration data array, so that a standard data applying format is provided for a subsequent two-dimensional equivalent traversal combined number-level difference data processing paradigm.
The data transposition processing paradigm has the following advantages: the data transposition processing paradigm is an attachment of normalized pre-specified processing, the former is directly caused by the latter, and the construction of the transposition processing paradigm is necessary because the subsequent data processing has a plurality of possible row-column combinations, and the normalization limits the rotation degree of the data array, and a data processing process capable of solving the limitation is necessary. Through careful research and comparison of a team, a transposition paradigm is finally selected from processes such as a double transposition paradigm, four quadrant rotation, degree traversal rotation, a continuous rotation paradigm, and the like, and the transposition paradigm is simple enough and can meet the current data processing requirements (subsequently, for the situation that k is larger than or equal to 3, the transposition paradigm should be selected properly from other paradigms, or a brand-new processing paradigm is constructed).
Example 5
The method comprises the following steps of performing data parameter processing on a pre-mapping array by using a two-dimensional equivalent traversal combined number-level difference data processing paradigm, and specifically comprises the following three progressive data processing steps: the method comprises the steps of firstly constructing a combined number processing process of a two-dimensional peer-to-peer data structure, secondly performing level difference data representation on each group of 2 x l configuration executable data tag arrays in cm2, and thirdly combining each group of 1 x l configuration (0,1) numerical value arrays through a sigma operator.
The technical advantages are that: the method is characterized in that the packaging selection of the attack behaviors faced and potentially faced by a power grid information system is represented as the comparison of a single data threshold through a series of data processing on the whole, a target parameter j representing the fine difference degree of the two attack behaviors is compared with a calibration difference degree threshold, and the mapping chain is as follows: j → 1 × l configuration (0,1) numerical array → 2 × l configuration can execute data marking array → attack behaviors faced and potentially faced by the power grid information system; when the difference degree is lower than the threshold, two groups of attack behaviors are packaged into a group of mapping objects, and the two attack behaviors represented by j higher than the difference degree threshold are divided into independent mapping objects (the calibration threshold can be selected from various options, such as a "pre-specified threshold" or a "self-organization threshold" determined in the research). Similarly, the processing paradigm also meets the requirements of datamation, objectivity, normalization and quantization, has expanded adaptability and adjustable elasticity, can adjust attack parameters, attack behaviors and comparison thresholds of a data base as required aiming at different protection purposes or based on different network environments, and keeps complete consistent applicability of data optimization and processing processes before and after adjustment because only the data base and the comparison thresholds are changed. In addition, compared with the single linear data process, the two-dimensional peer-to-peer traversal combined numerical difference data processing paradigm comprises at least two dimensions (and allows for the subsequent addition of other dimensions) of an attack behavior clustering parameter reorganization array and attack behaviors faced and potentially faced by the power grid information system.
Example 6
Constructing a combined number processing process of a two-dimensional peer-to-peer data structure, wherein two-dimensional peer-to-peer takes the transposed row data as a basic dimension, two lines of data are selected as a second dimension at the same time, and two data pairs in the same row on the two lines of data form a group of two-dimensional peer-to-peer data pairs, so that each group of two-dimensional peer-to-peer data subarrays obtained by construction contains 2 l-magnitude data or correspondingly contains l-magnitude two-dimensional peer-to-peer data pairs; then, the two-dimensional peer-to-peer data pair construction process is globally applied to a complete mxl configuration executable data mark array constructed based on an attack behavior reorganization executable data array, a two-dimensional combination number applying mode is adopted for global application, and the number array is transposed, so that the global two-dimensional combination applies corresponding cm2 magnitude:
the data units here are not single values, but are arrays of executable data markers in a 2 x l configuration corresponding to a set of two-dimensional, equal sub-arrays of data.
The technical advantages are that: for k =2, where a two-dimensional multi-linear data combination in a matrix form is to be processed, we adopt a combination number model, firstly fix the restructuring parameter dimension, and then perform a sufficient amount of optional 2 operations from the attack behavior, in fact, this sufficient amount is generally performed in a traversal form, and perform global traversal on a complete m × l configuration executable data tag array constructed by an "attack behavior restructuring executable data array", and since the data array is not very large in general, a common server is sufficient to support the global data traversal (the operation process is in milliseconds); therefore, on the premise of being feasible in calculation, two-dimensional overall planning is carried out on all data, and objective data basis is provided for the accuracy and credibility of the final j residual value.
Example 7
And (3) performing level difference data tabulation on each set of 2 × l configuration executable data tag arrays in cm2, and adopting the same data processing process as a global traversal combined number level difference data processing paradigm, namely: returning data 1, if any two data individuals selected in the same row of data objects are identical; returning data 0, if any two data individuals selected in the same row of data objects are different; the level difference data table shows that each group of 2 × l configuration executable data mark arrays are listed as 1 × l configuration (0,1) numerical value arrays; the step difference data table is obtained by carrying out step difference data table on the whole attack behavior recombination executable data array
Magnitude 1 × l configuration (0,1) numerical array.
Further, combining each group of 1 × l configuration (0,1) numerical arrays through a sigma operator to obtain a fine difference target parameter j capable of reflecting the difference of two attack behaviors;
the mapping chain is as follows: j → 1 × l configuration (0,1) numerical array → 2 × l configuration can perform data tagging array → the attack behavior faced and potentially faced by the grid information system.
The technical advantages are that: in the step, the advantages and the data results of the first step are fully utilized, and it is noted that the overall situation is not subjected to secondary traversal, only the output result of the first step is subjected to single-thread application of the returned data rule, and the calculation process is almost completed instantly; the results we obtained are directly numerically represented and the binary model was chosen: 0. 1, the characterization of a data processing result is very remarkable; and moreover, a direct foundation is laid for data combination in the third step, so that the third step can be directly subjected to data summation, and the fine expression of the obtained parameter j on the difference degree of the two attack behaviors is not influenced or reduced.
Example 8
According to the comparison between the data parameter and the preset threshold, carrying out attack-protection multi-mapping data encapsulation processing on the attack behaviors faced by and potentially faced by the power grid information system, specifically: and comparing the target parameter j representing the fine difference of the two attack behaviors with a preset difference threshold, packaging the two attack behaviors into a group of mapping objects when the target parameter j is lower than the threshold, and dividing the two attack behaviors represented by the j higher than the difference threshold into independent mapping objects.
Carrying out attack-protection multi-mapping data encapsulation processing on the attack behaviors faced and potentially faced by a power grid information system according to ' data parameter internal self-organization comparison ', wherein the difference between the data parameter internal self-organization comparison ' and the preset threshold value is that a self-organization threshold value is adopted to replace a set threshold value, firstly, all fine difference degree target parameter j is constructed into a set C, and then the data capacity of the set C is
Sorting the numerical values in the set C according to the numerical values, setting a percentage parameter, and performing data cutting on the set C to obtain a self-organization threshold value, wherein when the percentage parameter adopts a percentage range, the self-organization threshold value corresponds to a threshold range; the percentage parameter is set to 60%, 50% -70%, other values or value ranges.
The technical advantages are that: the setting of the threshold value is usually specified manually, and basically is based on the objective current situation of the safety protection of the power grid information system and the corresponding safety protection requirement; in any case, there are inevitable subjective factors inside; therefore, a brand-new data processing model of 'internal self-organization comparison based on data parameters' is developed, and the difference of the 'comparison between the data parameters and the preset threshold' is that a self-organization threshold is adopted to replace the set threshold, and the core of self-organization is 'head and tail pinching' type self-comparison in a data set. The development of the data processing model completely eliminates human factors for threshold value specification, and realizes objectivity and quantification of determination. In application, the data processing method can be used alone or combined with an artificial pre-specified model as a pre-specified auxiliary reference index.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Each functional unit in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow in the method according to the embodiments of the present invention may also be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of the embodiments of the method. . Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, recording medium, U.S. disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution media, and the like. It should be noted that the computer-readable medium may contain suitable additions or subtractions depending on the requirements of legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer-readable media may not include electrical carrier signals or telecommunication signals in accordance with legislation and patent practice.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein.
Claims (12)
1. A systematic data encapsulation method for dynamic security detection of a power grid is disclosed, which is characterized in that an attack behavior clustering parameter recombination array with real attack parameter distinguishing utility identification is constructed based on network attack original data, and the method comprises the following steps: the method comprises the steps of pre-mapping attack behaviors to an attack behavior clustering parameter reorganization array through sequential continuous application of a preset data processing normal form, then carrying out data parameter processing on the pre-mapped array through a two-dimensional equivalent traversing combination number-level difference data processing normal form, and carrying out data encapsulation on the attack behaviors which are faced by a power grid information system and are potentially faced by the power grid information system according to comparison between data parameters and a preset threshold value or self-organization comparison inside the data parameters.
2. The systematic data encapsulation method for power grid dynamic security detection according to claim 1, wherein: wherein, apply mechanically in proper order through predetermineeing the data processing paradigm and remap the aggressive behavior to the aggressive behavior clustering parameter reorganization array in advance, specifically include tertiary data paradigm: the 'zero-order orthogonal linear data projection paradigm' is a data progression, a recombined data filling process and a normalized row-column pre-specified data processing paradigm on an attack behavior clustering parameter recombination array.
3. The systematic data encapsulation method for power grid dynamic security detection according to claim 2, wherein: the first-stage data paradigm is applied with data progression on an attack behavior clustering parameter reorganization array corresponding to a zero-order orthogonal linear data projection paradigm, an attack behavior and an attack behavior clustering parameter reorganization array (replacing an attack parameter initial clustering array) which is faced and potentially faced by a power grid information system are mapped to the blank configuration data array through the zero-order orthogonal linear data projection paradigm respectively, a two-dimensional configuration data array with a specific number of bits is obtained and recorded as an mxl configuration data array, and m and l correspond to the attack behavior and attack behavior clustering parameter reorganization array respectively.
4. The systematic data encapsulation method for power grid dynamic security detection according to claim 2, wherein: and the second-level data paradigm is applied with a corresponding data filling process to obtain an attack behavior reorganization executable data array, the reorganization is realized by sequentially filling all attack behaviors in any attack behavior clustering parameter reorganization array, the data which can be executed is a data marking code, the data marking code is formed by converting natural semantic description data based on the attack behaviors in the attack behavior clustering parameter reorganization array, the following data processing and optimizing process and each data processing paradigm only concern about the difference and the sameness of the attack behaviors in the attack behavior clustering parameter reorganization array, so that the data marking code is adopted to replace the natural semantic description of the attack behaviors in the attack behavior clustering parameter reorganization array, and the replaced data marking code is any executable data marking, including letters, greek letters, arabic numerals, chinese characters and other conventional data marks, and one English is selected.
5. The systematic data encapsulation method for power grid dynamic security detection according to claim 2, wherein: the third-level data normal form uses a corresponding brand-new normalized row-column pre-specified data processing normal form, wherein m data dimensions are specified to be expanded into rows according to the horizontal direction, and l data dimensions are expanded into columns according to the vertical direction; when any attack behavior or any combination of a plurality of attack behaviors is subjected to data processing paradigm application, the corresponding data processing objects are presented as one group or a plurality of groups of data; when any clustering parameter or any combination of a plurality of clustering parameters is subjected to data processing paradigm application, the corresponding data processing objects are presented as one group or a plurality of groups of row data; the row-column cross data configuration is derived from an orthogonal data processing paradigm of an initial process of data mapping; here, the data processing object is an "executable data marker" constructed in the data filling process; and after the dimension is specified by the specification, the row and column marking data are read-only data, and a data transposition processing paradigm is established in advance for a data processing process needing row and column data conversion.
6. The systematic data encapsulation method for power grid dynamic security detection according to claim 2, wherein: wherein, through the consecutive applying mechanically in proper order of presetting the data processing paradigm attack action is remapped to attack action clustering parameter and is reorganized the array, still include fourth level data paradigm: and the data transposition processing paradigm is used for performing transposition operation processing on the mxl configuration data array, so that a standard data application format is provided for a subsequent two-dimensional equivalent traversal combined numerical difference data processing paradigm.
7. The systematic data encapsulation method for power grid dynamic security detection according to claim 1, wherein: the method specifically comprises three progressive data processing steps of performing data parameter processing on a pre-mapping number array by using a two-dimensional equivalent traversal combination number-level difference data processing paradigm: the method comprises the steps of firstly constructing a combined number processing process of a two-dimensional peer-to-peer data structure, secondly performing level difference data representation on each group of 2 x l configuration executable data tag arrays in cm2, and thirdly combining each group of 1 x l configuration (0,1) numerical value arrays through a sigma operator.
8. The systematic data encapsulation method for power grid dynamic security detection according to claim 7, wherein: the first step is specifically:
constructing a combined number processing process of a two-dimensional peer-to-peer data structure, wherein the two-dimensional peer-to-peer takes the transposed row data as a basic dimension, two optional column data are taken as a second dimension, two data pairs in the same row on the two column data form a group of two-dimensional peer-to-peer data pairs, and each group of two-dimensional peer-to-peer data subarray obtained by construction comprises 2 l-magnitude data or correspondingly comprises l-magnitude two-dimensional peer-to-peer data pairs; then, the two-dimensional peer-to-peer data pair construction process is globally applied to a complete mxl configuration executable data mark array constructed based on an attack behavior reorganization executable data array, a two-dimensional combination number applying mode is adopted for global application, and the number array is transposed, so that the global two-dimensional combination applies corresponding cm2 magnitude:
9. the systematic data encapsulation method for power grid dynamic security detection according to claim 7, wherein: the second step is specifically as follows:
and (3) performing level difference data representation on each group of 2 × l configuration executable data mark arrays in cm2, and adopting the same data processing process as the global traversal combined numerical level difference data processing paradigm, namely: returning data 1, if any two data individuals selected in the same row of data objects are identical; returning data 0, if any two data individuals selected in the same row of data objects are different; the level difference data table shows that each group of 2 × l configuration executable data mark arrays are listed as 1 × l configuration (0,1) numerical value arrays; the step difference data table is obtained by carrying out step difference data table on the whole attack behavior recombination executable data array
Magnitude 1 × l configuration (0,1) numerical array.
10. The systematic data encapsulation method for power grid dynamic security detection according to claim 7, wherein: the third step is specifically:
thirdly, combining each group of 1 × l configuration (0,1) numerical arrays through a sigma operator to obtain a fine difference target parameter j capable of reflecting the difference of two attack behaviors;
11. the systematic data encapsulation method for power grid dynamic security detection according to claim 1, wherein: the method comprises the following steps of carrying out attack-protection multi-mapping data encapsulation processing on attack behaviors faced by a power grid information system and potentially faced by the power grid information system according to comparison of data parameters and a preset threshold, and specifically comprises the following steps: and comparing the target parameter j representing the fine difference degree of the two attack behaviors with a preset difference degree threshold, packaging the two groups of attack behaviors into a group of mapping objects when the target parameter j is lower than the threshold, and dividing the two attack behaviors represented by the j higher than the difference degree threshold into independent mapping objects.
12. The systematic data encapsulation method for power grid dynamic security detection according to claim 1, wherein: the method comprises the steps of carrying out attack-protection multi-mapping data encapsulation processing on attack behaviors faced and potentially faced by a power grid information system according to ' data parameter internal self-organization comparison ', wherein the difference between the data parameter internal self-organization comparison ' and ' comparison of the data parameter and a preset threshold ' is that a self-organization threshold is adopted to replace a set threshold, firstly, all fine difference target parameters j are constructed into a set C, and then the data capacity of the set C is
Sorting the numerical values in the set C according to the numerical values, setting a percentage parameter to cut the data of the set C to obtain a self-organization threshold, and when the percentage parameter adopts a percentage range, performing self-organization on the threshold pairShould be a threshold range; the percentage parameter is set to 60%, 50% -70%, other values or value ranges.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211445227.8A CN115828233B (en) | 2022-11-18 | 2022-11-18 | Data packaging method for dynamic safety detection system of power grid |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211445227.8A CN115828233B (en) | 2022-11-18 | 2022-11-18 | Data packaging method for dynamic safety detection system of power grid |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115828233A true CN115828233A (en) | 2023-03-21 |
| CN115828233B CN115828233B (en) | 2023-05-12 |
Family
ID=85529042
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211445227.8A Active CN115828233B (en) | 2022-11-18 | 2022-11-18 | Data packaging method for dynamic safety detection system of power grid |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115828233B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116595578A (en) * | 2023-04-26 | 2023-08-15 | 国网河南省电力公司信息通信分公司 | Power network self-checking attack and defense safety data system |
| CN117406668A (en) * | 2023-12-14 | 2024-01-16 | 邢台金昆冶金机械有限公司 | Roller quality control data model based on numerical analysis and application thereof |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853428A (en) * | 2009-04-03 | 2010-10-06 | 范晓 | Remote characteristic query system and method |
| CN107733913A (en) * | 2017-11-04 | 2018-02-23 | 武汉虹旭信息技术有限责任公司 | Based on 5G network attacks traceability system and its method |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
| CN111737688A (en) * | 2020-06-08 | 2020-10-02 | 上海交通大学 | Attack defense system based on user portrait |
| CN112187773A (en) * | 2020-09-23 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | Method and device for mining network security vulnerability |
| CN113037567A (en) * | 2021-04-01 | 2021-06-25 | 国网河北省电力有限公司电力科学研究院 | Network attack behavior simulation system and method for power grid enterprise |
| CN114448718A (en) * | 2022-03-03 | 2022-05-06 | 国网河北省电力有限公司电力科学研究院 | Network security guarantee method for parallel detection and repair |
| CN115189939A (en) * | 2022-07-08 | 2022-10-14 | 国网甘肃省电力公司信息通信公司 | HMM model-based power grid network intrusion detection method and system |
-
2022
- 2022-11-18 CN CN202211445227.8A patent/CN115828233B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853428A (en) * | 2009-04-03 | 2010-10-06 | 范晓 | Remote characteristic query system and method |
| CN107733913A (en) * | 2017-11-04 | 2018-02-23 | 武汉虹旭信息技术有限责任公司 | Based on 5G network attacks traceability system and its method |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
| CN111737688A (en) * | 2020-06-08 | 2020-10-02 | 上海交通大学 | Attack defense system based on user portrait |
| CN112187773A (en) * | 2020-09-23 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | Method and device for mining network security vulnerability |
| CN113037567A (en) * | 2021-04-01 | 2021-06-25 | 国网河北省电力有限公司电力科学研究院 | Network attack behavior simulation system and method for power grid enterprise |
| CN114448718A (en) * | 2022-03-03 | 2022-05-06 | 国网河北省电力有限公司电力科学研究院 | Network security guarantee method for parallel detection and repair |
| CN115189939A (en) * | 2022-07-08 | 2022-10-14 | 国网甘肃省电力公司信息通信公司 | HMM model-based power grid network intrusion detection method and system |
Non-Patent Citations (4)
| Title |
|---|
| BOTAO HOU等: "Information Flow Based Cyber-Physical Power System Modeling and Simulation", 《 2021 IEEE 5TH CONFERENCE ON ENERGY INTERNET AND ENERGY SYSTEM INTEGRATION (EI2)》 * |
| 左晓军等: "信息安全基线技术在电网企业中的研究与应用", 《科技视界》 * |
| 曹宏宇等: "一种基于环境特征的智能电能表初值优选型K-means聚类算法", 《电测与仪表》 * |
| 郭禹伶等: "基于模糊聚类的多类簇归属电力实体行为异常检测算法", 《河北科技大学学报》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116595578A (en) * | 2023-04-26 | 2023-08-15 | 国网河南省电力公司信息通信分公司 | Power network self-checking attack and defense safety data system |
| CN116595578B (en) * | 2023-04-26 | 2024-01-19 | 国网河南省电力公司信息通信分公司 | Power network self-checking attack and defense safety data system |
| CN117406668A (en) * | 2023-12-14 | 2024-01-16 | 邢台金昆冶金机械有限公司 | Roller quality control data model based on numerical analysis and application thereof |
| CN117406668B (en) * | 2023-12-14 | 2024-02-23 | 邢台金昆冶金机械有限公司 | Roller quality control data model based on numerical analysis and application thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115828233B (en) | 2023-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115828233A (en) | Data encapsulation method for dynamic security detection system of power grid | |
| CN107402976B (en) | Power grid multi-source data fusion method and system based on multi-element heterogeneous model | |
| CN115941293B (en) | Power network security detection and vulnerability protection datamation method | |
| CN113946461A (en) | Fault root cause analysis method and device | |
| CN112003942B (en) | Method, system, node device and storage medium for responding to link-down data request | |
| CN102314336B (en) | A kind of data processing method and system | |
| Pressey et al. | Effects of data characteristics on the results of reserve selection algorithms | |
| CN107679160A (en) | Data processing method and device based on chart database | |
| CN104035754A (en) | XML (Extensible Markup Language)-based custom code generation method and generator | |
| Karabulut et al. | Long term energy consumption forecasting using genetic programming | |
| CN110515931B (en) | Capacitive type equipment defect prediction method based on random forest algorithm | |
| CN102426525A (en) | Panoramic modeling method of multi-application system | |
| Carrasco et al. | Selecting priority areas for the conservation of endemic trees species and their ecosystems in Madagascar considering both conservation value and vulnerability to human pressure | |
| CN106844288A (en) | A kind of random string generation method and device | |
| CN109213820A (en) | Method for realizing fusion use of multiple types of databases | |
| CN111125199B (en) | Database access method and device and electronic equipment | |
| CN111898351B (en) | Automatic Excel data importing method and device based on Aviator, terminal equipment and storage medium | |
| CN117473953A (en) | Unique resource coding identification informatization system and generation and recursion analysis method | |
| CN109542890A (en) | Data modification method, device, computer equipment and storage medium | |
| CN115576998A (en) | Power distribution network data integration method and system based on multi-dimensional information fusion | |
| CN105117403A (en) | Log data fragmentation and query method and apparatus | |
| CN116204872B (en) | Network attack recognition method for power grid information based on attack and defense visual angles | |
| CN104299065A (en) | Dispatching automation host and backup model correctness checking method | |
| CN114461619A (en) | Energy internet multi-source data fusion method and device, terminal and storage medium | |
| CN114168268A (en) | Container technology-based intelligent distribution data acquisition and fusion method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |