CN116015922A - Network security situation analysis method, device and equipment of electric power Internet of things - Google Patents

Network security situation analysis method, device and equipment of electric power Internet of things Download PDF

Info

Publication number
CN116015922A
CN116015922A CN202211715876.5A CN202211715876A CN116015922A CN 116015922 A CN116015922 A CN 116015922A CN 202211715876 A CN202211715876 A CN 202211715876A CN 116015922 A CN116015922 A CN 116015922A
Authority
CN
China
Prior art keywords
equipment
electric power
power internet
things
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211715876.5A
Other languages
Chinese (zh)
Other versions
CN116015922B (en
Inventor
何金栋
秦臻
曹明生
邓伏虎
赵洋
丁熠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN202211715876.5A priority Critical patent/CN116015922B/en
Publication of CN116015922A publication Critical patent/CN116015922A/en
Application granted granted Critical
Publication of CN116015922B publication Critical patent/CN116015922B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to an artificial intelligence technology, and discloses a network security situation analysis method of an electric power Internet of things, which comprises the following steps: determining the equipment safety coefficient of the electric power Internet of things terminal equipment according to the equipment operation characteristics, the equipment control characteristics and the alarm signal characteristics; calculating a transmission safety index of the electric power internet of things terminal equipment according to the network transmission characteristics and the transmission flow characteristics, and calculating a network threat risk index of the electric power internet of things according to the service fingerprint baseline characteristics and the service flow baseline characteristics; and determining the network security risk of the electric power Internet of things terminal equipment according to the equipment security coefficient, the transmission security index and the network threat risk index by using a preset risk assessment model. The invention further provides a network security situation analysis device of the electric power Internet of things and electronic equipment. The invention can improve the network security of the electric power Internet of things.

Description

Network security situation analysis method, device and equipment of electric power Internet of things
Technical Field
The invention relates to the technical field of artificial intelligence, in particular to a network security situation analysis method and device of an electric power internet of things and electronic equipment.
Background
Along with the rapid development of the internet of things, the application of the internet of things to the smart grid is the result of the development of the information communication technology to a certain stage, so that communication infrastructure resources and power system infrastructure resources are effectively integrated, but in order to improve the network security of the power internet of things, external security threats and internal security threats are required to be analyzed for threat situation investigation.
The existing network security technology of the electric power internet of things is mainly used for storing key service data, authentication information and the like through a security module based on a standard security algorithm for an intelligent terminal. For example, different security algorithms can be adopted to secure data according to the security level of the data, so that information leakage or tampering is avoided. In practical application, the network security of the electric power internet of things has a plurality of factors which can influence the security, and only single security factors are considered, so that the danger of the electric power internet of things is possibly improved, and the security of the network security of the electric power internet of things is lower.
Disclosure of Invention
The invention provides a network security situation analysis method and device of an electric power Internet of things and electronic equipment, and mainly aims to solve the problem of low network security of the electric power Internet of things.
In order to achieve the above object, the network security situation analysis method of the electric power internet of things provided by the invention comprises the following steps:
s1, acquiring equipment information of preset electric power Internet of things terminal equipment, extracting equipment operation characteristics, equipment control characteristics and equipment alarm signal characteristics of the equipment information, wherein the equipment operation characteristics, the equipment control characteristics and the equipment alarm signal characteristics of the equipment information are extracted, and the method comprises the following steps:
s11, extracting equipment operation characteristic parameters, equipment control characteristic parameters and equipment alarm signal characteristic parameters of the equipment information;
s12, calculating the operation index of the electric power Internet of things terminal equipment according to the equipment operation characteristic parameters and the equipment control characteristic parameters by using the following operation index algorithm:
Figure BDA0004026524170000021
wherein, gamma is the operation index,
Figure BDA0004026524170000022
a root mean square value representing the operating characteristic parameter of the device and the control characteristic parameter of the device at time t>
Figure BDA0004026524170000023
For the minimum limit value of the normal range of the root mean square value at time t of the plant operating parameter and of the plant control parameter, +.>
Figure BDA0004026524170000024
Operating features for the plant
The parameter and the device control characteristic parameter are at the maximum limit of the normal range of root mean square values at time t,
Figure BDA0004026524170000025
A standard value of a root mean square value at a time t of representing the equipment operation characteristic parameter and the equipment control characteristic parameter; />
S13, determining the alarm signal quantity of the electric power Internet of things terminal equipment according to the equipment alarm signal characteristic parameters;
s14, determining the equipment operation characteristic and the equipment control characteristic according to the operation index, and determining the equipment alarm signal characteristic according to the alarm signal quantity;
s2, determining the equipment safety coefficient of the electric power Internet of things terminal equipment according to the equipment operation characteristics, the equipment control characteristics and the alarm signal characteristics;
s3, monitoring the physical environment of the electric power Internet of things terminal equipment by using a preset environment detection sensor, extracting network transmission characteristics and transmission flow characteristics of the physical environment, acquiring service data of the electric power Internet of things terminal equipment, and extracting service fingerprint baseline characteristics and service flow baseline characteristics of the service data;
s4, calculating a transmission safety index of the electric power Internet of things terminal equipment according to the network transmission characteristics and the transmission flow characteristics, and calculating a network threat risk index of the electric power Internet of things according to the service fingerprint baseline characteristics and the service flow baseline characteristics;
S5, determining the network security risk of the electric power Internet of things terminal equipment according to the equipment security coefficient, the transmission security index and the network threat risk index by using a preset risk assessment model.
Optionally, the determining the device security coefficient of the power internet of things terminal device according to the device operation feature, the device control feature and the alarm signal feature includes:
extracting a first characteristic parameter of the equipment operation characteristic, a second characteristic parameter of the equipment control characteristic and a third characteristic parameter of the equipment alarm signal characteristic;
carrying out parameter normalization processing on the first characteristic parameter, the second parameter and the third characteristic parameter to obtain normalized parameter information;
calculating the equipment entropy value of the electric power internet of things terminal equipment according to the normalized parameter information by using the following entropy value algorithm:
Figure BDA0004026524170000031
wherein E is the entropy of the equipment, pi is the circumference rate, generally 3.14, n is the parameter number of the terminal equipment of the electric power Internet of things, and t k The k normalization parameter information of the electric power internet of things terminal equipment is obtained;
and determining the equipment safety coefficient of the electric power internet of things terminal equipment according to the equipment entropy value.
Optionally, the extracting the service fingerprint baseline characteristic and the service traffic baseline characteristic of the service data includes:
acquiring service fingerprint data and service flow data in the service data;
carrying out data fluctuation statistics on the service fingerprint data to obtain a normal fluctuation range of the fingerprint data, and carrying out data fluctuation statistics on the service flow data to obtain a normal fluctuation range of the flow data;
determining a business fingerprint baseline according to the normal fluctuation range of the fingerprint data, and determining a business flow baseline according to the normal fluctuation range of the flow data;
determining the fingerprint data tolerance according to the business fingerprint baseline, and determining the flow data tolerance according to the business flow baseline;
and determining the business fingerprint baseline characteristic according to the fingerprint data tolerance, and determining the business flow baseline characteristic according to the flow data tolerance.
Optionally, the calculating the transmission security index of the terminal device of the electric power internet of things according to the network transmission characteristics and the transmission flow characteristics includes:
extracting transmission characteristic parameters of the network transmission characteristics and the transmission flow characteristics;
Calculating the network average transmission delay of the electric power internet of things terminal equipment according to the transmission characteristic parameters by using the following transmission delay algorithm:
Figure BDA0004026524170000032
wherein t is the average transmission delay of the network, alpha i The weight of the ith task in the electric power internet of things terminal equipment is represented by n, wherein n is the number of tasks, max represents a maximum function, sigma i The distribution proportion of the ith task in the electric power internet of things terminal equipment is H i The data size representing the ith task,C i a task period representing the ith task, f i Representing the transmission rate of the ith task, T is the frame length of the task, R i The channel capacity representing the ith task,
Figure BDA0004026524170000041
time slots representing tasks;
and determining the transmission safety index of the electric power Internet of things terminal equipment according to the network average transmission delay.
Optionally, the calculating the network threat risk index of the electric power internet of things according to the service fingerprint baseline characteristic and the service flow baseline characteristic includes:
extracting baseline characteristic parameters of the business fingerprint baseline characteristic and the business flow baseline characteristic;
acquiring the number of data packets of normal fingerprints and normal flow according to the baseline characteristic parameters;
calculating the anomaly detection index distribution of the electric power Internet of things according to the number of the data packets by using a preset Gaussian distribution model:
Figure BDA0004026524170000042
Wherein N represents the anomaly detection index distribution, pi represents the circumference ratio, typically 3.14, m represents the number of the packet number, x i Representing the data characteristics of the ith data packet, wherein exp is an exponential function;
and determining the network threat risk index of the electric power Internet of things according to the abnormality detection index distribution.
Optionally, the determining, by using a preset risk assessment model, the cyber-security risk of the electric power internet of things terminal device according to the device security coefficient, the transmission security index and the cyber-threat risk index includes:
determining risk weight of the electric power internet of things terminal equipment according to the equipment safety coefficient, the transmission safety index and the network threat risk index by using a preset analytic hierarchy process;
inputting the risk weight to the risk assessment model to obtain a risk scoring value;
and determining the network security risk of the electric power Internet of things terminal equipment according to the risk score value.
Optionally, the determining, by using a preset analytic hierarchy process, the risk weight of the power internet of things terminal device according to the device security coefficient, the transmission security index, and the cyber threat risk index includes:
Determining a characteristic matrix of the equipment safety coefficient, the transmission safety index and the network threat risk index by using the analytic hierarchy process;
calculating the feature vector of the feature matrix;
and carrying out normalization processing on the feature vector to obtain the risk weight of the terminal equipment of the electric power Internet of things.
In order to solve the above problems, the present invention further provides a network security situation analysis device of the electric power internet of things, the device comprising:
the first feature extraction module is used for acquiring equipment information of preset electric power internet of things terminal equipment and extracting equipment operation features, equipment control features and equipment alarm signal features of the equipment information;
the equipment safety coefficient determining module is used for determining the equipment safety coefficient of the electric power internet of things terminal equipment according to the equipment operation characteristics, the equipment control characteristics and the alarm signal characteristics;
the second feature extraction module is used for monitoring the physical environment of the electric power internet of things terminal equipment by using a preset environment detection sensor, extracting network transmission features and transmission flow features of the physical environment, acquiring service data of the electric power internet of things terminal equipment, and extracting service fingerprint baseline features and service flow baseline features of the service data;
The security index and risk index calculation module is used for calculating the transmission security index of the electric power internet of things terminal equipment according to the network transmission characteristics and the transmission flow characteristics, and calculating the network threat risk index of the electric power internet of things according to the business fingerprint baseline characteristics and the business flow baseline characteristics;
and the network security risk determining module is used for determining the network security risk of the electric power Internet of things terminal equipment according to the equipment security coefficient, the transmission security index and the network threat risk index by utilizing a preset risk assessment model.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the network security posture analysis method of the electric power internet of things.
According to the embodiment of the invention, the equipment safety coefficient of the electric power Internet of things equipment can be determined through the equipment operation characteristics, the equipment control characteristics and the equipment alarm signal characteristics of the electric power Internet of things equipment, the transmission safety index of the electric power Internet of things is determined according to the network transmission characteristics and the transmission flow characteristics of the electric power Internet of things, the network threat risk index of the electric power Internet of things is determined according to the fingerprint baseline characteristics and the flow baseline characteristics, the network safety of the electric power Internet of things is determined according to the equipment safety coefficient, the transmission safety index and the network threat risk index, and the network safety of the electric power Internet of things is improved.
Drawings
Fig. 1 is a flow chart of a network security situation analysis method of an electric power internet of things according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a method for determining a security factor of an apparatus according to an embodiment of the present invention;
FIG. 3 is a flow chart of extracting baseline characteristics according to an embodiment of the present invention;
fig. 4 is a functional block diagram of a network security situation analysis device of the electric power internet of things according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device for implementing the network security situation analysis method of the electric power internet of things according to an embodiment of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides a network security situation analysis method for an electric power Internet of things. The execution main body of the network security situation analysis method of the electric power internet of things comprises, but is not limited to, at least one of a server, a terminal and the like which can be configured to execute the method provided by the embodiment of the application. In other words, the network security situation analysis method of the electric power internet of things can be executed by software or hardware installed in a terminal device or a server device, and the software can be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Referring to fig. 1, a flow chart of a network security situation analysis method of an electric power internet of things according to an embodiment of the invention is shown. In this embodiment, the network security situation analysis method of the electric power internet of things includes:
s1, acquiring equipment information of preset electric power Internet of things terminal equipment, and extracting equipment operation characteristics, equipment control characteristics and equipment alarm signal characteristics of the equipment information;
in the embodiment of the invention, the electric power internet of things integrates the technologies of communication, information, sensing, automation and the like, and various intelligent sensing devices with certain sensing capability, computing capability and execution capability are widely deployed in the links of electric power production, transmission, cooperative processing, unified service and application integration of electric power information communication networks, so that the panoramic holographic sensing, interconnection and seamless integration of the whole processes of power grid operation and enterprise management are realized, wherein the device information comprises the types of devices, various parameters of the devices, intelligent instrument information of the devices, the operating state of the devices and the like.
In detail, basic equipment information of the electric power internet of things terminal equipment, such as equipment power, equipment physical address, equipment manufacturer and the like, can be obtained by checking a terminal equipment instruction, and the characteristics of the electric power internet of things terminal equipment, such as running state, alarm information and the like, can be checked through a back-end program.
In the embodiment of the invention, the equipment operation characteristic refers to the operation state of equipment, such as the normal operation state of the equipment and the fault state of the equipment, the equipment control parameter refers to some physical parameters affecting the evolution characteristic of the equipment state variable, the dependence constraint relation of the equipment on the environment is reflected, the equipment can be adjusted by people from the outside of the system, and the alarm signal characteristic refers to the alarm signal which can send out a signal for warning the equipment of the problem when the equipment has the fault or dangerous invasion.
In the embodiment of the present invention, the extracting the device operation feature, the device control feature and the device alarm signal feature of the device information includes:
extracting equipment operation characteristic parameters, equipment control characteristic parameters and equipment alarm signal characteristic parameters of the equipment information;
calculating the operation index of the electric power Internet of things terminal equipment according to the equipment operation characteristic parameters and the equipment control characteristic parameters by using the following operation index algorithm:
Figure BDA0004026524170000071
wherein, gamma is the operation index,
Figure BDA0004026524170000072
a root mean square value representing the operating characteristic parameter of the device and the control characteristic parameter of the device at time t>
Figure BDA0004026524170000073
For the minimum limit value of the normal range of the root mean square value at time t of the plant operating parameter and of the plant control parameter, +. >
Figure BDA0004026524170000074
For the maximum limit value of the normal range of root mean square values of the operating characteristic parameters of the plant and of the control characteristic parameters of the plant at time t,/for the plant>
Figure BDA0004026524170000075
A standard value of a root mean square value at a time t of representing the equipment operation characteristic parameter and the equipment control characteristic parameter;
determining the alarm signal quantity of the terminal equipment of the electric power Internet of things according to the equipment alarm signal characteristic parameters;
and determining the equipment operation characteristic and the equipment control characteristic according to the operation index, and determining the equipment alarm signal characteristic according to the alarm signal quantity.
In detail, the python sentence with the parameter extraction function may be used to extract the device operation characteristic parameter, the device control characteristic parameter and the device alarm signal characteristic parameter of the device information, where the operation characteristic parameter may be a device operation state quantity, the device control characteristic parameter may be a device parameter required by the normal operation of the device, and the device alarm signal characteristic parameter may be a voltage signal of the device alarm sensor.
Specifically, the running index of the equipment is evaluated according to the running state parameter data of the equipment, the root mean square value of the acquired wave diagram is generally compared with a specified standard range and a standard value, if the acquired wave diagram exceeds the standard range, the abnormal condition of the equipment is represented, and if the acquired wave diagram exceeds the standard range, the running index of the equipment can be determined.
Further, the characteristic of the alarm voltage signal can be determined according to the characteristic parameter of the alarm signal of the equipment, and a waveform chart of the alarm signal is obtained according to the characteristic of the alarm voltage signal, so that the alarm signal quantity of the terminal equipment of the force internet of things can be determined.
S2, determining the equipment safety coefficient of the electric power Internet of things terminal equipment according to the equipment operation characteristics, the equipment control characteristics and the alarm signal characteristics;
in one practical application scene of the invention, whether the parameters of the equipment operation are normal can be judged according to the equipment operation characteristics, when the client side of the equipment displays a normal state, all the parameters of the equipment are normal, the equipment control characteristics and the alarm signal characteristics are normal operation, when the parameters of the equipment operation are in a problem, the client side of the equipment displays an accident, the alarm device of the equipment sends an alarm signal, namely the alarm signal characteristics are abnormal, so that the equipment safety coefficient of the electric power Internet of things terminal equipment needs to be determined according to the equipment operation characteristics, the equipment control characteristics and the alarm signal characteristics.
In the embodiment of the present invention, referring to fig. 2, the determining, according to the device operation feature, the device control feature, and the alarm signal feature, the device security coefficient of the terminal device of the electric power internet of things includes:
S21, extracting a first characteristic parameter of the equipment operation characteristic, a second characteristic parameter of the equipment control characteristic and a third characteristic parameter of the equipment alarm signal characteristic;
s22, carrying out parameter normalization processing on the first characteristic parameter, the second parameter and the third characteristic parameter to obtain normalized parameter information;
s23, calculating the equipment entropy of the electric power internet of things terminal equipment according to the normalized parameter information by using the following entropy algorithm:
Figure BDA0004026524170000091
wherein E is the entropy of the equipment, pi is the circumference rate, generally 3.14, n is the parameter number of the terminal equipment of the electric power Internet of things, and t k The k normalization parameter information of the electric power internet of things terminal equipment is obtained;
s24, determining the equipment safety coefficient of the electric power Internet of things terminal equipment according to the equipment entropy value.
In detail, the python sentence with the parameter extraction function can be used for extracting the characteristic parameters, wherein the first characteristic parameter refers to the running state parameter of the running of the equipment, the second characteristic parameter refers to the parameter controlled by the running of the current equipment, and the third characteristic parameter refers to the signal parameter of the alarm signal of the equipment, wherein the parameter normalization processing is carried out on the running characteristic parameter of the equipment, the equipment control parameter and the characteristic parameter of the alarm signal of the equipment, and the parameter normalization processing is carried out to obtain the digital confidence of the parameter, so that indexes of the parameters are in the same order of magnitude, and the method is suitable for comprehensive evaluation and comparison.
Specifically, the device entropy refers to a measure of a device system state, and the security state of the terminal device of the electric power internet of things can be evaluated according to the device entropy, so as to determine the security coefficient of the device, wherein the higher the device entropy is, the higher the device security coefficient is; the lower the device entropy value, the lower the device security coefficient.
S3, monitoring the physical environment of the electric power Internet of things terminal equipment by using a preset environment detection sensor, extracting network transmission characteristics and transmission flow characteristics of the physical environment, acquiring service data of the electric power Internet of things terminal equipment, and extracting service fingerprint baseline characteristics and service flow baseline characteristics of the service data;
in the embodiment of the invention, the physical environment of the electric power internet of things terminal equipment comprises temperature information, humidity information, gas concentration information, electricity consumption information of electric equipment and network security threat information, wherein the network security threat information comprises hardware equipment utilization rate, network bandwidth utilization rate, network transmission information and the like, threat caused by attack can be measured through a network bandwidth occupancy rate index, and the environment detection sensor can be used for monitoring the temperature information, the humidity information and the like of the electric power internet of things terminal equipment.
In detail, network identification may be performed by using a preset neural network to obtain a network transmission characteristic and a transmission flow characteristic of the physical environment, where the network transmission characteristic refers to a transmission rate, a transmission signal, and the like, and the transmission flow refers to a transmission path, for example, when the terminal device of the electric power internet of things performs data transmission through various wireless networks, an attacker may intercept, tamper, forge, and the like, data and instructions transmitted in the network in a communication process, and may affect the network transmission rate, the transmission signal, and the transmission path.
In the embodiment of the invention, an internet of things sensing terminal, such as a camera monitoring device, a GPS positioning device, a vibration sensor, a displacement sensor and the like, is arranged at the bottom of a data sensing layer of equipment, and service data of the electric power internet of things terminal equipment can be obtained through the sensing terminals, wherein the service data comprises different service data generated for different application scene links according to transmission, transformation, distribution, user side and scheduling links of an electric power system.
In the embodiment of the invention, the service fingerprint baseline represents the fingerprint data characteristic under the normal condition, the service flow baseline characteristic is flow data, wherein a network flow operation baseline is established, and the flow data deviating from a critical value is recorded and early-warned, so that the network flow change trend is conveniently known in real time, and the abnormal flow condition deviating from the baseline is quickly found and positioned.
In the embodiment of the present invention, referring to fig. 3, the extracting a service fingerprint baseline characteristic and a service traffic baseline characteristic of the service data includes:
s31, acquiring service fingerprint data and service flow data in the service data;
s32, carrying out data fluctuation statistics on the service fingerprint data to obtain a normal fluctuation range of the fingerprint data, and carrying out data fluctuation statistics on the service flow data to obtain a normal fluctuation range of the flow data;
s33, determining a service fingerprint baseline according to the normal fluctuation range of the fingerprint data, and determining a service flow baseline according to the normal fluctuation range of the flow data;
s34, determining the fingerprint data tolerance according to the business fingerprint baseline, and determining the flow data tolerance according to the business flow baseline;
s35, determining the business fingerprint baseline characteristic according to the fingerprint data tolerance, and determining the business flow baseline characteristic according to the flow data tolerance.
In detail, the normal fluctuation range of the fingerprint data and the flow data can be obtained through the statistical analysis of the service data, an upper baseline and a lower baseline are drawn according to the normal fluctuation range, a reasonable tolerance is selected according to the baselines, the tolerance is used as a threshold value for triggering a subsequent alarm generation mechanism, and after the tolerance is exceeded through real-time monitoring, the equipment generates an alarm.
Illustratively, when the normal range of the fingerprint data is 60-70, i.e. the business fingerprint baseline is determined to be 60-70, a tolerance line can be determined according to the tolerance, and when the tolerance is 50-90, i.e. the upper tolerance line is 90, the lower tolerance line is 50, and an alarm generation mechanism is triggered beyond the upper tolerance line and the lower tolerance line.
S4, calculating a transmission safety index of the electric power Internet of things terminal equipment according to the network transmission characteristics and the transmission flow characteristics, and calculating a network threat risk index of the electric power Internet of things according to the service fingerprint baseline characteristics and the service flow baseline characteristics;
in the embodiment of the invention, the transmission security index refers to an index of whole-course security transmission of electricity consumption data, wherein the electricity consumption data is transmitted by a public network or a wireless channel in the electric Internet of things, and is easy to intercept by an eavesdropper, the eavesdropper can acquire various sensitive information such as the energy consumption of a user, energy consumption equipment, operation rules and the like from the electricity consumption data by using a big data technology on the premise of not cracking encrypted content, and the network threat risk index refers to the risk to terminal equipment, such as network intrusion and network monitoring.
In the embodiment of the present invention, the calculating the transmission security index of the terminal device of the electric power internet of things according to the network transmission characteristics and the transmission flow characteristics includes:
Extracting transmission characteristic parameters of the network transmission characteristics and the transmission flow characteristics;
calculating the network average transmission delay of the electric power internet of things terminal equipment according to the transmission characteristic parameters by using the following transmission delay algorithm:
Figure BDA0004026524170000111
wherein t is the average transmission delay of the network, alpha i The weight of the ith task in the electric power internet of things terminal equipment is represented by n, wherein n is the number of tasks, max represents a maximum function, sigma i The distribution proportion of the ith task in the electric power internet of things terminal equipment is H i Data size representing the ith task, C i A task period representing the ith task, f i Representing the transmission rate of the ith task, T is the frame length of the task, R i The channel capacity representing the ith task,
Figure BDA0004026524170000112
time slots representing tasks;
and determining the transmission safety index of the electric power Internet of things terminal equipment according to the network average transmission delay.
In detail, the characteristic parameters including the network transmission rate, the task type of transmission, etc. may be extracted using a python sentence having a parameter extraction function.
In particular, in the electric power internet of things, the real-time requirement of data security transmission is extremely high, and huge economic losses may be caused by delayed security reports, wherein the network average transmission delay comprises the data processing delay of equipment, the transmission delay of equipment to a gateway and the task processing delay of a local gateway, so that the delay of the equipment terminal for transmitting data to a cloud center is higher, the danger that data is maliciously captured is increased, the higher the network average transmission delay is, the lower the transmission security index of the terminal equipment is, the transmission delay is too long, and even irrecoverable losses may be caused.
In the embodiment of the present invention, the calculating the network threat risk index of the electric power internet of things according to the service fingerprint baseline characteristic and the service flow baseline characteristic includes:
extracting baseline characteristic parameters of the business fingerprint baseline characteristic and the business flow baseline characteristic;
acquiring the number of data packets of normal fingerprints and normal flow according to the baseline characteristic parameters;
calculating the anomaly detection index distribution of the electric power Internet of things according to the number of the data packets by using a preset Gaussian distribution model:
Figure BDA0004026524170000121
wherein N represents the anomaly detection index distribution, pi represents the circumference ratio, typically 3.14, m represents the number of the packet number, x i Representing the data characteristics of the ith data packet, wherein exp is an exponential function;
and determining the network threat risk index of the electric power Internet of things according to the abnormality detection index distribution.
In detail, the baseline characteristic parameter includes the data packet included in the normal values of the service fingerprint baseline and the service flow baseline, and density estimation can be performed according to normal data to obtain the probability distribution of the normal data, so as to judge abnormal data.
Specifically, an equipment-level edge anomaly detection algorithm is deployed on the electric power internet of things terminal equipment, malicious data in traffic can be found in time at a data source, and the real-time performance of traffic anomaly monitoring is improved, wherein the equipment-level edge anomaly detection algorithm based on a Gaussian distribution model belongs to a typical one-classification algorithm and is a density estimation algorithm, and the algorithm is used for establishing the Gaussian distribution model by selecting two-dimensional characteristics of the packet number and the byte number of known normal traffic data, so that an anomaly detection threshold value is set, and the anomaly data discovery in test traffic is realized.
Further, since there is a large number of known normal feature data in the dataset, density estimation can be performed using these normal feature data, i.e., using { x } 1 ,x 2 ,...,x m Estimating a gaussian distribution model for a newly added unknown type of data sample x' 1 ,x′ 2 ,...,x′ i If a new data sample x 'is to be judged' i If the data are normal data, the probability distribution of the sample based on the model needs to be estimated, if the probability of the occurrence of the sample is smaller than a set threshold value, the sample is judged to be abnormal data, the network threat risk index of the electric power Internet of things is determined according to the abnormal data, if the abnormal data exist, the existence of the network threat in the electric power Internet of things is indicated, and if the non-abnormal data exist, the existence of the network threat in the electric power Internet of things is indicated.
And S5, determining a network security risk value of the electric power Internet of things terminal equipment according to the equipment security coefficient, the transmission security index and the network threat risk index by using a preset risk assessment model.
In the embodiment of the invention, the risk assessment model is utilized to assess the risk assessment value of the network security of the electric power Internet of things, and the network security risk level of the electric power Internet of things is further determined according to the range of the risk assessment value.
In the embodiment of the present invention, the determining, by using a preset risk assessment model, the cyber-security risk of the terminal device of the electric power internet of things according to the device security coefficient, the transmission security index and the cyber-threat risk index includes:
determining risk weight of the electric power internet of things terminal equipment according to the equipment safety coefficient, the transmission safety index and the network threat risk index by using a preset analytic hierarchy process;
inputting the risk weight to the risk assessment model to obtain a risk scoring value;
and determining the network security risk of the electric power Internet of things terminal equipment according to the risk score value.
In detail, the analytic hierarchy process is a comprehensive evaluation method applying network system theory and multiple targets, and the proposed analytic hierarchy process is a decision analysis method of hierarchy weights, and the risk assessment model is used for performing simulation operation on historical data and predicting future equipment security trend.
In detail, the determining the risk weight of the terminal device of the electric power internet of things according to the device security coefficient, the transmission security index and the network threat risk index by using a preset analytic hierarchy process includes:
Determining a characteristic matrix of the equipment safety coefficient, the transmission safety index and the network threat risk index by using the analytic hierarchy process;
calculating the feature vector of the feature matrix;
and carrying out normalization processing on the feature vector to obtain the risk weight of the terminal equipment of the electric power Internet of things.
Specifically, when the risk score value is 1-2, the network security of the electric power internet of things is at low risk; when the risk score value is 3-8, the network security of the electric power Internet of things is in a general risk; when the risk score value is 9-16, the network security of the electric power Internet of things is at medium risk; when the risk score value is 18-25, the network security of the electric power Internet of things is at a significant risk; and when the risk score value is 30-36, the network security of the electric power Internet of things is at a particularly important risk.
According to the embodiment of the invention, the equipment safety coefficient of the electric power Internet of things equipment can be determined through the equipment operation characteristics, the equipment control characteristics and the equipment alarm signal characteristics of the electric power Internet of things equipment, the transmission safety index of the electric power Internet of things is determined according to the network transmission characteristics and the transmission flow characteristics of the electric power Internet of things, the network threat risk index of the electric power Internet of things is determined according to the fingerprint baseline characteristics and the flow baseline characteristics, the network safety of the electric power Internet of things is determined according to the equipment safety coefficient, the transmission safety index and the network threat risk index, and the network safety of the electric power Internet of things is improved.
Fig. 4 is a functional block diagram of a network security situation analysis device of the electric power internet of things according to an embodiment of the present invention.
The network security situation analysis device 100 of the electric power internet of things can be installed in electronic equipment. According to the implemented functions, the network security situation analysis device 100 of the power internet of things may include a first feature extraction module 101, a device security coefficient determination module 102, a second feature extraction module 103, a security index and risk index calculation module 104, and a network security risk determination module 105. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the first feature extraction module 101 is configured to obtain device information of a preset power internet of things terminal device, and extract a device operation feature, a device control feature and a device alarm signal feature of the device information;
the device security coefficient determining module 102 is configured to determine a device security coefficient of the electric power internet of things terminal device according to the device operation feature, the device control feature, and the alarm signal feature;
The second feature extraction module 103 is configured to monitor a physical environment of the electric power internet of things terminal device by using a preset environment detection sensor, extract network transmission features and transmission flow features of the physical environment, obtain service data of the electric power internet of things terminal device, and extract a service fingerprint baseline feature and a service flow baseline feature of the service data;
the security index and risk index calculation module 104 is configured to calculate a transmission security index of the power internet of things terminal device according to the network transmission characteristic and the transmission flow characteristic, and calculate a network threat risk index of the power internet of things according to the service fingerprint baseline characteristic and the service flow baseline characteristic;
the cyber-security risk determining module 105 is configured to determine a cyber-security risk of the electric power internet of things terminal device according to the device security coefficient, the transmission security index and the cyber-threat risk index by using a preset risk assessment model.
In detail, each module in the network security situation analysis device 100 of the electric power internet of things in the embodiment of the present invention adopts the same technical means as the network security situation analysis method of the electric power internet of things described in fig. 1 to 3, and can generate the same technical effects, which are not described herein.
Fig. 5 is a schematic structural diagram of an electronic device for implementing a network security situation analysis method for an electric power internet of things according to an embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11, a communication bus 12 and a communication interface 13, and may further comprise a computer program stored in the memory 11 and executable on the processor 10, such as a network security posture analysis program of the power internet of things.
The processor 10 may be formed by an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be formed by a plurality of integrated circuits packaged with the same function or different functions, including one or more central processing units (Central Processing unit, CPU), a microprocessor, a digital processing chip, a graphics processor, a combination of various control chips, and so on. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, executes or executes programs or modules stored in the memory 11 (for example, executes a network security situation analysis program of the power internet of things, etc.), and invokes data stored in the memory 11 to perform various functions of the electronic device and process data.
The memory 11 includes at least one type of readable storage medium including flash memory, a removable hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device, such as a mobile hard disk of the electronic device. The memory 11 may in other embodiments also be an external storage device of the electronic device, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device. The memory 11 may be used to store not only application software installed in an electronic device and various data, such as codes of a network security situation analysis program of the electric power internet of things, but also temporarily store data that has been output or is to be output.
The communication bus 12 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
The communication interface 13 is used for communication between the electronic device and other devices, including a network interface and a user interface. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), or alternatively a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.
Only an electronic device having components is shown, and it will be understood by those skilled in the art that the structures shown in the figures do not limit the electronic device, and may include fewer or more components than shown, or may combine certain components, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power source (such as a battery) for supplying power to the respective components, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device may further include various sensors, bluetooth modules, wi-Fi modules, etc., which are not described herein.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The network security posture analysis program of the power internet of things stored in the memory 11 of the electronic device 1 is a combination of a plurality of instructions, which when executed in the processor 10, can implement:
acquiring equipment information of preset electric power Internet of things terminal equipment, and extracting equipment operation characteristics, equipment control characteristics and equipment alarm signal characteristics of the equipment information;
Determining the equipment safety coefficient of the electric power Internet of things terminal equipment according to the equipment operation characteristics, the equipment control characteristics and the alarm signal characteristics;
monitoring the physical environment of the electric power internet of things terminal equipment by using a preset environment detection sensor, extracting network transmission characteristics and transmission flow characteristics of the physical environment, acquiring service data of the electric power internet of things terminal equipment, and extracting service fingerprint baseline characteristics and service flow baseline characteristics of the service data;
calculating a transmission safety index of the electric power internet of things terminal equipment according to the network transmission characteristics and the transmission flow characteristics, and calculating a network threat risk index of the electric power internet of things according to the service fingerprint baseline characteristics and the service flow baseline characteristics;
and determining the network security risk of the electric power Internet of things terminal equipment according to the equipment security coefficient, the transmission security index and the network threat risk index by using a preset risk assessment model.
In particular, the specific implementation method of the above instructions by the processor 10 may refer to the description of the relevant steps in the corresponding embodiment of the drawings, which is not repeated herein.
Further, the modules/units integrated in the electronic device 1 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms first, second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.

Claims (9)

1. The network security situation analysis method of the electric power Internet of things is characterized by comprising the following steps of:
s1, acquiring equipment information of preset electric power Internet of things terminal equipment, extracting equipment operation characteristics, equipment control characteristics and equipment alarm signal characteristics of the equipment information, wherein the equipment operation characteristics, the equipment control characteristics and the equipment alarm signal characteristics of the equipment information are extracted, and the method comprises the following steps:
s11, extracting equipment operation characteristic parameters, equipment control characteristic parameters and equipment alarm signal characteristic parameters of the equipment information;
S12, calculating the operation index of the electric power Internet of things terminal equipment according to the equipment operation characteristic parameters and the equipment control characteristic parameters by using the following operation index algorithm:
Figure FDA0004026524160000011
wherein, gamma is the operation index,
Figure FDA0004026524160000012
a root mean square value representing the operating characteristic parameter of the device and the control characteristic parameter of the device at time t>
Figure FDA0004026524160000013
At time t for the plant operating characteristic and the plant control characteristicMinimum limit value of the normal range of root mean square values, < >>
Figure FDA0004026524160000014
For the maximum limit value of the normal range of root mean square values of the operating characteristic parameters of the plant and of the control characteristic parameters of the plant at time t,/for the plant>
Figure FDA0004026524160000015
A standard value of a root mean square value at a time t of representing the equipment operation characteristic parameter and the equipment control characteristic parameter;
s13, determining the alarm signal quantity of the electric power Internet of things terminal equipment according to the equipment alarm signal characteristic parameters;
s14, determining the equipment operation characteristic and the equipment control characteristic according to the operation index, and determining the equipment alarm signal characteristic according to the alarm signal quantity;
s2, determining the equipment safety coefficient of the electric power Internet of things terminal equipment according to the equipment operation characteristics, the equipment control characteristics and the alarm signal characteristics;
S3, monitoring the physical environment of the electric power Internet of things terminal equipment by using a preset environment detection sensor, extracting network transmission characteristics and transmission flow characteristics of the physical environment, acquiring service data of the electric power Internet of things terminal equipment, and extracting service fingerprint baseline characteristics and service flow baseline characteristics of the service data;
s4, calculating a transmission safety index of the electric power Internet of things terminal equipment according to the network transmission characteristics and the transmission flow characteristics, and calculating a network threat risk index of the electric power Internet of things according to the service fingerprint baseline characteristics and the service flow baseline characteristics;
s5, determining the network security risk of the electric power Internet of things terminal equipment according to the equipment security coefficient, the transmission security index and the network threat risk index by using a preset risk assessment model.
2. The network security posture analysis method of the power internet of things according to claim 1, wherein the determining the device security factor of the power internet of things terminal device according to the device operation feature, the device control feature and the alarm signal feature comprises:
extracting a first characteristic parameter of the equipment operation characteristic, a second characteristic parameter of the equipment control characteristic and a third characteristic parameter of the equipment alarm signal characteristic;
Carrying out parameter normalization processing on the first characteristic parameter, the second parameter and the third characteristic parameter to obtain normalized parameter information;
calculating the equipment entropy value of the electric power internet of things terminal equipment according to the normalized parameter information by using the following entropy value algorithm:
Figure FDA0004026524160000021
wherein E is the entropy of the equipment, pi is the circumference rate, generally 3.14, n is the parameter number of the terminal equipment of the electric power Internet of things, and t k The k normalization parameter information of the electric power internet of things terminal equipment is obtained;
and determining the equipment safety coefficient of the electric power internet of things terminal equipment according to the equipment entropy value.
3. The network security posture analysis method of the power internet of things according to claim 1, wherein the extracting the service fingerprint baseline characteristic and the service traffic baseline characteristic of the service data comprises:
acquiring service fingerprint data and service flow data in the service data;
carrying out data fluctuation statistics on the service fingerprint data to obtain a normal fluctuation range of the fingerprint data, and carrying out data fluctuation statistics on the service flow data to obtain a normal fluctuation range of the flow data;
determining a business fingerprint baseline according to the normal fluctuation range of the fingerprint data, and determining a business flow baseline according to the normal fluctuation range of the flow data;
Determining the fingerprint data tolerance according to the business fingerprint baseline, and determining the flow data tolerance according to the business flow baseline;
and determining the business fingerprint baseline characteristic according to the fingerprint data tolerance, and determining the business flow baseline characteristic according to the flow data tolerance.
4. The network security situation analysis method of the power internet of things according to claim 1, wherein the calculating the transmission security index of the power internet of things terminal device according to the network transmission characteristics and the transmission flow characteristics comprises:
extracting transmission characteristic parameters of the network transmission characteristics and the transmission flow characteristics;
calculating the network average transmission delay of the electric power internet of things terminal equipment according to the transmission characteristic parameters by using the following transmission delay algorithm:
Figure FDA0004026524160000031
wherein t is the average transmission delay of the network, alpha i The weight of the ith task in the electric power internet of things terminal equipment is represented by n, wherein n is the number of tasks, max represents a maximum function, sigma i The distribution proportion of the ith task in the electric power internet of things terminal equipment is H i Data size representing the ith task, C i A task period representing the ith task, f i Representing the transmission rate of the ith task, T is the frame length of the task, R i The channel capacity representing the ith task,
Figure FDA0004026524160000033
time slots representing tasks;
and determining the transmission safety index of the electric power Internet of things terminal equipment according to the network average transmission delay.
5. The network security posture analysis method of the electric power internet of things according to claim 1, wherein the calculating the network threat risk index of the electric power internet of things according to the service fingerprint baseline characteristic and the service flow baseline characteristic comprises:
extracting baseline characteristic parameters of the business fingerprint baseline characteristic and the business flow baseline characteristic;
acquiring the number of data packets of normal fingerprints and normal flow according to the baseline characteristic parameters;
calculating the anomaly detection index distribution of the electric power Internet of things according to the number of the data packets by using a preset Gaussian distribution model:
Figure FDA0004026524160000032
wherein N represents the anomaly detection index distribution, pi represents the circumference ratio, typically 3.14, m represents the number of the packet number, x i Representing the data characteristics of the ith data packet, wherein exp is an exponential function;
and determining the network threat risk index of the electric power Internet of things according to the abnormality detection index distribution.
6. The method for analyzing a cyber security situation of an electric power internet of things according to any one of claims 1 to 5, wherein the determining, by using a preset risk assessment model, a cyber security risk of the electric power internet of things terminal device according to the device security factor, the transmission security index, and the cyber threat risk index includes:
determining risk weight of the electric power internet of things terminal equipment according to the equipment safety coefficient, the transmission safety index and the network threat risk index by using a preset analytic hierarchy process;
inputting the risk weight to the risk assessment model to obtain a risk scoring value;
and determining the network security risk of the electric power Internet of things terminal equipment according to the risk score value.
7. The method for analyzing the network security situation of the power internet of things according to claim 6, wherein determining the risk weight of the power internet of things terminal device according to the device security factor, the transmission security index and the network threat risk index by using a preset analytic hierarchy process comprises:
determining a characteristic matrix of the equipment safety coefficient, the transmission safety index and the network threat risk index by using the analytic hierarchy process;
Calculating the feature vector of the feature matrix;
and carrying out normalization processing on the feature vector to obtain the risk weight of the terminal equipment of the electric power Internet of things.
8. A network security posture analysis device of an electric power internet of things, the device comprising:
the first feature extraction module is used for acquiring equipment information of preset electric power internet of things terminal equipment and extracting equipment operation features, equipment control features and equipment alarm signal features of the equipment information;
the equipment safety coefficient determining module is used for determining the equipment safety coefficient of the electric power internet of things terminal equipment according to the equipment operation characteristics, the equipment control characteristics and the alarm signal characteristics;
the second feature extraction module is used for monitoring the physical environment of the electric power internet of things terminal equipment by using a preset environment detection sensor, extracting network transmission features and transmission flow features of the physical environment, acquiring service data of the electric power internet of things terminal equipment, and extracting service fingerprint baseline features and service flow baseline features of the service data;
the security index and risk index calculation module is used for calculating the transmission security index of the electric power internet of things terminal equipment according to the network transmission characteristics and the transmission flow characteristics, and calculating the network threat risk index of the electric power internet of things according to the business fingerprint baseline characteristics and the business flow baseline characteristics;
And the network security risk determining module is used for determining the network security risk of the electric power Internet of things terminal equipment according to the equipment security coefficient, the transmission security index and the network threat risk index by utilizing a preset risk assessment model.
9. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the network security posture analysis method of the power internet of things as claimed in any one of claims 1 to 7.
CN202211715876.5A 2022-12-29 2022-12-29 Network security situation analysis method, device and equipment of electric power Internet of things Active CN116015922B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211715876.5A CN116015922B (en) 2022-12-29 2022-12-29 Network security situation analysis method, device and equipment of electric power Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211715876.5A CN116015922B (en) 2022-12-29 2022-12-29 Network security situation analysis method, device and equipment of electric power Internet of things

Publications (2)

Publication Number Publication Date
CN116015922A true CN116015922A (en) 2023-04-25
CN116015922B CN116015922B (en) 2024-01-30

Family

ID=86026355

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211715876.5A Active CN116015922B (en) 2022-12-29 2022-12-29 Network security situation analysis method, device and equipment of electric power Internet of things

Country Status (1)

Country Link
CN (1) CN116015922B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117811839A (en) * 2024-02-29 2024-04-02 北京双湃智安科技有限公司 Network security monitoring device and method for monitoring Internet of things equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110958262A (en) * 2019-12-15 2020-04-03 国网山东省电力公司电力科学研究院 Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry
CN112651006A (en) * 2020-12-07 2021-04-13 中国电力科学研究院有限公司 Power grid security situation perception platform framework
US20220103592A1 (en) * 2020-09-30 2022-03-31 Forescout Technologies, Inc. Enhanced risk assessment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110958262A (en) * 2019-12-15 2020-04-03 国网山东省电力公司电力科学研究院 Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry
US20220103592A1 (en) * 2020-09-30 2022-03-31 Forescout Technologies, Inc. Enhanced risk assessment
CN112651006A (en) * 2020-12-07 2021-04-13 中国电力科学研究院有限公司 Power grid security situation perception platform framework

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李有珍;: "泛在电力物联网安全态势评估与应用研究", 通信电源技术, no. 05 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117811839A (en) * 2024-02-29 2024-04-02 北京双湃智安科技有限公司 Network security monitoring device and method for monitoring Internet of things equipment
CN117811839B (en) * 2024-02-29 2024-04-26 北京双湃智安科技有限公司 Network security monitoring device and method for monitoring Internet of things equipment

Also Published As

Publication number Publication date
CN116015922B (en) 2024-01-30

Similar Documents

Publication Publication Date Title
Zhang et al. Network intrusion detection: Based on deep hierarchical network and original flow data
CN110909811B (en) OCSVM (online charging management system) -based power grid abnormal behavior detection and analysis method and system
CN111786950B (en) Network security monitoring method, device, equipment and medium based on situation awareness
CN114584405B (en) Electric power terminal safety protection method and system
CN110149327B (en) Network security threat warning method and device, computer equipment and storage medium
CN116366374B (en) Security assessment method, system and medium for power grid network management based on big data
CN112165470B (en) Intelligent terminal access safety early warning system based on log big data analysis
CN116015922B (en) Network security situation analysis method, device and equipment of electric power Internet of things
CN115147956A (en) Data processing method and device, electronic equipment and storage medium
CN115001934A (en) Industrial control safety risk analysis system and method
CN117478433B (en) Network and information security dynamic early warning system
CN115659351B (en) Information security analysis method, system and equipment based on big data office
CN117439916A (en) Network security test evaluation system and method
CN115643108B (en) Safety assessment method, system and product for industrial Internet edge computing platform
CN115037559B (en) Data safety monitoring system based on flow, electronic equipment and storage medium
Parandhaman Analysis Techniques Artificial intelligence for Detection of Cyber Security Risks in a Communication and Information Security
CN108768774A (en) A kind of network safety evaluation method and assessment system of quantification
CN114168967A (en) Industrial control system security situation prediction method and system
CN109450934A (en) Terminal accesses data exception detection method and system
CN115085965B (en) Power system information network attack risk assessment method, device and equipment
Kumra et al. Intrusion Detection System Based on Data Mining Techniques
EP4254241A1 (en) Method and device for image-based malware detection, and artificial intelligence-based endpoint detection and response system using same
Liang et al. Research on the Security Situation Awareness Method of Ubiquitous Power Internet of Things Network Based on Artificial Intelligence
Zhang et al. Power Network Security Situation Analysis Based on Machine Learning
CN115906027A (en) Data management method, device, computer equipment and storage medium thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant