CN116956148A - Power system data interaction security threat information analysis method - Google Patents
Power system data interaction security threat information analysis method Download PDFInfo
- Publication number
- CN116956148A CN116956148A CN202310817950.2A CN202310817950A CN116956148A CN 116956148 A CN116956148 A CN 116956148A CN 202310817950 A CN202310817950 A CN 202310817950A CN 116956148 A CN116956148 A CN 116956148A
- Authority
- CN
- China
- Prior art keywords
- information
- unit
- threat
- data
- power system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000003993 interaction Effects 0.000 title claims abstract description 64
- 238000004458 analytical method Methods 0.000 title claims abstract description 45
- 238000000034 method Methods 0.000 claims abstract description 46
- 238000011156 evaluation Methods 0.000 claims abstract description 13
- 238000001514 detection method Methods 0.000 claims abstract description 12
- 230000010365 information processing Effects 0.000 claims abstract description 12
- 238000007781 pre-processing Methods 0.000 claims abstract description 7
- 238000004891 communication Methods 0.000 claims description 32
- 230000005540 biological transmission Effects 0.000 claims description 25
- 125000003275 alpha amino acid group Chemical group 0.000 claims description 21
- 150000001875 compounds Chemical class 0.000 claims description 21
- 238000000605 extraction Methods 0.000 claims description 16
- 230000006870 function Effects 0.000 claims description 15
- 239000011159 matrix material Substances 0.000 claims description 12
- 238000013528 artificial neural network Methods 0.000 claims description 9
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 9
- 238000012163 sequencing technique Methods 0.000 claims description 9
- 239000013598 vector Substances 0.000 claims description 8
- 238000011161 development Methods 0.000 claims description 7
- 210000004027 cell Anatomy 0.000 claims description 6
- 238000004140 cleaning Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- 238000012502 risk assessment Methods 0.000 claims description 6
- 210000002569 neuron Anatomy 0.000 claims description 5
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 4
- 230000001681 protective effect Effects 0.000 claims description 4
- NAWXUBYGYWOOIX-SFHVURJKSA-N (2s)-2-[[4-[2-(2,4-diaminoquinazolin-6-yl)ethyl]benzoyl]amino]-4-methylidenepentanedioic acid Chemical compound C1=CC2=NC(N)=NC(N)=C2C=C1CCC1=CC=C(C(=O)N[C@@H](CC(=C)C(O)=O)C(O)=O)C=C1 NAWXUBYGYWOOIX-SFHVURJKSA-N 0.000 claims description 3
- 230000003542 behavioural effect Effects 0.000 claims description 3
- 239000013307 optical fiber Substances 0.000 claims description 3
- 238000005457 optimization Methods 0.000 claims description 3
- 238000005070 sampling Methods 0.000 claims description 3
- 230000001502 supplementing effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 4
- 238000009826 distribution Methods 0.000 description 3
- 238000010248 power generation Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000003745 diagnosis Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000001537 neural effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 229910052799 carbon Inorganic materials 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 238000010921 in-depth analysis Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000007431 microscopic evaluation Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
- 231100000279 safety data Toxicity 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/213—Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Computer Vision & Pattern Recognition (AREA)
- General Engineering & Computer Science (AREA)
- Evolutionary Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Economics (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Human Resources & Organizations (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Public Health (AREA)
- Water Supply & Treatment (AREA)
- Computer Security & Cryptography (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method for analyzing data interaction security threat information of a power system, relates to the technical field of data information processing, and solves the problem of data security threat of the power system. The method comprises the steps of collecting interaction information in a power system; preprocessing the collected data interaction information; threat identification is carried out on the data interaction information; analyzing threat information and carrying out threat assessment; visualizing a security threat information processing flow and an evaluation result; the information protection unit is used for protecting the working link of the whole power system data interaction by adopting a protection algorithm so as to realize the safety protection and operation stability of the power system, the threat analysis algorithm is used for carrying out multiple detection on the power system data in multiple aspects, the hazard assessment algorithm is used for carrying out re-analysis and judgment on the practicability of the protection measures, the information safety of the power system is guaranteed to a greater extent, and the information leakage risk of the power system is lower.
Description
Technical Field
The invention relates to the technical field of data information processing, in particular to a method for analyzing data interaction security threat information of an electric power system.
Background
The components of the power system are unified and integrated by secondary facilities such as power generation, transmission, transformation, distribution and power consumption modules, regulation control and relay protection and safety automatic devices, metering devices, scheduling devices, power communication and the like, which ensure the normal and safe operation of the power consumption modules. The generation of some real-time data of the power system in the working process includes data of power generation, power transmission, power distribution and electricity consumption, including data of power load, power generation, voltage, current, power factor and the like, and analog data of the power system, such as a model of the power system, characteristics of circuit elements, stability and response of a circuit and the like. Safety data of the power system, such as safety control, fault diagnosis, safety measures, early warning and the like of the power system. Monitoring data of the power system, such as the operation state, operation parameters, performance and reliability of the power system, and the like. Environmental data of the power system, such as the influence of the power system on the atmosphere and water quality, including carbon emission, energy use, pollution control and the like. Economic and social impact data for the power system, including regional and industrial impact of the power system, such as energy consumption, tax, employment opportunities, and economic development. It is determined that various data interactions in the power system are unavoidable abnormal data information.
And in the power system data interaction security threat information, the security threat information analysis refers to collecting, acquiring and analyzing information about information security threats so as to identify, evaluate and cope with potential security threats. The following are some steps of security threat information analysis: the collection of relevant threat information includes, for example, public information, reports, news, vulnerability information, etc. The information collected should be versatile so as to help identify potential threats. In the conventional technology, in the power system data interaction security threat information, collected information can be classified so as to be better understood and analyzed. This may include classifying the threat, describing the source and type of threat. The collected information is then analyzed to identify potential threats. In the prior art, by identifying and coping with security threats, organizations can enhance the security of the security threats and protect information and assets from security events such as hacking and data leakage. The adopted method is classification and statistics of fault diagnosis of conventional data information, the scheme has lag in intelligent process, lag in analysis capability of data interaction security threat information of the power system, and improvement of the analysis capability of the data interaction security threat information of the power system is a technical problem to be solved urgently.
As the degree of intellectualization and digitalization of power systems increases, the content of data interaction of power systems becomes more and more extensive, and the presence in power systems becomes more and more important. However, this also carries potential security threats such as network attacks, data tampering, and information leakage. The current safety protection method of the electric power system mainly depends on the traditional firewall and intrusion detection system, and adopts a method of regular backup to carry out safety prevention and control on the data of the electric power system, and recovers the data when needed so as to prevent the data leakage caused by data loss or system breakdown. Although the methods can play a certain role in facing traditional threat information and ensure the information security of the power system to a great extent, in the age of informatization, network attack modes are gradually changed day by day, and the methods cannot comprehensively identify novel information threats and make threat assessment and corresponding protection measures on the novel information threats so as to ensure the information security of the power system. Therefore, how to improve the comprehensive analysis and evaluation capability of the data interaction security threat information of the power system is a technical problem to be solved.
Disclosure of Invention
Aiming at the defects of the technology, the invention discloses a method for analyzing the data interaction security threat information of a power system, which protects a working link of the data interaction of the whole power system by adopting a protection algorithm through an information protection unit to realize the security protection and the operation stability of the power system, carries out multiple detection on data collected by a data monitoring module in the power system from the aspects of protocol type, IP frequency band and communication mode through a threat analysis algorithm, carries out re-analysis and judgment on the practicability of protection measures through a risk assessment algorithm, carries out grading on threat information through a security threat model, ensures the information security of the power system to a greater extent, and has lower information leakage risk of the power system.
In view of the above, the invention provides a method for analyzing the data interaction security threat information of a power system, which comprises the following steps,
step one, collecting interaction information in a power system;
collecting data interaction information in the power system through a data monitoring module, wherein the data interaction information comprises data transmission records, communication protocols and data packet contents;
step two, preprocessing the collected data interaction information;
the method comprises the steps that a data processing module is adopted to process acquired data interaction information, the data processing module comprises a cleaning unit, a denoising unit and a sequencing unit, the cleaning unit is used for searching the collected information and supplementing the missing part, the denoising unit is used for repairing the part with abnormal information, and the sequencing unit is used for sequencing the data;
step three, threat identification is carried out on the data interaction information;
the method comprises the steps that processed data information is identified by an information identification module, the information identification module comprises a classification unit, a threat information identification unit, a threat information grade division unit, a coding unit and an information output unit, the classification unit is used for classifying ordered data according to protocol types, communication modes and IP frequency bands, the threat information identification unit detects classified threat information through a security threat model and marks the threat information automatically, the threat information grade division unit divides the threat information into different grades according to the hazard degree and the influence range of the threat information, the coding unit is used for converting and coding the threat information, the information output unit is used for outputting the processed threat information to a designated position, the classification unit is connected with the threat information identification unit, the threat information identification unit is connected with the threat grade division unit, the threat grade division unit is connected with the coding unit, and the coding unit is connected with the information output unit;
analyzing threat information and carrying out threat assessment;
the threat information security assessment method comprises the steps that threat information is subjected to data information security assessment through a threat assessment module by adopting a threat algorithm model, the threat algorithm model comprises a threat information feature extraction unit, a data attack mode analysis unit, an information protection unit and a grade assessment unit, the threat information feature extraction unit is used for extracting protocol features in threat data, the data attack mode analysis unit adopts a threat analysis algorithm to judge information feature analysis results, the grade assessment unit adopts a threat assessment algorithm to carry out grade assessment on the information feature analysis results, the information protection unit determines taken protective measures according to the severity degree, the influence range and the caused consequences of the threat and generates a report at the end of the information, the threat information feature extraction unit is connected with the data attack mode analysis unit, the data attack mode analysis unit is connected with the grade assessment unit, and the grade assessment unit is connected with the information protection unit;
step five, visualizing a security threat information processing flow and an evaluation result;
the intelligent display module is arranged to visually display the security threat information processing flow and the evaluation result and generate a corresponding graphic report, the intelligent display module comprises a display unit, a remote interaction unit and a wireless transmission unit, the display unit is used for displaying the security threat information processing flow and the evaluation result, the wireless transmission unit is used for transmitting the generated report to a plurality of terminals through wireless communication, the remote interaction unit is used for remotely perfecting the threat information protection strategy, the display unit is connected with the wireless transmission unit, and the wireless transmission unit is connected with the remote interaction unit.
As a further description of the above technical solution, the classifying unit performs first classification according to the protocol type, then performs second classification according to the communication mode, and finally performs third classification according to the IP frequency band.
As a further description of the above technical solution, the threat information feature extraction unit performs network optimization through multi-channel data transmission and adopts a ALINX XILINX ZYNQ AX7010 development board, where the development board is provided with a high-speed communication interface, a low-speed communication interface, a dual-core ARM Cortex-A9 core and an xc7z010-1clg400l FPGA chip, the dual-core ARM end is responsible for service data acquisition, preprocessing, sampling and data detection tasklet, the FPGA end includes feature extraction, an input/output circuit and an on-chip memory, the high-speed communication interface is used for performing data interaction reading on the off-chip memory and outputting a calculation result of required data, and the low-speed communication interface is used for completing parameter configuration on a register.
As a further description of the above technical solution, the information protection unit adopts a protection algorithm to protect the working link of the whole power system data interaction, the protection algorithm firstly adopts a working link failure formula to calculate the failure rate of the working link in the data communication network, and the working link failure formula is as follows:
(1)
in the formula (1)Indicating the failure rate of the power service work link,indicating the failure rate of a unit optical fiber link,representing power service work linksThe length of the tube is equal to the length,c is the transmission failure-free rate, i represents the current ith link;
and then determining the influence degree of the power service on the power grid through a service risk formula, wherein the service risk formula is as follows: (2)
in the formula (2), the amino acid sequence of the compound,representing the risk of the power business,represents the importance of the power service,representing a link through which power service data is transmitted;
when the current working link fails, switching the working link, and calculating the current power failure service risk according to a failure risk formula, wherein the failure risk formula is as follows:
(3)
in the formula (3), the amino acid sequence of the compound,indicating that the working path of the power service is failed,indicating that the protection path of the power service fails;
and then adopting a preset resource ring to protect a link with higher risk, wherein the risk of the protected path is as follows:
(4)
in the formula (4), the amino acid sequence of the compound,representing other link sets in the preset resource ring of the protection link,representing the risk of a protected path,and j represents the risk of the current power service, and j represents the jth link in the preset resource ring.
As a further description of the above technical solution, the threat analysis algorithm first adopts a behavioral tree to divide each sample of the information feature analysis result into two categories, adopts an SVM algorithm to identify the sample, and finally adopts a naive bayes algorithm to calculate the posterior probability.
As a further description of the above technical solution, the risk assessment algorithm first divides all working links into regular grid cells with equal size and same size through a ramp algorithm, where the ramp algorithm is:
(5)
in the formula (5), the amino acid sequence of the compound,indicating that the appropriate mesh size is to be achieved,representing contour data accuracy;
after the grid cells are divided, the hierarchical structure is divided into a target layer, a criterion layer and a scheme layer, and a judgment matrix is constructed as follows:
(6)
in the formula (6), the amino acid sequence of the compound,parameters representing the ith row and the jth column, i represents a row, j represents a column, n represents a maximum column and a maximum row, and P represents a judgment matrix;
ordering according to the importance of each factor in the hierarchy to obtain the weight value corresponding to each element, which can be expressed as: (7)
in the formula (7), the amino acid sequence of the compound,the corresponding feature vectors representing the risk compartment model,represents the largest feature root of the risk compartment model,minimum feature root representing the risk compartment model;
carrying out consistency detection on the judgment matrix by adopting a deviation consistency index function, wherein the deviation consistency index function is as follows: (8)
in the formula (8), the amino acid sequence of the compound,indicating a consistency index.
As a further description of the above technical solution, the security threat model uses a neural network algorithm to determine information collected by the power system, and the neural network identification BP formula is:
(9)
i in equation (9) represents a reference center node, j represents a neighbor node, h represents an initial function,for the output weight of the neural network function, l is the output number of the algorithm, j is the node position of the algorithm output, and a parameter of a conventional node is input asN represents the execution number of neurons, and m represents an operation rule;
and then summing the judgment values by using a summation formula, wherein the summation formula is as follows:
(10)
in the formula (10), S represents the number of judgment values, M represents the number of 1 in the S judgment values, and T represents the number of 0 in the S judgment values, and at this time, the positive and negative of the matrix are judged by using an accuracy formula, wherein the accuracy formula is as follows: (11)
in the formula (11)For the correct rate byThe output value of (2) is the coincidence of the information with the constant reference information.
The invention has the beneficial technical effects that compared with the prior art:
the invention discloses a data interaction security threat information analysis method for an electric power system, which is characterized in that an information protection unit is used for protecting a working link of data interaction of the whole electric power system by adopting a protection algorithm so as to realize security protection and operation stability of the electric power system, the threat analysis algorithm is used for carrying out multiple detection on data collected by a data monitoring module in the electric power system from aspects of protocol type, IP frequency band and communication mode, the practicability of protective measures is analyzed and judged again by a danger assessment algorithm, threat information is classified by a security threat model, the information security of the electric power system is guaranteed to a greater extent, the information leakage risk of the electric power system is lower, the data interaction capacity of the electric power system is improved, and the intelligent analysis capacity of the data interaction security threat information of the electric power system is improved.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings which are required in the description of the embodiments or the prior art will be briefly described below, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings may be obtained from these drawings without inventive faculty for a person skilled in the art, wherein,
figure 1 is a flow chart of the present invention,
figure 2 is a block diagram of the modules employed in the present invention,
figure 3 is a diagram of an information recognition module architecture,
figure 4 is a threat assessment module architecture diagram,
fig. 5 is a schematic diagram of an intelligent display module.
Detailed Description
The following description of the embodiments of the present disclosure will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the disclosure. It should be understood that the description is only illustrative and is not intended to limit the scope of the invention. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present invention.
As shown in fig. 1-5, a method for analyzing security threat information of power system data interaction includes the following steps,
step one, collecting interaction information in a power system;
collecting data interaction information in the power system through a data monitoring module, wherein the data interaction information comprises data transmission records, communication protocols and data packet contents;
step two, preprocessing the collected data interaction information;
the method comprises the steps that a data processing module is adopted to process acquired data interaction information, the data processing module comprises a cleaning unit, a denoising unit and a sequencing unit, the cleaning unit is used for searching the collected information and supplementing the missing part, the denoising unit is used for repairing the part with abnormal information, and the sequencing unit is used for sequencing the data;
step three, threat identification is carried out on the data interaction information;
the method comprises the steps that processed data information is identified by an information identification module, the information identification module comprises a classification unit, a threat information identification unit, a threat information grade division unit, a coding unit and an information output unit, the classification unit is used for classifying ordered data according to protocol types, communication modes and IP frequency bands, the threat information identification unit detects classified threat information through a security threat model and marks the threat information automatically, the threat information grade division unit divides the threat information into different grades according to the hazard degree and the influence range of the threat information, the coding unit is used for converting and coding the threat information, the information output unit is used for outputting the processed threat information to a designated position, the classification unit is connected with the threat information identification unit, the threat information identification unit is connected with the threat grade division unit, the threat grade division unit is connected with the coding unit, and the coding unit is connected with the information output unit;
analyzing threat information and carrying out threat assessment;
the threat information security assessment method comprises the steps that threat information is subjected to data information security assessment through a threat assessment module by adopting a threat algorithm model, the threat algorithm model comprises a threat information feature extraction unit, a data attack mode analysis unit, an information protection unit and a grade assessment unit, the threat information feature extraction unit is used for extracting protocol features in threat data, the data attack mode analysis unit adopts a threat analysis algorithm to judge information feature analysis results, the grade assessment unit adopts a threat assessment algorithm to carry out grade assessment on the information feature analysis results, the information protection unit determines taken protective measures according to the severity degree, the influence range and the caused consequences of the threat and generates a report at the end of the information, the threat information feature extraction unit is connected with the data attack mode analysis unit, the data attack mode analysis unit is connected with the grade assessment unit, and the grade assessment unit is connected with the information protection unit;
step five, visualizing a security threat information processing flow and an evaluation result;
the intelligent display module is arranged to visually display the security threat information processing flow and the evaluation result and generate a corresponding graphic report, the intelligent display module comprises a display unit, a remote interaction unit and a wireless transmission unit, the display unit is used for displaying the security threat information processing flow and the evaluation result, the wireless transmission unit is used for transmitting the generated report to a plurality of terminals through wireless communication, the remote interaction unit is used for remotely perfecting the threat information protection strategy, the display unit is connected with the wireless transmission unit, and the wireless transmission unit is connected with the remote interaction unit.
The data monitoring module is connected with the data processing module, the data processing module is connected with the information identification module, the information identification module is connected with the threat assessment module, and the threat assessment module is connected with the intelligent display module.
Further, the classifying unit classifies the first time according to the protocol type, classifies the second time according to the communication mode, classifies the third time according to the IP frequency band,
the working principle of the classifying unit is as follows: an input feature vector is first received. The feature vectors may contain any number of feature values, each representing a certain attribute of the input data, such as protocol type, communication mode and IP band, and then weighting the input features, and finally converting the result of the weighting calculation into a label or class by applying a nonlinear function, such as sigmoid, reLU or softmax, to complete the final classification.
Further, the threat information feature extraction unit performs network optimization through multi-channel data transmission and adopts a ALINX XILINX ZYNQ AX7010 development board, the development board is provided with a high-speed communication interface, a low-speed communication interface, a dual-core ARM Cortex-A9 core and an xc7z010-1clg400l FPGA chip, the dual-core ARM end is responsible for service data acquisition, preprocessing, sampling and data detection subtasks, the FPGA end comprises feature extraction, an input and output circuit and an on-chip memory, the high-speed communication interface is used for performing data interaction reading on the off-chip memory and outputting a calculation result of required data, and the low-speed communication interface is used for completing parameter configuration of a register.
Further, the information protection unit adopts a protection algorithm to protect the working link of the whole power system data interaction, the protection algorithm firstly adopts a working link failure formula to calculate the failure rate of the working link in the data communication network, and the working link failure formula is as follows:
(1)
in the formula (1)Indicating the failure rate of the power service work link,indicating the failure rate of a unit optical fiber link,indicating the length of the power service operational link,c is the transmission failure-free rate, i represents the current ith link;
and then determining the influence degree of the power service on the power grid through a service risk formula, wherein the service risk formula is as follows: (2)
in the formula (2), the amino acid sequence of the compound,representing the risk of the power business,represents the importance of the power service,representing a link through which power service data is transmitted;
in specific application, the safety construction of the power industry with leakage risk is gradually perfected at present, but mass data can be generated in each link and each moment of five scenes of power transmission, power transformation, power distribution, power consumption and power selling, the data can greatly promote intelligent sensing of a power grid, internal management and control capability and user service efficiency improvement, but if a data provider cannot effectively control the data in the processes of collecting, transmitting, storing, processing and using the data, the risk of the power service is various, and the risk is classified into a data information function to improve the data information capability in order to improve the data interaction safety threat information analysis capability of a power system. The importance of the power service is expressed in the specific embodiment as the specific gravity of a certain parameter occupying the whole of the various parameters. The link through which the power business data is transmitted provides transmission and data channels for power production and management of each business, serves a primary power system and a secondary power system, and converts various macroscopic data information into microscopic analysis through the expression of the functional relation so as to improve the data information analysis capability.
When the current working link fails, switching the working link, and calculating the current power failure service risk according to a failure risk formula, wherein the failure risk formula is as follows:
(3)
in the formula (3), the amino acid sequence of the compound,worker representing power businessThe path is made to fail and,indicating that the protection path of the power service fails;
and then adopting a preset resource ring to protect a link with higher risk, wherein the risk of the protected path is as follows:
(4)
in the formula (4), the amino acid sequence of the compound,representing other link sets in the preset resource ring of the protection link,representing the risk of a protected path,representing the risk of the current power service, j representing the jth link in the preset resource circle,
the working principle of the information protection unit is as follows: firstly, various encryption algorithms are used for encrypting data in a computer system, so that the security of the data is ensured. The data is decrypted using the corresponding key when it needs to be read or transmitted so that the user can access and use the data normally, then authenticated and verified using digital signature techniques to ensure the integrity and authenticity of the data, and finally all operations and events in the computer system are recorded for auditing and tracking when required, as shown in table 1.
Table 1 working link failure rate table
| Working link | Failure rate/% | Switching rate/% | Protection rate/% |
| 1 | 22.3 | 37.6 | 10.4 |
| 2 | 70.6 | 17.5 | 1.6 |
| 3 | 47.8 | 30.7 | 90.4 |
As can be seen from table 1, the original threat is not relieved when the failure rate is relatively high, the switching rate and the overall protection rate at this time are relatively low, the original threat is not formed when the failure rate is relatively low, the normal switched rate is relatively high, the start of the overall protection rate is relatively slow, the original threat is identified when the failure rate is located in the middle area, the lowest threat of the switching rate can be removed, and the overall protection rate is highest.
Further, the threat analysis algorithm firstly adopts a behavioral tree to divide each sample of the information characteristic analysis result into two categories, adopts an SVM algorithm to identify the sample, and finally adopts a naive Bayesian algorithm to calculate the posterior probability,
the threat analysis algorithm is based on the following principle: firstly, through description of behavior tree nodes, the possible states and behaviors of data to be classified are identified, the data to be classified are converted into characteristic vectors capable of being classified, then, characteristic selection and characteristic extraction are carried out on the extracted characteristic vectors, an SVM algorithm is applied to the extracted characteristic vectors, characteristics related to classification results are extracted through classifying each characteristic, the extracted characteristics are weighted by a naive Bayesian algorithm, contribution of weights generated by probability of success or failure is added, finally, the results of the algorithms are weighted and summed, and a voting method or a weighted average method is used to improve final correctness and reliability of the model, so that a final classification result is obtained.
Further, the risk assessment algorithm firstly divides all working links into regular grid cells with equal size and same size through a ramp algorithm, wherein the ramp algorithm is as follows:
(5)
in the formula (5), the amino acid sequence of the compound,indicating that the appropriate mesh size is to be achieved,representing contour data accuracy;
after the grid cells are divided, the hierarchical structure is divided into a target layer, a criterion layer and a scheme layer, and a judgment matrix is constructed as follows:
(6)
in the formula (6), the amino acid sequence of the compound,parameters representing the ith row and the jth column, i represents a row, j represents a column, n represents a maximum column and a maximum row, and P represents a judgment matrix;
ordering according to the importance of each factor in the hierarchy to obtain the weight value corresponding to each element, which can be expressed as: (7)
in the formula (7), the amino acid sequence of the compound,the corresponding feature vectors representing the risk compartment model,represents the largest feature root of the risk compartment model,minimum feature root representing the risk compartment model;
carrying out consistency detection on the judgment matrix by adopting a deviation consistency index function, wherein the deviation consistency index function is as follows: (8)
in the formula (8), the amino acid sequence of the compound,the index of the consistency is indicated as such,
the working principle of the risk assessment algorithm is as follows: for security to be evaluated, factors such as the possible attack patterns, sources, targets, and tools used need to be considered first. On the basis, a targeted model is established, and risks of different grades of high, medium, low and the like are defined according to weights of different factors. For known security vulnerabilities in systems and networks, in-depth analysis and evaluation is performed, including the type of vulnerability, impact, whether solutions exist, emergency plans, etc. And evaluating aspects such as system architecture, flow, data environment and the like, and determining possible weak links, data leakage points, data redundancy and the like. Risk control measures are formulated, including information security measures, emergency response plans, user management, security detection, and the like. These measures help to mitigate risk and grasp the early warning mechanism. A monitoring and analysis mechanism for the evaluation results is established, and measures are adjusted at any time to cope with security holes, risks and threats which possibly occur, as shown in table 2.
TABLE 2 Risk assessment Table
| Grade | Grid number | Number of detections | Consistency/% |
| Low and low | 16 | 15 | 93.75 |
| In (a) | 25 | 22 | 88.00 |
| High height | 36 | 30 | 83.33 |
As can be seen from table 2, the higher the threat level, the more the number of grids is divided, but the fewer the number is detected, so the consistency is lower, so that it is impossible to have a relatively safe safeguard measure only by dividing the threat into different levels, and the necessity of upgrading the corresponding safeguard measure can be illustrated by evaluating the threat of each level again.
Further, the security threat model uses a neural network algorithm to judge information collected by the power system, and a neural network identification BP formula is as follows:
(9)
i in equation (9) represents a reference center node, j represents a neighbor node, h represents an initial function,for the output weight of the neural network function, l is the output number of the algorithm, j is the node position of the algorithm output, and a parameter of a conventional node is input asN represents the execution number of neurons, and m represents an operation rule;
and then summing the judgment values by using a summation formula, wherein the summation formula is as follows:
(10)
in the formula (10), S represents the number of judgment values, M represents the number of 1 in the S judgment values, and T represents the number of 0 in the S judgment values, and at this time, the positive and negative of the matrix are judged by using an accuracy formula, wherein the accuracy formula is as follows:
(11)
in the formula (11)For the correct rate byThe output value of (2) is the coincidence of the information with the constant reference information.
The working principle of the security threat model is as follows: the protocol type, the communication mode and the IP frequency band of the data collected by the data monitoring module are used as neighbor nodes、Andinputs, i.e. output values after the neuronal network has performed from j=1 to j=n neural nodesX is the output value of the algorithm, the value of X is 1 or 0 is taken as a judgment value, when X is 1, the neuron is judged to be correct, and when X is 0, the neuron is judged to be wrong; as shown in table 3.
TABLE 3 security threat level table
| Input device | Output of | Grade |
| (1,1,1,1) | 1 | High height |
| (1,0,0,1) | 2 | Low and low |
| (1,1,0,1) | 3 | In (a) |
As can be seen from table 3, when the master node and the three neighbor nodes all meet the requirements, the security threat level is high, when the master node and any two neighbor nodes all meet the requirements, the security threat level is medium, and when the master node and any one neighbor node all meet the requirements, the security threat level is low.
While specific embodiments of the present invention have been described above, it will be understood by those skilled in the art that these specific embodiments are by way of example only, and that various omissions, substitutions, and changes in the form and details of the methods and systems described above may be made by those skilled in the art without departing from the spirit and scope of the invention. For example, it is within the scope of the present invention to combine the above-described method steps to perform substantially the same function in substantially the same way to achieve substantially the same result. Accordingly, the scope of the invention is limited only by the following claims.
Claims (7)
1. A method for analyzing data interaction security threat information of an electric power system is characterized by comprising the following steps of: comprises the following steps of the method,
step one, collecting interaction information in a power system;
collecting data interaction information in the power system through a data monitoring module, wherein the data interaction information comprises data transmission records, communication protocols and data packet contents;
step two, preprocessing the collected data interaction information;
the method comprises the steps that a data processing module is adopted to process acquired data interaction information, the data processing module comprises a cleaning unit, a denoising unit and a sequencing unit, the cleaning unit is used for searching the collected information and supplementing the missing part, the denoising unit is used for repairing the part with abnormal information, and the sequencing unit is used for sequencing the data;
step three, threat identification is carried out on the data interaction information;
the method comprises the steps that processed data information is identified by an information identification module, the information identification module comprises a classification unit, a threat information identification unit, a threat information grade division unit, a coding unit and an information output unit, the classification unit is used for classifying ordered data according to protocol types, communication modes and IP frequency bands, the threat information identification unit detects classified threat information through a security threat model and marks the threat information automatically, the threat information grade division unit divides the threat information into different grades according to the hazard degree and the influence range of the threat information, the coding unit is used for converting and coding the threat information, the information output unit is used for outputting the processed threat information to a designated position, the classification unit is connected with the threat information identification unit, the threat information identification unit is connected with the threat grade division unit, the threat grade division unit is connected with the coding unit, and the coding unit is connected with the information output unit;
analyzing threat information and carrying out threat assessment;
the threat information security assessment method comprises the steps that threat information is subjected to data information security assessment through a threat assessment module by adopting a threat algorithm model, the threat algorithm model comprises a threat information feature extraction unit, a data attack mode analysis unit, an information protection unit and a grade assessment unit, the threat information feature extraction unit is used for extracting protocol features in threat data, the data attack mode analysis unit adopts a threat analysis algorithm to judge information feature analysis results, the grade assessment unit adopts a threat assessment algorithm to carry out grade assessment on the information feature analysis results, the information protection unit determines taken protective measures according to the severity degree, the influence range and the caused consequences of the threat and generates a report at the end of the information, the threat information feature extraction unit is connected with the data attack mode analysis unit, the data attack mode analysis unit is connected with the grade assessment unit, and the grade assessment unit is connected with the information protection unit;
step five, visualizing a security threat information processing flow and an evaluation result;
the intelligent display module is arranged to visually display the security threat information processing flow and the evaluation result and generate a corresponding graphic report, the intelligent display module comprises a display unit, a remote interaction unit and a wireless transmission unit, the display unit is used for displaying the security threat information processing flow and the evaluation result, the wireless transmission unit is used for transmitting the generated report to a plurality of terminals through wireless communication, the remote interaction unit is used for remotely perfecting the threat information protection strategy, the display unit is connected with the wireless transmission unit, and the wireless transmission unit is connected with the remote interaction unit.
2. The method for analyzing the data interaction security threat information of the power system according to claim 1, wherein the method comprises the following steps: the classifying unit firstly classifies the first time according to the protocol type, then classifies the second time according to the communication mode, and finally classifies the third time according to the IP frequency band.
3. The method for analyzing the data interaction security threat information of the power system according to claim 1, wherein the method comprises the following steps: the threat information feature extraction unit performs network optimization through multi-channel data transmission and adopts a ALINX XILINX ZYNQ AX7010 development board, the development board is provided with a high-speed communication interface, a low-speed communication interface, a dual-core ARM Cortex-A9 kernel and an xc7z010-1clg400l FPGA chip, the dual-core ARM end is responsible for service data acquisition, preprocessing, sampling and data detection subtasks, the FPGA end comprises feature extraction, an input and output circuit and an on-chip memory, the high-speed communication interface is used for performing data interaction reading on the off-chip memory and outputting a calculation result of required data, and the low-speed communication interface is used for completing parameter configuration of registers.
4. The method for analyzing the data interaction security threat information of the power system according to claim 1, wherein the method comprises the following steps: the information protection unit adopts a protection algorithm to protect the working link of the whole power system data interaction, the protection algorithm firstly adopts a working link failure formula to calculate the failure rate of the working link in the data communication network, and the working link failure formula is as follows:
(1)
in the formula (1)Indicating failure rate of power service working link, +.>Indicating failure rate of unit optical fiber link, < >>Indicating the length of the power service working link, +.>C is the transmission failure-free rate, i represents the current ith link;
and then determining the influence degree of the power service on the power grid through a service risk formula, wherein the service risk formula is as follows: (2)
in the formula (2), the amino acid sequence of the compound,representing the risk of power business,/->Representing importance of power business->Representing a link through which power service data is transmitted;
when the current working link fails, switching the working link, and calculating the current power failure service risk according to a failure risk formula, wherein the failure risk formula is as follows:
(3)
in the formula (3), the amino acid sequence of the compound,indicating failure of the working path of the power service, +.>Indicating that the protection path of the power service fails;
and then adopting a preset resource ring to protect a link with higher risk, wherein the risk of the protected path is as follows:
(4)
in the formula (4), the amino acid sequence of the compound,other link sets in preset resource circle representing protection link, +.>Representing the risk of a protected path->And j represents the risk of the current power service, and j represents the jth link in the preset resource ring.
5. The method for analyzing the data interaction security threat information of the power system according to claim 1, wherein the method comprises the following steps: the threat analysis algorithm firstly adopts a behavioral tree to divide each sample of the information characteristic analysis result into two categories, adopts an SVM algorithm to identify the sample, and finally adopts a naive Bayesian algorithm to calculate the posterior probability.
6. The method for analyzing the data interaction security threat information of the power system according to claim 1, wherein the method comprises the following steps: the risk assessment algorithm firstly divides all working links into regular grid cells with equal size and same size through a slope algorithm, wherein the slope algorithm is as follows:
(5)
in the formula (5), the amino acid sequence of the compound,representing the appropriate mesh size, +.>Representing contour data accuracy;
after the grid cells are divided, the hierarchical structure is divided into a target layer, a criterion layer and a scheme layer, and a judgment matrix is constructed as follows:
(6)
in the formula (6), the amino acid sequence of the compound,parameters representing the ith row and the jth column, i represents a row, j represents a column, n represents a maximum column and a maximum row, and P represents a judgment matrix;
ordering according to the importance of each factor in the hierarchy to obtain the weight value corresponding to each element, which can be expressed as: (7)
in the formula (7), the amino acid sequence of the compound,corresponding feature vectors representing the risk compartment model, +.>Maximum feature root representing risk compartment model, +.>The most significant of the models representing the risk compartmentsSmall feature roots;
carrying out consistency detection on the judgment matrix by adopting a deviation consistency index function, wherein the deviation consistency index function is as follows: (8)
in the formula (8), the amino acid sequence of the compound,indicating a consistency index.
7. The method for analyzing the data interaction security threat information of the power system according to claim 1, wherein the method comprises the following steps: the security threat model judges the information collected by the power system by using a neural network algorithm, and the neural network identification BP formula is as follows:
(9)
i in equation (9) represents a reference center node, j represents a neighbor node, h represents an initial function,for the output weight of the neural network function, l is the output number of the algorithm, j is the node position of the algorithm output, and a parameter of a conventional node is input asN represents the execution number of neurons, and m represents an operation rule;
and then summing the judgment values by using a summation formula, wherein the summation formula is as follows:
(10)
in the formula (10), S represents the number of judgment values, M represents the number of 1 among the S judgment values, and T represents 0 among the S judgment valuesAt this time, the accuracy formula is used for judging the positive and the negative of the matrix, and the accuracy formula is as follows: (11)
in the formula (11)For the accuracy by->The output value of (2) is the coincidence of the information with the constant reference information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310817950.2A CN116956148A (en) | 2023-07-05 | 2023-07-05 | Power system data interaction security threat information analysis method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310817950.2A CN116956148A (en) | 2023-07-05 | 2023-07-05 | Power system data interaction security threat information analysis method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116956148A true CN116956148A (en) | 2023-10-27 |
Family
ID=88457603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310817950.2A Pending CN116956148A (en) | 2023-07-05 | 2023-07-05 | Power system data interaction security threat information analysis method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116956148A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117235743A (en) * | 2023-11-13 | 2023-12-15 | 北京华源芯电科技有限公司 | Intelligent power management method and system based on security risk |
| CN118228274A (en) * | 2024-04-08 | 2024-06-21 | 国网安徽省电力有限公司霍山县供电公司 | Data security diagnosis method for dispatching automation system |
| CN118396382A (en) * | 2024-06-21 | 2024-07-26 | 南京邮电大学 | Modeling method and system for power data external service danger |
-
2023
- 2023-07-05 CN CN202310817950.2A patent/CN116956148A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117235743A (en) * | 2023-11-13 | 2023-12-15 | 北京华源芯电科技有限公司 | Intelligent power management method and system based on security risk |
| CN117235743B (en) * | 2023-11-13 | 2024-02-02 | 北京华源芯电科技有限公司 | Intelligent power management method and system based on security risk |
| CN118228274A (en) * | 2024-04-08 | 2024-06-21 | 国网安徽省电力有限公司霍山县供电公司 | Data security diagnosis method for dispatching automation system |
| CN118396382A (en) * | 2024-06-21 | 2024-07-26 | 南京邮电大学 | Modeling method and system for power data external service danger |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116956148A (en) | Power system data interaction security threat information analysis method | |
| Shirazi et al. | Evaluation of anomaly detection techniques for scada communication resilience | |
| RU2012155276A (en) | DETECTION AND ANALYSIS OF A Malicious ATTACK | |
| KR102091076B1 (en) | Intelligent security control system and method using mixed map alert analysis and non-supervised learning based abnormal behavior detection method | |
| CN105867347B (en) | Cross-space cascading fault detection method based on machine learning technology | |
| Ruan et al. | Deep learning for cybersecurity in smart grids: Review and perspectives | |
| Naderi et al. | Toward detecting cyberattacks targeting modern power grids: A deep learning framework | |
| Diaba et al. | Cyber security in power systems using meta-heuristic and deep learning algorithms | |
| CN118094531B (en) | Safe operation and maintenance real-time early warning integrated system | |
| CN116112283A (en) | CNN-LSTM-based power system network security situation prediction method and system | |
| CN118118249A (en) | Enterprise information security operation and maintenance management system based on big data | |
| Sönmez et al. | Anomaly detection using data mining methods in it systems: a decision support application | |
| Al-Ambusaidi et al. | ML-IDS: an efficient ML-enabled intrusion detection system for securing IoT networks and applications | |
| Terzi et al. | Smart grid security evaluation with a big data use case | |
| Mohammadi et al. | A review of cyber–resilient smart grid | |
| CN115659351B (en) | Information security analysis method, system and equipment based on big data office | |
| US11870800B1 (en) | Cyber security risk assessment and cyber security insurance platform | |
| Salazar et al. | Monitoring approaches for security and safety analysis: application to a load position system | |
| CN117118665A (en) | Power system data interaction security threat information analysis method | |
| CN115034471A (en) | Energy storage fault prediction method and device | |
| CN104933357A (en) | Flooding attack detection system based on data mining | |
| Gómez et al. | Vulnerability assessment of infrastructure networks by using hierarchical decomposition methods | |
| Fahim et al. | The role of machine learning in improving power distribution systems resilience | |
| Iqbal | Intrusion Detection in Smart Grid Using Machine Learning Approach | |
| Bhavsar et al. | EL-FAM: Power System Intrusion Detection with Ensemble Learning for False Alarm Mitigation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |