CN117201125A - Vulnerability testing method, device and equipment of power grid system and storage medium - Google Patents
Vulnerability testing method, device and equipment of power grid system and storage medium Download PDFInfo
- Publication number
- CN117201125A CN117201125A CN202311164124.9A CN202311164124A CN117201125A CN 117201125 A CN117201125 A CN 117201125A CN 202311164124 A CN202311164124 A CN 202311164124A CN 117201125 A CN117201125 A CN 117201125A
- Authority
- CN
- China
- Prior art keywords
- test
- power grid
- target
- grid system
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 382
- 230000035515 penetration Effects 0.000 claims abstract description 120
- 238000000034 method Methods 0.000 claims abstract description 32
- 238000013135 deep learning Methods 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 13
- 238000001514 detection method Methods 0.000 claims description 7
- 238000005265 energy consumption Methods 0.000 claims description 3
- 238000004146 energy storage Methods 0.000 claims description 2
- 230000009286 beneficial effect Effects 0.000 abstract description 6
- 238000004590 computer program Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000010248 power generation Methods 0.000 description 5
- 238000012549 training Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Landscapes
- Supply And Distribution Of Alternating Current (AREA)
Abstract
The invention discloses a vulnerability testing method, device and equipment of a power grid system and a storage medium. Wherein the method comprises the following steps: responding to a test triggering request, acquiring a target test intention, and determining a power grid system type corresponding to the target test intention; aiming at each type of power grid system, acquiring a penetration test model corresponding to the type of the power grid system, and performing penetration test on a target power grid system based on a target test intention and the penetration test model to acquire a system vulnerability triggering path; and determining the triggering time length of each system vulnerability triggering path, and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time length of each system vulnerability triggering path. The method solves the technical problems that in the penetration test of the intelligent power grid, a penetration test model cannot be flexibly selected according to the type of the power grid system and the penetration test intention, so that the test efficiency is low and the weak link of the system cannot be accurately positioned. The beneficial effect of effectively acquiring the weak links of the system according to the test intention is achieved.
Description
Technical Field
The present invention relates to the field of power network technologies, and in particular, to a method, an apparatus, a device, and a storage medium for testing a vulnerability of a power grid system.
Background
The power grid system is a system general term for producing, conveying and distributing electric energy and mainly comprises a power generation system, a power transmission system, a power distribution system and an electric system, the stable operation of the power grid system has important significance for the daily life of people and the normal operation of work, and once regional long-time power failure occurs, immeasurable loss can be caused.
In daily operation, a large amount of data and operation records are generated by the power grid system, and the traditional power grid management mode cannot efficiently and safely manage the increasingly large amount of data. Along with the high-speed popularization of network information technology, smart grids are also greatly popularized, and smart grids are novel grids which are based on physical grids of various power generation equipment, power transmission and distribution networks, electric equipment and energy storage equipment, are highly integrated with the physical grids by modern advanced sensing measurement technology, network technology, communication technology, computing technology, automation and intelligent control technology and the like, and can realize information safety and unified management. In the process of developing the intelligent power grid, an important problem affecting the intelligent power grid is an information safety problem, and a stable environment can be created for intelligent development of the power grid only if information safety precaution work is done in the intelligent power grid process.
The penetration test is a method for evaluating the security of a network system by simulating malicious attacks, and the penetration test of the intelligent power grid is mostly carried out directly on the whole system at present, so that a very large number of known or unknown vulnerabilities can be obtained. However, in the prior art, the main requirements of the current power grid system are not tested, and the weakest link in the power grid system cannot be obtained for protection, so that the smart grid is still in danger after multiple penetration tests.
Disclosure of Invention
The invention provides a vulnerability testing method, device, equipment and storage medium of a power grid system, which are used for solving the technical problems that in the penetration test of a smart power grid, a penetration test model cannot be flexibly selected according to the type of the power grid system and the penetration test intention, so that the test efficiency is low and weak links of the system cannot be accurately positioned.
According to an aspect of the present invention, there is provided a vulnerability testing method of a power grid system, the method comprising:
responding to a test triggering request, acquiring a target test intention, and determining a power grid system type corresponding to the target test intention;
aiming at each type of power grid system, acquiring a penetration test model corresponding to the type of the power grid system, and performing penetration test on a target power grid system based on a target test intention and the penetration test model to acquire a system vulnerability triggering path;
And determining the triggering time length of each system vulnerability triggering path, and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time length of each system vulnerability triggering path.
According to another aspect of the present invention, there is provided a vulnerability testing apparatus of a power grid system, the apparatus comprising:
the test triggering module is used for responding to the test triggering request, acquiring a target test intention and determining a power grid system type corresponding to the target test intention;
the penetration test module is used for acquiring a penetration test model corresponding to the type of the power grid system according to each type of the power grid system, and performing penetration test on the target power grid system based on the target test intention and the penetration test model to acquire a system vulnerability triggering path;
the vulnerability output module is used for determining the triggering time length of each system vulnerability triggering path and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time length of each system vulnerability triggering path.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the vulnerability testing method of the power grid system of any one of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to implement a vulnerability testing method of a grid system according to any one of the embodiments of the present invention when executed.
According to the technical scheme provided by the embodiment of the invention, the target test intention is firstly obtained by responding to the test trigger request, and the type of the power grid system corresponding to the target test intention is determined, so that the corresponding penetration test model can be reasonably selected according to the test intention and the type of the power grid system corresponding to the test intention. And then, aiming at each type of power grid system, acquiring a penetration test model corresponding to the type of the power grid system, and performing penetration test on the target power grid system based on the target test intention and the penetration test model to acquire a system vulnerability triggering path. And finally, determining the triggering time length of each system vulnerability triggering path, and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time length of each system vulnerability triggering path. The method solves the technical problems that in the penetration test of the intelligent power grid, a penetration test model cannot be flexibly selected according to the type of the power grid system and the penetration test intention, so that the test efficiency is low and the weak links of the system cannot be accurately positioned, and achieves the beneficial effects of effectively acquiring the weak links of the system according to different test intents and timely repairing and protecting.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a vulnerability testing method of a power grid system according to a first embodiment of the present invention;
fig. 2 is a flowchart of a vulnerability testing method of a power grid system according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a vulnerability testing apparatus of a power grid system according to a third embodiment of the present invention;
fig. 4 is a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and "object" in the description of the present invention and the claims and the above drawings are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of a method for testing a vulnerability of a power grid system according to an embodiment of the present invention, where the method may be performed by a vulnerability testing device of the power grid system, the vulnerability testing device of the power grid system may be implemented in hardware and/or software, and the vulnerability testing device of the power grid system may be configured in an electronic device. As shown in fig. 1, the method includes:
S110, responding to the test triggering request, acquiring a target test intention, and determining the type of the power grid system corresponding to the target test intention.
In this embodiment, the test trigger request may be a trigger request for starting to perform a vulnerability test on the power grid system. For example, the test trigger request may be a start execution command of a grid system penetration test program. The target test intention may be an instruction of an item designated to perform the current vulnerability test when the vulnerability test is triggered, and the target test intention may be one or more. For example, when the test trigger request is a system vulnerability in a system tamper attack that requests a test grid system to defend against ammeter records, the altered ammeter records may be designated as the target test intent.
The grid system type may be one or more grid system types including a power generation system, a power transmission system, a power distribution system, and a power utilization system. The types of grid systems corresponding to different target test intents can be different or the same. It will be appreciated that network attacks may also be performed on one or more grid system types for the same attack purpose, for example, a hacker may attempt to alter the meter records of the power distribution system or the meter records in the power usage system. Thus, the type of grid system corresponding to the same target test intent may be one or more.
Specifically, a target test intention specified in the vulnerability test can be obtained in response to a trigger command request for starting the vulnerability test on the power grid system, and then the type of the power grid system corresponding to the target test intention can be determined according to the target test intention. The corresponding relation between the target test intention and the type of the power grid system can be one-to-one or one-to-many.
Optionally, the target test intent includes at least one of altering meter records, intercepting energy consumption information, tampering meter firmware, altering current detection tools, performing reverse engineering, remotely controlling meter shutdown, remotely shutting down a substation, remotely disconnecting power distribution equipment, and controlling sensor feedback error data.
Optionally, determining the type of the grid system corresponding to the target test intention includes: and identifying the target test intention based on a pre-trained deep learning network to obtain the type of the power grid system corresponding to the target test intention.
In this embodiment, the pre-trained deep learning network may be pre-trained according to actual situations, and is used to identify the target test intention and obtain the deep learning network of the grid system type corresponding to the target test intention. For the same target test intention, there may be multiple grid system types corresponding to the same grid system type. Therefore, in order to accurately and quickly determine the type of the power grid system to be tested, the target test intention can be identified by adopting a deep learning network mode, so that the corresponding type of the power grid system can be conveniently and quickly obtained.
Optionally, the training step of the deep learning network may at least include the following: acquiring a test intention and a corresponding power grid system type which are disclosed in the Internet, and constructing a database; dividing the database into a training set and a testing set; training the deep learning network by adopting a training set, and testing by adopting a testing set; and after the test is passed, obtaining the trained deep learning network. Wherein the database may be as follows 7: the scale of 3 is divided into training and test sets.
S120, aiming at each type of power grid system, acquiring a penetration test model corresponding to the type of the power grid system, and performing penetration test on the target power grid system based on the target test intention and the penetration test model to acquire a system vulnerability triggering path.
In this embodiment, the penetration test models corresponding to the grid system types may be respectively constructed penetration test models corresponding to different grid system types based on the different grid system types. The target grid system may be the sum of all grid system types that can be determined based on the target test intent. Specifically, the penetration test model corresponding to the type of the power grid system may at least include a penetration test model of the power generation system, a penetration test model of the power transmission system, a penetration test model of the power distribution system, and a penetration test model of the power utilization system. The triggering path of the system bug may be a function call relationship and a data flow from the bug root function to the bug target test intention when the system bug is triggered.
For example, for a target test intent of a remote disconnect power distribution device, the type of grid system corresponding thereto may be determined to be a power distribution system. A penetration test model of the power distribution system corresponding to the power distribution system may then be obtained. Furthermore, aiming at the type of the power grid system of the power distribution system, the penetration test can be carried out on the power grid system based on the target test intention of the remote disconnection power distribution equipment and the penetration test model of the power distribution system, so as to obtain the triggering path of the system vulnerability. The triggering path of the system bug may be a path from a root function of the system bug to a result occurrence of the power distribution device being remotely disconnected, a function call, and a data interaction.
S130, determining the triggering time length of each system vulnerability triggering path, and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time length of each system vulnerability triggering path.
In this embodiment, the triggering duration of the system vulnerability triggering path may be the length of time required for triggering the system vulnerability to the result corresponding to the target test intention. As the loopholes obtained by the penetration test can be multiple, the types of the power grid systems in the target power grid system can be multiple, and thus, the system loophole triggering paths can be multiple. The target vulnerability triggering path may be the most likely vulnerability triggering path in the penetration test result. Therefore, the target vulnerability triggering path corresponding to the target test intention is determined based on the triggering time of each system vulnerability triggering path, which may be one system vulnerability triggering path with the shortest triggering time among the triggering time of all system vulnerability triggering paths, and is determined to be the target vulnerability triggering path corresponding to the target test intention.
According to the technical scheme provided by the embodiment of the invention, the target test intention is obtained by responding to the test trigger request, and the type of the power grid system corresponding to the target test intention is determined, so that the corresponding penetration test model can be reasonably selected according to the test intention and the type of the power grid system corresponding to the test intention. Then, aiming at each type of power grid system, the target test intention is identified based on a pre-trained deep learning network, so that the type of the power grid system corresponding to the target test intention can be obtained efficiently and accurately. Performing penetration test on a target power grid system based on a target test intention and a penetration test model to obtain system vulnerability triggering paths, finally determining the triggering time of each system vulnerability triggering path, and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time of each system vulnerability triggering path. The method solves the technical problems that in the penetration test of the intelligent power grid, a penetration test model cannot be flexibly selected according to the type of the power grid system and the penetration test intention, so that the test efficiency is low and the weak links of the system cannot be accurately positioned, and achieves the beneficial effects of effectively acquiring the weak links of the system according to different test intents and timely repairing and protecting.
Example two
Fig. 2 is a flowchart of a vulnerability testing method of a power grid system according to a second embodiment of the present invention, where the method for obtaining a target testing intention and constructing a penetration testing model is specifically described based on the above embodiments. Reference is made to the description of this example for a specific implementation. The technical features that are the same as or similar to those of the foregoing embodiments are not described herein. As shown in fig. 2, the method includes:
s210, responding to the test triggering request, acquiring a target test intention, and determining the type of the power grid system corresponding to the target test intention.
Optionally, the target test intent includes an explicit test intent and a potential test intent; obtaining a target test intent, comprising: and acquiring the test intention carried in the test trigger request as an obvious test intention corresponding to the test trigger request, and acquiring a potential test intention corresponding to the target power grid system.
In this embodiment, the explicit test intention may be an explicit test intention carried in the test trigger request. For example, when the test trigger request is a system vulnerability in the process of performing a test hacker to change the ammeter record attack, the explicit test intention carried in the test trigger request may be refined to: and changing the ammeter record. The potential test intent may be an implicit test intent not included in the test trigger request.
Optionally, acquiring the potential test intention corresponding to the target power grid system includes: determining the most power grid system results based on the historical penetration test results of the target power grid system, and taking the power grid system results as potential test intents corresponding to the target power grid system; and/or determining the most grid system consequences based on historical attacked data of the associated grid system in the same area as the target grid system, and taking the grid system consequences as potential test intents corresponding to the test trigger requests.
In this embodiment, the historical penetration test result may be a historical test result when the penetration test is performed on the same or similar grid system as the target grid system in the past. The historical penetration test results may be obtained based on third party test data disclosed on the internet. The grid system consequences may be the loopholes found in the historical penetration test, with the most numerous consequences that may occur after hacking. For example, if the meter record is tampered with, it may be determined that the most grid system consequences are caused in the historical penetration test results of the grid system that are the same as or similar to the target grid system.
The grid system consequences provide a reference value for penetration testing of the target grid system, so the grid system consequences can be taken as potential test intents corresponding to the target grid system. Specifically, the method can analyze the intention of hacker invasion in the consequences of the power grid system and serve as the corresponding potential test intention of the target power grid. For example, for the most recently induced grid system consequences of hacking of an ammeter record, the ammeter record is analyzed and determined as a corresponding potential test intent of the target grid system.
The associated grid systems may be grid systems that are associated with each other in the same area as the target grid system, e.g. the power generation system and the power transmission system of the same area may be associated grid systems of the power utilization system of the area. The historical attacked data of the associated power grid system in the same area often has great reference value for the penetration test of the target power grid system, so that after the geographic position of the target power grid system can be obtained, the most power grid system results caused by the historical attacked data are determined based on the obtained associated power grid system in the same area as the target power grid system, and the power grid system results are used as potential test intents corresponding to the test trigger request. When the potential test is intended to be plural, the penetration test model may sequentially perform the penetration test.
Alternatively, the apparent test intent may be prioritized over the potential test intent. When the obvious test intention and the potential test intention exist in the test intention at the same time, the deep learning network can identify the obvious test intention; when only the potential test intention exists in the test intents, the deep learning network identifies the potential test intention. The obvious test intent may be prioritized over the potential test intent in that the obvious test intent is initiated directly by the tester because the tester is more concerned about the grid system situation where it is located and is therefore closer to the grid system. When the obvious test intention and the potential test intention exist in the test intention, the deep learning network can identify the obvious test intention, and only when the obvious test intention does not exist in the test intention, the deep learning network can identify the potential test intention.
S220, acquiring operation association information of a target power grid system corresponding to the power grid system type according to each power grid system type, and constructing an initial model frame of the penetration test model based on the operation association information.
In this embodiment, the operation related information of the target power grid system may be related information such as a system architecture corresponding to a power grid system type of the target power grid system and a system operation state. The initial model framework of the penetration test model may be a penetration test initial model framework constructed by determining operation association information of the power grid system according to the power grid system type corresponding to the target power grid system and then based on the operation association information.
S230, embedding a vulnerability association tool into an initial model framework to obtain a penetration test model, wherein the vulnerability association tool comprises a vulnerability scanning tool, a vulnerability detection tool, a vulnerability verification tool and a timing tool, and the timing tool is used for calculating the triggering time when the vulnerability verification tool performs vulnerability triggering path verification.
In this embodiment, the vulnerability association tool may be system vulnerability scanning and analysis software. The vulnerability association tool is embedded into the initial model framework, so that a penetration test model with vulnerability scanning, vulnerability detection, vulnerability verification and timing functions can be obtained. The vulnerability scanning and detecting tool can be used for searching and detecting the vulnerability, and after the vulnerability is searched, the vulnerability verification tool can verify the triggering path of the vulnerability. The timing tool can time the trigger duration of the vulnerability verification tool in the vulnerability verification process.
S240, aiming at each type of power grid system, acquiring a penetration test model corresponding to the type of the power grid system, and performing penetration test on the target power grid system based on the target test intention and the penetration test model to acquire a system vulnerability triggering path.
Optionally, performing the penetration test on the target grid system based on the target test intention and the penetration test model includes: dividing a target power grid system into areas to obtain a plurality of power grid working areas, and obtaining the power grid working areas which are associated with target test intents in the power grid working areas as areas to be tested; and performing penetration test on the area to be tested based on the target test intention and the penetration test model.
In this embodiment, the penetration test model only performs the test based on the target test intention, so that the target power grid system is divided into a plurality of working blocks before the test, and the working blocks unrelated to the target test intention can be directly shielded. Thus, the penetration test model can only carry out penetration test on the working area relevant to the target test intention, and the efficiency of penetration test can be improved.
S250, determining the triggering time length of each system vulnerability triggering path, and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time length of each system vulnerability triggering path.
Optionally, determining a target vulnerability triggering path corresponding to the target test intention based on the triggering duration of each system vulnerability triggering path includes: acquiring a system vulnerability triggering path with the shortest triggering duration in system vulnerability triggering paths corresponding to each power grid system type as a target vulnerability triggering path corresponding to the power grid system type; and/or acquiring a system vulnerability triggering path with the shortest triggering duration in the system vulnerability triggering paths corresponding to all power grid system types as a target vulnerability triggering path corresponding to a target power grid system.
In this embodiment, since the target test intention may correspond to one or more grid system types, determining the target vulnerability trigger path corresponding to the target test intention based on the trigger duration of each system vulnerability trigger path may include a case of corresponding to multiple grid system types. Specifically, a system vulnerability triggering path with the shortest triggering duration in the system vulnerability triggering paths corresponding to each power grid system type can be obtained and used as a target vulnerability triggering path corresponding to the power grid system type. It will be appreciated that in this case, the target vulnerability triggering path may be equal to the number of grid system types. When the whole power grid system is considered as a whole, the system vulnerability triggering path with the shortest triggering duration in the system vulnerability triggering paths corresponding to all power grid system types in the whole target power grid system can be obtained. And then, the system vulnerability triggering path with the shortest triggering time in the system vulnerability triggering paths can be used as a target vulnerability triggering path corresponding to the whole target power grid system.
According to the technical scheme provided by the embodiment of the invention, the target test intention is obtained by responding to the test trigger request, and the type of the power grid system corresponding to the target test intention is determined, so that the corresponding penetration test model can be reasonably selected according to the test intention and the type of the power grid system corresponding to the test intention. Then, aiming at each type of power grid system, the target test intention is identified based on a pre-trained deep learning network, so that the type of the power grid system corresponding to the target test intention can be obtained efficiently and accurately. Aiming at each type of power grid system, acquiring operation association information of a target power grid system corresponding to the type of power grid system, constructing an initial model frame of a penetration test model based on the operation association information, and embedding a vulnerability association tool into the initial model frame to obtain the penetration test model. Performing penetration test on a target power grid system based on a target test intention and a penetration test model to obtain system vulnerability triggering paths, finally determining the triggering time of each system vulnerability triggering path, and determining target vulnerability triggering paths corresponding to the target test intention in the type of the characteristic power grid system and in the whole target power grid system based on the triggering time of each system vulnerability triggering path. The method solves the technical problems that in the penetration test of the intelligent power grid, a penetration test model cannot be flexibly selected according to the type of the power grid system and the penetration test intention, so that the test efficiency is low and the weak links of the system cannot be accurately positioned, and achieves the beneficial effects of effectively acquiring the weak links of the system according to different test intents and timely repairing and protecting.
Example III
Fig. 3 is a schematic structural diagram of a vulnerability testing device of a power grid system according to a third embodiment of the present invention. As shown in fig. 3, the apparatus includes: a test triggering module 310, a penetration testing module 320, and a vulnerability outputting module 330.
The test triggering module is used for responding to the test triggering request, acquiring a target test intention and determining a power grid system type corresponding to the target test intention;
the penetration test module is used for acquiring a penetration test model corresponding to the type of the power grid system according to each type of the power grid system, and performing penetration test on the target power grid system based on the target test intention and the penetration test model to acquire a system vulnerability triggering path;
the vulnerability output module is used for determining the triggering time length of each system vulnerability triggering path and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time length of each system vulnerability triggering path.
According to the technical scheme provided by the embodiment of the invention, the target test intention is firstly obtained by responding to the test trigger request, and the type of the power grid system corresponding to the target test intention is determined, so that the corresponding penetration test model can be reasonably selected according to the test intention and the type of the power grid system corresponding to the test intention. And then, aiming at each type of power grid system, acquiring a penetration test model corresponding to the type of the power grid system, and performing penetration test on the target power grid system based on the target test intention and the penetration test model to acquire a system vulnerability triggering path. And finally, determining the triggering time length of each system vulnerability triggering path, and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time length of each system vulnerability triggering path. The method solves the technical problems that in the penetration test of the intelligent power grid, a penetration test model cannot be flexibly selected according to the type of the power grid system and the penetration test intention, so that the test efficiency is low and the weak links of the system cannot be accurately positioned, and achieves the beneficial effects of effectively acquiring the weak links of the system according to different test intents and timely repairing and protecting.
Based on the above technical solution, optionally, the penetration test module 320 includes a penetration test model acquisition unit.
The penetration test model acquisition unit is used for executing at least one of the following steps before acquiring the penetration test model corresponding to the type of the power grid system:
aiming at each type of power grid system, acquiring operation association information of a target power grid system corresponding to the type of the power grid system, and constructing an initial model frame of a penetration test model based on the operation association information;
embedding a vulnerability association tool into an initial model framework to obtain a penetration test model, wherein the vulnerability association tool comprises a vulnerability scanning tool, a vulnerability detection tool, a vulnerability verification tool and a timing tool, and the timing tool is used for calculating the triggering time length when the vulnerability verification tool performs vulnerability triggering path verification.
On the basis of the technical scheme, optionally, the target test intention comprises an obvious test intention and a potential test intention; the test triggering module 310 includes a target test intention acquisition unit.
The target test intention obtaining unit is used for obtaining the test intention carried in the test trigger request as an obvious test intention corresponding to the test trigger request and obtaining a potential test intention corresponding to the target power grid system.
On the basis of the technical scheme, the target test intention obtaining unit is further specifically configured to determine the most power grid system consequences based on the historical penetration test result of the target power grid system, and take the power grid system consequences as potential test intents corresponding to the target power grid system; and/or the number of the groups of groups,
and determining the most power grid system results based on the historical attacked data of the associated power grid system in the same area as the target power grid system, and taking the power grid system results as potential test intents corresponding to the test trigger request.
Based on the above technical solution, optionally, the test triggering module 310 includes a grid system type determining unit.
The power grid type determining unit is used for identifying the target test intention based on a pre-trained deep learning network and obtaining a power grid system type corresponding to the target test intention.
On the basis of the above technical solution, optionally, the penetration test module 320 is configured to perform region division on the target power grid system to obtain a plurality of power grid working regions, and obtain, as a region to be tested, a power grid working region associated with the target test intention in the power grid working region; and performing penetration test on the area to be tested based on the target test intention and the penetration test model.
Based on the above technical solution, optionally, the vulnerability output module 330 includes a target vulnerability trigger path determining unit.
The target vulnerability triggering path determining unit is specifically configured to obtain a system vulnerability triggering path with the shortest triggering duration in the system vulnerability triggering paths corresponding to each power grid system type, as a target vulnerability triggering path corresponding to the power grid system type; and/or the number of the groups of groups,
and acquiring a system vulnerability triggering path with the shortest triggering duration in the system vulnerability triggering paths corresponding to all power grid system types as a target vulnerability triggering path corresponding to a target power grid system.
On the basis of the technical scheme, optionally, the target test intention comprises at least one of changing the ammeter record, intercepting the energy consumption information, tampering ammeter firmware, changing a current detection tool, implementing reverse engineering, remotely controlling ammeter to be closed, remotely closing a transformer substation, remotely disconnecting distribution equipment and controlling a sensor to feed back error data.
The vulnerability testing device of the power grid system provided by the embodiment of the invention can execute the vulnerability testing method of the power grid system provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example IV
Fig. 4 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as the vulnerability testing method of the grid system.
In some embodiments, the vulnerability testing method of the grid system may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the vulnerability testing method of the grid system described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the vulnerability testing method of the grid system in any other suitable way (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (10)
1. The vulnerability testing method of the power grid system is characterized by comprising the following steps of:
responding to a test triggering request, acquiring a target test intention, and determining a power grid system type corresponding to the target test intention;
aiming at each type of the power grid system, acquiring a penetration test model corresponding to the type of the power grid system, and performing penetration test on a target power grid system based on the target test intention and the penetration test model to acquire a system vulnerability triggering path;
Determining the triggering time length of each system vulnerability triggering path, and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering time length of each system vulnerability triggering path.
2. The vulnerability testing method of target grid system according to claim 1, further comprising, before the acquiring the penetration test model corresponding to the grid system type:
aiming at each power grid system type, acquiring operation related information of a target power grid system corresponding to the power grid system type, and constructing an initial model frame of a penetration test model based on the operation related information;
embedding a vulnerability association tool into the initial model framework to obtain the penetration test model, wherein the vulnerability association tool comprises a vulnerability scanning tool, a vulnerability detection tool, a vulnerability verification tool and a timing tool, and the timing tool is used for calculating the triggering duration of the vulnerability verification tool when performing vulnerability triggering path verification.
3. The vulnerability testing method of target power grid system according to claim 1, wherein the target test intents comprise an obvious test intents and a potential test intents;
The obtaining the target test intention includes:
and acquiring the test intention carried in the test trigger request as an obvious test intention corresponding to the test trigger request, and acquiring a potential test intention corresponding to a target power grid system.
4. A vulnerability testing method of a target power grid system according to claim 3, wherein the obtaining a potential test intention corresponding to the target power grid system comprises:
determining the most caused grid system results based on historical penetration test results of a target grid system, and taking the grid system results as potential test intents corresponding to the target grid system; and/or the number of the groups of groups,
and determining the most power grid system results based on historical attacked data of the associated power grid system in the same area as the target power grid system, wherein the power grid system results are used as potential test intents corresponding to the test trigger request.
5. The vulnerability testing method of target power grid system according to claim 1, wherein the determining the type of power grid system corresponding to the target test intention comprises:
and identifying the target test intention based on a pre-trained deep learning network, and obtaining a power grid system type corresponding to the target test intention.
6. A vulnerability testing method of a target power grid system according to claim 3, characterized in that the performing a penetration test on a target power grid system based on the target test intention and the penetration test model comprises:
dividing a target power grid system into areas to obtain a plurality of power grid working areas, and obtaining the power grid working areas which are associated with the target test intention in the power grid working areas as areas to be tested;
and performing penetration test on the area to be tested based on the target test intention and the penetration test model.
7. The vulnerability testing method of claim 1, wherein the determining a target vulnerability trigger path corresponding to the target test intention based on the trigger duration of each system vulnerability trigger path comprises:
acquiring the system vulnerability triggering path with the shortest triggering duration in the system vulnerability triggering paths corresponding to each power grid system type as a target vulnerability triggering path corresponding to the power grid system type; and/or the number of the groups of groups,
and acquiring the system vulnerability triggering paths with the shortest triggering duration in the system vulnerability triggering paths corresponding to all the power grid system types as target vulnerability triggering paths corresponding to the target power grid system.
8. The vulnerability testing method of target power grid system of claim 1, wherein the target test intent comprises at least one of altering ammeter records, intercepting energy consumption information, tampering ammeter firmware, altering current detection tools, implementing reverse engineering, remotely controlling ammeter shutdown, remotely shutting down substation, remotely disconnecting distribution equipment, and controlling sensor feedback error data.
9. A vulnerability testing device of a power grid system, comprising:
the test triggering module is used for responding to a test triggering request, acquiring a target test intention and determining a power grid system type corresponding to the target test intention;
the penetration test module is used for acquiring a penetration test model corresponding to each power grid system type, and performing penetration test on a target power grid system based on the target test intention and the penetration test model to acquire a system vulnerability triggering path;
and the vulnerability output module is used for determining the triggering duration of each system vulnerability triggering path and determining a target vulnerability triggering path corresponding to the target test intention based on the triggering duration of each system vulnerability triggering path.
10. A computer readable storage medium, characterized in that the computer readable storage medium stores computer instructions for causing a processor to implement the wind power energy storage invocation method of any of claims 1-7 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311164124.9A CN117201125A (en) | 2023-09-08 | 2023-09-08 | Vulnerability testing method, device and equipment of power grid system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311164124.9A CN117201125A (en) | 2023-09-08 | 2023-09-08 | Vulnerability testing method, device and equipment of power grid system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117201125A true CN117201125A (en) | 2023-12-08 |
Family
ID=88983018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311164124.9A Pending CN117201125A (en) | 2023-09-08 | 2023-09-08 | Vulnerability testing method, device and equipment of power grid system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117201125A (en) |
-
2023
- 2023-09-08 CN CN202311164124.9A patent/CN117201125A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Shen et al. | Hybrid-augmented device fingerprinting for intrusion detection in industrial control system networks | |
| CN108090567B (en) | Fault diagnosis method and device for power communication system | |
| CN109564609A (en) | It mitigates and corrects using the detection of the computer attack of advanced computers decision-making platform | |
| CN108667840A (en) | Injection loophole detection method and device | |
| WO2019019356A1 (en) | Application program test method and apparatus, computer device and storage medium | |
| CN109587145B (en) | False data intrusion detection method, device and equipment in power network | |
| CN113452700B (en) | Method, device, equipment and storage medium for processing safety information | |
| CN116915463B (en) | Call chain data security analysis method, device, equipment and storage medium | |
| CN108509796B (en) | Method for detecting risk and server | |
| CN116303069A (en) | Test method, device, upper computer, system and medium of vehicle-mounted terminal | |
| CN117201125A (en) | Vulnerability testing method, device and equipment of power grid system and storage medium | |
| CN116089985A (en) | Encryption storage method, device, equipment and medium for distributed log | |
| CN115906135A (en) | Tracing method and device for target data leakage path, electronic equipment and storage medium | |
| CN115687406A (en) | Sampling method, device and equipment of call chain data and storage medium | |
| CN117492822B (en) | Change contrast method, device, electronic equipment and storage medium | |
| CN118174920A (en) | Attack surface management method, device, equipment and medium for transformer substation | |
| CN117632688A (en) | Data processing method, device, equipment and storage medium | |
| CN117997758A (en) | Network disaster tolerance attribute determining method and device, electronic equipment and storage medium | |
| CN116483732A (en) | Testing method, device and equipment based on multiple data sources | |
| CN117454350A (en) | Service response method, device, electronic equipment and storage medium | |
| CN118171802A (en) | Power failure event analysis method and device, electronic equipment and storage medium | |
| CN118427836A (en) | Terminal residual risk detection method and device, electronic equipment and storage medium | |
| CN117609064A (en) | Unit test method and device, electronic equipment and storage medium | |
| CN116431499A (en) | Automatic test method and device, electronic equipment and storage medium | |
| CN118018405A (en) | Upgrading method and device of Internet of things equipment, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |