CN117574424A - Intelligent power data pushing management system and method based on big data - Google Patents
Intelligent power data pushing management system and method based on big data Download PDFInfo
- Publication number
- CN117574424A CN117574424A CN202311487773.2A CN202311487773A CN117574424A CN 117574424 A CN117574424 A CN 117574424A CN 202311487773 A CN202311487773 A CN 202311487773A CN 117574424 A CN117574424 A CN 117574424A
- Authority
- CN
- China
- Prior art keywords
- data
- sensitive data
- pushing
- power
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 230000005540 biological transmission Effects 0.000 claims abstract description 53
- 238000012800 visualization Methods 0.000 claims abstract description 26
- 238000004458 analytical method Methods 0.000 claims abstract description 20
- 230000008569 process Effects 0.000 claims abstract description 12
- 238000011160 research Methods 0.000 claims abstract description 11
- 238000007726 management method Methods 0.000 claims description 36
- 238000012550 audit Methods 0.000 claims description 12
- 238000012886 linear function Methods 0.000 claims description 12
- 238000013523 data management Methods 0.000 claims description 9
- 230000000007 visual effect Effects 0.000 claims description 9
- 238000012544 monitoring process Methods 0.000 claims description 8
- 238000007667 floating Methods 0.000 claims description 6
- 238000012417 linear regression Methods 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 abstract description 2
- 230000009471 action Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Databases & Information Systems (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
The invention discloses an intelligent power data pushing management system and method based on big data, and belongs to the technical field of power data pushing management. The system comprises: the system comprises a data safety protection module, a data pushing supervision module, a data asset service module, a data safety visualization module and a data research and judgment analysis module; the output end of the data safety protection module is connected with the input end of the data pushing supervision module; the data pushing supervision module is connected with the data security visualization module; the output end of the data asset business module is connected with the input ends of the data pushing supervision module and the data safety protection module; the output end of the data pushing supervision module is connected with the input end of the data research analysis module. The invention can analyze and process the desensitized data in the power data pushing process, improve the information encryption transmission capacity and timely feed back abnormal transmission signals.
Description
Technical Field
The invention relates to the technical field of intelligent pushing of power data, in particular to a power data pushing management system and method based on big data.
Background
The electric power data comprise marketing, power grid, materials, finance and other data, and are characterized by large data volume, large user scale, more data acquisition points, more data types and the like. The use mode and the user of the data are more extensive, the safety construction of the power industry is gradually perfected at present, but mass data can be generated in each link and each moment of five scenes of power transmission, power transformation, power distribution, power consumption and power selling, the data can greatly promote intelligent sensing of a power grid, internal management and control capability and user service efficiency improvement, and if a data provider cannot effectively control the data in the processes of collecting, transmitting, storing, processing and using the data, mass sensitive data leakage can be caused.
While electricity is a national key infrastructure. The power consumption distribution of the attack target location and the position of the key information infrastructure can be analyzed by obtaining the data value information through the attack acquisition power information system, and key data such as monitoring and early warning information, operation instructions and the like of key nodes are tampered, so that the power system is in fault or serious safety accidents are caused. In the current power information industry, a data center is one of the most main technical means, in the data center construction process, the data volume is large, the data center has wide exchange and sharing, an external interface is active, the sensitive data transmission volume is large, in the data center, supervision on a data port is not in place, and once malicious invasion exists, the sensitive data is stolen based on the data port, so that serious loss can be caused.
Disclosure of Invention
The invention aims to provide an intelligent power data pushing management system and method based on big data, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: a power data intelligent push management method based on big data comprises the following steps:
s1, recording power data by a power data center station in an automatic scanning mode, classifying sensitive data in the power data by the power data center station, identifying the positions of various power sensitive data, and monitoring the transmission condition of the power sensitive data;
s2, checking the identity of an administrator based on a data asset service module, calling a historical data transmission mode of a current administrator, and analyzing the number of open interfaces and the sensitive data distribution mode of the current administrator under each historical data transmission;
s3, constructing a data pushing supervision model, collecting the current power data pushing quantity, and generating a sensitive data distribution form interval under the current power data pushing quantity according to the data pushing supervision model;
s4, acquiring an electric power sensitive data flow log, acquiring interface access data and sensitive data distribution data, and generating warning information if the data acquired under the electric power sensitive data flow log does not meet the interval of the step S3;
s5, continuously monitoring a sensitive data distribution form, wherein an index threshold value is built in the system, if the alarm information is generated, the difference value of the sensitive data distribution is higher than the built-in index threshold value, information interception and tracing are achieved, meanwhile, bad data interfaces are marked in a feedback mode, and a data transmission channel is cut off.
According to the technical scheme, after the electric data is input by the electric data center station in an automatic scanning mode, the electric data center station audits and encrypts the electric data, classifies the sensitive data, marks various electric sensitive data in a watermark mode, acquires the positions of the various electric sensitive data, desensitizes the various electric sensitive data, and transmits the desensitized electric sensitive data to the access interface through the built-in anti-leakage channel of the system.
According to the above technical scheme, the constructing the data push supervision model includes:
checking the identity of an administrator, marking the current administrator as A, and calling a historical transmission data mode of the administrator A, wherein the historical transmission data mode comprises the power data pushing amount in unit time, the corresponding number of open interfaces in unit time and the sensitive data distribution form in unit time; the sensitive data distribution form comprises the ratio of interfaces for transmitting sensitive data to the total number of open interfaces and the maximum sensitive data quantity transmitted by a single interface for transmitting the sensitive data; forming a data tag group [ x ] 0 、y 0 、z 1 ]、z 2 Wherein x is 0 、y 0 Respectively refers to the pushing amount of the power data in unit time and the corresponding number of the open interfaces in unit time; z 1 、z 2 The ratio of interfaces for transmitting sensitive data to the total number of open interfaces and the maximum sensitive data quantity transmitted by a single interface for transmitting sensitive data are respectively referred to;
constructing a linear function relation between the pushing amount of the power data in unit time and the corresponding number of open interfaces in unit time and the ratio of interfaces for transmitting sensitive data to the total number of open interfaces:
wherein X represents a normalized value of the power data pushing amount in unit time; a, a 1 、a 2 Respectively representing linear regression coefficients; y, Z respectively represents the corresponding number of open interfaces in unit time and the normalized value of the ratio of interfaces for transmitting sensitive data to the total number of open interfaces;representing an error compensation value;
based on a linear function relation, X, Y is taken as an input quantity, a normalized value of the ratio of interfaces for transmitting sensitive data to the total open interfaces under the linear function relation is generated, the ratio of the interfaces for transmitting sensitive data to the total open interfaces under the linear function relation is formed, difference value calculation is carried out on each ratio and the actual ratio, absolute values are taken for all the differences, and then the sum is taken, and an average value is taken as an interval floating value;
in the technical scheme, the electric power data pushing quantity in unit time is used as a dependent variable, the corresponding number of open interfaces in unit time and the ratio of interfaces for transmitting sensitive data to the total number of open interfaces are used as dependent variables, and the linear regression coefficient of the model is fitted.
Collecting the current power data pushing quantity, generating the ratio of interfaces for transmitting sensitive data to the total number of open interfaces according to the number interval of the open interfaces under the current power data pushing quantity, and outputting the number of the interfaces for transmitting the sensitive data; taking the floating value of the interface quantity plus-minus interval of the output transmission sensitive data as the duty ratio interval of the interface quantity of the transmission sensitive data in the sensitive data distribution form interval;
the method comprises the steps of obtaining the sensitive data quantity in the power data pushing quantity in unit time, forming a proportional value Q based on the sensitive data quantity and the maximum sensitive data quantity transmitted by an interface for transmitting the sensitive data, taking the maximum value in all Q to calculate, and generating the maximum sensitive data quantity transmitted by the interface for transmitting the sensitive data by multiplying the current power data pushing quantity and the maximum value as the maximum value of a sensitive data distribution form interval.
According to the technical scheme, the method further comprises the following steps:
acquiring an electric power sensitive data flow log, acquiring interface access data and sensitive data distribution data, preferentially judging whether interfaces for transmitting the sensitive data in a sensitive data distribution form interval meet the occupation ratio interval of the interfaces for transmitting the sensitive data in the sensitive data distribution form interval in the total open interface quantity, and verifying the identity of an administrator again if the occupation ratio interval is lower than the occupation ratio interval; if the interval is higher than Yu Zhanbi, further judging whether the maximum sensitive data quantity transmitted by the interface for transmitting the sensitive data exceeds the maximum value of the sensitive data distribution form interval;
if the maximum sensitive data quantity transmitted by the interface for transmitting the sensitive data exceeds the maximum value of the sensitive data distribution form interval, generating warning information;
and if the maximum sensitive data quantity transmitted by the interface which does not have single sensitive data transmission exceeds the maximum value of the sensitive data distribution form interval, verifying the identity of the manager again.
An intelligent power data push management system based on big data, the system comprises: the system comprises a data safety protection module, a data pushing supervision module, a data asset service module, a data safety visualization module and a data research and judgment analysis module;
the data security protection module is used for inputting power data, realizing sensitive data classification of the power data, identifying the positions of various power sensitive data, monitoring the transmission condition of the power sensitive data and outputting access audit information of each interface; the data pushing supervision module is used for acquiring interface access audit information, intelligently pushing the power data, supervising the transmission flow of the power sensitive data information in the power data, and uploading data result information to the data security visualization module; the data asset business module is used for storing electric power data assets and creating asset catalog management and administrator identification modes; the data security visualization module is used for making a data security protection system, transmitting data security protection information to the data pushing supervision module by an instruction, and displaying the circulation process of the whole power data in a visualization mode; the data analysis module is used for analyzing whether information interception and tracing are realized according to the judging result of data pushing supervision, and simultaneously feeding back a bad data interface and cutting off a data transmission channel;
the output end of the data safety protection module is connected with the input end of the data pushing supervision module; the data pushing supervision module is connected with the data security visualization module; the output end of the data asset business module is connected with the input ends of the data pushing supervision module and the data safety protection module; the output end of the data pushing supervision module is connected with the input end of the data research analysis module.
According to the technical scheme, the data security protection module comprises a security protection unit and an interface management unit;
the security protection unit is used for inputting power data, auditing and encrypting the power data, classifying the sensitive data, identifying various power sensitive data in a watermark form, acquiring the positions of the various power sensitive data, and transmitting the various power sensitive data to the access interface through a built-in leakage-proof channel after desensitizing the various power sensitive data; the interface management unit is used for recording the number of access interfaces and the data flow of a single interface;
the output end of the safety protection unit is connected with the input end of the interface management unit.
According to the technical scheme, the data pushing supervision module comprises an interface access unit and a pushing supervision unit;
the interface access unit is used for acquiring interface access audit information and realizing intelligent pushing of the power data; the pushing supervision unit is used for supervising the transmission flow of the power sensitive data information in the pushing supervision unit and uploading the data result information to the data security visualization module;
the output end of the interface access unit is connected with the input end of the pushing supervision unit.
According to the technical scheme, the data security visualization module comprises a strategy unit and a visualization analysis unit;
the strategy unit is used for making a data security protection system, the instructions are used for conveying data security protection information to the data pushing supervision module, and the visual analysis unit is used for displaying the circulation process of the whole power data in a visual mode;
the output end of the strategy unit is connected with the input end of the visual analysis unit.
According to the technical scheme, the data asset business module comprises an asset catalogue unit and an execution data management unit;
the asset directory unit is used for storing electric power data assets and creating asset directory management; the execution data management unit is used for identifying an administrator and storing a historical transmission data mode of the administrator, wherein the historical transmission data mode comprises electric power data pushing amount in unit time, corresponding open interface number in unit time and sensitive data distribution form in unit time;
the output ends of the asset directory unit and the execution data management unit are connected to the data pushing supervision module.
According to the technical scheme, the data research analysis module comprises a judgment unit and a feedback unit;
the judging unit is used for analyzing whether information interception and tracing are realized according to the judging result of the data pushing supervision; the feedback unit is used for marking bad data interfaces and cutting off a data transmission channel;
the output end of the judging unit is connected with the input end of the feedback unit.
Compared with the prior art, the invention has the following beneficial effects: the invention is based on a data security risk management system, based on flow log collection, completely records interface access tracks and contents, monitors interface access behaviors in real time, handles alarm closed-loop processing, realizes sensitive data strategy configuration under various scenes, ensures data security when interfaces between service systems are called or data circulation, improves information encryption transmission capacity, and timely feeds back abnormal transmission signals.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
fig. 1 is a schematic diagram of an architecture of an intelligent push management system for power data based on big data according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, in a first embodiment: the intelligent pushing management method for the electric power data based on the big data is constructed with an electric power data middle station, the electric power data middle station records the electric power data by means of an automatic scanning mode, the data middle station classifies sensitive data in the electric power data, identifies the positions of various electric power sensitive data, and monitors the transmission condition of the electric power sensitive data; based on the data asset business module, checking the identity of the manager, calling the historical data transmission mode of the current manager, and analyzing the number of open interfaces and the sensitive data distribution mode of the current manager under each historical data transmission;
after the electric data is recorded by the electric data center station in an automatic scanning mode, the electric data center station audits and encrypts the electric data, sorts the sensitive data, marks various electric sensitive data in a watermark mode, acquires the positions of the various electric sensitive data, desensitizes the various electric sensitive data, and transmits the desensitized electric sensitive data to an access interface through an anti-leakage channel built in the system.
Checking the identity of an administrator, marking the current administrator as A, and calling a historical transmission data mode of the administrator A, wherein the historical transmission number is as followsThe data mode comprises the pushing amount of the power data in unit time, the corresponding number of the open interfaces in unit time and the sensitive data distribution form in unit time; the sensitive data distribution form comprises the ratio of interfaces for transmitting sensitive data to the total number of open interfaces and the maximum sensitive data quantity transmitted by a single interface for transmitting the sensitive data; forming a data tag group [ x ] 0 、y 0 、z 1 ]、z 2 Wherein x is 0 、y 0 Respectively refers to the pushing amount of the power data in unit time and the corresponding number of the open interfaces in unit time; z 1 、z 2 The ratio of interfaces for transmitting sensitive data to the total number of open interfaces and the maximum sensitive data quantity transmitted by a single interface for transmitting sensitive data are respectively referred to;
constructing a linear function relation between the pushing amount of the power data in unit time and the corresponding number of open interfaces in unit time and the ratio of interfaces for transmitting sensitive data to the total number of open interfaces:
wherein X represents a normalized value of the power data pushing amount in unit time; a, a 1 、a 2 Respectively representing linear regression coefficients; y, Z respectively represents the corresponding number of open interfaces in unit time and the normalized value of the ratio of interfaces for transmitting sensitive data to the total number of open interfaces;representing an error compensation value;
based on a linear function relation, X, Y is taken as an input quantity, a normalized value of the ratio of interfaces for transmitting sensitive data to the total open interfaces under the linear function relation is generated, the ratio of the interfaces for transmitting sensitive data to the total open interfaces under the linear function relation is formed, difference value calculation is carried out on each ratio and the actual ratio, absolute values are taken for all the differences, and then the sum is taken, and an average value is taken as an interval floating value;
collecting the current power data pushing quantity, generating the ratio of interfaces for transmitting sensitive data to the total number of open interfaces according to the number interval of the open interfaces under the current power data pushing quantity, and outputting the number of the interfaces for transmitting the sensitive data; taking the floating value of the interface quantity plus-minus interval of the output transmission sensitive data as the duty ratio interval of the interface quantity of the transmission sensitive data in the sensitive data distribution form interval;
the method comprises the steps of obtaining the sensitive data quantity in the power data pushing quantity in unit time, forming a proportional value Q based on the sensitive data quantity and the maximum sensitive data quantity transmitted by an interface for transmitting the sensitive data, taking the maximum value in all Q to calculate, and generating the maximum sensitive data quantity transmitted by the interface for transmitting the sensitive data by multiplying the current power data pushing quantity and the maximum value as the maximum value of a sensitive data distribution form interval.
Acquiring an electric power sensitive data flow log, acquiring interface access data and sensitive data distribution data, preferentially judging whether interfaces for transmitting the sensitive data in a sensitive data distribution form interval meet the occupation ratio interval of the interfaces for transmitting the sensitive data in the sensitive data distribution form interval in the total open interface quantity, and verifying the identity of an administrator again if the occupation ratio interval is lower than the occupation ratio interval; if the interval is higher than Yu Zhanbi, further judging whether the maximum sensitive data quantity transmitted by the interface for transmitting the sensitive data exceeds the maximum value of the sensitive data distribution form interval;
if the maximum sensitive data quantity transmitted by the interface for transmitting the sensitive data exceeds the maximum value of the sensitive data distribution form interval, generating warning information;
and if the maximum sensitive data quantity transmitted by the interface which does not have single sensitive data transmission exceeds the maximum value of the sensitive data distribution form interval, verifying the identity of the manager again.
In a second embodiment, an intelligent power data push management system based on big data is provided, the system includes: the system comprises a data safety protection module, a data pushing supervision module, a data asset service module, a data safety visualization module and a data research and judgment analysis module;
the data security protection module is used for inputting power data, realizing sensitive data classification of the power data, identifying the positions of various power sensitive data, monitoring the transmission condition of the power sensitive data and outputting access audit information of each interface; the data pushing supervision module is used for acquiring interface access audit information, intelligently pushing the power data, supervising the transmission flow of the power sensitive data information in the power data, and uploading data result information to the data security visualization module; the data asset business module is used for storing electric power data assets and creating asset catalog management and administrator identification modes; the data security visualization module is used for making a data security protection system, transmitting data security protection information to the data pushing supervision module by an instruction, and displaying the circulation process of the whole power data in a visualization mode; the data analysis module is used for analyzing whether information interception and tracing are realized according to the judging result of data pushing supervision, and simultaneously feeding back a bad data interface and cutting off a data transmission channel;
the output end of the data safety protection module is connected with the input end of the data pushing supervision module; the data pushing supervision module is connected with the data security visualization module; the output end of the data asset business module is connected with the input ends of the data pushing supervision module and the data safety protection module; the output end of the data pushing supervision module is connected with the input end of the data research analysis module.
The data security protection module comprises a security protection unit and an interface management unit;
the security protection unit is used for inputting power data, auditing and encrypting the power data, classifying the sensitive data, identifying various power sensitive data in a watermark form, acquiring the positions of the various power sensitive data, and transmitting the various power sensitive data to the access interface through a built-in leakage-proof channel after desensitizing the various power sensitive data; the interface management unit is used for recording the number of access interfaces and the data flow of a single interface;
the output end of the safety protection unit is connected with the input end of the interface management unit.
The data pushing supervision module comprises an interface access unit and a pushing supervision unit;
the interface access unit is used for acquiring interface access audit information and realizing intelligent pushing of the power data; the pushing supervision unit is used for supervising the transmission flow of the power sensitive data information in the pushing supervision unit and uploading the data result information to the data security visualization module;
the output end of the interface access unit is connected with the input end of the pushing supervision unit.
The data security visualization module comprises a strategy unit and a visualization analysis unit;
the strategy unit is used for making a data security protection system, the instructions are used for conveying data security protection information to the data pushing supervision module, and the visual analysis unit is used for displaying the circulation process of the whole power data in a visual mode;
the output end of the strategy unit is connected with the input end of the visual analysis unit.
The data asset business module comprises an asset catalogue unit and an execution data management unit;
the asset directory unit is used for storing electric power data assets and creating asset directory management; the execution data management unit is used for identifying an administrator and storing a historical transmission data mode of the administrator, wherein the historical transmission data mode comprises electric power data pushing amount in unit time, corresponding open interface number in unit time and sensitive data distribution form in unit time;
the output ends of the asset directory unit and the execution data management unit are connected to the data pushing supervision module.
The data research analysis module comprises a judgment unit and a feedback unit;
the judging unit is used for analyzing whether information interception and tracing are realized according to the judging result of the data pushing supervision; the feedback unit is used for marking bad data interfaces and cutting off a data transmission channel;
the output end of the judging unit is connected with the input end of the feedback unit.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present invention has been described in detail with reference to the foregoing embodiments. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An intelligent pushing management method for electric power data based on big data is characterized by comprising the following steps: the method comprises the following steps:
s1, recording power data by a power data center station in an automatic scanning mode, classifying sensitive data in the power data by the power data center station, identifying the positions of various power sensitive data, and monitoring the transmission condition of the power sensitive data;
s2, checking the identity of an administrator based on a data asset service module, calling a historical data transmission mode of a current administrator, and analyzing the number of open interfaces and the sensitive data distribution mode of the current administrator under each historical data transmission;
s3, constructing a data pushing supervision model, collecting the current power data pushing quantity, and generating a sensitive data distribution form interval under the current power data pushing quantity according to the data pushing supervision model;
s4, acquiring an electric power sensitive data flow log, acquiring interface access data and sensitive data distribution data, and generating warning information if the data acquired under the electric power sensitive data flow log does not meet the interval of the step S3;
s5, continuously monitoring a sensitive data distribution form, wherein an index threshold value is built in the system, if the alarm information is generated, the difference value of the sensitive data distribution is higher than the built-in index threshold value, information interception and tracing are achieved, meanwhile, bad data interfaces are marked in a feedback mode, and a data transmission channel is cut off.
2. The intelligent pushing management method for power data based on big data according to claim 1, wherein the method is characterized in that: after the electric data is recorded by the electric data center station in an automatic scanning mode, the electric data center station audits and encrypts the electric data, sorts the sensitive data, marks various electric sensitive data in a watermark mode, acquires the positions of the various electric sensitive data, desensitizes the various electric sensitive data, and transmits the desensitized electric sensitive data to an access interface through an anti-leakage channel built in the system.
3. The intelligent pushing management method for power data based on big data according to claim 2, wherein the method is characterized in that: the building of the data push supervision model comprises the following steps:
checking the identity of an administrator, marking the current administrator as A, and calling a historical transmission data mode of the administrator A, wherein the historical transmission data mode comprises the power data pushing amount in unit time, the corresponding number of open interfaces in unit time and the sensitive data distribution form in unit time; the sensitive data distribution form comprises the ratio of interfaces for transmitting sensitive data to the total number of open interfaces and the maximum sensitive data quantity transmitted by a single interface for transmitting the sensitive data; forming a data tag group [ x ] 0 、y 0 、z 1 ]、z 2 Wherein x is 0 、y 0 Respectively refers to the pushing amount of the power data in unit time and unit timeThe number of corresponding open interfaces; z 1 、z 2 The ratio of interfaces for transmitting sensitive data to the total number of open interfaces and the maximum sensitive data quantity transmitted by a single interface for transmitting sensitive data are respectively referred to;
constructing a linear function relation between the pushing amount of the power data in unit time and the corresponding number of open interfaces in unit time and the ratio of interfaces for transmitting sensitive data to the total number of open interfaces:
wherein X represents a normalized value of the power data pushing amount in unit time; a, a 1 、a 2 Respectively representing linear regression coefficients; y, Z respectively represents the corresponding number of open interfaces in unit time and the normalized value of the ratio of interfaces for transmitting sensitive data to the total number of open interfaces;representing an error compensation value;
based on a linear function relation, X, Y is taken as an input quantity, a normalized value of the ratio of interfaces for transmitting sensitive data to the total open interfaces under the linear function relation is generated, the ratio of the interfaces for transmitting sensitive data to the total open interfaces under the linear function relation is formed, difference value calculation is carried out on each ratio and the actual ratio, absolute values are taken for all the differences, and then the sum is taken, and an average value is taken as an interval floating value;
collecting the current power data pushing quantity, generating the ratio of interfaces for transmitting sensitive data to the total number of open interfaces according to the number interval of the open interfaces under the current power data pushing quantity, and outputting the number of the interfaces for transmitting the sensitive data; taking the floating value of the interface quantity plus-minus interval of the output transmission sensitive data as the duty ratio interval of the interface quantity of the transmission sensitive data in the sensitive data distribution form interval;
the method comprises the steps of obtaining the sensitive data quantity in the power data pushing quantity in unit time, forming a proportional value Q based on the sensitive data quantity and the maximum sensitive data quantity transmitted by an interface for transmitting the sensitive data, taking the maximum value in all Q to calculate, and generating the maximum sensitive data quantity transmitted by the interface for transmitting the sensitive data by multiplying the current power data pushing quantity and the maximum value as the maximum value of a sensitive data distribution form interval.
4. The intelligent power data push management method based on big data according to claim 3, wherein the intelligent power data push management method based on big data is characterized in that: further comprises:
acquiring an electric power sensitive data flow log, acquiring interface access data and sensitive data distribution data, preferentially judging whether interfaces for transmitting the sensitive data in a sensitive data distribution form interval meet the occupation ratio interval of the interfaces for transmitting the sensitive data in the sensitive data distribution form interval in the total open interface quantity, and verifying the identity of an administrator again if the occupation ratio interval is lower than the occupation ratio interval; if the interval is higher than Yu Zhanbi, further judging whether the maximum sensitive data quantity transmitted by the interface for transmitting the sensitive data exceeds the maximum value of the sensitive data distribution form interval;
if the maximum sensitive data quantity transmitted by the interface for transmitting the sensitive data exceeds the maximum value of the sensitive data distribution form interval, generating warning information;
and if the maximum sensitive data quantity transmitted by the interface which does not have single sensitive data transmission exceeds the maximum value of the sensitive data distribution form interval, verifying the identity of the manager again.
5. An electric power data intelligent push management system based on big data, which is characterized in that: the system comprises: the system comprises a data safety protection module, a data pushing supervision module, a data asset service module, a data safety visualization module and a data research and judgment analysis module;
the data security protection module is used for inputting power data, realizing sensitive data classification of the power data, identifying the positions of various power sensitive data, monitoring the transmission condition of the power sensitive data and outputting access audit information of each interface; the data pushing supervision module is used for acquiring interface access audit information, intelligently pushing the power data, supervising the transmission flow of the power sensitive data information in the power data, and uploading data result information to the data security visualization module; the data asset business module is used for storing electric power data assets and creating asset catalog management and administrator identification modes; the data security visualization module is used for making a data security protection system, transmitting data security protection information to the data pushing supervision module by an instruction, and displaying the circulation process of the whole power data in a visualization mode; the data analysis module is used for analyzing whether information interception and tracing are realized according to the judging result of data pushing supervision, and simultaneously feeding back a bad data interface and cutting off a data transmission channel;
the output end of the data safety protection module is connected with the input end of the data pushing supervision module; the data pushing supervision module is connected with the data security visualization module; the output end of the data asset business module is connected with the input ends of the data pushing supervision module and the data safety protection module; the output end of the data pushing supervision module is connected with the input end of the data research analysis module.
6. The intelligent push management system for power data based on big data according to claim 5, wherein: the data security protection module comprises a security protection unit and an interface management unit;
the security protection unit is used for inputting power data, auditing and encrypting the power data, classifying the sensitive data, identifying various power sensitive data in a watermark form, acquiring the positions of the various power sensitive data, and transmitting the various power sensitive data to the access interface through a built-in leakage-proof channel after desensitizing the various power sensitive data; the interface management unit is used for recording the number of access interfaces and the data flow of a single interface;
the output end of the safety protection unit is connected with the input end of the interface management unit.
7. The intelligent push management system for power data based on big data according to claim 5, wherein: the data pushing supervision module comprises an interface access unit and a pushing supervision unit;
the interface access unit is used for acquiring interface access audit information and realizing intelligent pushing of the power data; the pushing supervision unit is used for supervising the transmission flow of the power sensitive data information in the pushing supervision unit and uploading the data result information to the data security visualization module;
the output end of the interface access unit is connected with the input end of the pushing supervision unit.
8. The intelligent push management system for power data based on big data according to claim 5, wherein: the data security visualization module comprises a strategy unit and a visualization analysis unit;
the strategy unit is used for making a data security protection system, the instructions are used for conveying data security protection information to the data pushing supervision module, and the visual analysis unit is used for displaying the circulation process of the whole power data in a visual mode;
the output end of the strategy unit is connected with the input end of the visual analysis unit.
9. The intelligent push management system for power data based on big data according to claim 5, wherein: the data asset business module comprises an asset catalogue unit and an execution data management unit;
the asset directory unit is used for storing electric power data assets and creating asset directory management; the execution data management unit is used for identifying an administrator and storing a historical transmission data mode of the administrator, wherein the historical transmission data mode comprises electric power data pushing amount in unit time, corresponding open interface number in unit time and sensitive data distribution form in unit time;
the output ends of the asset directory unit and the execution data management unit are connected to the data pushing supervision module.
10. The intelligent push management system for power data based on big data according to claim 5, wherein: the data research analysis module comprises a judgment unit and a feedback unit;
the judging unit is used for analyzing whether information interception and tracing are realized according to the judging result of the data pushing supervision; the feedback unit is used for marking bad data interfaces and cutting off a data transmission channel;
the output end of the judging unit is connected with the input end of the feedback unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311487773.2A CN117574424B (en) | 2023-11-09 | 2023-11-09 | Intelligent power data pushing management system and method based on big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311487773.2A CN117574424B (en) | 2023-11-09 | 2023-11-09 | Intelligent power data pushing management system and method based on big data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117574424A true CN117574424A (en) | 2024-02-20 |
| CN117574424B CN117574424B (en) | 2024-06-21 |
Family
ID=89890974
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311487773.2A Active CN117574424B (en) | 2023-11-09 | 2023-11-09 | Intelligent power data pushing management system and method based on big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117574424B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110782370A (en) * | 2019-10-31 | 2020-02-11 | 国网重庆市电力公司北碚供电分公司 | Comprehensive operation and maintenance management platform for power dispatching data network |
| CN112215505A (en) * | 2020-10-19 | 2021-01-12 | 国网山东省电力公司电力科学研究院 | Data security intelligent management and control platform suitable for electric power industry |
| CN112487458A (en) * | 2020-12-09 | 2021-03-12 | 浪潮云信息技术股份公司 | Implementation method and system using government affair open sensitive data |
| CN113792308A (en) * | 2021-08-30 | 2021-12-14 | 上海市大数据中心 | Government affair sensitive data oriented security behavior risk analysis method |
| CN113986656A (en) * | 2021-10-14 | 2022-01-28 | 南京南瑞信息通信科技有限公司 | Power grid data safety monitoring system based on data center |
| CN114372098A (en) * | 2022-01-05 | 2022-04-19 | 国网湖北省电力有限公司电力科学研究院 | Platform and method for protecting and mining power data middling station private data based on privileged account management |
| CN116091230A (en) * | 2023-02-16 | 2023-05-09 | 国网安徽省电力有限公司 | Power sensitive business data diffusion prevention supervision method and system |
| CN116506217A (en) * | 2023-06-20 | 2023-07-28 | 北京门石信息技术有限公司 | Analysis method, system, storage medium and terminal for security risk of service data stream |
| CN116738449A (en) * | 2023-03-31 | 2023-09-12 | 联通(广东)产业互联网有限公司 | DSMM-based data security management and control and operation system |
-
2023
- 2023-11-09 CN CN202311487773.2A patent/CN117574424B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110782370A (en) * | 2019-10-31 | 2020-02-11 | 国网重庆市电力公司北碚供电分公司 | Comprehensive operation and maintenance management platform for power dispatching data network |
| CN112215505A (en) * | 2020-10-19 | 2021-01-12 | 国网山东省电力公司电力科学研究院 | Data security intelligent management and control platform suitable for electric power industry |
| CN112487458A (en) * | 2020-12-09 | 2021-03-12 | 浪潮云信息技术股份公司 | Implementation method and system using government affair open sensitive data |
| CN113792308A (en) * | 2021-08-30 | 2021-12-14 | 上海市大数据中心 | Government affair sensitive data oriented security behavior risk analysis method |
| CN113986656A (en) * | 2021-10-14 | 2022-01-28 | 南京南瑞信息通信科技有限公司 | Power grid data safety monitoring system based on data center |
| CN114372098A (en) * | 2022-01-05 | 2022-04-19 | 国网湖北省电力有限公司电力科学研究院 | Platform and method for protecting and mining power data middling station private data based on privileged account management |
| CN116091230A (en) * | 2023-02-16 | 2023-05-09 | 国网安徽省电力有限公司 | Power sensitive business data diffusion prevention supervision method and system |
| CN116738449A (en) * | 2023-03-31 | 2023-09-12 | 联通(广东)产业互联网有限公司 | DSMM-based data security management and control and operation system |
| CN116506217A (en) * | 2023-06-20 | 2023-07-28 | 北京门石信息技术有限公司 | Analysis method, system, storage medium and terminal for security risk of service data stream |
Non-Patent Citations (1)
| Title |
|---|
| 李伟伟;张涛;林为民;马媛媛;邓松;时坚;汪晨;: "电力系统终端敏感数据保护研究与设计", 现代电子技术, no. 15, 1 August 2013 (2013-08-01) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117574424B (en) | 2024-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108763957A (en) | A kind of safety auditing system of database, method and server | |
| CN100412993C (en) | System for intelligent maintaince of muclear power paltn based on state monitoring | |
| CN110222498A (en) | A kind of supervision management system and method based on mobile interchange cloud | |
| CN105488118A (en) | Electrical equipment fault information display method and device | |
| CN110796847B (en) | Block chain-based environment monitoring station operation and maintenance system and method | |
| CN112149120A (en) | Transparent transmission type double-channel electric power Internet of things safety detection system | |
| CN103903077A (en) | Danger source supervision system and method | |
| CN110830467A (en) | Network suspicious asset identification method based on fuzzy prediction | |
| CN115313625A (en) | Transformer substation monitoring method and system | |
| CN105023372A (en) | File management method | |
| CN111737549A (en) | Economic index intelligent analysis system | |
| CN107693997A (en) | A kind of fire-fighting equipment detection and maintaining management system and management method | |
| CN117574424B (en) | Intelligent power data pushing management system and method based on big data | |
| CN116862202B (en) | Enterprise management data management method based on big data analysis | |
| CN112288317A (en) | Industrial big data analysis platform and method based on multi-source heterogeneous data governance | |
| CN111221802A (en) | Digital asset risk management and control system and method based on big data | |
| CN112511360B (en) | Multi-source service platform data security component monitoring method and system | |
| CN116089759A (en) | Book online reading system | |
| CN105022703A (en) | Archived file management method | |
| CA2511507A1 (en) | System for managing and operating installations and services of a site | |
| CN118093793B (en) | Digital archive storage intelligent management system based on data analysis | |
| Gong et al. | Research on the Application of Data Business-oriented Supervision in the Electric Power Industry | |
| CN118279067A (en) | Information data management method based on process mining technology | |
| CN118128505A (en) | Oilfield well site equipment sensing device and sensing method based on Internet of things | |
| CN115311095A (en) | Financial wind control data analysis system based on big data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |