WO2023216641A1 - Procédé et système de protection de sécurité de terminal de puissance - Google Patents

Procédé et système de protection de sécurité de terminal de puissance Download PDF

Info

Publication number
WO2023216641A1
WO2023216641A1 PCT/CN2023/070408 CN2023070408W WO2023216641A1 WO 2023216641 A1 WO2023216641 A1 WO 2023216641A1 CN 2023070408 W CN2023070408 W CN 2023070408W WO 2023216641 A1 WO2023216641 A1 WO 2023216641A1
Authority
WO
WIPO (PCT)
Prior art keywords
power terminal
trust value
security
data
trust
Prior art date
Application number
PCT/CN2023/070408
Other languages
English (en)
Chinese (zh)
Inventor
孙歆
汪自翔
韩嘉佳
吕磅
戴桦
汪溢镭
李沁园
孙昌华
王译锋
Original Assignee
国网浙江省电力有限公司电力科学研究院
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国网浙江省电力有限公司电力科学研究院 filed Critical 国网浙江省电力有限公司电力科学研究院
Publication of WO2023216641A1 publication Critical patent/WO2023216641A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Definitions

  • the invention relates to a power terminal safety protection method and system, belonging to the technical field of power terminal equipment.
  • Cipheral patent application discloses an edge IoT agent protection method and a power IoT dynamic security and trustworthy system, which relate to the technical field of power IoT security protection.
  • the edge IoT agent protection method is based on Credibility classifies terminal application services, including trusted terminal services and ordinary terminal services; parallel isolation control is performed on the trusted terminal services and ordinary terminal services; wherein, the trusted terminal services are controlled by creating a trusted business domain Processing, by creating a common business domain to process common terminal services.
  • the above solution classifies terminal application services into trusted terminal services and ordinary terminal services, and performs parallel isolation control on the trusted terminal services and ordinary terminal services, but does not have any protective measures for terminal equipment. After the terminal device is invaded, it is possible to upload false information, or even Trojans and viruses, and it is impossible to ensure that the collected information is not tampered with. Therefore, only controlling and isolating the application business cannot truly solve the network security problems of the existing power Internet of things. .
  • the first object of the present invention is to provide a zero-trust module to powerfully monitor power terminal equipment.
  • the zero-trust module can collect equipment information of the power terminal equipment; and perform monitoring based on the collected equipment information.
  • Trust score gives a trust value, so that abnormal power terminal equipment can be identified in time, which can effectively prevent power terminal equipment from uploading false information, Trojans, and viruses, and ensure that the collected information has not been tampered with; adopt the method of evaluating first and then collecting , on the one hand, it can actively and quickly verify the security information of the terminal, accurately detect and control the terminal, and reduce physical attacks.
  • the second object of the present invention is to provide an assembly of zero-trust equipment to perform powerful monitoring of power terminal equipment.
  • the equipment information of the power terminal equipment can be collected through the zero-trust equipment; and a trust score is performed based on the collected equipment information to give a trust value. Then, data is collected from power terminal equipment that meets the requirements.
  • abnormal power terminal equipment can be identified in a timely manner, which can effectively reduce physical attacks, ensure the accuracy of data collection, and effectively avoid Power terminal equipment uploads false information, Trojans, and viruses to ensure that the collected information is not tampered with, enabling lightweight collection of terminal data information; setting up a data platform can generate security instructions based on parsed data to provide security protection for power terminal equipment And security reinforcement, a power terminal security protection system that can respond to abnormal situations in a timely and efficient manner, conduct emergency responses, and avoid the expansion of security incidents.
  • the first technical solution of the present invention is:
  • Step 1 Build a zero-trust module to collect equipment information of power terminal equipment; conduct trust scoring based on the collected equipment information and give a trust value;
  • Step two collect data from the trusted device in step one to obtain the collected data
  • Step three Build a security situation awareness module to perform situation awareness on the data collected in step two;
  • the collected data will be converted into perception data
  • the situational awareness includes intrusion detection or/and vulnerability awareness or/and file integrity detection or/and log monitoring operations;
  • Step 4 Build a real-time management and control module to manage and control the sensing data in step 4 and generate safety instructions;
  • Step 5 Issue the security instructions in Step 4 to the power terminal equipment to perform safety protection and security reinforcement on the power terminal equipment;
  • the security protection and security reinforcement include security detection or/and security reinforcement or/and file permission management or/and security upgrade.
  • the zero-trust module can collect equipment information of power terminal equipment, and at the same time performs trust scoring based on the collected equipment information to give a trust value, thereby Abnormal power terminal equipment can be identified in a timely manner, which can effectively prevent power terminal equipment from uploading false information, Trojans, and viruses, and ensure that the collected information is not tampered with.
  • the present invention needs to conduct a trust score on the power terminal equipment, and adopts the method of first evaluation and then collection. Compared with the general passive authentication mode or the direct data collection mode, on the one hand, it can ensure the accuracy of data collection; On the other hand, it can actively and quickly check the security information of the terminal, accurately detect and control the terminal, effectively reduce physical attacks, and realize lightweight collection of terminal data information.
  • the present invention can be applied to new services with high cross-regional interaction frequency and large data volume, and is particularly suitable for boundary protection measures when large-concurrent services such as power transactions and large-bandwidth video services such as drones interact across major regions.
  • the present invention builds a security situation awareness module to perform situation awareness on the collected data, and performs operations such as intrusion detection or/and vulnerability perception or/and file integrity detection or/and log monitoring operations on the collected data to ensure data security and integrity. regulations to further prevent data from being tampered with.
  • the present invention constructs a real-time management and control module to manage and control the sensing data, generate safety instructions, and perform safety protection and safety reinforcement on the power terminal equipment, so as to respond to abnormal situations in a timely and efficient manner and perform emergency response. For example: when power terminal equipment is invaded by physical means, security instructions can be issued in a timely manner to control the power terminal equipment to immediately restrict its access and communication to avoid the expansion of security incidents.
  • step one the process of collecting device information by the zero trust module is: reading device data, reading rule files, parsing the rule library, and collecting device information;
  • the zero-trust module performs continuous dynamic device authentication on power terminal equipment to block false device information
  • Trust value is an indicator of identity verification, and is obtained by a comprehensive score based on the basic attributes of the device and access delay;
  • the trust value threshold is H. If it is higher than or equal to H, it is a legitimate user, and if it is lower than H, it is an illegal user;
  • the trust value includes direct trust value, delay assessment trust value, and abnormal behavior assessment trust value.
  • the calculation formula is as follows:
  • T T d +T t +T a
  • T is the trust value
  • T d is the direct trust value
  • T t is the delay evaluation trust value
  • T a is the abnormal behavior evaluation trust value
  • the direct trust value is the S-shaped function SIGMOID, and its calculation formula is:
  • T d is the direct trust value
  • f is the direct trust value constraint coefficient of different devices
  • the delay assessment trust value and the abnormal behavior assessment trust value constitute the indirect trust value
  • the delay evaluation trust value is evaluated based on the device response time, and its calculation formula is:
  • T t is the delay evaluation trust value
  • is the maximum allowable delay of device response
  • D is the information transmission delay
  • Abnormal behavior evaluation trust value is evaluated based on the proportion of abnormal device behavior and normal behavior.
  • the calculation formula is:
  • T a is the abnormal behavior evaluation trust value
  • a u is the amount of abnormal behavior
  • a n is the amount of normal behavior.
  • the abnormal situations of the power terminal equipment include the following:
  • a certain power terminal equipment is set to upload equipment information at a certain time on a certain day, and the equipment information is uploaded with a delay.
  • the delay evaluation trust value calculation formula the trust value of the power terminal equipment is calculated. When the trust value is lower than the threshold When, abnormal equipment alarm is issued;
  • the information interaction time of power terminal equipment is fixed, the interactive information is fixed, and a certain power information interaction time is chaotic, the interactive information is chaotic, and abnormal behavior is obvious.
  • the abnormal behavior evaluation trust value calculation formula the trust value of the power terminal equipment is calculated. When the trust value of the power terminal equipment is lower than the threshold, an abnormal equipment alarm is issued;
  • Device information includes the power terminal's operating system kernel version, operating system release version, etc., CPU name, CPU architecture, CPU core number, memory size, storage size, network card information name, network card information address, network card information status, network card information type, network card The amount of information flow.
  • intrusion detection is divided into anomaly detection and misuse detection
  • the anomaly detection includes the following:
  • the misuse detection includes the following:
  • Value(I 1 ,I 2 ) is used to express the intrusion detection results
  • I 1 and I 2 correspond to normal access and undetected access
  • L(I 1 ,I 2 ) is the access speed difference
  • is the constraint coefficient used to adjust the weight of the access speed difference, usually taking a value of 1;
  • is the constraint coefficient used to adjust the weight of access address differences, usually taking a value of 1;
  • is the constraint coefficient used to adjust the difference weight of access devices, usually taking a value of 1;
  • a is the constraint coefficient of the access speed attribute difference
  • b is the constraint coefficient of the access address attribute difference
  • c is the constraint coefficient for accessing device attribute differences
  • a is a constant 6.5
  • b is a constant 58.5
  • c is a constant 29.25;
  • u 1 and u 2 are the average speeds corresponding to normal access and undetected access respectively;
  • ⁇ 1 and ⁇ 2 are the address values corresponding to normal access and access to be detected respectively;
  • ⁇ 12 is the fixed information value of the access device.
  • the vulnerability sensing is to detect the connection status of relevant network nodes
  • the vulnerability perception is to detect the connection status of relevant network nodes, and its calculation formula is:
  • s ij is the vulnerability value
  • n i is the connection value of the network node to be detected
  • n j is the connection value of adjacent network nodes
  • is a variable parameter. The corresponding values are selected according to different terminal types to obtain the most suitable network node. Connect the value.
  • the file integrity detection includes the following:
  • the events include creating, deleting, or renaming files, folders, and directories; accessing files and folders; changing file and folder attributes; changing security settings for files, folders, or directories;
  • testing is the integrity detection value.
  • the current file is the same as the original file, it is a true value, otherwise it is a false value;
  • oldfile is the original file
  • the log monitoring is real-time monitoring and analysis of important log files in the system to detect the attack methods of intruders on the system;
  • Attack methods include brute force attacks, privilege escalation, and scanning.
  • security detection is based on the sensing data statistically analyzed by the security situation awareness module to achieve real-time monitoring of abnormal behavior of power terminals;
  • the security hardening includes password hardening and kernel virtual patching
  • the file permission management includes the following:
  • the security upgrades include the following:
  • Remote upgrade and local upgrade provides rapid upgrade service through the security monitoring center, and supports remote deployment of new equipment online; local upgrade performs local upgrade through power terminals.
  • the data storage module constructs a database for storing sensing data and control data
  • the data visualization module obtains data from the data storage module and can display the terminal type, danger level, network type, and security vulnerability of the power terminal equipment.
  • the second technical solution of the present invention is:
  • Step 1 Build a zero-trust module to collect equipment information of power terminal equipment, and conduct trust value scoring based on the collected equipment information to give a trust value;
  • the power terminal equipment When the trust value reaches the standard, the power terminal equipment is trusted and the power terminal equipment is identified as a trusted device;
  • the power terminal equipment When the trust value does not meet the standard, the power terminal equipment will be identified as an abnormal equipment and an abnormal equipment alarm will be issued;
  • Step two collect data from the trusted equipment in step one to obtain the collected data
  • Step three Build a security situation awareness module to perform intrusion detection, vulnerability awareness, file integrity detection, log monitoring operations on the collected data in step two, and convert the collected data into sensing data;
  • Step 4 Build a real-time management and control module to detect and control the sensing data in step 3, and generate safety instructions;
  • Step 5 Issue the security instructions in Step 4 to the power terminal equipment to perform security protection and security reinforcement on the power terminal equipment to achieve security detection, security reinforcement, file permission management, and security upgrade of the power terminal equipment.
  • the zero-trust module of the present invention can collect equipment information of power terminal equipment, and at the same time perform trust scoring based on the collected equipment information and give a trust value, so that abnormal power terminal equipment can be identified in a timely manner, and thus the upload of power terminal equipment can be effectively avoided. False information, Trojans, and viruses to ensure that the collected information is not tampered with.
  • the present invention needs to perform trust scoring on power terminal equipment.
  • it can effectively reduce physical attacks, ensure the accuracy of data collection, and realize lightweight collection of terminal data information;
  • the evaluation method of the present invention can proactively and quickly verify the security information of the terminal and accurately detect the management and control terminal. Therefore, it can be applied to new businesses with high cross-regional interaction frequency and large data volume, especially power transactions.
  • the present invention builds a security situation awareness module to collect data to perform a series of operations such as intrusion detection, vulnerability perception, file integrity detection, log monitoring, etc., and can convert the collected data into sensing data to ensure data security and compliance, and further avoid Data has been tampered with.
  • the present invention builds a real-time management and control module to manage and control the sensing data, generate safety instructions, and perform operations such as safety detection, safety reinforcement, file permission management, and safety upgrades on power terminal equipment, so as to respond to abnormal situations in a timely and efficient manner. , carry out emergency response. For example, when a certain power terminal equipment is invaded by physical means, security instructions can be issued in a timely manner to control the power terminal equipment to immediately restrict its access and communication to avoid the expansion of security incidents.
  • the third technical solution of the present invention is:
  • the zero-trust terminal collects the equipment information of the power terminal, obtains the equipment data stream, and performs trust value scoring based on the equipment information to give a trust value;
  • the network probe collects security information of power terminal equipment and obtains security data streams
  • the edge IoT agent reads and parses the device data stream and security data stream to obtain parsed data, and uploads the parsed data to the data platform;
  • the data platform processes the parsed data and generates safety instructions
  • Security instructions are issued to the power terminal equipment through the edge IoT agent to perform security protection and security reinforcement on the power terminal equipment.
  • the present invention assembles zero-trust equipment to powerfully monitor power terminal equipment.
  • the zero-trust equipment can collect equipment information of power terminal equipment, and at the same time perform trust scoring based on the collected equipment information to give a trust value, thereby Abnormal power terminal equipment can be identified in a timely manner, which can effectively prevent power terminal equipment from uploading false information, Trojans, and viruses, and ensure that the collected information is not tampered with.
  • the present invention needs to perform trust scoring on power terminal equipment.
  • it can effectively reduce physical attacks, ensure the accuracy of data collection, and realize lightweight collection of terminal data information;
  • the protection system of the present invention can proactively and quickly verify the security information of the terminal and accurately detect the management and control terminal. Therefore, it can be applied to new businesses with high cross-regional interaction frequency and large data volume, especially power transactions.
  • the present invention is equipped with a data platform that can generate safety instructions based on parsed data, perform safety protection and safety reinforcement on power terminal equipment, and can respond to abnormal situations in a timely and efficient manner and perform emergency responses. For example, when a smart terminal is invaded by physical means, security instructions can be issued in a timely manner to control the power terminal equipment to immediately restrict its access and communication to avoid the expansion of security incidents.
  • the present invention has the following beneficial effects:
  • the zero-trust module can collect equipment information of power terminal equipment, and at the same time performs trust scoring based on the collected equipment information to give a trust value, thereby Abnormal power terminal equipment can be identified in a timely manner, which can effectively prevent power terminal equipment from uploading false information, Trojans, and viruses, and ensure that the collected information is not tampered with.
  • the present invention needs to perform trust scoring on power terminal equipment.
  • it can effectively reduce physical attacks, ensure the accuracy of data collection, and realize lightweight collection of terminal data information;
  • the evaluation method of the present invention can proactively and quickly verify the security information of the terminal and accurately detect the management and control terminal. Therefore, it can be applied to new businesses with high cross-regional interaction frequency and large data volume, especially power transactions.
  • the present invention builds a security situation awareness module to perform situation awareness on the collected data, and performs operations such as intrusion detection or/and vulnerability perception or/and file integrity detection or/and log monitoring operations on the collected data to ensure data security and integrity. regulations to further prevent data from being tampered with.
  • the present invention constructs a real-time management and control module to manage and control the sensing data, generate safety instructions, and perform safety protection and safety reinforcement on the power terminal equipment, so as to respond to abnormal situations in a timely and efficient manner and perform emergency response. For example, when a smart terminal is invaded by physical means, security instructions can be issued in a timely manner to control the power terminal equipment to immediately restrict its access and communication to avoid the expansion of security incidents.
  • Figure 1 is a flow chart of the protection method of the present invention
  • Figure 2 is a structural diagram of the protection system of the present invention.
  • Step 1 Build a zero-trust module to collect equipment information of power terminal equipment, and conduct trust scoring based on the collected equipment information to give a trust value;
  • Step two collect data from the trusted device in step one to obtain the collected data
  • Step three Build a security situation awareness module to perform situation awareness on the data collected in step two;
  • the collected data will be converted into perception data
  • the situational awareness includes intrusion detection or/and vulnerability awareness or/and file integrity detection or/and log monitoring operations;
  • Step 4 Build a real-time management and control module to manage and control the sensing data in step 4 and generate safety instructions;
  • Step 5 Issue the security instructions in Step 4 to the power terminal equipment to perform safety protection and security reinforcement on the power terminal equipment;
  • the security protection and security reinforcement include security detection or/and security reinforcement or/and file permission management or/and security upgrade.
  • Step 1 Build a zero-trust module to collect equipment information of power terminal equipment, and conduct trust value scoring based on the collected equipment information to give a trust value;
  • the power terminal equipment When the trust value reaches the standard, the power terminal equipment is trusted and the power terminal equipment is identified as a trusted device;
  • the power terminal equipment When the trust value does not meet the standard, the power terminal equipment will be identified as an abnormal equipment and an abnormal equipment alarm will be issued;
  • Step two collect data from the trusted equipment in step one to obtain the collected data
  • Step three Build a security situation awareness module to perform intrusion detection, vulnerability awareness, file integrity detection, log monitoring operations on the collected data in step two, and convert the collected data into sensing data;
  • Step 4 Build a real-time management and control module to detect and control the sensing data in step 3, and generate safety instructions;
  • Step 5 Issue the security instructions in Step 4 to the power terminal equipment to perform security protection and security reinforcement on the power terminal equipment to achieve security detection, security reinforcement, file permission management, and security upgrade of the power terminal equipment.
  • the zero-trust terminal collects the equipment information of the power terminal, obtains the equipment data stream, and performs trust value scoring based on the equipment information to give a trust value;
  • the network probe collects security information of power terminal equipment and obtains security data streams
  • the edge IoT agent reads and parses the device data stream and security data stream to obtain parsed data, and uploads the parsed data to the data platform;
  • the data platform processes the parsed data and generates safety instructions
  • Security instructions are issued to the power terminal equipment through the edge IoT agent to perform security protection and security reinforcement on the power terminal equipment.
  • the hardware connections include the following:
  • the zero-trust terminal and network probe connect to the power terminal respectively, and then use 485 shielded twisted pair and network cable to connect to the edge IoT agent device.
  • the edge IoT agent device is connected to the data platform through a network cable.
  • the zero-trust terminal and network probe The needle, edge IoT agent device and data platform are configured in the same LAN, so that the edge IoT agent device can access the zero trust terminal, network probe and data platform.
  • the system startup includes the following:
  • Said authentication includes the following
  • the power terminal equipment requests identity verification.
  • the zero-trust terminal gives a trust value based on the trust value score of the device information and performs two operations based on the trust threshold. If the trust value reaches the standard, the device is trusted and information can be collected normally. Otherwise, abnormal device alarms are issued.
  • the maximum trust value is 100 and the minimum is 0;
  • the trust value threshold is 60. If it is higher than or equal to 60, it is a legitimate user, and if it is lower than 60, it is an illegal user;
  • the power terminal equipment is set to upload equipment information at six o'clock on Saturday evening. There is a delay in uploading the information of a certain power equipment. According to the delay evaluation trust value evaluation method, it is learned that the trust value of the equipment is lower than the threshold, so an abnormal equipment alarm is issued.
  • the power equipment information interaction time is fixed, the interaction information is fixed, and a certain power information interaction time is disordered, the interaction information is confusing, and the abnormal behavior is obvious. Based on the abnormal behavior evaluation, it is determined that the trust value of the equipment is lower than the threshold, so an abnormal equipment alarm is performed.
  • the security awareness includes the following:
  • zero-trust terminals and network probes are used to collect equipment information and security information of power terminals and upload them to the edge IoT agent; the edge IoT agent is responsible for reading and parsing the data uploaded by zero-trust terminals and network probes Stream to upload the parsed data to the data platform.
  • the security situation awareness module collects power terminal data, performs intrusion detection, vulnerability awareness, file integrity detection, log monitoring and other operations, and sends the data to the real-time management and control module and data storage module, and the data storage module further uploads it. to the data visualization module.
  • Intrusion detection (1) Define the characteristics of events that violate security policies, such as certain header information of network data packets. Detection mainly determines whether such features appear in the collected data. (2) Define a set of values for "normal" conditions of the system, such as CPU utilization, memory utilization, file checksums, etc. (This type of data can be defined manually, or it can be obtained by observing the system and using statistical methods), The running values of the system are then compared with the defined "normal" conditions to determine whether there are signs of an attack.
  • Vulnerability perception Use simulated hacker attacks to detect known security vulnerabilities that may exist on the target one by one. Security vulnerabilities can be detected on various objects such as workstations, servers, switches, databases, etc.
  • File Integrity Detection Continuously monitors files, folders, and directories specified in its supervision configuration file. It captures changes that have occurred and can monitor the entire directory structure or individual files and folders for events, such as: creation, deletion Or rename files, folders and directories; access files and folders; change file and folder properties; change security settings of files, folders or directories, such as permission changes, etc.
  • file integrity monitoring can determine which files have been changed. Using this information, damage can be quickly assessed and incident response initiated. If employees or administrators often modify files unintentionally. Sometimes these changes are so subtle that they go unnoticed, but they can lead to security breaches or hinder business operations. File integrity monitoring helps zero in on changes to files so they can be rolled back or other remedial action taken.
  • Log monitoring The process of gaining real-time visibility into the records generated by a host or device. Extract system log characteristic data, detect system log anomalies, feed back additions, deletions, modifications and check operations of system logs, and detect whether system logs have been tampered with.
  • the security protection includes the following:
  • the data platform analyzes and processes equipment information and security information, issues security protection and security reinforcement instructions, and alarms abnormal terminal equipment; in the method module, the real-time management and control module responds to the received security situation Perceive the security information sent by the module, perform security detection, security reinforcement, file permission management, security audit and other operations, issue relevant security instructions to the power terminal, and send the control data to the data storage module, which is further uploaded to data visualization. module.
  • Said security visualization includes the following
  • the data platform displays the data sent by the edge generation; in the method module, the data visualization module reads relevant data from the data storage module database, and displays the terminal type and terminal type when the power terminal is running in the form of a chart. Network information, security vulnerabilities, danger levels, etc.
  • embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including, but not limited to, disk storage, CD-ROM, optical storage, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente invention appartient au domaine technique des dispositifs terminaux de puissance. L'invention divulgue un procédé et un système de protection de sécurité de terminal de puissance. Une technologie de protection existante met simplement en œuvre une commande et une isolation de services d'application, et ne peut pas résoudre réellement le problème de sécurité de réseau de l'Internet des objets électriques existant. Selon le procédé de protection de sécurité de terminal d'alimentation de la présente invention, un module de confiance nulle est construit pour effectuer une surveillance performante d'un dispositif de terminal de puissance, il convient d'appliquer une notation de confiance au dispositif de terminal de puissance avant une collecte de données, et un mode d'exécution d'évaluation avant la collecte est utilisé, ce qui permet de réduire efficacement des attaques physiques, de garantir la précision de collecte de données, et de réaliser une collecte de poids léger d'informations de données d'un terminal. De plus, un module de détection de situation de sécurité est construit pour mettre en œuvre une détection de situation par rapport à des données collectées, ce qui garantit la sécurité et la conformité des données. En outre, un module de gestion et de commande en temps réel est construit pour gérer et commander des données détectées, et une instruction de sécurité est générée dont l'objet est de mettre en œuvre une protection de sécurité du dispositif terminal de puissance, ce qui permet de gérer de manière efficace et opportune une situation anormale, de façon à mettre en œuvre une réponse d'urgence.
PCT/CN2023/070408 2022-05-07 2023-01-04 Procédé et système de protection de sécurité de terminal de puissance WO2023216641A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210491285.8A CN114584405B (zh) 2022-05-07 2022-05-07 一种电力终端安全防护方法及系统
CN202210491285.8 2022-05-07

Publications (1)

Publication Number Publication Date
WO2023216641A1 true WO2023216641A1 (fr) 2023-11-16

Family

ID=81767795

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/070408 WO2023216641A1 (fr) 2022-05-07 2023-01-04 Procédé et système de protection de sécurité de terminal de puissance

Country Status (2)

Country Link
CN (1) CN114584405B (fr)
WO (1) WO2023216641A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117640258A (zh) * 2024-01-25 2024-03-01 远江盛邦(北京)网络安全科技股份有限公司 网络资产测绘的防护方法、装置、设备和存储介质
CN117692257A (zh) * 2024-02-02 2024-03-12 数盾信息科技股份有限公司 一种电力物联网业务数据的高速加密方法及装置
CN117750467A (zh) * 2023-12-20 2024-03-22 中国移动通信集团终端有限公司 一种5g双域专网的零信任安全可信接入方法
CN117792798A (zh) * 2024-02-27 2024-03-29 常州银杉信息技术有限公司 一种即时通讯信息交互系统及方法

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584405B (zh) * 2022-05-07 2022-08-02 国网浙江省电力有限公司电力科学研究院 一种电力终端安全防护方法及系统
CN115426200B (zh) * 2022-11-03 2023-03-03 北京数盾信息科技有限公司 一种数据采集处理方法及系统
CN115987579B (zh) * 2022-12-07 2023-09-15 南京鼎山信息科技有限公司 基于大数据和物联网通信的数据处理方法和数据处理系统
CN116545890A (zh) * 2023-04-26 2023-08-04 苏州维格纳信息科技有限公司 一种基于区块链的信息传输管理系统
CN117354343B (zh) * 2023-10-10 2024-04-16 国网河南省电力公司濮阳供电公司 一种电网电力智能化信息安全通信系统及方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015171580A1 (fr) * 2014-05-09 2015-11-12 Veritaseum, Inc. Dispositifs, systèmes et procédés pour faciliter des transferts de valeur à faible confiance et confiance nulle
CN112118102A (zh) * 2020-10-21 2020-12-22 国网天津市电力公司 一种电力专用的零信任网络系统
CN113542291A (zh) * 2021-07-21 2021-10-22 国网浙江省电力有限公司电力科学研究院 物联网安全访问控制策略
CN114584405A (zh) * 2022-05-07 2022-06-03 国网浙江省电力有限公司电力科学研究院 一种电力终端安全防护方法及系统

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100251370A1 (en) * 2009-03-26 2010-09-30 Inventec Corporation Network intrusion detection system
CN106296359A (zh) * 2016-08-13 2017-01-04 深圳市樊溪电子有限公司 基于区块链技术的可信电力网络交易平台
US11411958B2 (en) * 2019-01-18 2022-08-09 Cisco Technology, Inc. Machine learning-based application posture for zero trust networking
CN112511618B (zh) * 2020-11-25 2023-03-24 全球能源互联网研究院有限公司 边缘物联代理防护方法及电力物联网动态安全可信系统
CN112596984B (zh) * 2020-12-30 2023-07-21 国家电网有限公司大数据中心 业务弱隔离环境下的数据安全态势感知系统
CN113901499A (zh) * 2021-10-18 2022-01-07 北京八分量信息科技有限公司 一种基于可信计算零信任访问权限控制系统及方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015171580A1 (fr) * 2014-05-09 2015-11-12 Veritaseum, Inc. Dispositifs, systèmes et procédés pour faciliter des transferts de valeur à faible confiance et confiance nulle
CN112118102A (zh) * 2020-10-21 2020-12-22 国网天津市电力公司 一种电力专用的零信任网络系统
CN113542291A (zh) * 2021-07-21 2021-10-22 国网浙江省电力有限公司电力科学研究院 物联网安全访问控制策略
CN114584405A (zh) * 2022-05-07 2022-06-03 国网浙江省电力有限公司电力科学研究院 一种电力终端安全防护方法及系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JINGYU FENG, YU TINGTING; WANG ZIYING; ZHANG WENBO; HAN GANG: "An Edge Zero-Trust Model Against Compromised Terminals Threats in Power IoT Environments", JOURNAL OF COMPUTER RESEARCH AND DEVELOPMENT, vol. 59, no. 5, 10 February 2022 (2022-02-10), pages 1120 - 1132, XP093106787 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117750467A (zh) * 2023-12-20 2024-03-22 中国移动通信集团终端有限公司 一种5g双域专网的零信任安全可信接入方法
CN117640258A (zh) * 2024-01-25 2024-03-01 远江盛邦(北京)网络安全科技股份有限公司 网络资产测绘的防护方法、装置、设备和存储介质
CN117640258B (zh) * 2024-01-25 2024-04-26 远江盛邦(北京)网络安全科技股份有限公司 网络资产测绘的防护方法、装置、设备和存储介质
CN117692257A (zh) * 2024-02-02 2024-03-12 数盾信息科技股份有限公司 一种电力物联网业务数据的高速加密方法及装置
CN117692257B (zh) * 2024-02-02 2024-04-30 数盾信息科技股份有限公司 一种电力物联网业务数据的高速加密方法及装置
CN117792798A (zh) * 2024-02-27 2024-03-29 常州银杉信息技术有限公司 一种即时通讯信息交互系统及方法
CN117792798B (zh) * 2024-02-27 2024-05-14 常州银杉信息技术有限公司 一种即时通讯信息交互系统及方法

Also Published As

Publication number Publication date
CN114584405A (zh) 2022-06-03
CN114584405B (zh) 2022-08-02

Similar Documents

Publication Publication Date Title
WO2023216641A1 (fr) Procédé et système de protection de sécurité de terminal de puissance
US20210273957A1 (en) Cyber security for software-as-a-service factoring risk
US20210360027A1 (en) Cyber Security for Instant Messaging Across Platforms
EP3641225B1 (fr) Conformité gérée par la politique
US11228612B2 (en) Identifying cyber adversary behavior
US10140453B1 (en) Vulnerability management using taxonomy-based normalization
CA2526759C (fr) Gestion et controle d'evenements
CN104662517B (zh) 安全漏洞检测技术
US20070050777A1 (en) Duration of alerts and scanning of large data stores
WO2017210012A1 (fr) Classification de transactions au niveau d'une mémoire accessible par réseau
EP1894443A2 (fr) Duree d'alarmes et balayage de memoires de donnees de grande capacite
Mishra et al. Efficient approaches for intrusion detection in cloud environment
CN116074075A (zh) 基于关联规则的安全事件关联行为分析方法、系统及设备
CN114374530A (zh) 基于实时网络流量进行监测分析的ids系统和检测方法
CN203206283U (zh) 基于数据透明扫描idc信息监控系统
Shao Design and implementation of network security management system based on K-means algorithm
RU2799117C1 (ru) Способ и система предотвращения получения несанкционированного доступа к объектам корпоративной сети
KR20200054495A (ko) 보안관제 서비스 방법 및 그를 위한 장치
CN113949578B (zh) 基于流量的越权漏洞自动检测方法、装置及计算机设备
WO2024117925A1 (fr) Prévention de l'obtention d'accès non autorisé à un réseau d'entreprise
Xu et al. Development of computer network security management technology based on artificial intelligence under big data
Yang et al. Design Issues of Trustworthy Cloud Platform Based on IP Monitoring and File Risk
CN113193977A (zh) 一种基于区块链技术的安全可信系统
CN117424766A (zh) 一种基于可信度量的威胁行为检测系统及方法
CN114826783A (zh) 一种基于大数据的预测方法及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23802418

Country of ref document: EP

Kind code of ref document: A1