[go: up one dir, main page]

CN119561866B - Network security assessment method and device based on power monitoring system - Google Patents

Network security assessment method and device based on power monitoring system Download PDF

Info

Publication number
CN119561866B
CN119561866B CN202510125978.9A CN202510125978A CN119561866B CN 119561866 B CN119561866 B CN 119561866B CN 202510125978 A CN202510125978 A CN 202510125978A CN 119561866 B CN119561866 B CN 119561866B
Authority
CN
China
Prior art keywords
network
abnormal
monitoring
induction
area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202510125978.9A
Other languages
Chinese (zh)
Other versions
CN119561866A (en
Inventor
周杨俊冉
汪坤
汪晓彤
马金辉
方进虎
汪伟
陈伟
欧阳亨威
陈璐
王海伟
胡家荣
王玉宝
杨书航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Anhui Electric Power Co Ltd
Hefei Power Supply Co of State Grid Anhui Electric Power Co Ltd
Original Assignee
State Grid Anhui Electric Power Co Ltd
Hefei Power Supply Co of State Grid Anhui Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Anhui Electric Power Co Ltd, Hefei Power Supply Co of State Grid Anhui Electric Power Co Ltd filed Critical State Grid Anhui Electric Power Co Ltd
Priority to CN202510125978.9A priority Critical patent/CN119561866B/en
Publication of CN119561866A publication Critical patent/CN119561866A/en
Application granted granted Critical
Publication of CN119561866B publication Critical patent/CN119561866B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Health & Medical Sciences (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)

Abstract

The invention discloses a network security assessment method and equipment based on an electric power monitoring system, and relates to the technical field of network security, comprising the following steps of obtaining undisturbed network data of network nodes in a monitoring area; the method comprises the steps of randomly introducing a plurality of abnormal induction signals into network nodes in each monitoring area to obtain a first abnormal induction coefficient of the network in each monitoring area, calculating a network abnormal fluctuation deviation coefficient of each monitoring area based on network normal induction data and the first abnormal induction coefficient of the network, dividing the monitoring area with the network abnormal fluctuation deviation coefficient lower than a preset network abnormal threshold value for a second time to obtain a plurality of depth monitoring subareas, and calculating a second abnormal fluctuation deviation coefficient of the network in the plurality of depth monitoring subareas to safely evaluate the network, so that the problems that fine differences between network nodes in normal operation and abnormal states are difficult to accurately identify and network safety in smaller monitoring areas cannot be revealed are solved.

Description

Network security assessment method and device based on power monitoring system
Technical Field
The invention relates to the technical field of network security, in particular to a network security assessment method and device based on a power monitoring system.
Background
With the rapid development of the power industry, the network scale of a power monitoring system is increasingly enlarged, and network security supervision faces greater challenges. The construction of the novel power system gradually introduces more intelligent equipment and digital management means, and the number and complexity of network nodes are further increased. This extension increases both the automation level of the power system and the more complex safety risks. Meanwhile, network attack means are continuously evolved, and higher requirements on the safety of a power system are put forward
The network security detection method, system, equipment and medium based on the distributed system, disclosed in the patent of the invention with the bulletin number of CN117749534B, are used for acquiring any two entities from a network security entity set based on a preset network security knowledge graph, wherein each entity in the network security entity set represents one network security knowledge type, in the network security knowledge graph, path inquiry is respectively carried out on the two entities to determine an inquiry path, and a network security analysis result is determined according to the inquiry path, so that the threat and the vulnerability existing in a network can be rapidly analyzed, evaluated and processed in mass network security knowledge.
In the above disclosed technical solution, at least the following technical problems exist:
the traditional network security assessment method is very difficult to accurately identify the slight difference between network nodes in normal operation and abnormal states, and hidden network security in a smaller monitoring area cannot be revealed, so that security assessment cannot be carried out on the monitoring area. The present invention proposes a solution to the above-mentioned problems.
Disclosure of Invention
In order to overcome the above-mentioned drawbacks of the prior art, embodiments of the present invention provide a network security assessment method and apparatus based on a power monitoring system, by which the problem that it is difficult to accurately identify subtle differences between network nodes in normal operation and abnormal states and hidden network security in smaller monitoring areas cannot be revealed is solved.
In order to achieve the above purpose, the present invention provides the following technical solutions:
A network security assessment method based on an electric power monitoring system comprises the steps of dividing the electric power monitoring system into a plurality of monitoring areas based on an electric power monitoring system network topology graph, obtaining undisturbed network data of network nodes in the monitoring areas, calculating network normal induction data of the network nodes in each monitoring area based on a preset network induction assessment model, randomly introducing a plurality of abnormal induction signals into the network nodes in each monitoring area to obtain network first abnormal induction coefficients in each monitoring area, calculating network abnormal fluctuation deviation coefficients of each monitoring area based on the network normal induction data and the network first abnormal induction coefficients, sorting the network abnormal fluctuation deviation coefficients of each monitoring area, dividing the monitoring area with the network abnormal fluctuation deviation coefficients lower than a preset network abnormal threshold value for a second time to obtain a plurality of depth monitoring subareas, calculating network second abnormal fluctuation deviation coefficients in the plurality of depth monitoring subareas, and carrying out security assessment on a network based on the network second abnormal fluctuation deviation coefficients.
In a preferred embodiment, a plurality of abnormal induction signals are randomly introduced into network nodes in each monitoring area to obtain a first abnormal induction coefficient of the network in each monitoring area, specifically, under the condition that the network is free from interference, the first abnormal induction signals are introduced into the network nodes in each monitoring area to obtain initial abnormal induction data, after the first abnormal induction signals are introduced, the abnormal induction signals are randomly increased or decreased to obtain n abnormal induction data, and the initial abnormal induction data and the n abnormal induction data are subjected to weighted average to obtain the first abnormal induction coefficient of the network in each monitoring area.
In a preferred embodiment, after the first abnormal induction signal is introduced, the abnormal induction signal is randomly increased or decreased to obtain n abnormal induction data, specifically, after the first abnormal induction signal is introduced, the signal change value and the change amplitude value of the current power monitoring system are calculated according to a random number generation rule, the abnormal induction signal is randomly increased or decreased based on the signal change value and the change amplitude value of the current power monitoring system, and the abnormal induction signal is stopped being introduced based on a preset maximum signal quantity and a preset minimum signal quantity to obtain n abnormal induction data.
In a preferred embodiment, the network abnormal fluctuation deviation coefficient of each monitoring area is calculated based on the network normal induction data and the network first abnormal induction coefficient, specifically, the inter-group variance and the intra-group variance of the network normal induction data of the network nodes in each monitoring area are calculated, the normal induction coefficient of each monitoring area is calculated based on the inter-group variance and the intra-group variance of the network normal induction data of the network nodes in each monitoring area, and the ratio of the normal induction coefficient of each monitoring area to the network first abnormal induction coefficient is used as the network abnormal fluctuation deviation coefficient of each monitoring area.
In a preferred embodiment, calculating the second abnormal fluctuation deviation coefficient of the network in the plurality of depth monitoring subareas, specifically, calculating the variance of the abnormal fluctuation deviation coefficient of the network in the plurality of depth monitoring subareas and the variance of the abnormal fluctuation deviation coefficient of the network in the residual monitoring area respectively, and calculating the variance ratio of the variance of the abnormal fluctuation deviation coefficient of the network in each depth monitoring subarea and the variance of the abnormal fluctuation deviation coefficient of the network in the residual monitoring area respectively to obtain the second abnormal fluctuation deviation coefficient of the network in each depth monitoring subarea.
In a preferred embodiment, the network is safely evaluated based on the second abnormal fluctuation deviation coefficient of the network, specifically, the network area is a low risk area when the second abnormal fluctuation deviation coefficient of the network is smaller than a preset deviation threshold value, and the network area is a high risk area when the second abnormal fluctuation deviation coefficient of the network is larger than the preset deviation threshold value.
The network security assessment method and the network security assessment device based on the power monitoring system have the technical effects and advantages that:
1. According to the invention, the system is divided into a plurality of monitoring areas based on the division of the network topology diagram of the power monitoring system, so that the monitoring work is more targeted and hierarchical. The network node of each monitoring area acquires data under the condition of no disturbance, and calculates the normal sensing data of the network through a preset network sensing evaluation model, so that the accuracy and reliability of evaluation are ensured. On the basis, a random anomaly induction signal is introduced to simulate potential risks of the network, a first anomaly induction coefficient of the network is generated, and possible network anomaly fluctuation is effectively captured. And secondly, by calculating and sequencing the network abnormal fluctuation deviation coefficients, potential abnormal areas can be identified, and the abnormal areas are secondarily divided according to a set threshold value, so that further deep analysis is performed, and the accuracy of abnormality detection is improved. And finally, continuously calculating the abnormal fluctuation deviation coefficient in the depth monitoring subarea, and providing multi-level guarantee for network security assessment. The whole process is dynamic and flexible, has distinct layers, can accurately identify and respond to network abnormality, is beneficial to finding potential network potential safety hazards in real time, and improves the safety and stability of the power monitoring system.
Drawings
Fig. 1 is a schematic diagram of a network security assessment method based on a power monitoring system according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Embodiment 1, fig. 1 shows a network security assessment method based on a power monitoring system according to the present invention, which includes the following steps:
S1, dividing the power monitoring system into a plurality of monitoring areas based on a network topology diagram of the power monitoring system, and acquiring undisturbed network data of network nodes in the monitoring areas;
in this example, the network topology of the power monitoring system is specifically:
the power monitoring system network topology diagram comprises power system equipment, monitoring system nodes and a communication network structure.
It should be noted that obtaining the network topology of the power monitoring system has various advantages. First, it can clearly show the relationship among the power equipment, the monitoring system nodes and the communication paths, helping engineers understand the layout and operation of the whole system. Through the topological graph, the connection mode and the dependency relationship of each device in the system can be intuitively identified, and the device management, fault investigation and maintenance are facilitated. And secondly, the topological graph provides a basis for the performance optimization of the system, and the network layout can be optimized, the data transmission delay is reduced and the monitoring response speed is improved by analyzing the load of each node and the efficiency of the communication path. In addition, the topological graph provides support for network security assessment, and helps to identify potential weak links, such as bottlenecks of communication links or weak points of nodes, so that security risks are prevented in advance, and efficient and stable operation of the power monitoring system is ensured. In general, power monitoring system network topology is a fundamental tool to improve system reliability, safety, and efficiency.
In this example, the undisturbed network data of the network nodes in the monitoring area is specifically:
The non-perturbed network data of the network nodes in the monitoring area comprises network traffic data, network topology data, power equipment data and time series data.
It should be noted that, obtaining the undisturbed network data of the network nodes in the monitoring area is the basis of the security assessment of the power monitoring system. The undisturbed data reflects the network performance of the system in a normal running state, and a reliable reference is provided for subsequent abnormal detection. By acquiring the data, key indexes such as flow, delay, packet loss rate, equipment state and connection quality of the network can be accurately known, so that the health level of the network under the condition of no external interference can be estimated. These normal state data help identify potential risk areas, facilitating building a standard model of network anomalies. By comparing with disturbance data in actual operation, network anomalies and faults can be detected more efficiently. Meanwhile, the undisturbed data also provides data support for optimizing network layout, adjusting resource allocation, improving system stability and reducing fault response time, and is an important basis for ensuring the stability and safety of the power monitoring system.
S2, calculating network normal induction data of network nodes in each monitoring area based on a preset network induction evaluation model, and randomly introducing a plurality of abnormal induction signals into the network nodes in each monitoring area to obtain a first abnormal induction coefficient of the network in each monitoring area;
In this example, the network normal sensing data of the network node in each monitoring area is calculated based on a preset network sensing evaluation model by using the following specific formula:
Wherein, The data is normally sensed for the network of the i-th network node,A j-th network asset index value for the i-th network node,The jth network traffic index value for the ith network node,For the time series data value at time t of the i-th network node,AndThe weights of the network asset, the network traffic and the time series data are respectively, and m, s and p are respectively the index numbers of the network asset, the network traffic and the time series.
It should be noted that, based on the preset network induction evaluation model, the network normal induction data of the network nodes in each monitoring area is calculated, which has significant advantages. Firstly, the method provides an accurate reference for subsequent anomaly detection by quantifying various performance indexes (such as flow, delay, bandwidth and the like) of the network node in normal operation. The preset evaluation model can effectively eliminate the interference of external factors and ensure the purity and reliability of data. Secondly, by taking the normal sensing data of the network as a standard, the deviation possibly occurring in the actual operation can be monitored and compared in real time, and potential security threats or system faults can be found in time. In addition, the method can improve the automation and the accuracy of network management, reduce manual intervention and improve the monitoring efficiency. And finally, based on the calculation of the normal induction data, scientific basis can be provided for optimization, fault positioning and predictive maintenance of the power system, the stability and emergency response capability of the system are enhanced, and the efficient operation and safety guarantee of the power monitoring system are ensured.
In this example, a plurality of abnormal induction signals are randomly introduced into the network nodes in each monitoring area to obtain a first abnormal induction coefficient of the network in each monitoring area, which is specifically:
under the condition that the network is free from interference, first abnormal induction signals are introduced into network nodes in each monitoring area to obtain initial abnormal induction data;
after the first abnormal induction signal is introduced, the abnormal induction signal is randomly increased or decreased, and n abnormal induction data are obtained;
and carrying out weighted average on the initial abnormal induction data and the n abnormal induction data to obtain a first abnormal induction coefficient of the network in each monitoring area.
In this example, under the condition that the network has no interference, first abnormal induction signals are introduced into network nodes in each monitoring area to obtain initial abnormal induction data, specifically:
Wherein, In order to initially sense the data for an anomaly,AndRespectively preset weight coefficients of network delay deviation, network packet loss rate deviation and network bandwidth deviation,AndThe network delay deviation, the network packet loss rate deviation and the network bandwidth deviation are respectively, and n is the number of network nodes in each monitoring area.
It should be noted that, under the condition that the network is not interfered, the first abnormal induction signal is introduced and the initial abnormal induction data is obtained, which has a plurality of advantages. First, this process can simulate potential anomalies and identify potential safety hazards in advance even under normal operating conditions. By introducing an abnormal induction signal in the undisturbed environment, reference data can be effectively established, so that a standard is provided for subsequent abnormal monitoring. Secondly, the method is helpful for capturing potential atypical behaviors of the network, even tiny abnormal fluctuation can be detected, and the sensitivity and the accuracy of the system are improved. In addition, the introduction of the initial abnormal induction data can help to compare and analyze network performances under normal and abnormal states, enhance the accuracy of an abnormal detection algorithm and reduce the risks of false alarm and false alarm. Finally, by using the method, risk assessment and early warning can be carried out before the actual abnormality of the network occurs, so that sufficient data support is provided for optimization, fault removal and emergency response of the system, and the safety and stability of the power monitoring system are improved.
In this example, after the first abnormal induction signal is introduced, the abnormal induction signal is randomly increased or decreased, so as to obtain n abnormal induction data, which is specifically:
After the first abnormal induction signal is introduced, calculating a signal change value and a change amplitude value of the current power monitoring system according to a random number generation rule;
and randomly increasing or decreasing the abnormal induction signals based on the signal change value and the change amplitude value of the current power monitoring system, and stopping introducing the abnormal induction signals based on the preset maximum signal quantity and the preset minimum signal quantity to obtain n abnormal induction data.
In this example, after the first abnormal induction signal is introduced, the signal change value and the change amplitude value of the current power monitoring system are calculated according to a random number generation rule, which specifically includes:
Random number generation rules define how random variations are simulated by mathematical models to introduce anomaly signals in the power monitoring system. These rules are typically based on probability distributions, such as normal (gaussian) or even distributions, for generating random numbers with certain expected values and standard deviations. The random number generation model of normal distribution uses standard normal distribution function to control the variation range and amplitude of signal by setting expected value and standard deviation, and uniform distribution is used to generate uniform random number in specific interval by setting upper and lower limits. The abnormal signals introduced by the rules can simulate the deviation of the power network node in normal operation, and help to evaluate the stability of the system and identify potential security threats;
And the signal change value refers to the difference between the network node signal and the original normal signal in the power monitoring system after the abnormal induction signal is guided. It reflects the magnitude of the effect of the abnormal signal on the normal network state, and is usually obtained by calculating the difference between the new signal value after the abnormal signal is introduced and the undisturbed normal signal value. The signal change value can reveal the performance fluctuation of the network node, help identify potential abnormal or fault conditions, and provide basis for subsequent abnormal detection and network security evaluation;
The change amplitude value refers to the change degree of the network node signal in the power monitoring system after the abnormal induction signal is led, and is usually represented by calculating the absolute value of the abnormal signal. The method reflects the influence intensity of the abnormal signal on the normal signal, namely the fluctuation amplitude of the network node when the network node is interfered by the abnormal signal. The change amplitude value can help evaluate the stability of the system, reveal the specific influence of the abnormal condition on the network performance, and further provide key data for abnormality detection, fault positioning and safety evaluation.
S3, calculating a network abnormal fluctuation deviation coefficient of each monitoring area based on the network normal induction data and the network first abnormal induction coefficient;
In this example, based on the network normal induction data and the network first abnormal induction coefficient, a network abnormal fluctuation deviation coefficient of each monitoring area is calculated, specifically:
Calculating the inter-group variance and the intra-group variance of the network normal induction data of the network nodes in each monitoring area;
Calculating the normal induction coefficient of each monitoring area based on the inter-group variance and the intra-group variance of the network normal induction data of the network nodes in each monitoring area;
and taking the ratio of the normal inductance of each monitoring area to the first abnormal inductance of the network as the abnormal fluctuation deviation coefficient of the network of each monitoring area.
In this example, based on the inter-group variance and intra-group variance of the network normal induction data of the network nodes in each monitoring area, the normal induction coefficient of each monitoring area is calculated according to the following specific formula:
Wherein, To monitor the inter-group variance of network nodes within an area,To monitor the normal sensing mean of the i-th network node in the area,To monitor the normal sensing mean of all network nodes in the area,To monitor the intra-group variance of the intra-area network nodes,The kth performance indicator for the ith network node,In order to monitor the normal inductance of the area,And m is the number of performance indexes, and r is the number of network nodes in the monitoring area.
It should be noted that the calculation of the normal inductance based on the inter-group variance and intra-group variance of the network normal inductance data of the network nodes in each monitoring area has significant advantages. First, the inter-group variance can reflect the sensed data differences between different monitored areas, while the intra-group variance reveals the stability between nodes within the same area. Through the combination of the two, the network state of each monitoring area can be comprehensively evaluated, and the coordination and consistency of the network nodes under normal conditions are ensured. Second, the calculation of the normal inductance helps to identify weak links that may exist in the network, and if the inter-group variance or intra-group variance of a region is large, this may indicate that the region has a potential failure risk or unstable performance. Finally, the method provides reliable reference data for subsequent abnormality detection and fault diagnosis, and by comparing the reliable reference data with actual data, the abnormality can be efficiently positioned, the response speed and reliability of the system are improved, and the stable operation of the power monitoring system is ensured.
In this example, the ratio of the normal inductance of each monitoring area to the first abnormal inductance of the network is taken as the abnormal fluctuation deviation coefficient of the network of each monitoring area, which is specifically:
The ratio of the normal inductance of each monitoring area to the first abnormal inductance of the network is used as the abnormal fluctuation deviation coefficient of the network, and the method has important advantages. Firstly, the ratio can clearly reveal the fluctuation difference of the monitoring area under the normal operation and the abnormal state. When the normal inductance is higher and the abnormal inductance is lower, the network of the area has smaller response when encountering abnormal signals, and on the contrary, if the ratio is higher, the network of the area is easily disturbed, and a larger potential safety hazard can exist. By calculating the ratio, the abnormal fluctuation condition of the monitoring area can be accurately quantified, and a quantification basis is provided for subsequent abnormal detection and risk assessment.
And secondly, the high-risk area and the low-risk area can be effectively distinguished by utilizing the abnormal fluctuation deviation coefficient of the network. The larger the ratio of the monitoring area is, the more intense the response to the abnormal signal is, and the larger network security risk possibly exists, while the smaller the ratio is, the more stable the area is, and the risk is lower. In this way, more accurate resource allocation and risk management can be realized, the high risk area is paid priority to, and directional optimization and countermeasure are carried out.
Finally, the method is helpful for improving the automation and intelligence level of the power monitoring system. By calculating and dynamically monitoring the deviation coefficients, the system can evaluate the stability and the safety of the network in real time, reduce manual intervention, and improve the fault prediction and response speed, thereby guaranteeing the efficient operation and the safety management of the power system
S4, sorting the network abnormal fluctuation deviation coefficients of each monitoring area, and secondarily dividing the monitoring areas with the network abnormal fluctuation deviation coefficients lower than a preset network abnormal threshold value to obtain a plurality of depth monitoring subareas;
It should be noted that, ordering the network abnormal fluctuation deviation coefficient of each monitoring area, and dividing the monitoring area lower than the preset network abnormal threshold value into depth monitoring subareas, has remarkable advantages. Firstly, by sequencing the abnormal fluctuation deviation coefficients of the monitoring area, areas with higher risks and areas with lower risks can be effectively identified. The sequencing method can help operation and maintenance personnel to determine which areas have network fluctuation and potential safety hazards to a greater extent, and the high-risk areas are monitored and maintained in a priority mode. Accordingly, after secondary division, the monitoring area below the preset abnormal threshold value is managed in a finer manner, so that potential problems can be captured in a more stable area more accurately.
Secondly, after being divided into depth monitoring subareas, the network characteristics and risk levels of different areas can be flexibly and finely dealt with. For some monitoring areas which are originally presented as low risk, potential problems in the monitoring areas can be found after subdivision, so that more targeted monitoring and intervention measures are implemented, and the safety and stability of the whole power monitoring system are improved.
In addition, the method has high efficiency and expandability. With the increase of monitoring areas, the fine granularity monitoring of a large-scale power network can be realized by dynamically adjusting the threshold value and the secondary division strategy, redundancy and resource waste are reduced, the system resource allocation is optimized, and each monitoring area is ensured to be focused enough. Finally, the fault early warning, the quick response capability and the global optimization of the system are enhanced, and the overall safety and the operation and maintenance efficiency of the power monitoring system are improved.
S5, calculating second abnormal fluctuation deviation coefficients of the network in the plurality of depth monitoring subareas, and carrying out security assessment on the network based on the second abnormal fluctuation deviation coefficients of the network.
In this example, calculating the second abnormal fluctuation deviation coefficient of the network in the plurality of depth monitoring subareas specifically includes:
Respectively calculating the network abnormal fluctuation deviation coefficients of the plurality of depth monitoring subareas and the variances of the network abnormal fluctuation deviation coefficients of the rest monitoring areas;
And carrying out variance ratio calculation on the variances of the network abnormal fluctuation deviation coefficients of each depth monitoring subarea and the variances of the network abnormal fluctuation deviation coefficients of the rest monitoring areas respectively to obtain network second abnormal fluctuation deviation coefficients of each depth monitoring subarea.
It should be noted that, the ratio calculation is performed on the variance of the network abnormal fluctuation deviation coefficient of each depth monitoring subarea and the variance of the remaining monitoring area to obtain the network second abnormal fluctuation deviation coefficient, which has significant advantages. First, the variance ratio can quantify the fluctuation difference between the depth monitor sub-regions and other regions, helping to identify which sub-regions have significantly different fluctuation characteristics, thereby more accurately reflecting potential anomalies and risks. Through the calculation of the ratio, the abnormal influence degree of the depth monitoring subarea can be effectively evaluated, and compared with the residual area, and the hot spot area and the abnormal fluctuation mode in the network are found.
Secondly, the variance ratio calculation method is beneficial to further optimizing the monitoring resource allocation, ensuring that the key monitoring area is sufficiently focused and supported, and reducing the excessive monitoring of the low-risk area. By dynamically evaluating the abnormal fluctuation characteristics of each sub-area, risk points can be accurately identified, so that scientific basis is provided for fault early warning, load balancing and network optimization. Finally, the self-adaptive capacity and response speed of the power monitoring system are improved, finer and dynamic network management is facilitated, and stable and safe operation of the system is guaranteed.
In this example, the security evaluation is performed on the network based on the second abnormal fluctuation deviation coefficient of the network, specifically:
when the second abnormal fluctuation deviation coefficient of the network is smaller than a preset deviation threshold value, the network area is a low risk area;
When the second abnormal fluctuation deviation coefficient of the network is larger than a preset deviation threshold value, the network area is a high risk area.
It should be noted that, the security evaluation method based on the second abnormal fluctuation deviation coefficient of the network has important advantages by comparing with the preset deviation threshold value to divide the network area into the low risk area and the high risk area. First, the method can quickly and intuitively evaluate the security state of each area, and is helpful for accurately identifying and marking the potential high-risk areas. Secondly, the differential risk division enables system operation staff to take measures in a targeted manner, the high-risk area is preferentially subjected to enhanced monitoring and resource allocation optimization, and the low-risk area is subjected to conventional monitoring, so that redundant consumption of resources is avoided. Finally, based on the second abnormal fluctuation deviation coefficient calculated dynamically, the method improves the sensitivity and the response speed of the system to network abnormality, thereby improving the safety and the stability of the whole power monitoring system and guaranteeing the efficient operation of the system.
The above formulas are all formulas with dimensions removed and numerical values calculated, the formulas are formulas with a large amount of data collected for software simulation to obtain the latest real situation, and preset parameters in the formulas are set by those skilled in the art according to the actual situation.
The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product.
Those of ordinary skill in the art will appreciate that the various illustrative modules and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In addition, each functional module in each embodiment of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Finally, the foregoing description of the preferred embodiment of the invention is provided for the purpose of illustration only, and is not intended to limit the invention to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

Claims (10)

1. The network security assessment method based on the power monitoring system is characterized by comprising the following steps of:
dividing the power monitoring system into a plurality of monitoring areas based on a network topology diagram of the power monitoring system, and acquiring undisturbed network data of network nodes in the monitoring areas;
calculating network normal induction data of network nodes in each monitoring area based on a preset network induction evaluation model, and randomly introducing a plurality of abnormal induction signals into the network nodes in each monitoring area to obtain a first abnormal induction coefficient of the network in each monitoring area;
Calculating a network abnormal fluctuation deviation coefficient of each monitoring area based on the network normal induction data and the network first abnormal induction coefficient;
Sorting the network abnormal fluctuation deviation coefficients of each monitoring area, and secondarily dividing the monitoring areas with the network abnormal fluctuation deviation coefficients lower than a preset network abnormal threshold value to obtain a plurality of depth monitoring subareas;
and calculating second abnormal fluctuation deviation coefficients of the network in the plurality of depth monitoring subareas, and carrying out security assessment on the network based on the second abnormal fluctuation deviation coefficients of the network.
2. The network security assessment method based on the power monitoring system according to claim 1, wherein a plurality of abnormal induction signals are randomly introduced into the network nodes in each monitoring area to obtain a first abnormal induction coefficient of the network in each monitoring area, specifically:
under the condition that the network is free from interference, first abnormal induction signals are introduced into network nodes in each monitoring area to obtain initial abnormal induction data;
after the first abnormal induction signal is introduced, the abnormal induction signal is randomly increased or decreased, and n abnormal induction data are obtained;
and carrying out weighted average on the initial abnormal induction data and the n abnormal induction data to obtain a first abnormal induction coefficient of the network in each monitoring area.
3. The network security assessment method based on the power monitoring system according to claim 2, wherein after the first abnormal induction signal is introduced, the abnormal induction signal is randomly increased or decreased to obtain n abnormal induction data, specifically:
After the first abnormal induction signal is introduced, calculating a signal change value and a change amplitude value of the current power monitoring system according to a random number generation rule;
and randomly increasing or decreasing the abnormal induction signals based on the signal change value and the change amplitude value of the current power monitoring system, and stopping introducing the abnormal induction signals based on the preset maximum signal quantity and the preset minimum signal quantity to obtain n abnormal induction data.
4. The network security assessment method based on the power monitoring system according to claim 3, wherein the network abnormal fluctuation deviation coefficient of each monitoring area is calculated based on the network normal induction data and the network first abnormal induction coefficient, specifically:
Calculating the inter-group variance and the intra-group variance of the network normal induction data of the network nodes in each monitoring area;
Calculating the normal induction coefficient of each monitoring area based on the inter-group variance and the intra-group variance of the network normal induction data of the network nodes in each monitoring area;
and taking the ratio of the normal inductance of each monitoring area to the first abnormal inductance of the network as the abnormal fluctuation deviation coefficient of the network of each monitoring area.
5. The network security assessment method based on the power monitoring system according to claim 4, wherein the calculating of the network second abnormal fluctuation deviation coefficient in the plurality of depth monitoring subareas is specifically:
Respectively calculating the network abnormal fluctuation deviation coefficients of the plurality of depth monitoring subareas and the variances of the network abnormal fluctuation deviation coefficients of the rest monitoring areas;
And carrying out variance ratio calculation on the variances of the network abnormal fluctuation deviation coefficients of each depth monitoring subarea and the variances of the network abnormal fluctuation deviation coefficients of the rest monitoring areas respectively to obtain network second abnormal fluctuation deviation coefficients of each depth monitoring subarea.
6. The network security assessment method based on the power monitoring system according to claim 5, wherein the security assessment is performed on the network based on the second abnormal fluctuation deviation coefficient of the network, specifically:
when the second abnormal fluctuation deviation coefficient of the network is smaller than a preset deviation threshold value, the network area is a low risk area;
When the second abnormal fluctuation deviation coefficient of the network is larger than a preset deviation threshold value, the network area is a high risk area.
7. The network security assessment method based on the power monitoring system according to claim 6, wherein the network normal sensing data of the network nodes in each monitoring area is calculated based on a preset network sensing assessment model by using the following specific formula:
Wherein, The data is normally sensed for the network of the i-th network node,A j-th network asset index value for the i-th network node,The jth network traffic index value for the ith network node,For the time series data value at time t of the i-th network node,AndThe weights of the network asset, the network traffic and the time series data are respectively, and m, s and p are respectively the index numbers of the network asset, the network traffic and the time series.
8. The network security assessment method based on the power monitoring system according to claim 7, wherein under the condition that the network is not interfered, first introducing a first abnormal induction signal into a network node in each monitoring area to obtain initial abnormal induction data, specifically:
Wherein, In order to initially sense the data for an anomaly,AndRespectively preset weight coefficients of network delay deviation, network packet loss rate deviation and network bandwidth deviation,AndThe network delay deviation, the network packet loss rate deviation and the network bandwidth deviation are respectively, and n is the number of network nodes in each monitoring area.
9. The network security assessment method based on the power monitoring system according to claim 8, wherein the normal inductance of each monitoring area is calculated based on the inter-group variance and the intra-group variance of the network normal inductance data of the network nodes in each monitoring area, and the specific formula is:
Wherein, To monitor the inter-group variance of network nodes within an area,To monitor the normal sensing mean of the i-th network node in the area,To monitor the normal sensing mean of all network nodes in the area,To monitor the intra-group variance of the intra-area network nodes,The kth performance indicator for the ith network node,In order to monitor the normal inductance of the area,And m is the number of performance indexes, and r is the number of network nodes in the monitoring area.
10. An electronic device, the electronic device comprising:
At least one processor, and
A memory communicatively coupled to the at least one processor, wherein,
The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the power monitoring system-based network security assessment method according to any one of claims 1 to 9.
CN202510125978.9A 2025-01-27 2025-01-27 Network security assessment method and device based on power monitoring system Active CN119561866B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510125978.9A CN119561866B (en) 2025-01-27 2025-01-27 Network security assessment method and device based on power monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510125978.9A CN119561866B (en) 2025-01-27 2025-01-27 Network security assessment method and device based on power monitoring system

Publications (2)

Publication Number Publication Date
CN119561866A CN119561866A (en) 2025-03-04
CN119561866B true CN119561866B (en) 2025-04-08

Family

ID=94745174

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510125978.9A Active CN119561866B (en) 2025-01-27 2025-01-27 Network security assessment method and device based on power monitoring system

Country Status (1)

Country Link
CN (1) CN119561866B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116405267A (en) * 2023-03-16 2023-07-07 杭州安恒信息技术股份有限公司 A flow anomaly detection method, device, equipment and medium
CN116433009A (en) * 2023-03-08 2023-07-14 广东电网有限责任公司 Abnormality monitoring method, device and storage medium for substation equipment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7761923B2 (en) * 2004-03-01 2010-07-20 Invensys Systems, Inc. Process control methods and apparatus for intrusion detection, protection and network hardening
CN117692345B (en) * 2024-02-01 2024-06-11 山东厚普信息技术有限公司 IT operation method and system based on artificial intelligence
CN118890299B (en) * 2024-09-23 2025-01-10 龙岩学院 A natural resource intelligent monitoring method and system
CN119210859A (en) * 2024-09-29 2024-12-27 沈阳工业大学 A network security model comprehensive evaluation system and evaluation method
CN119316368A (en) * 2024-09-29 2025-01-14 北京戎恒技术发展有限公司 Dynamic flow scheduling method and system based on network configuration
CN119232490B (en) * 2024-11-29 2025-03-28 富盛科技股份有限公司 Network traffic anomaly monitoring method and device based on BiLSTM-Att network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116433009A (en) * 2023-03-08 2023-07-14 广东电网有限责任公司 Abnormality monitoring method, device and storage medium for substation equipment
CN116405267A (en) * 2023-03-16 2023-07-07 杭州安恒信息技术股份有限公司 A flow anomaly detection method, device, equipment and medium

Also Published As

Publication number Publication date
CN119561866A (en) 2025-03-04

Similar Documents

Publication Publication Date Title
CN117408162B (en) Power grid fault control method based on digital twin
CN112799898B (en) Interconnection system fault node positioning method and system based on distributed fault detection
CN118211493B (en) A method for constructing a digital twin model of a substation based on quantum computing
CN119814479A (en) A railway data asset security monitoring and risk warning method and system
CN117155703B (en) Network security test evaluation system and method
CN119021755B (en) Fireproof early warning monitoring system and fireproof method for coal face
CN108650139A (en) A kind of powerline network monitoring system
CN119625954A (en) SCL on-site safety accident analysis and early warning methods, systems, media and program products
CN119675276B (en) Low-voltage power grid residual current monitoring and early warning system and method based on intelligent network
CN110007171A (en) The screening method and system of transformer online monitoring data false alarm
CN119916136A (en) A safety monitoring and early warning method for power system
CN117909890A (en) Multi-source heterogeneous data-oriented abnormal event time sequence association analysis method, equipment and storage medium
CN119494754A (en) A method and system for monitoring and warning abnormal environment in a smart power plant
JP6972429B1 (en) Plant management method and plant design equipment
CN118423130A (en) Wireless gas detection method and system for mining
CN116743503B (en) Health evaluation method based on industrial control asset
KR20130020265A (en) Method for anomaly detection using statistical process control
CN119561866B (en) Network security assessment method and device based on power monitoring system
CN119418504B (en) A multi-level active distribution network residual current early warning method and device
CN118656850B (en) Power grid equipment state identification method based on finite state machine
CN119171638B (en) Intelligent remote control-based electricity collection safety monitoring method
CN119835059A (en) Power plant network security quantitative analysis processing method and system based on big data
CN117576854B (en) An automatic alarm method and system based on security and fire protection integration
CN117150481A (en) Security threat situation assessment method and system for electric power cyber-physical fusion system
CN118761008B (en) Hydrogen leakage response method and related device based on decision tree

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant