Method, device and system for determining safety event of electric power monitoring system

A technology for system security and power monitoring, applied in electrical components, transmission systems, digital transmission systems, etc., can solve problems that are difficult to apply directly, and achieve the effect of reducing redundancy

Active Publication Date: 2019-09-06
STATE GRID CORP OF CHINA +6
View PDF6 Cites 37 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] It can be seen that the existing alarm preprocessing and alarm correlation security analysis methods are difficult to be directly applied under the current conditions, and need to be adjusted according to the data, environment and requirements of the power monitoring system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for determining safety event of electric power monitoring system
  • Method, device and system for determining safety event of electric power monitoring system
  • Method, device and system for determining safety event of electric power monitoring system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0055] Such as figure 1 Shown is the flow chart of the method for determining the security event of the power monitoring system in the embodiment of the present invention. The input is the original alarm of the power monitoring system. After preprocessing, an analyzable alarm log is formed, and then sent to the attack chain initial construction module to undergo aggregation and The attack chain is formed after traversal, but the attack chain at this time still contains a large number of unreasonable events, so it needs to be pruned and reduced by the post-processing module to form the final attack chain. Finally, in order to make the result more intuitive, we introduced Visualize, draw the interconnected attack chains into an attack graph, and the final output is an attack graph.

[0056] Specifically, the method for determining a security event of a power monitoring system in an embodiment of the present invention includes the following steps:

[0057] Step (1) Obtain an alarm log...

Embodiment 2

[0111] Based on the same inventive concept as Embodiment 1, an embodiment of the present invention provides a device for determining a security event of a power monitoring system, including:

[0112] The obtaining module is used to obtain the alarm log, and the alarm log contains several alarm records;

[0113] The modeling module is used to model the tree diagram of the alarm log based on the correlation between each alarm record to obtain the attack tree;

[0114] The aggregation processing module is used to obtain an initial attack chain set after performing aggregation processing on the attack tree;

[0115] The pruning module is used to prune each initial attack chain in the initial attack chain set to form a final attack chain set, and determine the security event of the power monitoring system.

[0116] The rest are the same as in Example 1.

Embodiment 3

[0118] Based on the same inventive concept as the embodiment 1, the embodiment of the present invention provides a system for determining a security event of a power monitoring system, which is characterized in that it includes:

[0119] A processor suitable for implementing instructions; and

[0120] The storage device is adapted to store a plurality of instructions, and the instructions are adapted to be loaded by a processor and execute the steps described in any one of Embodiment 1.

[0121] Those skilled in the art should understand that the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, this application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storag...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method, a device and a system for determining a safety event of an electric power monitoring system, and the method comprises the steps: obtaining an alarm log which comprises a plurality of alarm records; performing tree diagram modeling on the alarm logs based on the correlation among the alarm records, and constructing an attack tree; performing aggregation processingon the attack tree to obtain an initial attack chain set; and performing pruning and noise reduction on each initial attack chain in the initial attack chain set to form a final attack chain set, anddetermining a power monitoring system security event. According to the method, the alarm data of the power monitoring system can be automatically and effectively analyzed, the attack event is extracted and presented in a visual mode, a network administrator is helped to know the network security state, a security disposal measure can be conveniently and timely taken, and the security of a network,data, equipment and the like is guaranteed.

Description

Technical field [0001] The invention belongs to the technical field of power monitoring systems, and specifically relates to a method, device and system for determining safety events of the power monitoring system. Background technique [0002] The analysis of existing security events mainly includes alarm preprocessing and alarm correlation. Alarm preprocessing mainly includes false alarm removal and alarm aggregation. There are often a large number of false alarms in the alarms of security equipment. Therefore, in order to improve the accuracy of attack detection, the usual security analysis system will remove the low-level or false alarms considered by it. However, the production environment of the power system requires high reliability, and it is actually possible to remove the true alarm by removing false alarms. In alarm aggregation, the usual approach is to aggregate the source and destination IP of the same alarm content to form a super alarm, or aggregate alarm events ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/0631H04L41/069H04L63/1425H04L63/1441
Inventor 梁野邵立嵩王景张华金正平李莹蒋正威金学奇肖艳炜陈国恩张磊王跃强董宁徐浩王超任天宇王黎明
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap