Penetration testing method, device and computer equipment for power information system

By deploying sensing nodes in the power information system to collect link status parameters and using a software-defined network controller to dynamically adjust the flow control strategy, the problem of flow control not being suitable for complex network architectures in traditional penetration testing is solved. This achieves the matching of link flow and capacity, improving the security and efficiency of penetration testing.

CN122394927APending Publication Date: 2026-07-14SHENZHEN POWER SUPPLY BUREAU

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHENZHEN POWER SUPPLY BUREAU
Filing Date
2026-05-06
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Traditional penetration testing lacks scientific and dynamic adjustment of flow control, making it difficult to adapt to the complex and diverse needs of power information system network architecture, resulting in low security and efficiency of penetration testing.

Method used

By deploying sensing nodes in the test link to collect link status parameters, and using a software-defined network controller to dynamically adjust the traffic control strategy, the traffic threshold is adaptively determined based on the link capacity assessment results and test task parameters to ensure that the link traffic matches the capacity.

Benefits of technology

This improves the security and efficiency of penetration testing, avoids service interruptions or performance degradation caused by test traffic exceeding link capacity, and ensures the network security of the power information system.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394927A_ABST
    Figure CN122394927A_ABST
Patent Text Reader

Abstract

The application relates to a penetration testing method, device and computer equipment of a power information system. The method comprises the following steps: in the case that a penetration testing task of a power information system is received, a test target and a test task parameter are acquired, a test link between a test source and the test target is determined, and a link state parameter is collected by a sensing node arranged in the test link; a link capacity evaluation result is determined according to the link state parameter; a flow threshold is determined according to the link capacity evaluation result and the test task parameter; the flow threshold is sent to a software-defined network controller to instruct the software-defined network controller to determine a flow control strategy according to the flow threshold; and the flow control strategy sent by the software-defined network controller is received, and the test target is subjected to penetration testing according to the flow control strategy. The method can solve the problem that link flow and link capacity are not matched, improve the safety and efficiency of penetration testing, and guarantee the network safety of the power information system.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of power information system technology, and in particular to a penetration testing method, apparatus and computer equipment for power information systems. Background Technology

[0002] With the accelerating pace of digital transformation, cybersecurity in power information systems has become a crucial cornerstone for safeguarding critical national infrastructure, core business operations, and personal information security. Cybersecurity test ranges, as core platforms simulating real-world network environments for security testing, attack and defense drills, and talent development, directly determine the quality of cybersecurity protection system construction based on their testing capabilities. Penetration testing is one of the most critical testing methods in cybersecurity test ranges. By simulating actual hacker attack paths to uncover system vulnerabilities, this step is also a key component in assessing the cybersecurity status.

[0003] In traditional penetration testing, flow control has lacked a scientific and dynamic adjustment method, which has become a major bottleneck restricting the effectiveness and security of testing. However, the network architecture of power information systems is rapidly evolving towards cloud-native and distributed architectures, with increasingly complex link topologies and greater fluctuations in link capacity across different regions and time periods. Traditional static flow control schemes are ill-suited to the diverse needs of penetration testing scenarios. More importantly, national critical information infrastructure and power information systems have set higher standards for the security and efficiency of penetration testing. Therefore, there is an urgent need for a method that can improve the security and efficiency of penetration testing. Summary of the Invention

[0004] Therefore, it is necessary to provide a penetration testing method, apparatus, computer equipment, computer-readable storage medium, and computer program product for power information systems to address the aforementioned technical problems. This method can solve the problem of mismatch between link traffic and link capacity, improve the security and efficiency of penetration testing, and ensure the network security of power information systems.

[0005] Firstly, this application provides a penetration testing method for a power information system, including:

[0006] Upon receiving a penetration testing task for a power information system, obtain the test objectives and test task parameters, including test type, task priority, and system sensitivity.

[0007] Determine the test link between the test source and the test target, and collect link status parameters by deploying sensing nodes in the test link; the link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters;

[0008] The link capacity assessment results are determined based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters.

[0009] Determine the traffic threshold based on the link capacity assessment results, task priority, test type, and system sensitivity;

[0010] Send the traffic threshold to the software-defined network controller to instruct the software-defined network controller to determine the traffic control policy based on the traffic threshold;

[0011] Receive traffic control policies sent by the software-defined network controller, and perform penetration testing on the test target according to the traffic control policies.

[0012] In one embodiment, the link capacity assessment result is determined based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters, including:

[0013] Determine the bandwidth carrying capacity based on bandwidth-related parameters;

[0014] Determine the delay constraint capability based on delay-related parameters;

[0015] Determine the reliability support capability based on reliability-related parameters and connection-related parameters;

[0016] The link capacity assessment results are determined based on bandwidth carrying capacity, latency constraints, and reliability support capabilities.

[0017] In one embodiment, the link capacity assessment result is determined based on bandwidth carrying capacity, latency constraint capacity, and reliability support capacity, including:

[0018] The reference link capacity assessment results are determined based on bandwidth carrying capacity, latency constraints, and reliability support capabilities.

[0019] Obtain the link capacity assessment result from the previous moment;

[0020] Based on the link capacity assessment results from the previous moment and the preset smoothing factor, the reference link capacity assessment results are smoothed to obtain the link capacity assessment results.

[0021] In one embodiment, a traffic threshold is determined based on link capacity assessment results, task priority, test type, and system sensitivity, including:

[0022] Determine the basic traffic threshold based on the link capacity assessment results and task priorities;

[0023] Based on the test type and system sensitivity, the basic traffic threshold is adjusted to obtain the traffic threshold.

[0024] In one embodiment, the basic traffic threshold is modified according to the test type and system sensitivity to obtain the traffic threshold, including:

[0025] Based on the system sensitivity, a basic coefficient is determined, and the basic flow threshold is corrected based on the basic coefficient to obtain the first corrected threshold;

[0026] The first correction threshold is adjusted according to the test type to obtain the second correction threshold;

[0027] The flow threshold is determined based on the second correction threshold.

[0028] In one embodiment, determining the flow threshold based on a second correction threshold includes:

[0029] Obtain link capacity assessment results at multiple time points;

[0030] The average link capacity assessment value is determined based on the link capacity assessment results at multiple time points.

[0031] The link status fluctuation coefficient is determined based on the average link capacity assessment.

[0032] The traffic threshold is determined based on the fluctuation range of the link state fluctuation coefficient and the second correction threshold.

[0033] In one embodiment, the penetration testing method for power information systems further includes:

[0034] Collect target link status parameters during the penetration testing process;

[0035] Determine the target link capacity assessment result based on the target link status parameters;

[0036] The traffic threshold is adjusted based on the target link capacity assessment results to obtain the adjusted traffic threshold; the adjusted traffic threshold is used for penetration testing.

[0037] In one embodiment, the penetration testing method for power information systems further includes:

[0038] Display the link status parameters of the test link, and display status warning information when the link status parameters exceed the preset threshold.

[0039] Secondly, this application also provides a penetration testing device for a power information system, comprising:

[0040] The acquisition module is used to acquire the test target and test task parameters when a penetration test task is received from the power information system. The test task parameters include test type, task priority and system sensitivity.

[0041] The perception module is used to determine the test link between the test source and the test target. It collects link status parameters by deploying perception nodes in the test link. The link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters.

[0042] The first determining module is used to determine the link capacity assessment result based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connection-related parameters.

[0043] The second determination module is used to determine the traffic threshold based on the link capacity assessment results, task priority, test type, and system sensitivity.

[0044] The control module is used to send traffic thresholds to the software-defined network controller to instruct the software-defined network controller to determine the traffic control policy based on the traffic thresholds;

[0045] The testing module is used to receive traffic control policies sent by the software-defined network controller and perform penetration testing on the test target according to the traffic control policies.

[0046] Thirdly, this application also provides a computer device, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to perform the following steps:

[0047] Upon receiving a penetration testing task for a power information system, obtain the test objectives and test task parameters, including test type, task priority, and system sensitivity.

[0048] Determine the test link between the test source and the test target, and collect link status parameters by deploying sensing nodes in the test link; the link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters;

[0049] The link capacity assessment results are determined based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters.

[0050] Determine the traffic threshold based on the link capacity assessment results, task priority, test type, and system sensitivity;

[0051] Send the traffic threshold to the software-defined network controller to instruct the software-defined network controller to determine the traffic control policy based on the traffic threshold;

[0052] Receive traffic control policies sent by the software-defined network controller, and perform penetration testing on the test target according to the traffic control policies.

[0053] Fourthly, this application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, performs the following steps:

[0054] Upon receiving a penetration testing task for a power information system, obtain the test objectives and test task parameters, including test type, task priority, and system sensitivity.

[0055] Determine the test link between the test source and the test target, and collect link status parameters by deploying sensing nodes in the test link; the link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters;

[0056] The link capacity assessment results are determined based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters.

[0057] Determine the traffic threshold based on the link capacity assessment results, task priority, test type, and system sensitivity;

[0058] Send the traffic threshold to the software-defined network controller to instruct the software-defined network controller to determine the traffic control policy based on the traffic threshold;

[0059] Receive traffic control policies sent by the software-defined network controller, and perform penetration testing on the test target according to the traffic control policies.

[0060] Fifthly, this application also provides a computer program product, including a computer program that, when executed by a processor, performs the following steps:

[0061] Upon receiving a penetration testing task for a power information system, obtain the test objectives and test task parameters, including test type, task priority, and system sensitivity.

[0062] Determine the test link between the test source and the test target, and collect link status parameters by deploying sensing nodes in the test link; the link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters;

[0063] The link capacity assessment results are determined based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters.

[0064] Determine the traffic threshold based on the link capacity assessment results, task priority, test type, and system sensitivity;

[0065] Send the traffic threshold to the software-defined network controller to instruct the software-defined network controller to determine the traffic control policy based on the traffic threshold;

[0066] Receive traffic control policies sent by the software-defined network controller, and perform penetration testing on the test target according to the traffic control policies.

[0067] The aforementioned penetration testing methods, devices, computer equipment, computer-readable storage media, and computer program products for power information systems, upon receiving a penetration testing task from a power information system, acquire the test target and test task parameters, including test type, task priority, and system sensitivity. They determine the test link between the test source and the test target, and collect link status parameters (including bandwidth-related, latency-related, reliability-related, and connectivity-related parameters) by deploying sensing nodes along the test link. Based on these parameters, they determine the link capacity assessment result. Thus, by assessing the link capacity using multiple sensing link status parameters, they can accurately determine the load capacity of the test link. Traffic capacity; based on link capacity assessment results, task priority, test type, and system sensitivity, a traffic threshold is determined. This adaptive determination of a traffic threshold that matches the link capacity, based on the link capacity assessment results and combined with the test task parameters of the penetration test, ensures that the link traffic matches the link capacity. The traffic threshold is sent to the software-defined network controller (SDN) to instruct the SDN to determine a traffic control policy based on the traffic threshold. The system receives the traffic control policy sent by the SDN and performs penetration testing on the test target according to the traffic control policy. In this way, by constraining the test traffic through the traffic threshold, the test traffic is prevented from exceeding the link's capacity capacity, preventing service interruptions or performance degradation of the test target, improving the security and efficiency of penetration testing, and helping to ensure the network security of the power information system. Attached Figure Description

[0068] To more clearly illustrate the technical solutions in the embodiments of this application or related technologies, the drawings used in the description of the embodiments of this application or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0069] Figure 1 This is a diagram illustrating the application environment of a penetration testing method for a power information system in one embodiment.

[0070] Figure 2 This is a flowchart illustrating a penetration testing method for a power information system in one embodiment;

[0071] Figure 3This is a flowchart illustrating the steps for determining the link capacity assessment result in one embodiment;

[0072] Figure 4 This is a schematic diagram of the test progress management interface in one embodiment;

[0073] Figure 5 This is a schematic diagram of the overall process of a penetration testing method for a power information system in one embodiment;

[0074] Figure 6 This is a structural block diagram of a penetration testing device for a power information system in one embodiment;

[0075] Figure 7 This is an internal structural diagram of a computer device in one embodiment. Detailed Implementation

[0076] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.

[0077] It should be noted that the terms "first," "second," etc., used in this application can be used to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish the first element from the second element. The terms "comprising" and "having," and any variations thereof, used in this application, are intended to cover non-exclusive inclusion. The term "multiple" used in this application refers to two or more. The term "and / or" used in this application refers to one of the embodiments, or any combination of multiple embodiments.

[0078] The penetration testing method for power information systems provided in this application can be applied to, for example... Figure 1The application environment is shown. Test terminal 101 is connected to sensing node 102 and flow control device 103 via a network. For example, the sensing nodes include core sensing nodes, edge sensing nodes, and a data processing center. Core sensing nodes: Utilizing industrial-grade network monitoring equipment, deployed next to the core switch in the test range, accessing the network via a gigabit Ethernet port, supporting protocols such as SNMPv3 and NetFlowv9 for data collection. Edge sensing nodes: Employing lightweight monitoring terminals, deployed on the test target, test terminal 101, and intermediate nodes of the link, supporting dual-mode access of Wi-Fi 6 and gigabit Ethernet, collecting local link parameters through tools such as TCP / UDP probing and ICMPping. Data processing center: Employing a server cluster (e.g., 3 node servers), using a load balancer to distribute the load between data reception and processing, ensuring real-time performance for large-scale data processing. The flow control device 103 is deployed in the network link between the test terminal 101 and the test target (not shown), including a software-defined network controller (such as one that supports the OpenFlow 1.3 protocol) and a flow forwarding device (such as an OpenFlow switch). The software-defined network controller is used to receive flow thresholds and control the flow forwarding device to implement flow rate limiting and scheduling. Taking test terminal 101 as an example, when test terminal 101 receives a penetration test task from a power information system, it acquires the test target and test task parameters, including test type, task priority, and system sensitivity. It determines the test link between the test source and the test target by collecting link status parameters through sensing nodes 102 deployed in the test link. These link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connection-related parameters. Based on these parameters, it determines the link capacity assessment result. Based on the link capacity assessment result, task priority, test type, and system sensitivity, it determines a traffic threshold. The traffic threshold is sent to the software-defined network controller (SDN) in the traffic control device 103 to instruct the SDN to determine a traffic control strategy based on the traffic threshold. Finally, it receives the traffic control strategy sent by the SDN and performs penetration testing on the test target according to the traffic control strategy.

[0079] In one exemplary embodiment, such as Figure 2 As shown, a penetration testing method for a power information system is provided, which is then applied to... Figure 1 Taking test terminal 101 as an example, the explanation includes the following steps 201 to 206. Wherein:

[0080] Step 201: Upon receiving a penetration testing task for the power information system, obtain the test target and test task parameters, including test type, task priority, and system sensitivity.

[0081] Penetration testing refers to the process of simulating actual hacker attack paths to uncover system vulnerabilities, used to assess the network security status of power information systems. In some embodiments, the test terminal has a human-computer interaction interface (HCI) that generates a penetration testing task in response to a user's creation of the task. The penetration testing task is then parsed to obtain the test target and test task parameters. The test target refers to the power information system to be tested, and can be represented by an IP address or network segment.

[0082] Test task parameters include, but are not limited to, test type, task priority, and system sensitivity. Test type This includes, but is not limited to, vulnerability scanning, privilege escalation, lateral movement, and data extraction; different test types have different traffic requirements. Task priority can be categorized as high, medium, or low. Higher task priority means a traffic threshold closer to the link capacity. System sensitivity indicates the test target's sensitivity to traffic and can include core systems, important systems, and general systems. Core systems have higher system sensitivity than important systems, and important systems have higher sensitivity than general systems. Higher system sensitivity means a lower traffic threshold to avoid impacting system operation.

[0083] Step 202: Determine the test link between the test source and the test target, and collect link status parameters by deploying sensing nodes in the test link; the link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters.

[0084] In this context, the test source refers to the testing device that provides penetration testing traffic. The penetration testing traffic generated by the test source can include data packets for vulnerability scanning, exploitation, and brute-force attacks. The test target is the object of the penetration test. The complete path from the test source, through various intermediate network devices (such as routers, switches, firewalls, load balancers, etc.), to the test target is called the test link. The test link is the traffic channel for the penetration test, and its quality directly affects the efficiency and security of the penetration test.

[0085] Sensing nodes are deployed at key locations in the test link, such as the source exit, intermediate node bypass, and before the target entry. These sensing nodes are used to collect link status parameters in real time.

[0086] Link status parameters describe the state of the test link and include bandwidth-related, latency-related, reliability-related, and connectivity-related parameters. For example, bandwidth-related parameters include the total link bandwidth (…). (unit: Mbps) available bandwidth ( (unit: Mbps), bandwidth utilization ( )wait.

[0087] Latency-related parameters include one-way latency ( (unit: milliseconds) latency jitter (unit: milliseconds), etc.

[0088] Reliability-related parameters include packet loss rate ( =Number of lost data packets / Total number of data packets sent × 100%), Link bit error rate ( = (Number of erroneous data packets / Total number of received data packets × 100%), etc.

[0089] Connection-related parameters include connection success rate ( =Number of successfully established connections / Number of attempted connections × 100%, Concurrent connections ( )wait.

[0090] Optionally, the acquisition period can be dynamically adjusted according to the test link status. When the test link status is stable, the acquisition period can be set to a first preset duration, such as 5 seconds. When the test link status is unstable (i.e., fluctuates greatly, such as bandwidth utilization rate changes by more than 10%), the acquisition period can be shortened to a second preset duration, such as 1 second. The first preset duration is longer than the second preset duration.

[0091] Optionally, multi-protocol collaborative collection of link status parameters can be adopted, such as integrating protocols such as SNMPv3, NetFlowv9, sFlow, and TCPBBR, to ensure the comprehensiveness and accuracy of data collection. Among them, SNMPv3 is used for device status collection, NetFlowv9 is used for traffic statistics, and TCPBBR is used for link bandwidth estimation.

[0092] Optionally, the collected data is transmitted to the data processing center via an encrypted tunnel (such as AES-256 encryption) to ensure the security and integrity of the data transmission process.

[0093] Step 203: Determine the link capacity assessment result based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters.

[0094] The capacity of the test link is evaluated using various link state parameters to obtain the link capacity evaluation result. The first evaluation metric can be determined based on bandwidth-related parameters, the second based on latency-related parameters, and the third based on reliability-related and connectivity-related parameters. The link capacity evaluation result is determined based on any one, two, or all three of these evaluation metrics.

[0095] The three evaluation metrics can be weighted, and the weighted result can be used as the link capacity evaluation result.

[0096] You can query the preset mapping relationship to determine the link capacity assessment result that matches the three evaluation indicators.

[0097] The link capacity assessment results are used to indicate the maximum penetration test traffic that the test link between the test source and the test target can securely carry.

[0098] In some embodiments, the raw link status parameters collected contain noise, outliers, and redundancy information, which need to be preprocessed to improve data quality and provide reliable input for subsequent capacity assessment and algorithm calculation.

[0099] Optionally, the link state parameters (including bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connection-related parameters) are preprocessed to obtain preprocessed link state parameters (including preprocessed bandwidth-related parameters, preprocessed latency-related parameters, preprocessed reliability-related parameters, and preprocessed connection-related parameters). The link capacity assessment result is determined based on the preprocessed link state parameters.

[0100] Optionally, preprocessing may include at least one of data cleaning, data standardization, and feature extraction.

[0101] Data cleaning may include at least one of outlier detection and removal, and missing value imputation. Outlier detection and removal: can be based on... The principle of outlier detection methods is to calculate the mean for each parameter sequence X. with standard deviation It will exceed Data within the specified range is identified as outliers and removed. Missing value imputation: For missing values ​​less than the first preset ratio (e.g., 5%), linear interpolation is used for imputation; for missing values ​​less than the second preset ratio (e.g., 15%), a time-series prediction model based on LSTM is used for imputation; for missing values ​​greater than or equal to the second preset ratio (e.g., 15%), the sensing node is triggered to re-collect link status parameters.

[0102] Data standardization refers to transforming link parameters with different dimensions to the same range, eliminating the impact of dimensional differences on subsequent calculations. The Min-Max standardization method can be used.

[0103]

[0104] in, These are link state parameters. This represents the minimum value of the link state parameters. This represents the maximum value of the link state parameters. These are the standardized link state parameters, ranging from [0,1].

[0105] Feature extraction refers to extracting key features reflecting link capacity from link state parameters, including static and dynamic features. Static features may include link physical bandwidth, link type (wired / wireless), network topology location (core / access layer), etc. Dynamic features may include bandwidth utilization rate (…). T is the time interval), and the time delay stability coefficient ( ), cumulative packet loss rate ( )wait.

[0106] The following explanation uses preprocessing, including data cleaning, data standardization, and feature extraction, as an example. Data cleaning is performed on the link state parameters to obtain cleaned link state parameters; the cleaned link state parameters are then standardized to obtain standardized link state parameters; features are extracted from the standardized link state parameters, and the results are used as the preprocessed link state parameters. Based on the preprocessed link state parameters, the link capacity assessment result is determined.

[0107] Step 204: Determine the traffic threshold based on the link capacity assessment results, task priority, test type, and system sensitivity.

[0108] The process involves determining a traffic threshold based on link capacity assessment results and test task parameters. The link capacity assessment results are compared to a preset capacity threshold (e.g., 5 Mbps). If the link capacity assessment result is lower than the preset threshold, the penetration test task is stopped, and a network link unavailable message is generated. If the link capacity assessment result is not lower than the preset threshold, a basic traffic threshold is determined based on the link capacity assessment results and task priority. This basic traffic threshold is then adjusted using the test type and system sensitivity, and the resulting value is used as the traffic threshold.

[0109] The basic traffic threshold can be adjusted according to the system sensitivity to obtain the first adjusted threshold. The first adjusted threshold can be adjusted according to the test type to obtain the second adjusted threshold. The traffic threshold can be obtained according to the second adjusted threshold.

[0110] Traffic thresholds indicate the upper limit of test traffic. If test traffic exceeds the network link's traffic threshold, it can easily cause link congestion, spike latency, and in severe cases, even lead to service interruption of the target system, resulting in business losses. If test efficiency is low, and the preset proportion of test traffic is far below the traffic threshold, network resources will not be fully utilized, the vulnerability discovery cycle will be prolonged, and it will be difficult to meet the high requirements for test timeliness.

[0111] Step 205: Send the traffic threshold to the software-defined network controller to instruct the software-defined network controller to determine the traffic control policy based on the traffic threshold.

[0112] The process involves sending traffic thresholds to the software-defined network controller (SDN) to determine the traffic control policy. Optionally, the SDN determines the traffic control policy based on the priorities and traffic thresholds of multiple sub-modules within the penetration testing task. Higher-priority sub-tasks (such as vulnerability verification) receive bandwidth resources first.

[0113] Optionally, the software-defined network controller uses the token bucket algorithm to set the token generation rate as a traffic threshold, limiting the maximum sending rate of test traffic.

[0114] Optionally, the software-defined network controller smooths the test traffic based on a traffic threshold to ensure that the test traffic remains within the threshold range. A leaky bucket algorithm can be used to suppress traffic spikes.

[0115] Step 206: Receive the traffic control policy sent by the software-defined network controller, and perform penetration testing on the test target according to the traffic control policy.

[0116] In this process, the traffic control policy is sent to the traffic forwarding device, which then controls the traffic forwarding device to limit and schedule the traffic rate according to the traffic control policy, thereby enabling penetration testing of the target.

[0117] In the aforementioned penetration testing method for power information systems, upon receiving a penetration testing task from the power information system, the test target and test task parameters are obtained. These parameters include test type, task priority, and system sensitivity. The test link between the test source and the test target is determined. Link status parameters, including bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters, are collected by sensing nodes deployed along the test link. Based on these parameters, the link capacity assessment result is determined. Thus, by assessing the link capacity using multiple sensing link status parameters, the traffic capacity that the test link can carry can be accurately determined. Based on the link capacity assessment... Based on the results, task priorities, test types, and system sensitivity, a traffic threshold is determined. This method, grounded in link capacity assessment results and combined with the test task parameters of the penetration test, adaptively determines a traffic threshold that matches the link capacity, ensuring that link traffic matches link capacity. The traffic threshold is then sent to the software-defined network controller (SDN) to instruct the SDN to determine a traffic control policy based on the threshold. Upon receiving the traffic control policy from the SDN, the penetration test is performed on the target according to the policy. In this way, by constraining test traffic through traffic thresholds, test traffic is prevented from exceeding the link's capacity capacity, thus preventing service interruptions or performance degradation of the target, improving the security and efficiency of penetration testing, and contributing to the network security of the power information system.

[0118] In an exemplary embodiment, determining the link capacity assessment result based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters includes: determining bandwidth carrying capacity based on bandwidth-related parameters; determining latency constraint capacity based on latency-related parameters; determining reliability support capacity based on reliability-related parameters and connectivity-related parameters; and determining the link capacity assessment result based on bandwidth carrying capacity, latency constraint capacity, and reliability support capacity.

[0119] Among them, bandwidth carrying capacity The maximum rate at which the test link transmits data is determined based on bandwidth-related parameters, such as available bandwidth. With bandwidth utilization Confirmed, the formula is as follows:

[0120]

[0121] Where α represents the bandwidth utilization impact coefficient (value range [0.3, 0.7], which can be adaptively adjusted according to the link type, for example, 0.3 for wired links and 0.7 for wireless links).

[0122] Delay constraint capability Used to indicate the traffic carrying capacity of a test link within an acceptable latency range, determined based on latency-related parameters, such as one-way latency. With latency jitter The calculation is performed using the following formula:

[0123]

[0124] in, The maximum physical bandwidth of the link is β, and the delay impact coefficient is β (e.g., a value of β is used). ).

[0125] Reliability support capability This indicator is used to demonstrate the traffic carrying capacity of a test link under conditions of low packet loss rate and high connection success rate. It is determined based on reliability-related parameters and connection-related parameters, such as packet loss rate. and connection success rate The calculation is performed using the following formula:

[0126]

[0127] Where γ is the packet loss rate impact coefficient (e.g., a value of 1.5), and δ is the connection success rate correction coefficient (e.g., a value range of [0.8, 1.0], where 1.0 is taken when R_conn≥95% and 0.8 is taken when R_conn<80%).

[0128] It can be based on three evaluation indicators ( , , The link capacity assessment result can be determined by any one, two, or three of the following:

[0129] The three evaluation metrics can be weighted, and the weighted result can be used as the link capacity evaluation result.

[0130] You can query the preset mapping relationship to determine the link capacity assessment result that matches the three evaluation indicators.

[0131] The three evaluation metrics can be weighted and the weighted result can be used as the reference link capacity evaluation result. The reference link capacity evaluation result can be smoothed to obtain the link capacity evaluation result.

[0132] In some embodiments, such as Figure 3As shown, the link capacity assessment result is determined based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters. This includes: preprocessing various link state parameters to obtain preprocessed link state parameters, including preprocessed bandwidth-related parameters, preprocessed latency-related parameters, preprocessed reliability-related parameters, and preprocessed connectivity-related parameters; determining three-dimensional indicators based on the preprocessed link state parameters, including bandwidth carrying capacity, latency constraint capacity, and reliability support capacity; calculating the weights of each of the three-dimensional indicators using AHP; and weighted summing the three-dimensional indicators according to their respective weights to obtain the link capacity assessment result.

[0133] In this embodiment, by defining bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters as three-dimensional indicators, the test link's capabilities are evaluated from multiple parameter dimensions. The link capacity evaluation results are determined using the three-dimensional indicators, which can improve the accuracy of the link capacity evaluation.

[0134] In an exemplary embodiment, determining the link capacity assessment result based on bandwidth carrying capacity, latency constraint capability, and reliability support capability includes: determining a reference link capacity assessment result based on bandwidth carrying capacity, latency constraint capability, and reliability support capability; obtaining the link capacity assessment result at the previous moment; and smoothing the reference link capacity assessment result based on the link capacity assessment result at the previous moment and a preset smoothing factor to obtain the link capacity assessment result.

[0135] Specifically, the reference link capacity assessment result is determined based on the three-dimensional indicators, and the reference link capacity assessment result is smoothed based on the link capacity assessment result of the previous moment to obtain the link capacity assessment result.

[0136] For example, a weighted summation method can be used to calculate the reference link capacity assessment result. The weighting coefficients can be determined using the Analytic Hierarchy Process (AHP), as shown in the following formula:

[0137]

[0138] in, The weights for bandwidth carrying capacity, latency constraint capacity, and reliability support capacity are respectively, satisfying... Default weights are determined through AHP analysis, for example, in wired links: Wireless link: Users can customize and adjust it according to their testing needs.

[0139] In some embodiments, the link capacity assessment result is updated every preset time interval (e.g., 1 second). A smoothing factor (λ=0.8) is introduced during the update process to avoid sudden changes in the link capacity assessment result due to fluctuations in link status. Taking the current time as time t as an example, the calculation formula is as follows:

[0140]

[0141] in, This represents the link capacity assessment result at the current moment. This is the link capacity assessment result from the previous moment. This is the reference link capacity assessment result at the current moment.

[0142] In this embodiment, the reference link capacity assessment result is determined by three-dimensional indicators, and then the reference link capacity assessment result is smoothed based on the link capacity assessment result at the previous moment, which can avoid sudden changes in the link capacity assessment result due to link state fluctuations.

[0143] In an exemplary embodiment, determining a traffic threshold based on link capacity assessment results, task priority, test type, and system sensitivity includes: determining a basic traffic threshold based on link capacity assessment results and task priority; and modifying the basic traffic threshold based on test type and system sensitivity to obtain the traffic threshold.

[0144] The basic traffic threshold can be calculated based on the link capacity assessment result and the task priority. For example, the product of the link capacity assessment result and the task priority can be used as the basic traffic threshold.

[0145] The basic traffic threshold can be modified based on the test type and system sensitivity to obtain the traffic threshold. For example, the basic traffic threshold can be modified according to system sensitivity to obtain a first modified threshold; the first modified threshold can be modified according to the test to obtain a second modified threshold; and the traffic threshold can be determined based on the second modified threshold.

[0146] In this embodiment, a basic traffic threshold is determined based on the link capacity assessment results and task priorities. Then, the basic traffic threshold is modified using the test type and system sensitivity to ensure that the traffic threshold meets the requirements of the penetration test task and the sensitivity of the test target. Furthermore, it avoids link traffic exceeding link capacity, ensuring that link traffic matches link capacity, improving the security and efficiency of penetration testing, and guaranteeing the network security of the power information system.

[0147] In an exemplary embodiment, the basic traffic threshold is modified according to the test type and system sensitivity to obtain a traffic threshold, including: determining a basic coefficient according to the system sensitivity; modifying the basic traffic threshold according to the basic coefficient to obtain a first modified threshold; modifying the first modified threshold according to the test type to obtain a second modified threshold; and determining the traffic threshold according to the second modified threshold.

[0148] Among them, the correction of the basic flow threshold by the system sensitivity can be achieved by converting the system sensitivity into a basic coefficient, and then using the basic coefficient to correct the basic flow threshold to obtain the first correction threshold.

[0149] Optionally, the base coefficients corresponding to the system sensitivity are determined based on a preset mapping relationship between system sensitivity and base coefficients. This mapping relationship is obtained through historical test calibration.

[0150] Optionally, the basic coefficients are determined based on the range of values ​​for the basic coefficients and the system sensitivity. For example, multiple values ​​of different magnitudes are taken within the range of values ​​for the basic coefficients, and the three different values ​​are determined in ascending order of system sensitivity to be the basic coefficients corresponding to each system sensitivity.

[0151] For example, the basic coefficient k ranges from [0.6, 0.9], with k=0.6 for the core system, k=0.75 for important systems, and k=0.9 for general systems.

[0152] For example, the first correction threshold The formula for determining it is as follows:

[0153]

[0154] in, For the link capacity assessment results, This determines the task priority.

[0155] The first correction threshold can be adjusted using a test type correction function based on the test type to obtain a second correction threshold. For example, the second correction threshold... The formula for determining it is as follows:

[0156]

[0157] Where, f( ) is a test type correction function.

[0158] For example, vulnerability scan type: f( ) = 1.0 (Requires stable traffic, no significant fluctuations); Privilege escalation type: f( = 0.9 (Medium traffic demand, sudden traffic surges should be avoided); Lateral movement type: f( = 0.85 (requires multi-node collaboration, traffic is distributed); Data extraction type: f( =0.8 (Stable transmission is required to avoid packet loss).

[0159] In some embodiments, the second correction threshold can be used as the traffic threshold, and the second correction threshold can be further modified to obtain the traffic threshold. For example, based on the link capacity assessment results at multiple time points, a link state fluctuation coefficient is determined, and the second correction threshold is modified based on the link state fluctuation coefficient to obtain the traffic threshold.

[0160] In this embodiment, the basic traffic threshold is corrected based on system sensitivity to obtain a first corrected threshold. Then, the first corrected threshold is further corrected using the test type. Through this double correction, the accuracy of the traffic threshold is ensured, making the traffic threshold meet the requirements of the penetration test task and the sensitivity of the test target. Furthermore, it avoids link traffic from exceeding link capacity, ensuring that link traffic matches link capacity, improving the security and efficiency of penetration testing, and guaranteeing the network security of the power information system.

[0161] In an exemplary embodiment, determining a traffic threshold based on a second correction threshold includes: obtaining link capacity assessment results at multiple time points; determining the average link capacity assessment based on the link capacity assessment results at multiple time points; determining a link state fluctuation coefficient based on the average link capacity assessment; and determining a traffic threshold based on the fluctuation range of the link state fluctuation coefficient and the second correction threshold.

[0162] The link capacity assessment results at multiple points in time can be from several historical points earlier than the current time. The average of the link capacity assessment results at multiple points in time is used to obtain the mean link capacity assessment.

[0163] Determine the link state fluctuation coefficient based on the average link capacity assessment. , can be represented as follows:

[0164]

[0165] Where n represents the link capacity assessment results at multiple time points. For example, n=5 represents the link capacity assessment results of the most recent 5 times. This is the average value for link capacity assessment.

[0166] The link state fluctuation coefficient is used to indicate the fluctuation of the test link capacity. Based on the fluctuation range of the link state fluctuation coefficient, the second correction range is adjusted differently to obtain traffic thresholds under multiple fluctuation ranges. .For example:

[0167] When ε < the first interval threshold (e.g., 0.05, indicating a stable link), the traffic threshold is: Where F0 is the first preset value, such as 0.1.

[0168] When the first interval threshold ≤ ε ≤ the second interval threshold (e.g., 0.05 ≤ ε ≤ 0.15, indicating slight link fluctuations), the traffic threshold is: .

[0169] When ε > the second interval threshold (e.g., 0.15, indicating severe link fluctuations), the traffic threshold is: For example, F1 is the second preset value, such as 10.2.

[0170] In some embodiments, a reference traffic threshold is determined based on the fluctuation range of the link state fluctuation coefficient and the second correction threshold, and the lower limit of the threshold is set ( ) and threshold upper limit ( The reference flow rate threshold that meets the threshold condition is used as the flow rate threshold. This can be expressed as: ≤ ≤ Optionally, =1Mbps (to ensure the test proceeds normally and avoid test interruption due to low traffic). =0.95× (To avoid traffic approaching the physical limit of the link, reserve buffer space).

[0171] In this embodiment, the link state fluctuation coefficient is obtained by statistically calculating the link capacity assessment results at multiple time points. The second correction threshold is then corrected according to the fluctuation range of the link state fluctuation coefficient to obtain the traffic threshold. This ensures that the traffic threshold matches the fluctuation of the link capacity, thus matching the link capacity with the link traffic.

[0172] In an exemplary embodiment, the penetration testing method for a power information system further includes: collecting target link status parameters during the penetration testing process; determining the target link capacity assessment result based on the target link status parameters; adjusting the traffic threshold based on the target link capacity assessment result to obtain the adjusted traffic threshold; and using the adjusted traffic threshold for penetration testing.

[0173] The process involves penetration testing of the target based on traffic control strategies. During this testing, link state parameters are re-collected to obtain the target link state parameters. These parameters include bandwidth-related, latency-related, reliability-related, and connectivity-related parameters. Based on these parameters, the target link capacity assessment result is determined, as detailed in step 203.

[0174] Based on the target link capacity assessment results, determine the changes in the test link status, including whether the test link status has deteriorated or is in good condition. Adjust the traffic threshold according to the changes in the test link status to obtain the adjusted traffic threshold.

[0175] For example, if the target link capacity assessment result indicates that the packet loss rate exceeds a packet loss rate threshold (e.g., 5%) or the latency exceeds a latency threshold (e.g., 100ms), it is determined that the test link status has deteriorated, triggering the traffic threshold reduction mechanism to lower the traffic threshold. Reduce the first preset percentage (e.g., 10%). If the target link capacity assessment results indicate that the packet loss rate does not exceed the packet loss rate threshold, the latency does not exceed the latency threshold, and the traffic utilization is lower than the utilization threshold (e.g., 80%), trigger the traffic threshold adjustment mechanism to raise the traffic threshold. Increase the second preset ratio (e.g., 5%) to ensure dynamic matching between link traffic and link capacity.

[0176] In some embodiments, penetration testing is performed using an adjusted traffic threshold. For example, the adjusted traffic threshold is sent to a software-defined network controller in a traffic control device to instruct the software-defined network controller to determine an adjusted traffic control policy based on the adjusted traffic threshold; the adjusted traffic control policy sent by the software-defined network controller is received, and penetration testing is performed on the test target based on the adjusted traffic control policy.

[0177] In this embodiment, the flow rate during the penetration test is adjusted by the flow control device based on the calculated flow threshold, and the real-time target link status parameters are updated. The flow threshold is then adjusted using the target link status parameters to achieve closed-loop optimization of the flow threshold and ensure dynamic matching between link flow and link capacity.

[0178] In an exemplary embodiment, the penetration testing method for a power information system further includes: displaying the link status parameters of the test link, and displaying status warning information when the link status parameters exceed a preset threshold.

[0179] The test terminal includes a human-computer interaction interface, which allows users to configure test task parameters, view test link status, and manually intervene, thus improving the system's ease of use.

[0180] Optionally, the human-computer interaction interface includes a link status monitoring interface, a traffic threshold configuration interface, and a test progress management interface.

[0181] For example, the link status monitoring interface displays the link status parameters of the test link, including bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connection-related parameters. Examples include bandwidth, latency, and packet loss rate. These parameters can be displayed intuitively in the form of charts, line graphs, or dashboards. Furthermore, status warning information can be displayed when link status parameters exceed preset thresholds. For instance, a packet loss rate exceeding 5% will be highlighted.

[0182] In some embodiments, the traffic threshold configuration interface allows users to set test task parameters, such as test type, task priority, and system sensitivity. It can also display the currently calculated traffic threshold and the traffic threshold at historical times. Furthermore, it allows users to manually modify the traffic threshold (the reason for modification must be entered, and the system records the operation log).

[0183] In some embodiments, the test progress management interface can display the penetration test progress, the number of vulnerabilities discovered, traffic usage, etc., and also supports pause, resume, and emergency stop functions (which immediately reduce traffic upon triggering). ).like Figure 4 The diagram shows a sample of the test progress management interface in some embodiments. The diagram displays the penetration test progress at 75%, the number of vulnerabilities discovered, and traffic utilization. Traffic utilization is highlighted for status alerts.

[0184] In some embodiments, after the user selects the test target and test task parameters, the system automatically completes link status parameter perception, capacity assessment, traffic threshold calculation and traffic control without complex configuration.

[0185] In some embodiments, after the penetration test is completed, the system generates a comprehensive report that includes link status parameters, traffic threshold adjustment records, vulnerability detection results, and risk assessment. The report can be exported in multiple formats, such as PDF and Excel.

[0186] In this embodiment, by displaying the link status parameters and status warning information of the test link, it is easy for test personnel to intuitively understand the penetration test situation and improve the system usability.

[0187] To illustrate the penetration testing methods and effects of the power information system in this solution in detail, the following is a detailed example:

[0188] The penetration testing method proposed in this application can be applied to power information systems, as well as various cloud environments such as enterprise internal networks, public clouds, private clouds, and hybrid clouds, IoT systems, web applications and mobile applications, critical infrastructure networks, and commercial applications of penetration testing service providers. The application to power information systems will be used as an example for illustration. Figure 5 The diagram shows the overall flow chart of the penetration testing method for a power information system in some embodiments.

[0189] Test Preparation: Set test task parameters and deploy awareness nodes. Link Status Awareness: Collect link status parameters, including key data such as bandwidth, latency, and packet loss rate. Data Preprocessing: Clear anomalies, fill in missing data, standardize data, and extract features. Link Capacity Assessment: Calculate three-dimensional metrics, including bandwidth, latency, and reliability, and weight them to obtain the link capacity assessment result. Traffic Threshold Calculation: Combine the link capacity assessment result with the test task parameters to calculate the final traffic threshold. Traffic Regulation: Use a software-defined network controller for traffic regulation to ensure traffic compliance. Penetration Testing Execution: Execute tests according to the traffic control policy, detect vulnerabilities, and monitor the target link status parameters in real time. Closed-Loop Feedback: Reduce traffic in abnormal states and increase the threshold in idle states, dynamically matching link capacity. Report Generation: Output a report containing link status parameters, traffic thresholds, vulnerability data, etc.

[0190] In some embodiments, the results of penetration testing are verified through system testing.

[0191] 1. Functional Testing: Link Status Awareness Test: Verify that the sensing nodes can comprehensively collect link status parameters, with a data collection accuracy of ≥99%. Capacity Assessment Test: Simulate different link states (normal / congested / fluctuating) and verify that the error between the link capacity assessment result and the actual link capacity is ≤5%. Threshold Calculation Test: Change the test task parameters (such as priority, type, sensitivity, or at least one of them) to verify the correctness of the traffic threshold calculation and its dynamic adjustment capability. Traffic Control Test: Verify that the system can control the test traffic within the Q_final range, with a traffic control accuracy of ≤1Mbps.

[0192] 2. Performance Testing: Real-time Testing: Verify that the total latency for link status acquisition, capacity assessment, threshold calculation, and traffic control is ≤2s. Concurrency Testing: Simulate 100 parallel test tasks to verify that the system can run stably without data loss or service interruption. Scalability Testing: Increase the number of sensing nodes (from 100 to 1000) to verify that the system's processing capacity can scale linearly.

[0193] 3. Security Testing: Data Transmission Security Testing: Verify the effectiveness of encrypted transmission of collected data and control commands to ensure that data is not eavesdropped on or tampered with. System Self-Security Testing: Conduct penetration testing on the system to verify that it has no high-risk vulnerabilities and possesses security mechanisms such as identity authentication and access control.

[0194] 4. Scenario Adaptability Testing: Testing on different link types: Tests will be conducted on wired links (Gigabit Ethernet), wireless links (Wi-Fi 6), and public network links (5G) to verify system adaptability. Testing on different test types: Vulnerability scanning, privilege escalation, lateral movement, and data extraction tests will be performed to verify the rationality of traffic threshold adjustments.

[0195] The aforementioned penetration testing method for power information systems, upon receiving a penetration testing task from a power information system, acquires the test target and test task parameters, including test type, task priority, and system sensitivity. It then determines the test link between the test source and the test target, and collects link status parameters (including bandwidth-related, latency-related, reliability-related, and connectivity-related parameters) by deploying sensing nodes along the test link. Based on these parameters, it determines the link capacity assessment result. Thus, by assessing the link capacity using multiple sensing link status parameters, it can accurately determine the traffic capacity that the test link can carry. Based on the results, task priorities, test types, and system sensitivity, a traffic threshold is determined. This method, grounded in link capacity assessment results and combined with the test task parameters of the penetration test, adaptively determines a traffic threshold that matches the link capacity, ensuring that link traffic matches link capacity. The traffic threshold is then sent to the software-defined network controller (SDN) to instruct the SDN to determine a traffic control policy based on the threshold. Upon receiving the traffic control policy from the SDN, the penetration test is performed on the target according to the policy. In this way, by constraining test traffic through traffic thresholds, test traffic is prevented from exceeding the link's capacity capacity, thus preventing service interruptions or performance degradation of the target, improving the security and efficiency of penetration testing, and contributing to the network security of the power information system.

[0196] It should be understood that although the steps in the flowcharts of the embodiments described above are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the embodiments described above may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages in other steps. It is understood that the steps in different embodiments can be freely combined as needed, and all non-contradictory solutions formed by such combinations are within the scope of protection of this application.

[0197] Based on the same inventive concept, this application also provides a penetration testing device for a power information system for implementing the penetration testing method for the power information system described above. The solution provided by this device is similar to the solution described in the above method. Therefore, the specific limitations of one or more penetration testing device embodiments for power information systems provided below can be found in the limitations of the penetration testing method for power information systems described above, and will not be repeated here.

[0198] In one exemplary embodiment, such as Figure 6 As shown, a penetration testing device 600 for a power information system is provided, comprising: an acquisition module 610, a sensing module 620, a first determination module 630, a second determination module 640, a control module 650, and a testing module 660, wherein:

[0199] The acquisition module 610 is used to acquire the test target and test task parameters when a penetration test task of a power information system is received. The test task parameters include test type, task priority and system sensitivity.

[0200] The sensing module 620 is used to determine the test link between the test source and the test target. It collects link status parameters by deploying sensing nodes in the test link. The link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters.

[0201] The first determining module 630 is used to determine the link capacity assessment result based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connection-related parameters.

[0202] The second determining module 640 is used to determine the traffic threshold based on the link capacity assessment results, task priority, test type and system sensitivity.

[0203] The control module 650 is used to send traffic thresholds to the software-defined network controller to instruct the software-defined network controller to determine a traffic control policy based on the traffic thresholds.

[0204] Test module 660 is used to receive traffic control policies sent by the software-defined network controller and perform penetration testing on the test target according to the traffic control policies.

[0205] The aforementioned penetration testing device for power information systems, upon receiving a penetration testing task from a power information system, acquires the test target and test task parameters, including test type, task priority, and system sensitivity. It then determines the test link between the test source and the test target. By deploying sensing nodes along the test link, it collects link status parameters, including bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters. Based on these parameters, it determines the link capacity assessment result. Thus, by assessing the link capacity using multiple sensing link status parameters, it can accurately determine the traffic capacity that the test link can carry. Based on the link capacity assessment... Based on the results, task priorities, test types, and system sensitivity, a traffic threshold is determined. This method, grounded in link capacity assessment results and combined with the test task parameters of the penetration test, adaptively determines a traffic threshold that matches the link capacity, ensuring that link traffic matches link capacity. The traffic threshold is then sent to the software-defined network controller (SDN) to instruct the SDN to determine a traffic control policy based on the threshold. Upon receiving the traffic control policy from the SDN, the penetration test is performed on the target according to the policy. In this way, by constraining test traffic through traffic thresholds, test traffic is prevented from exceeding the link's capacity capacity, thus preventing service interruptions or performance degradation of the target, improving the security and efficiency of penetration testing, and contributing to the network security of the power information system.

[0206] In one embodiment, the link capacity assessment result is determined based on bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connection-related parameters. The first determining module 630 is further configured to: determine bandwidth carrying capacity based on bandwidth-related parameters; determine latency constraint capacity based on latency-related parameters; determine reliability support capacity based on reliability-related parameters and connection-related parameters; and determine the link capacity assessment result based on bandwidth carrying capacity, latency constraint capacity, and reliability support capacity.

[0207] In one embodiment, the link capacity assessment result is determined based on bandwidth carrying capacity, latency constraint capability, and reliability support capability. The first determining module 630 is further configured to: determine a reference link capacity assessment result based on bandwidth carrying capacity, latency constraint capability, and reliability support capability; obtain the link capacity assessment result of the previous moment; and smooth the reference link capacity assessment result based on the link capacity assessment result of the previous moment and a preset smoothing factor to obtain the link capacity assessment result.

[0208] In one embodiment, a traffic threshold is determined based on the link capacity assessment results, task priority, test type, and system sensitivity. The second determining module 640 is further configured to: determine a basic traffic threshold based on the link capacity assessment results and task priority; and correct the basic traffic threshold based on the test type and system sensitivity to obtain the traffic threshold.

[0209] In one embodiment, the basic traffic threshold is corrected according to the test type and system sensitivity to obtain a traffic threshold. The second determining module 640 is further configured to: determine a basic coefficient according to the system sensitivity; correct the basic traffic threshold according to the basic coefficient to obtain a first corrected threshold; correct the first corrected threshold according to the test type to obtain a second corrected threshold; and determine the traffic threshold according to the second corrected threshold.

[0210] In one embodiment, a traffic threshold is determined based on a second correction threshold, and the second determining module 640 is further configured to: obtain link capacity assessment results at multiple time points; determine the average link capacity assessment based on the link capacity assessment results at multiple time points; determine the link state fluctuation coefficient based on the average link capacity assessment; and determine the traffic threshold based on the fluctuation range of the link state fluctuation coefficient and the second correction threshold.

[0211] In one embodiment, the penetration testing device 600 for the power information system further includes an adjustment module, which is used to: collect target link status parameters during the penetration test; determine the target link capacity assessment result based on the target link status parameters; adjust the traffic threshold based on the target link capacity assessment result to obtain the adjusted traffic threshold; and use the adjusted traffic threshold for penetration testing.

[0212] In one embodiment, the penetration testing device 600 for the power information system further includes a display module, which is used to: display the link status parameters of the test link, and display status warning information when the link status parameters exceed a preset threshold.

[0213] Each module in the aforementioned penetration testing device for power information systems can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in a computer device, or stored in the computer device's memory as software, so that the processor can call and execute the corresponding operations of each module.

[0214] In one exemplary embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as follows: Figure 7As shown, the computer device includes a processor, memory, input / output interface, communication interface, display unit, and input device. The processor, memory, and input / output interface are connected via a system bus, and the communication interface, display unit, and input device are also connected to the system bus via the input / output interface. The processor provides computing and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The input / output interface is used for exchanging information between the processor and external devices. The communication interface is used for wired or wireless communication with external terminals; wireless communication can be achieved through Wi-Fi, mobile cellular networks, Near Field Communication (NFC), or other technologies. When the computer program is executed by the processor, it implements a penetration testing method for a power information system. The display unit is used to form a visually visible image and can be a display screen, projection device, or virtual reality imaging device. The display screen can be an LCD screen or an e-ink screen. The input device of the computer device can be a touch layer covering the display screen, or buttons, trackballs, or touchpads set on the casing of the computer device, or external keyboards, touchpads, or mice, etc.

[0215] Those skilled in the art will understand that Figure 7 The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.

[0216] In one exemplary embodiment, a computer device is provided, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps in the above-described method embodiments.

[0217] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon that, when executed by a processor, implements the steps in the above method embodiments.

[0218] In one embodiment, a computer program product is provided, including a computer program that, when executed by a processor, implements the steps in the above method embodiments.

[0219] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of the relevant data must comply with relevant regulations.

[0220] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile memory and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM). The databases involved in the embodiments provided in this application may include at least one type of relational database and non-relational database. Non-relational databases may include, but are not limited to, blockchain-based distributed databases. The processors involved in the embodiments provided in this application may be general-purpose processors, central processing units, graphics processing units, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, artificial intelligence (AI) processors, etc., and are not limited to these.

[0221] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this application.

[0222] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.

Claims

1. A penetration testing method for a power information system, characterized in that, The method includes: Upon receiving a penetration testing task from a power information system, the test objectives and test task parameters are obtained, including the test type, task priority, and system sensitivity. The test link between the test source and the test target is determined, and the link status parameters are collected by sensing nodes deployed in the test link; the link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters. The link capacity assessment result is determined based on the bandwidth-related parameters, the latency-related parameters, the reliability-related parameters, and the connection-related parameters. The traffic threshold is determined based on the link capacity assessment results, the task priority, the test type, and the system sensitivity. The traffic threshold is sent to the software-defined network controller to instruct the software-defined network controller to determine a traffic control policy based on the traffic threshold; The system receives the traffic control policy sent by the software-defined network controller and performs penetration testing on the test target according to the traffic control policy.

2. The method according to claim 1, characterized in that, The step of determining the link capacity assessment result based on the bandwidth-related parameters, the latency-related parameters, the reliability-related parameters, and the connection-related parameters includes: Determine the bandwidth carrying capacity based on the bandwidth-related parameters; Determine the delay constraint capability based on the aforementioned delay-related parameters; The reliability support capability is determined based on the reliability-related parameters and the connection-related parameters. The link capacity assessment result is determined based on the bandwidth carrying capacity, the latency constraint capacity, and the reliability support capacity.

3. The method according to claim 2, characterized in that, The step of determining the link capacity assessment result based on the bandwidth carrying capacity, the latency constraint capacity, and the reliability support capacity includes: The reference link capacity assessment result is determined based on the bandwidth carrying capacity, the latency constraint capacity, and the reliability support capacity. Obtain the link capacity assessment result from the previous moment; Based on the link capacity assessment result of the previous moment and the preset smoothing factor, the reference link capacity assessment result is smoothed to obtain the link capacity assessment result.

4. The method according to claim 1, characterized in that, The step of determining the traffic threshold based on the link capacity assessment result, the task priority, the test type, and the system sensitivity includes: Based on the link capacity assessment results and the task priority, determine the basic traffic threshold; Based on the test type and the system sensitivity, the basic traffic threshold is modified to obtain the traffic threshold.

5. The method according to claim 4, characterized in that, The step of modifying the basic traffic threshold according to the test type and the system sensitivity to obtain the traffic threshold includes: Based on the system sensitivity, a basic coefficient is determined, and the basic flow threshold is corrected based on the basic coefficient to obtain a first corrected threshold; The first correction threshold is corrected according to the test type to obtain the second correction threshold; The flow threshold is determined based on the second correction threshold.

6. The method according to claim 5, characterized in that, The step of determining the flow threshold based on the second correction threshold includes: Obtain link capacity assessment results at multiple time points; The average link capacity assessment value is determined based on the link capacity assessment results at multiple time points. The link status fluctuation coefficient is determined based on the average link capacity assessment value. The traffic threshold is determined based on the fluctuation range of the link state fluctuation coefficient and the second correction threshold.

7. The method according to claim 1, characterized in that, The method further includes: Collect target link status parameters during the penetration testing process; Based on the target link status parameters, determine the target link capacity assessment result; The traffic threshold is adjusted based on the target link capacity assessment results to obtain the adjusted traffic threshold; the adjusted traffic threshold is used for penetration testing.

8. The method according to claim 1, characterized in that, The method further includes: The system displays the link status parameters of the test link, and displays a status warning message when the link status parameters exceed a preset threshold.

9. A penetration testing device for a power information system, characterized in that, The device includes: The acquisition module is used to acquire the test target and test task parameters when a penetration test task of a power information system is received. The test task parameters include test type, task priority and system sensitivity. The sensing module is used to determine the test link between the test source and the test target, and to collect link status parameters by sensing nodes deployed in the test link; the link status parameters include bandwidth-related parameters, latency-related parameters, reliability-related parameters, and connectivity-related parameters. The first determining module is used to determine the link capacity assessment result based on the bandwidth-related parameters, the latency-related parameters, the reliability-related parameters, and the connection-related parameters; The second determining module is used to determine the traffic threshold based on the link capacity assessment result, the task priority, the test type, and the system sensitivity; The control module is used to send the traffic threshold to the software-defined network controller to instruct the software-defined network controller to determine a traffic control strategy based on the traffic threshold. The testing module is used to receive the traffic control policy sent by the software-defined network controller and perform penetration testing on the test target according to the traffic control policy.

10. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 1 to 8.