CN105245555B - One kind is used for electric power serial server communication protocol security protection system - Google Patents

Abstract

Translated fromChinese

本发明公开了一种用于电力串口服务器通信协议安全防护系统，在网口协议转串口协议和串口协议转网口协议中提供了一个协议数据的安全防护系统，任何发送给网口和串口的协议数据和访问请求都会经过这个安全防护系统的安全认证和检测，其特征在于：所述安全防护系统由以下三个部分组成：通信协议数据的解析还原及格式化处理模块、协议数据分析检测系统、通信协议数据业务模型安全策略定义系统，本发明有效解决了现有电力串口服务器对接入的各类电力工控设备不具备通信协议层的安全防护功能的弊端，在串口服务器软件控制系统中的协议转换层上（网口协议转串口，串口协议转网口）提供一层对电力通信业务协议的保护层，用来防止攻击者利用非法指令和数据对接入电力串口服务器中各类电力控制设备的非法操作和攻击。

The invention discloses a communication protocol safety protection system for power serial port servers. A safety protection system for protocol data is provided in the network port protocol-to-serial port protocol and the serial port protocol-to-network port protocol. Any data sent to the network port and serial port Both protocol data and access requests will pass through the security authentication and detection of this security protection system, which is characterized in that: the security protection system is composed of the following three parts: communication protocol data parsing and restoration and formatting processing module, protocol data analysis and detection system , communication protocol data business model security policy definition system, the present invention effectively solves the drawbacks of the existing power serial port server that does not have the security protection function of the communication protocol layer for various types of electric power industrial control equipment connected, and the software control system of the serial port server The protocol conversion layer (network port protocol to serial port, serial port protocol to network port) provides a layer of protection for the power communication business protocol, which is used to prevent attackers from using illegal instructions and data to access various types of power control in the power serial port server. Illegal operation and attack of equipment.

Description

Translated fromChinese

一种用于电力串口服务器通信协议安全防护系统A security protection system for communication protocol of power serial port server

技术领域technical field

本发明涉及智能电网通信协议安全技术领域，具体涉及电力自动化系统中广泛使用的电力串口服务器数据通信协议安全性的检测和安全防护系统。The invention relates to the technical field of smart grid communication protocol security, in particular to a security detection and security protection system for a power serial server data communication protocol widely used in electric power automation systems.

背景技术Background technique

随着Internet互联网技术的发展，TCP/IP协议已经成为事实上的网络标准，而基于TCP/IP协议是网络互连不可缺少的网络协议。近年来将以太网技术引入到工业现场控制领域而产生的工业以太网技术，使得电力终端设备，工业生产中的各类采集和控制设备走向网络化成为可能。而串口服务器的出现使得这些设备网络化的可能变成了现实。With the development of Internet Internet technology, the TCP/IP protocol has become the de facto network standard, and the TCP/IP-based protocol is an indispensable network protocol for network interconnection. In recent years, the industrial Ethernet technology produced by introducing Ethernet technology into the field of industrial field control has made it possible for power terminal equipment and various acquisition and control equipment in industrial production to become networked. The emergence of serial server makes the possibility of these devices networked into reality.

目前常见的电力自动化系统中（见图1），大量使用了电力串口服务器，将用RS-422、RS-232、RS-485等串行链路遵守一定电力通信协议（ModBus、DNP3、IEC-101/102/103等）的多个设备组成电力自动化控制网络网络化，实现了串行链路通信设备与TCP/IP网络的互联，使得电网变电站监系统与远程控制中心数据交互成为可能。In the current common power automation system (see Figure 1), a large number of power serial servers are used, and serial links such as RS-422, RS-232, and RS-485 will be used to comply with certain power communication protocols (ModBus, DNP3, IEC- 101/102/103, etc.) to form a power automation control network network, which realizes the interconnection between the serial link communication equipment and the TCP/IP network, making it possible for the data interaction between the power grid substation monitoring system and the remote control center.

电力串口服务器连接的各类使用串口通信电力控制设备，这些设备使用的工控通信协议在设计之初都没有考虑协议的安全性和私密性，这些工控协议的特性是面向命令、面向功能、轮询应答式，攻击者只需要掌握协议构造方式，并接入到了工控网络中，便可以通过协议对目标设备的任意数据进行篡改。在以往封闭的工控网络环境中这些安全问题显得并不突出，而在两化融合(信息化和工业化)的浪潮中，这些电力控制设备的安全问题就非常突出起来。All kinds of power control devices connected to power serial servers use serial communication. The industrial control communication protocols used by these devices did not consider the security and privacy of the protocol at the beginning of the design. The characteristics of these industrial control protocols are command-oriented, function-oriented, and polling. Responsive, the attacker only needs to master the protocol construction method and access to the industrial control network, then he can tamper with any data of the target device through the protocol. These security issues were not prominent in the closed industrial control network environment in the past, but in the wave of integration of industrialization (informatization and industrialization), the security issues of these power control equipment are very prominent.

而电力串口服务器本身并不具备对接入的工控设备的工控通信协议安全防护的功能，一旦攻击者绕过防火墙直接连访问串口服务器，就可以通过非法命令控制串口服务器相连的各类电力控制设备。同时，目前的防火墙都不具备电力业务安全性防护性功能，攻击者也可将相关的设备攻击指令隐藏在应用层协议数据包中，避开防护墙攻击相关的电网设备。However, the power serial port server itself does not have the function of security protection for the industrial control communication protocol of the connected industrial control equipment. Once the attacker bypasses the firewall and directly accesses the serial port server, he can control various power control devices connected to the serial port server through illegal commands. . At the same time, the current firewalls do not have the power service security protection function, and attackers can also hide relevant device attack instructions in application layer protocol data packets to avoid the protection wall and attack related power grid equipment.

发明内容Contents of the invention

本发明要解决的技术问题是提供一种用于电力串口服务器通信协议安全防护系统，本发明有效解决了现有电力串口服务器对接入的各类电力工控设备不具备通信协议层的安全防护功能的弊端，在串口服务器软件控制系统中的协议转换层上（网口协议转串口，串口协议转网口）提供一层对电力通信业务协议的保护层，用来防止攻击者利用非法指令和数据对接入电力串口服务器中各类电力控制设备的非法操作和攻击。The technical problem to be solved by the present invention is to provide a communication protocol security protection system for power serial port servers. The present invention effectively solves the problem that the existing power serial port servers do not have the security protection function of the communication protocol layer for various types of power industrial control equipment connected. In the protocol conversion layer of the serial port server software control system (network port protocol to serial port, serial port protocol to network port) to provide a layer of protection for power communication business protocols to prevent attackers from using illegal instructions and data Illegal operations and attacks on various types of power control equipment connected to power serial servers.

本发明通过以下技术方案实现：The present invention is realized through the following technical solutions:

一种用于电力串口服务器通信协议安全防护系统，在网口协议转串口协议和串口协议转网口协议中提供了一个协议数据的安全防护系统，任何发送给网口和串口的协议数据和访问请求都会经过这个安全防护系统的安全认证和检测，其特征在于：所述安全防护系统由以下三个部分组成：通信协议数据的解析还原及格式化处理模块、协议数据分析检测系统、通信协议数据业务模型安全策略定义系统；A communication protocol security protection system for power serial port servers, which provides a security protection system for protocol data in the network port protocol-to-serial port protocol and serial port protocol-to-network port protocol, any protocol data sent to the network port and serial port and access Requests will go through the safety certification and detection of this safety protection system, which is characterized in that: the safety protection system is composed of the following three parts: communication protocol data analysis and restoration and formatting processing module, protocol data analysis and detection system, communication protocol data Business model security policy definition system;

所述通信协议数据的解析还原及格式化处理模块，包括协议数据解析还原和协议数据格式化，进入协议数据安全防护系统的数据均为TCP/IP网络数据，处理模块首先完成网络数据包物理接口层、网络层和传输层数据的还原；在此基础上，根据PORT口的通信协议类型定义，在业务应用层面做数据的细颗粒化的分解；还原出的协议数据包数据按照网络协议的层级关系格式化出四个部分组成的协议格式化数据包，分为：网络物理接口数据、网络层数据、传输层数据和应用层数据；The parsing and restoration of the communication protocol data and the formatting processing module include protocol data parsing and restoration and protocol data formatting, and the data entering the protocol data security protection system are all TCP/IP network data, and the processing module first completes the physical interface of the network packet Layer, network layer, and transport layer data restoration; on this basis, according to the communication protocol type definition of the PORT port, fine-grained decomposition of data is performed at the business application level; the restored protocol packet data is based on the level of the network protocol The relationship formats a protocol-formatted data packet composed of four parts, which are divided into: network physical interface data, network layer data, transport layer data and application layer data;

所述协议数据分析检测系统包括分析检测规则的建立以及协议数据的分析，首先据通信协议数据业务模型的安全策略模型建立协议数据的安全检测规则库，根据检测的网络协议的层级不同，将检测规则库划分为四大类，既网络物理接口规则库、网络层规则库、传输层规则库和业务应用层规则库；协议数据分析由四个部分组成，包括数据工作区、执行规则队列区、静态规则队列区以及规则执行引擎；The protocol data analysis and detection system includes the establishment of analysis and detection rules and the analysis of protocol data. First, according to the security policy model of the communication protocol data business model, a security detection rule library for protocol data is established. According to the different levels of the detected network protocol, the detection The rule base is divided into four categories, namely network physical interface rule base, network layer rule base, transport layer rule base and business application layer rule base; protocol data analysis consists of four parts, including data work area, execution rule queue area, Static rule queue area and rule execution engine;

所述通信协议数据业务模型安全策略定义系统，对流经该电力串口服务器各类通信协议数据的安全检测模型的定义，系统根据电力工控设备通信协议的网络特性，按工控通信协议类型由底往上构建四层级网络协议的安全性策略规则，网络物理接口规则、网络层规则库、传输层规则和业务应用层规则，每一层规则又由一系列的规则库实例组成，通过四层规则检验的协议数据为安全的数据包，该系统定义的协议安全性检测规则库驱动协议安全性分析检测系统完成相关的安全性检测工作。The communication protocol data business model security policy definition system defines the security detection models of various communication protocol data flowing through the power serial port server, and the system is based on the network characteristics of the communication protocol of the power industrial control equipment, from bottom to top according to the type of industrial control communication protocol Construct the security policy rules of the four-layer network protocol, the network physical interface rules, the network layer rule base, the transport layer rules and the business application layer rules. Each layer of rules is composed of a series of rule base instances. The protocol data is a secure data packet, and the protocol security detection rule library defined by the system drives the protocol security analysis and detection system to complete the relevant security detection work.

本发明进一步技术改进方案是：The further technical improvement scheme of the present invention is:

所述业务层数据的细颗粒化分解包含六个方面的数据分解：1）协议数据包访问主机信息的分解；2）协议数据包的服务和端口数据的分解；3）协议数据包通信速率数据的分解；4）协议数据包数据格式的分解；5）协议数据包协议模型的分解；6）业务数据的分解。The fine-grained decomposition of the business layer data includes six aspects of data decomposition: 1) decomposition of protocol packet access host information; 2) decomposition of protocol packet service and port data; 3) protocol packet communication rate data 4) Decomposition of protocol data packet data format; 5) Decomposition of protocol data packet protocol model; 6) Decomposition of business data.

本发明进一步技术改进方案是：The further technical improvement scheme of the present invention is:

所述数据工作区用来存放格式化好的协议数据包数据；所述执行规则队列区，用来存放已经激活，正在执行的分析规则；所述静态规则队列区，存放未激活，等待加载的分析规则；所述规则执行引擎，根据规则队列中的优先顺序执行规则实例；所述的协议数据分析采用演绎推理的分析模式，从网络物理接口规则作为初始点，按次序引入网络层规则，传输层规则和业务应用层规则，这个过程是对流入数据工作区的协议包数据分析不断引入分析规则，不断得出结论，逐层递进，过滤非法数据和设备命令。The data work area is used to store formatted protocol packet data; the execution rule queue area is used to store activated and executing analysis rules; the static rule queue area is used to store inactive rules waiting to be loaded. Analyze rules; the rule execution engine executes rule instances according to the priority order in the rule queue; the protocol data analysis adopts the analysis mode of deductive reasoning, starting from the network physical interface rules as the initial point, introducing network layer rules in order, and transmitting Layer rules and business application layer rules, this process is to continuously introduce analysis rules for the analysis of protocol packet data flowing into the data workspace, continuously draw conclusions, and filter illegal data and device commands layer by layer.

本发明与现有技术相比，具有以下明显优点：Compared with the prior art, the present invention has the following obvious advantages:

本发明在目前工业以太网络中广泛使用串口服务器中增加了工控协议的安全性检测功能，可确保与串口服务器相连的各类工业控制设备安全性，通过串口服务器中的协议安全性检测功能，可最大限度地防止外部对电力和工控网络的恶意攻击，确保电力系统和各类工控系统的安全稳定运行，具体来说，本发明具有如下具体效果：In the present invention, the security detection function of the industrial control protocol is added to the serial port server widely used in the current industrial Ethernet network, which can ensure the safety of various industrial control equipment connected to the serial port server. Through the protocol security detection function in the serial port server, it can Prevent external malicious attacks on power and industrial control networks to the greatest extent, and ensure the safe and stable operation of power systems and various industrial control systems. Specifically, the present invention has the following specific effects:

一、本发明为电力自动化网中广泛使用的电力串口服务器提供了内置的工控通协议安全性检测方法；1. The present invention provides a built-in detection method for the safety of the industrial control communication protocol for the power serial port server widely used in the power automation network;

二、本发明所采用的方法是在电力串口服务器网络协议转换层后增加一层协议保护层，用来过滤检测网口与串口间流经的各类协议数据；Two, the method adopted in the present invention is to add a layer of protocol protection layer after the network protocol conversion layer of the power serial port server, to filter and detect all kinds of protocol data flowing between the network port and the serial port;

三、本发明的协议安全性的检测方法，根据电力和工控协议业务特点网络协议数据包的组成，设定了四层过滤机制，彻底杜绝对自动设备的网络攻击。3. The detection method of the protocol security of the present invention sets a four-layer filtering mechanism according to the composition of the network protocol data packet according to the characteristics of the electric power and industrial control protocol business, so as to completely eliminate the network attack on the automatic equipment.

四、本发明的协议安全性检测方法，可基于具体的电力工控协议，设置相关的业务安全检测规则，避免基于协议应用层的数据攻击。4. The protocol security detection method of the present invention can set relevant business security detection rules based on specific power industrial control protocols to avoid data attacks based on the protocol application layer.

附图说明Description of drawings

图1、电力串口服务器在电力自动化系统中的应用；Figure 1. Application of power serial port server in power automation system;

图2、串口服务器结构图；Figure 2, serial port server structure diagram;

图3、本方法在串口服务器中的应用；。Fig. 3, the application of this method in the serial port server;.

具体实施方式Detailed ways

图1为目前电力串口服务器的工作组成架构图，串口服务器的网络端接收到以太网络数据后，进入协议转换层，完成协议的解包转换，解包过程包含提取串口数据和目标串口序号等信息，重新组装成串口协议数据发送给相关的串口设备；同理，当收到串口数据后则将串口数据和源串口序号打包成网络数据格式发送给对应的主机系统；电力串口服务器在这个双向通信过程中，对通信协议数据没有做任何的安全验证，任何非法的设备操作命令和虚假的设备状态数据都会危害到相关电力控制设备或系统。Figure 1 is a working structure diagram of the current power serial server. After the network end of the serial server receives the Ethernet data, it enters the protocol conversion layer and completes the unpacking conversion of the protocol. The unpacking process includes extracting serial data and target serial number and other information , reassembled into serial port protocol data and sent to the relevant serial device; similarly, after receiving the serial port data, the serial port data and the source serial number are packaged into a network data format and sent to the corresponding host system; During the process, there is no security verification for the communication protocol data, and any illegal equipment operation commands and false equipment status data will endanger the relevant power control equipment or system.

图2为本发明提供的具有通信协议数据安全防护功能的电力串口服务器，该解决方案在网口协议转串口协议和串口协议转网口协议中提供了一个协议数据的保护层，任何发送给网口和串口的协议数据和访问请求都会经过这个保护层的安全认证和检测，这个协议数据保护层有三个系统模块组成，1)通信协议数据的解析还原及格式化处理模块；2）协议数据分析检测系统；3）通信协议数据业务模型安全策略定义系统。Fig. 2 is the power serial port server with communication protocol data security protection function provided by the present invention. The protocol data and access requests of serial ports and serial ports will pass through the security authentication and detection of this protection layer. This protocol data protection layer consists of three system modules, 1) analysis and restoration of communication protocol data and formatting processing module; 2) protocol data analysis Detection system; 3) Communication protocol data business model security policy definition system.

通信协议数据的解析还原及格式化处理模块实现以下功能：The analysis, restoration and formatting processing module of communication protocol data realizes the following functions:

协议类型的定义：可具体定义串口服务器的每个PORT口所采用的电力通信协议，如Modbus，DNP3等协议类型，Definition of protocol type: It can specifically define the power communication protocol adopted by each PORT port of the serial server, such as Modbus, DNP3 and other protocol types,

协议数据还原：进入协议数据保护层的数据均为TCP/IP网络数据，本模块首先完成网络数据包物理接口层、网络层和传输层数据的还原；在此基础上，根据PORT口的通信协议类型定义，在业务应用层面做数据的细颗粒化的分解；业务层数据的细颗粒化分解包含六个方面的数据分解：Protocol data restoration: The data entering the protocol data protection layer are all TCP/IP network data. This module first completes the restoration of the network packet physical interface layer, network layer and transport layer data; on this basis, according to the communication protocol of the PORT port Type definition, fine-grained decomposition of data at the business application level; fine-grained decomposition of business layer data includes six aspects of data decomposition:

1、协议数据包访问主机信息的分解；1. Decomposition of protocol data packet access host information;

2、协议数据包的服务和端口数据的分解；2. Decomposition of service and port data of protocol packets;

3、协议数据包通信速率数据的分解；3. Decomposition of protocol packet communication rate data;

4、协议数据包数据格式的分解；4. Decomposition of protocol packet data format;

5、协议数据包协议模型的分解；5. Decomposition of the protocol data packet protocol model;

6、业务数据的分解。6. Decomposition of business data.

协议数据的格式化：还原出的协议数据包数据按照网络协议的层级关系格式化出四个部分组成的协议格式化数据包，分为：网络物理接口数据、网络层数据、传输层数据和应用层数据。Formatting of protocol data: The restored protocol packet data is formatted into a protocol formatted packet composed of four parts according to the hierarchical relationship of the network protocol, which is divided into: network physical interface data, network layer data, transport layer data and application layer data.

格式化的数据提交给协议安全性分析检测系统。The formatted data is submitted to the protocol security analysis and detection system.

协议安全性分析检测系统实现以下功能；The protocol security analysis and detection system realizes the following functions;

分析检测规则的建立：根据通信协议数据业务模型的安全策略模型建立协议数据的安全检测规则库，本解决方案根据检测的网络协议的层级不同，将检测规则库划分为四大类，既网络物理接口规则库、网络层规则库、传输层规则库和业务应用层规则库。Establishment of analysis and detection rules: According to the security policy model of the communication protocol data business model, the security detection rule base of the protocol data is established. This solution divides the detection rule base into four categories according to the different levels of the network protocols to be detected. interface rule base, network layer rule base, transport layer rule base and business application layer rule base.

协议数据的分析：协议数据分析由四个部分组成，Analysis of Protocol Data: Protocol data analysis consists of four parts,

1、数据工作区，用来存放格式化好的协议数据包数据；1. Data workspace, used to store formatted protocol packet data;

2、执行规则队列区，用来存放已经激活，正在执行的分析规则；2. The execution rule queue area is used to store the analysis rules that have been activated and are being executed;

3、静态规则队列区，存放未激活，等待加载的分析规则；3. Static rule queue area, storing inactive analysis rules waiting to be loaded;

4、规则执行引擎，根据规则队列中的优先顺序执行规则实例。4. The rule execution engine executes rule instances according to the priority order in the rule queue.

本案的协议数据分析采用演绎推理（Forward-Chainning）的分析模式，从网络物理接口规则作为初始点，按次序引入网络层规则，传输层规则和业务应用层规则。这个过程是对流入数据工作区的协议包数据分析不断引入分析规则，不断得出结论，逐层递进，过滤非法数据和设备命令。The protocol data analysis in this case adopts the analysis mode of deductive reasoning (Forward-Chainning), starting from the network physical interface rules as the initial point, and introducing the network layer rules, transport layer rules and business application layer rules in order. This process is to continuously introduce analysis rules for the analysis of protocol packet data flowing into the data workspace, continuously draw conclusions, and filter illegal data and device commands step by step.

通信协议数据业务模型安全策略定义系统实现以下功能：The communication protocol data business model security policy definition system realizes the following functions:

该系统实现对流经该电力串口服务器各类通信协议数据的安全检测模型的定义，该系统根据电力工控设备通信协议的网络特性，按工控通信协议类型由底往上构建四层级网络协议的安全性策略规则，网络物理接口规则、网络层规则库、传输层规则和业务应用层规则；每一层规则又由一系列的规则库实例组成，通过四层规则检验的协议数据为安全的数据包。The system realizes the definition of the security detection model of various communication protocol data flowing through the power serial port server. According to the network characteristics of the communication protocol of the power industrial control equipment, the system builds the security of the four-level network protocol from bottom to top according to the type of industrial control communication protocol Policy rules, network physical interface rules, network layer rule base, transport layer rules, and business application layer rules; each layer of rules is composed of a series of rule base instances, and the protocol data that passes the four-layer rule inspection is a secure data packet.

该系统定义的协议安全性检测规则库驱动协议安全性分析检测系统完成相关的安全性检测工作。The protocol security detection rule library defined by the system drives the protocol security analysis and detection system to complete the relevant security detection work.

结合图3简述本发明的工作过程；Briefly describe the working process of the present invention in conjunction with Fig. 3;

第一步：如图3所示，提供了具有工控通信协议安全性检测功能的串口服务器；The first step: as shown in Figure 3, a serial port server with the security detection function of the industrial control communication protocol is provided;

第二步：当外部系统用以太网通过串口服务器访问电力自动化系统网络中的电力控制设备时，访问的网络协议数据首先被解析成TCP/IP协议数据后进入协议数据保护层。Step 2: When the external system uses Ethernet to access the power control equipment in the power automation system network through the serial port server, the accessed network protocol data is first parsed into TCP/IP protocol data and then enters the protocol data protection layer.

第三步：进入协议数据保护层的协议包数据会在业务应用层按应用协议类型再进一步做细颗粒化分解，应用协议类型可根据TCP/IP数据包要访问的PORT端口获取。细颗粒化的协议数据包做格式化归一处理，提供供给规则分析引擎进行安全性分析检测。Step 3: The protocol packet data entering the protocol data protection layer will be further fine-grained and decomposed in the business application layer according to the application protocol type. The application protocol type can be obtained according to the PORT port to be accessed by the TCP/IP data packet. The fine-grained protocol data packets are formatted and normalized, and provided to the rule analysis engine for security analysis and detection.

第四步：规则分析引擎在接收到归一化处理的具有业务行为数据的协议数据包后，会加载激活与该协议对应的四层安全策略规则，从底层到顶层完成协议数据包的规则匹配流程，网络协议数据包规则匹配失败后，被视为非合规数据，阻止通过。Step 4: After the rule analysis engine receives the normalized protocol data packet with business behavior data, it will load and activate the four-layer security policy rules corresponding to the protocol, and complete the rule matching of the protocol data packet from the bottom layer to the top layer Process, after the network protocol data packet rule matching fails, it is regarded as non-compliant data and blocked from passing.

以上所述，仅是本发明的较佳实施例而已，并非对本发明作任何形式上的限制，虽然本发明已以较佳实施例揭露如上，然而并非用以限定本发明，任何熟悉本专业的技术人员，在不脱离本发明技术方案范围内，当可利用上述揭示的技术内容做出些许更动或修饰为等同变化的等效实施例，但凡是未脱离本发明技术方案内容，依据本发明的技术实质，在本发明的精神和原则之内，对以上实施例所作的任何简单的修改、等同替换与改进等，均仍属于本发明技术方案的保护范围之内。The above description is only a preferred embodiment of the present invention, and does not limit the present invention in any form. Although the present invention has been disclosed as above with preferred embodiments, it is not intended to limit the present invention. Anyone familiar with this field Those skilled in the art, without departing from the scope of the technical solution of the present invention, may use the technical content disclosed above to make some changes or modify equivalent embodiments with equivalent changes, but as long as they do not depart from the technical solution of the present invention, according to the technical content of the present invention Within the spirit and principles of the present invention, any simple modifications, equivalent replacements and improvements made to the above embodiments still fall within the scope of protection of the technical solutions of the present invention.

Claims (3)

1. one kind is used for electric power serial server communication protocol security protection system, turn serial port protocol and serial ports association in network interface agreementView turns to provide the security protection system of a protocol data in network interface agreement, any protocol data for being sent to network interface and serial portsWith access request all can be Jing Guo this security protection system safety certification and detection, it is characterised in that：The security protection systemSystem is made up of following three parts：The parsing reduction of communication protocol data and formatting processing module, protocol data analysis detectionSystem, communication protocol data business model security strategy define system；

The parsing reduction of the communication protocol data and formatting processing module, including protocol data parsing reduction and protocol dataFormat, the data into protocol data security protection system are TCP/IP network datas, and the parsing of communication protocol data is alsoFormer and formatting processing module completes the reduction of network packet physical interface layer, Internet and transport layer data first；HereinOn the basis of, defined according to the communication protocol type of PORT mouths, the decomposition of the fine particulate of data is done in service application aspect；ReductionThe protocol data bag data gone out dissolves the formatted data of four part compositions according to the hierarchical relationship form of procotolBag, is divided into：Network physical interface data, network layer data, transport layer data and application layer data；

The protocol data analysis detecting system includes the foundation of analysis detected rule and the analysis of protocol data, first according to logicalThe Security Policy Model of letter protocol data service model establishes the safety detection rule base of protocol data, is assisted according to the network of detectionThe level of view is different, and detected rule storehouse is divided into four major classes, i.e. network physical interface rule base, Internet rule base, transmissionLayer rule base and service application layer rule base；Protocol data analysis is made up of four parts, including datamation area, executing ruleQueue region, static rule queue region and regular enforcement engine；

The communication protocol data business model security strategy defines system, to flowing through electric power serial server various types of communication associationThe safety detection model of view data is defined, and system is led to according to the network characteristic of electric power industrial control equipment communication protocol by industry controlLetter protocol type is up built the security policies rule, network physical interface rule, Internet of four hierarchical network agreements the bottom of byRule base, transport layer rule and service application layer rule, each layer of rule are made up of a series of rule base example again, pass through fourThe protocol data that layer rule is examined is the packet of safety, the protocol safety detected rule storehouse driving agreement number that the system definesRelated safety detection is completed according to analysis detecting system to work.

2. one kind according to claim 1 is used for electric power serial server communication protocol security protection system, its feature existsIn：The fine particulate of the business layer data decomposes the data comprising six aspects and decomposed：1）Protocol data bag accesses main frame letterThe decomposition of breath；2）The service of protocol data bag and the decomposition of port data；3）The decomposition of protocol data packet communication speed data；4）The decomposition of protocol data bag data form；5）The decomposition of protocol data packet protocol model；6）The decomposition of business datum.

3. one kind according to claim 1 or 2 is used for electric power serial server communication protocol security protection system, its featureIt is：The datamation area is used for the good protocol data bag data of Store formization；The executing rule queue region, for depositingPut and activated, the analysis rule being carrying out；The static rule queue region, un-activation is deposited, waits analysis to be loaded to adviseThen；The regular enforcement engine, the priority executing rule example in regular queue；Described protocol data analysis is adoptedWith the analytical model of deduction, initial point is used as from network physical interface rule, introduces Internet rule, transport layer in orderRule and service application layer rule, this process are to continually introduce analysis rule to the protocol packet data for flowing into datamation area,Constantly draw a conclusion, it is successively progressive, filter invalid data and device command.