技术领域Technical Field
本发明涉及数据处理技术领域。更具体地,本发明涉及一种电力信息网络安全风险评估方法及系统。The present invention relates to the field of data processing technology, and more specifically, to a method and system for assessing the security risks of an electric power information network.
背景技术Background Art
随着信息化和智能化的不断推进,电力企业的电网、通信、数据等各类网络系统发展日益成熟,但与此同时,网络安全问题也日益凸显。电力信息网络的稳定运行直接关系到电力企业的正常运营和电力供应的安全稳定。因此,对电力信息网络安全风险进行准确的评估和管理显得尤为重要。申请公布号为CN115758387A的中国专利申请文件中公开了一种信息安全风险评估方法,该方法能够较为准确地计算出各个风险场景发生的概率,但是采用该方法不能对电力信息网络安全风险的影响程度进行量化。With the continuous advancement of informatization and intelligence, various network systems such as power grids, communications, and data of power companies have become increasingly mature, but at the same time, network security issues have become increasingly prominent. The stable operation of the power information network is directly related to the normal operation of power companies and the safety and stability of power supply. Therefore, it is particularly important to accurately assess and manage the security risks of power information networks. A Chinese patent application document with application publication number CN115758387A discloses an information security risk assessment method, which can more accurately calculate the probability of occurrence of each risk scenario, but this method cannot quantify the degree of impact of power information network security risks.
通过风险矩阵的引入,可以将电力信息网络安全风险的可能性和影响程度进行量化,使企业能够更直观地了解风险的严重程度,从而有针对性地制定风险防范和应对措施。风险矩阵是一种常用的风险评估工具,它通过将风险的可能性和影响程度进行量化,从而帮助组织更好地理解和管理风险。Through the introduction of the risk matrix, the possibility and impact of power information network security risks can be quantified, so that enterprises can more intuitively understand the severity of the risk and formulate targeted risk prevention and response measures. The risk matrix is a commonly used risk assessment tool that helps organizations better understand and manage risks by quantifying the possibility and impact of risks.
传统的风险矩阵需要确定风险评估维度,通常包括风险发生可能性以及风险发生后的影响程度,其中风险发生可能性可采用统计学相关知识获得,而风险发生后的影响程度多依据专家评判或人为制定衡量标准。但是专家评判或人为制定的衡量标准通常是基于主观判断和经验,并且不同的应用场景以及不同的专家所提出的这一衡量标准不同,导致难以实现其精确的定量化,从而导致构建的风险矩阵存在误差,最终导致对电力信息网络安全风险的评估结果精确度较低,此外,人为制定的风险发生后的影响程度无法进行直接的数值比较和量化分析,而且难以与其他定量方法相结合进行综合分析。The traditional risk matrix needs to determine the risk assessment dimensions, which usually include the possibility of risk occurrence and the degree of impact after the risk occurs. The possibility of risk occurrence can be obtained using statistical knowledge, while the degree of impact after the risk occurs is mostly based on expert judgment or artificially formulated measurement standards. However, expert judgment or artificially formulated measurement standards are usually based on subjective judgment and experience, and different application scenarios and different experts propose different measurement standards, which makes it difficult to achieve accurate quantification, resulting in errors in the constructed risk matrix, and ultimately resulting in low accuracy in the assessment results of power information network security risks. In addition, the degree of impact after the artificially formulated risk occurs cannot be directly compared numerically and quantitatively analyzed, and it is difficult to combine with other quantitative methods for comprehensive analysis.
发明内容Summary of the invention
为解决现有技术中采用风险矩阵对电力信息网络安全风险的评估结果精确度较低的技术问题,本发明在如下的多个方面中提供方案。In order to solve the technical problem that the assessment results of the security risks of the power information network using the risk matrix in the prior art have low accuracy, the present invention provides solutions in the following aspects.
在第一方面中,本发明提供了一种电力信息网络安全风险评估方法,包括:In a first aspect, the present invention provides a method for assessing the security risk of an electric power information network, comprising:
从电力信息数据库中调取网络日志;Retrieving network logs from the power information database;
依据所述网络日志中异常数据点所占的比例计算所述网络日志存在风险的可能性,且所述网络日志存在风险的可能性与所述比值呈正相关;将所述网络日志的异常重要性和所述网络日志的异常程度的乘积作为所述网络日志的风险发生后的影响程度;所述异常重要性用于表征所述网络日志的异常为突发性异常的可能性;The possibility of the network log being at risk is calculated based on the proportion of abnormal data points in the network log, and the possibility of the network log being at risk is positively correlated with the ratio; the product of the abnormal importance of the network log and the abnormal degree of the network log is used as the impact degree of the risk of the network log after the risk occurs; the abnormal importance is used to characterize the possibility that the abnormality of the network log is a sudden abnormality;
依据所述存在风险的可能性和所述风险发生后的影响程度的乘积计算所述网络日志的风险等级评判指标;所述网络日志的风险等级评判指标与所述乘积呈正相关;Calculating the risk level evaluation index of the network log according to the product of the possibility of the risk and the impact degree after the risk occurs; the risk level evaluation index of the network log is positively correlated with the product;
依据所述网络日志的风险等级评判指标获取所述电力信息网络的风险等级。The risk level of the electric power information network is obtained according to the risk level evaluation index of the network log.
其有益效果为:本发明的电力信息网络安全风险评估方法在进行安全风险评估时是依据所述网络日志中异常数据点占数据点总个数的比例计算网络日志存在风险的可能性,将所述网络日志的异常为突发性异常的概率和所述网络日志的异常程度的乘积作为所述网络日志的风险发生后的影响程度,以获得最终风险评估等级,从而降低专家评判或人为制定的风险发生后的影响程度所带来的主观性影响,大大提高了风险等级评估结果的准确度,同时提高了风险等级评估结果的可解释性;此外,传统的风险矩阵往往基于静态的数据和假设进行评估,难以反映风险的实时变化,本发明的电力信息网络安全风险评估方法将数据异常监测的过程整合到风险评估中,可以实时捕获系统的异常状态,从而动态地更新风险等级评估结果,更准确地反映风险的实际情况。The beneficial effects are as follows: the power information network security risk assessment method of the present invention calculates the possibility of risk in the network log based on the ratio of abnormal data points in the network log to the total number of data points when conducting security risk assessment, and takes the product of the probability that the abnormality of the network log is a sudden abnormality and the degree of abnormality of the network log as the impact degree of the risk of the network log after the occurrence of the risk, so as to obtain the final risk assessment level, thereby reducing the subjective influence brought by the expert judgment or the artificially formulated impact degree after the risk occurs, greatly improving the accuracy of the risk level assessment results, and at the same time improving the interpretability of the risk level assessment results; in addition, traditional risk matrices are often evaluated based on static data and assumptions, and it is difficult to reflect the real-time changes in risks. The power information network security risk assessment method of the present invention integrates the process of data anomaly monitoring into the risk assessment, and can capture the abnormal state of the system in real time, thereby dynamically updating the risk level assessment results, and more accurately reflecting the actual situation of the risk.
在一个实施例中,第r条网络日志存在风险的可能性的计算表达式:In one embodiment, the probability that the rth network log has a risk The calculation expression is:
; ;
式中,为第条网络日志中数据点的总个数,为第条网络日志中数据点方差,为第条网络日志中异常数据点的个数,为第r条网络日志中异常数据点所占的比例。In the formula, For the The total number of data points in the network log, For the The variance of data points in a network log, For the The number of abnormal data points in the network log, is the proportion of abnormal data points in the rth network log.
其有益效果为:由于网络日志中的数据可能含有噪声数据,异常数据不一定为真实的异常数据,然而网络日志中数据点的方差越小,异常数据为真实异常数据的可信度就越高,网络日志存在风险的可能性就越大,因此,在计算网络日志存在风险的可能性时不仅依据异常数据点所占的比例还进一步结合网络日志中数据点的方差进行计算,从而大大提高计算出的网络日志存在风险的可能性的精确度。The beneficial effect is as follows: since the data in the network log may contain noise data, the abnormal data is not necessarily the real abnormal data. However, the smaller the variance of the data points in the network log, the higher the credibility that the abnormal data is the real abnormal data, and the greater the possibility that the network log has risks. Therefore, when calculating the possibility that the network log has risks, not only the proportion of the abnormal data points is calculated, but also the variance of the data points in the network log is further combined for calculation, thereby greatly improving the accuracy of the calculated possibility that the network log has risks.
在一个实施例中,获取第条网络日志中异常数据点的个数包括:In one embodiment, obtaining the The number of abnormal data points in a network log includes:
采用LOF算法分别计算第r条网络日志中各个数据点的异常得分;The LOF algorithm is used to calculate the anomaly score of each data point in the rth network log;
将所述异常得分大于预设得分阈值的数据点判定为异常数据点,进而获取异常数据点的个数。The data points whose abnormal scores are greater than a preset score threshold are determined as abnormal data points, and the number of abnormal data points is then obtained.
在一个实施例中,所述网络日志的异常重要性计算方法包括:In one embodiment, the method for calculating the abnormal importance of the network log includes:
分别计算所述网络日志中各个异常数据点的异常程度,进而获取各个异常数据点的异常程度之和;所述异常数据点的异常程度与所述异常数据点和所述网络日志中数据点的均值之间的偏差呈正相关;Calculating the degree of abnormality of each abnormal data point in the network log respectively, and then obtaining the sum of the degree of abnormality of each abnormal data point; the degree of abnormality of the abnormal data point is positively correlated with the deviation between the abnormal data point and the mean of the data points in the network log;
分别计算所述网络日志中各个正常数据点与异常数据点之间的差异程度,进而获取各个正常数据点的差异程度之和;Calculating the difference between each normal data point and the abnormal data point in the network log respectively, and then obtaining the sum of the difference between each normal data point;
依据所述异常程度之和以及所述差异程度之和计算所述异常重要性,所述异常重要性与所述异常程度之和以及所述差异程度之和均呈正相关。The importance of the abnormality is calculated according to the sum of the abnormality degrees and the sum of the difference degrees, and the importance of the abnormality is positively correlated with the sum of the abnormality degrees and the sum of the difference degrees.
其有益效果为:在网络日志发生突发性异常时,异常的数据点偏离正常范围的程度会较大,因此各个异常数据点的异常程度越大,该网络日志的异常属于突发性异常的可能性就越大,正常数据点与异常数据点的差异程度越大,说明计算出的各个异常数据点的异常程度越可信,因此,通过使所述异常重要性与所述异常程度之和以及所述差异程度之和均呈正相关可较为准确地计算出网络日志的异常重要性。The beneficial effect is as follows: when a sudden anomaly occurs in a network log, the degree to which the abnormal data points deviate from the normal range will be greater. Therefore, the greater the abnormality of each abnormal data point, the greater the possibility that the anomaly of the network log is a sudden anomaly. The greater the difference between the normal data point and the abnormal data point, the more reliable the calculated abnormality of each abnormal data point. Therefore, by making the abnormal importance positively correlated with the sum of the abnormality degrees and the sum of the difference degrees, the abnormal importance of the network log can be calculated more accurately.
在一个实施例中,第条日志中第个正常数据点与异常数据点之间的差异程度的计算表达式为:In one embodiment, Log No. The difference between normal data points and abnormal data points The calculation expression is:
; ;
式中,为第条网络日志中第个正常数据点的数值,为第条网络日志中第个异常数据点的数值,为第条网络日志中异常数据点的总个数。In the formula, For the Network log The value of a normal data point, For the Network log The value of the abnormal data point, For the The total number of abnormal data points in the network log.
在一个实施例中,对于第条网络日志,其异常重要性的计算表达式为:In one embodiment, for The unusual importance of the network log The calculation expression is:
; ;
式中,为第条网络日志中第个异常数据点的异常程度,为第条网络日志中异常数据点的个数,为第条网络日志中第个正常数据点与异常数据点之间的差异程度,为第条网络日志中数据点总个数,为第条网络日志中正常数据点的个数。In the formula, For the Network log The degree of abnormality of the abnormal data point, For the The number of abnormal data points in the network log, For the Network log The difference between normal data points and abnormal data points, For the The total number of data points in the network log, For the The number of normal data points in a network log.
在一个实施例中,所述网络日志的异常程度的计算方法包括:In one embodiment, the method for calculating the abnormality degree of the network log includes:
获取所述网络日志对应时间段的多个历史日期的网络日志并分别计算所述网络日志的异常数据点个数与各个历史日期的网络日志的异常数据点个数的差值绝对值;Obtaining network logs of multiple historical dates in a time period corresponding to the network log and respectively calculating the absolute value of the difference between the number of abnormal data points in the network log and the number of abnormal data points in the network logs of each historical date;
依据所有所述差值绝对值之和计算所述网络日志的异常程度的可信度,所述可信度与所述绝对值之和呈负相关,并依据所述异常程度的可信度、所述网络日志的异常数据之和与各个历史日期的网络日志的异常数据之和的偏差的均值计算所述网络日志的异常程度,所述异常程度与所述异常程度的可信度以及所述偏差均呈正相关。The credibility of the abnormality degree of the network log is calculated based on the sum of the absolute values of all the differences, and the credibility is negatively correlated with the sum of the absolute values. The abnormality degree of the network log is calculated based on the credibility of the abnormality degree and the mean of the deviation between the sum of the abnormal data of the network log and the sum of the abnormal data of the network log on each historical date, and the abnormality degree is positively correlated with the credibility of the abnormality degree and the deviation.
其有益效果为:在历史日期该时段的网络日志正常的情况下,当前采集的网络日志的异常数据之和与历史日期该时段的网络日志的异常数据之和的偏差越大,说明当前采集的网络日志的异常程度就越高;但是若该历史日期该时段的网络日志出现了异常,即便当前采集的网络日志得异常数据之和较大,当前采集的网络日志的异常数据之和与历史日期该时段的网络日志的异常数据之和的偏差也可能会较小,导致将当前采集的网络日志误判为无异常或异常程度较低。为了避免误判,分别计算当前采集的网络日志的异常数据之和与多个历史日期该时间段的日志的异常数据之和之间的偏差,然后取所有偏差的均值,依据该均值并结合异常程度的可信度来衡量当前采集的网络日志的异常程度,从而避免误判的情况,提高网络日志的异常程度计算结果的准确度。The beneficial effect is that when the network log of the period of the historical date is normal, the greater the deviation between the sum of the abnormal data of the currently collected network log and the sum of the abnormal data of the network log of the period of the historical date, the higher the abnormal degree of the currently collected network log; however, if the network log of the period of the historical date is abnormal, even if the sum of the abnormal data of the currently collected network log is large, the deviation between the sum of the abnormal data of the currently collected network log and the sum of the abnormal data of the network log of the period of the historical date may be small, resulting in the currently collected network log being misjudged as no abnormality or having a low abnormal degree. In order to avoid misjudgment, the deviation between the sum of the abnormal data of the currently collected network log and the sum of the abnormal data of the logs of the period of the historical date is calculated respectively, and then the mean of all deviations is taken, and the abnormal degree of the currently collected network log is measured according to the mean and combined with the credibility of the abnormal degree, thereby avoiding misjudgment and improving the accuracy of the calculation result of the abnormal degree of the network log.
在一个实施例中,对于第r条网络日志,其异常程度的可信度的计算表达式为:In one embodiment, for the rth network log, the credibility of its abnormality degree is The calculation expression is:
; ;
式中,为第条网络日志中异常数据点的个数,为第个历史日期的网络日志的异常数据点个数,为所述历史日期的总个数,为以e为底的指数函数。In the formula, For the The number of abnormal data points in the network log, For the The number of abnormal data points in the network log of the historical date, is the total number of historical dates, is an exponential function with base e.
在一个实施例中,所述依据所述网络日志的风险等级评判指标获取所述电力信息网络的风险等级包括:将所述风险等级评判指标的取值范围划分为多个区间,不同的所述区间对应不同的风险等级,且区间的左端点数值越大,对应的风险等级越高;依据各个区间和各个区间对应的风险等级构建风险矩阵,所述风险矩阵包括两行,其中一行为区间,另外一行为各个区间对应的风险等级;利用所述风险矩阵结合所述风险等级评判指标的数值获取所述电力信息网络的风险等级。In one embodiment, obtaining the risk level of the electric power information network based on the risk level evaluation index of the network log includes: dividing the value range of the risk level evaluation index into multiple intervals, different intervals correspond to different risk levels, and the larger the value of the left endpoint of the interval, the higher the corresponding risk level; constructing a risk matrix based on each interval and the risk level corresponding to each interval, the risk matrix includes two rows, one of which is the interval and the other is the risk level corresponding to each interval; using the risk matrix combined with the value of the risk level evaluation index to obtain the risk level of the electric power information network.
在第二方面中,本发明提供了一种电力信息网络安全风险评估系统,包括处理器和存储器,所述存储器存储有计算机程序指令,当所述计算机程序指令被所述处理器执行时实现本发明的电力信息网络安全风险评估方法。In a second aspect, the present invention provides a power information network security risk assessment system, comprising a processor and a memory, wherein the memory stores computer program instructions, and when the computer program instructions are executed by the processor, the power information network security risk assessment method of the present invention is implemented.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
通过参考附图阅读下文的详细描述,本发明示例性实施方式的上述以及其他目的、特征和优点将变得易于理解。在附图中,以示例性而非限制性的方式示出了本发明的若干实施方式,并且相同或对应的标号表示相同或对应的部分,其中:By reading the following detailed description with reference to the accompanying drawings, the above and other objects, features and advantages of the exemplary embodiments of the present invention will become readily understood. In the accompanying drawings, several embodiments of the present invention are shown in an exemplary and non-limiting manner, and the same or corresponding reference numerals represent the same or corresponding parts, wherein:
图1是示意性示出本发明的实施例的电力信息网络安全风险评估方法流程图;FIG1 is a flow chart schematically showing a method for assessing the security risk of a power information network according to an embodiment of the present invention;
图2是示意性示出本发明的实施例的获取第条网络日志中异常数据点的个数方法流程图;FIG. 2 schematically illustrates a method for obtaining the first Flowchart of the method for counting abnormal data points in network logs;
图3是示意性示出本发明的实施例的网络日志的异常重要性计算方法流程图;FIG3 is a flow chart schematically showing a method for calculating abnormal importance of a network log according to an embodiment of the present invention;
图4是示意性示出本发明的实施例的网络日志的异常程度的计算方法流程图;FIG4 is a flow chart schematically illustrating a method for calculating the abnormality degree of a network log according to an embodiment of the present invention;
图5是示意性示出本发明的实施例的电力信息网络安全风险评估系统结构示意图。FIG5 is a schematic diagram showing the structure of a power information network security risk assessment system according to an embodiment of the present invention.
具体实施方式DETAILED DESCRIPTION
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative work are within the scope of protection of the present invention.
下面结合附图来详细描述本发明的具体实施方式。The specific embodiments of the present invention are described in detail below with reference to the accompanying drawings.
电力信息网络安全风险评估方法实施例:Example of the power information network security risk assessment method:
如图1所示,本发明的电力信息网络安全风险评估方法,包括:As shown in FIG1 , the power information network security risk assessment method of the present invention includes:
S101、从电力信息数据库中调取网络日志。S101. Retrieve network logs from a power information database.
本实施例中,调取的网络日志为聚合日志记录,一个日志条目可能包含一定时间窗口内的流量统计信息,时间窗口可以是每秒、每分钟或每小时,流量统计信息包括总字节数、网络流量等。在其他实施例中,调取的网络日志也可以为其他形式的日志记录。In this embodiment, the retrieved network log is an aggregate log record, and a log entry may contain traffic statistics within a certain time window, which may be per second, per minute, or per hour, and the traffic statistics include total bytes, network traffic, etc. In other embodiments, the retrieved network log may also be a log record in other forms.
S102、计算网络日志存在风险的可能性以及网络日志的风险发生后的影响程度,具体为:依据所述网络日志中异常数据点所占的比例计算所述网络日志存在风险的可能性,且所述网络日志存在风险的可能性与所述比值呈正相关;将所述网络日志的异常重要性和所述网络日志的异常程度的乘积作为所述网络日志的风险发生后的影响程度;所述异常重要性用于表征所述网络日志的异常为突发性异常的可能性。S102, calculating the possibility of the network log having risks and the impact of the network log after the risks occur, specifically: calculating the possibility of the network log having risks according to the proportion of abnormal data points in the network log, and the possibility of the network log having risks is positively correlated with the ratio; taking the product of the abnormal importance of the network log and the abnormal degree of the network log as the impact of the network log after the risks occur; the abnormal importance is used to characterize the possibility that the abnormality of the network log is a sudden abnormality.
突发性异常是指不可预测的异常情况,例如网络攻击导致的异常。Sudden anomalies refer to unpredictable abnormal situations, such as anomalies caused by network attacks.
在计算网络日志的风险发生后的影响程度时,依据该网络日志中所有数据点的整体异常程度计算风险发生后的影响程度,而不是依据单个数据点的异常来描述风险发生后的影响,可以综合考虑网络日志内所有数据点,避免“以偏概全”的误区出现从而影响风险评估等级,更好地捕捉和评估整体风险带来的影响,有助于全面了解风险对系统或业务的影响程度。When calculating the impact of a risk in a network log, the impact is calculated based on the overall abnormality of all data points in the network log, rather than describing the impact based on the abnormality of a single data point. This allows comprehensive consideration of all data points in the network log to avoid the misunderstanding of "generalizing from a single case" that affects the risk assessment level, better capture and assess the impact of the overall risk, and help to fully understand the impact of the risk on the system or business.
S103、计算网络日志的风险等级评判指标,具体为:依据所述存在风险的可能性和所述风险发生后的影响程度的乘积计算所述网络日志的风险等级评判指标;所述网络日志的风险等级评判指标与所述乘积呈正相关。S103, calculating the risk level evaluation index of the network log, specifically: calculating the risk level evaluation index of the network log according to the product of the possibility of the risk and the impact degree after the risk occurs; the risk level evaluation index of the network log is positively correlated with the product.
S104、依据所述网络日志的风险等级评判指标获取所述电力信息网络的风险等级。S104: Obtain the risk level of the electric power information network according to the risk level evaluation index of the network log.
在本实施例中,可依据网络日志的风险等级评判指标的大小直接对所述电力信息网络的风险等级进行评估,风险等级评判指标越大,对应的风险等级越高。在其他实施例中,也可依据风险等级评判指标的数值结合风险等级的计算表达式计算出风险等级。In this embodiment, the risk level of the power information network can be directly evaluated based on the size of the risk level evaluation index of the network log. The larger the risk level evaluation index, the higher the corresponding risk level. In other embodiments, the risk level can also be calculated based on the value of the risk level evaluation index combined with the calculation expression of the risk level.
可将所述风险等级评判指标的取值范围划分为多个区间,不同的所述区间对应不同的风险等级,且区间的左端点数值越大,对应的风险等级越高;依据各个区间和各个区间对应的风险等级构建风险矩阵,所述风险矩阵包括两行,其中一行为区间,另外一行为各个区间对应的风险等级;利用所述风险矩阵结合所述风险等级评判指标的数值获取所述电力信息网络的风险等级。The value range of the risk level evaluation index can be divided into multiple intervals, different intervals correspond to different risk levels, and the larger the value of the left endpoint of the interval, the higher the corresponding risk level; a risk matrix is constructed based on each interval and the risk level corresponding to each interval, and the risk matrix includes two rows, one of which is the interval and the other is the risk level corresponding to each interval; the risk level of the power information network is obtained by using the risk matrix combined with the value of the risk level evaluation index.
将所述风险等级评判指标所属的区间对应的风险等级作为所述电力信息网络的风险等级。The risk level corresponding to the interval to which the risk level evaluation index belongs is used as the risk level of the power information network.
传统的风险矩阵是先分别对风险可能性与风险发生后带来的影响进行等级划分,再获得风险等级,本实施例直接依据风险可能性与风险发生后带来的影响相乘的结果进行风险等级划分,省略了传统风险矩阵中多次进行等级划分的步骤,只需一次等级划分即可获得最终风险等级,使风险矩阵的搭建便捷且灵活。并且通过乘积得到的结果直接反映了风险的综合程度,更容易理解和解释给相关利益相关者。The traditional risk matrix first classifies the risk possibility and the impact after the risk occurs, and then obtains the risk level. This embodiment directly classifies the risk level based on the result of multiplying the risk possibility and the impact after the risk occurs, omitting the steps of multiple level classification in the traditional risk matrix. Only one level classification is required to obtain the final risk level, making the construction of the risk matrix convenient and flexible. In addition, the result obtained by multiplication directly reflects the comprehensive degree of risk, which is easier to understand and explain to relevant stakeholders.
本发明的电力信息网络安全风险评估方法在进行安全风险评估时是依据所述网络日志中异常数据点占数据点总个数的比例计算网络日志存在风险的可能性,将所述网络日志的异常为突发性异常的概率和所述网络日志的异常程度的乘积作为所述网络日志的风险发生后的影响程度,以获得最终风险评估等级,从而降低专家评判或人为制定的风险发生后的影响程度所带来的主观性影响,大大提高了风险等级评估结果的准确度,同时提高了风险等级评估结果的可解释性;此外,传统的风险矩阵往往基于静态的数据和假设进行评估,难以反映风险的实时变化,本发明的电力信息网络安全风险评估方法将数据异常监测的过程整合到风险评估中,可以实时捕获系统的异常状态,从而动态地更新风险等级评估结果,更准确地反映风险的实际情况。The power information network security risk assessment method of the present invention calculates the possibility of risk in the network log based on the ratio of abnormal data points in the network log to the total number of data points when conducting security risk assessment, and takes the product of the probability that the abnormality of the network log is a sudden abnormality and the abnormality degree of the network log as the impact degree of the risk of the network log after the occurrence of the risk, so as to obtain the final risk assessment level, thereby reducing the subjective influence brought by the expert judgment or the artificially formulated impact degree after the risk occurs, greatly improving the accuracy of the risk level assessment result, and at the same time improving the interpretability of the risk level assessment result; in addition, traditional risk matrices are often evaluated based on static data and assumptions, and it is difficult to reflect the real-time changes in risks. The power information network security risk assessment method of the present invention integrates the process of data anomaly monitoring into the risk assessment, and can capture the abnormal state of the system in real time, thereby dynamically updating the risk level assessment result, and more accurately reflecting the actual situation of the risk.
由以上实施例可知,所述网络日志存在风险的可能性与所述网络日志中异常数据点所占的比例呈正相关,在一个实施例中,第r条网络日志存在风险的可能性的计算表达式:From the above embodiments, it can be seen that the possibility that the network log has risks is positively correlated with the proportion of abnormal data points in the network log. In one embodiment, the possibility that the rth network log has risks is The calculation expression is:
(1) (1)
式中,为第条网络日志中数据点的总个数,为第条网络日志中数据点方差,为第条网络日志中异常数据点的个数,为第r条网络日志中异常数据点所占的比例。In the formula, For the The total number of data points in the network log, For the The variance of data points in a network log, For the The number of abnormal data points in the network log, is the proportion of abnormal data points in the rth network log.
由于网络日志中的数据可能含有噪声数据,异常数据不一定为真实的异常数据,然而网络日志中数据点的方差越小,异常数据为真实异常数据的可信度就越高,网络日志存在风险的可能性就越大,因此,在计算网络日志存在风险的可能性时不仅依据异常数据点所占的比例还进一步结合网络日志中数据点的方差进行计算,从而大大提高计算出的网络日志存在风险的可能性的精确度。Since the data in the network log may contain noise data, the abnormal data is not necessarily the real abnormal data. However, the smaller the variance of the data points in the network log, the higher the credibility of the abnormal data being the real abnormal data, and the greater the possibility that the network log is at risk. Therefore, when calculating the possibility that the network log is at risk, not only the proportion of the abnormal data points is used but also the variance of the data points in the network log is further used for calculation, thereby greatly improving the accuracy of the calculated possibility that the network log is at risk.
由以上实施例可知,在计算第r条网络日志存在风险的可能性之前需获取第条网络日志中异常数据点的个数,如图2所示,在一个实施例中,获取第条网络日志中异常数据点的个数包括:From the above embodiments, it can be seen that before calculating the possibility that the rth network log has a risk, it is necessary to obtain the rth network log. The number of abnormal data points in the network log, as shown in FIG2, in one embodiment, obtains The number of abnormal data points in a network log includes:
S201、采用LOF算法分别计算第r条网络日志中各个数据点的异常得分。S201. Calculate the anomaly score of each data point in the rth network log using the LOF algorithm.
S202、获取异常数据点个数,具体为:将所述异常得分大于预设得分阈值的数据点判定为异常数据点,进而获取异常数据点的个数。S202, obtaining the number of abnormal data points, specifically: determining the data points whose abnormal scores are greater than a preset score threshold as abnormal data points, and then obtaining the number of abnormal data points.
在一个实施例中,如图3所示,所述网络日志的异常重要性计算方法包括:In one embodiment, as shown in FIG3 , the method for calculating the abnormal importance of the network log includes:
S301、获取所述网络日志中各个异常数据点的异常程度之和,具体为:分别计算所述网络日志中各个异常数据点的异常程度,进而获取各个异常数据点的异常程度之和;所述异常数据点的异常程度与所述异常数据点和所述网络日志中数据点的均值之间的偏差呈正相关;S301, obtaining the sum of the abnormality levels of each abnormal data point in the network log, specifically: calculating the abnormality level of each abnormal data point in the network log respectively, and then obtaining the sum of the abnormality levels of each abnormal data point; the abnormality level of the abnormal data point is positively correlated with the deviation between the abnormal data point and the mean of the data points in the network log;
在本实施例中,对于第条网络日志中第个异常数据点,其异常程度的计算表达式为:In this embodiment, for Network log abnormal data points, and their abnormality The calculation expression is:
(2) (2)
式中,为第条网络日志中第个异常数据点的数值,为第条网络日志中数据点的均值。In the formula, For the Network log The value of the abnormal data point, For the The mean of the data points in the network log.
异常数据点的数值与日志中数据点的均值的差值越大,异常数据点的异常程度就越大,采用本实施例的异常程度表达式可准确且高效地计算出各个异常数据点的异常程度。The greater the difference between the value of the abnormal data point and the mean value of the data points in the log, the greater the abnormal degree of the abnormal data point. The abnormal degree expression of this embodiment can accurately and efficiently calculate the abnormal degree of each abnormal data point.
S302、获取各个正常数据点的差异程度之和,具体为:分别计算所述网络日志中各个正常数据点与异常数据点之间的差异程度,进而获取各个正常数据点的差异程度之和。S302, obtaining the sum of the difference degrees of each normal data point, specifically: respectively calculating the difference degree between each normal data point and the abnormal data point in the network log, and then obtaining the sum of the difference degree of each normal data point.
第条网络日志中第个正常数据点与异常数据点之间的差异程度的计算表达式为:No. Network log The difference between normal data points and abnormal data points The calculation expression is:
(3) (3)
式中,为第条网络日志中第个正常数据点的数值,为第条网络日志中第个异常数据点的数值,为第条网络日志中异常数据点的总个数。In the formula, For the Network log The value of a normal data point, For the Network log The value of the abnormal data point, For the The total number of abnormal data points in the network log.
在获取各个正常数据点对应的差异程度之后,将各个正常数据点对应的差异程度相加即得各个正常数据点的差异程度之和。After obtaining the difference degree corresponding to each normal data point, the difference degree corresponding to each normal data point is added together to obtain the sum of the difference degrees of each normal data point.
S303、计算异常重要性,具体为:依据所述异常程度之和以及所述差异程度之和计算所述异常重要性,所述异常重要性与所述异常程度之和以及所述差异程度之和均呈正相关。S303, calculating the importance of the anomaly, specifically: calculating the importance of the anomaly according to the sum of the anomaly degrees and the sum of the difference degrees, wherein the importance of the anomaly is positively correlated with the sum of the anomaly degrees and the sum of the difference degrees.
在网络日志发生突发性异常时,异常的数据点偏离正常范围的程度会较大,因此各个异常数据点的异常程度越大,该网络日志的异常属于突发性异常的可能性就越大,正常数据点与异常数据点的差异程度越大,说明计算出的各个异常数据点的异常程度越可信,因此,通过使所述异常重要性与所述异常程度之和以及所述差异程度之和均呈正相关可较为准确地计算出网络日志的异常重要性。When a sudden anomaly occurs in a network log, the degree to which the abnormal data points deviate from the normal range will be greater. Therefore, the greater the abnormality of each abnormal data point, the greater the possibility that the anomaly of the network log is a sudden anomaly. The greater the difference between the normal data point and the abnormal data point, the more reliable the calculated abnormality of each abnormal data point. Therefore, by making the abnormal importance positively correlated with the sum of the abnormality degrees and the sum of the difference degrees, the abnormal importance of the network log can be calculated more accurately.
由以上实施例可知,所述异常重要性与所述异常程度之和以及所述差异程度之和均呈正相关。在一个实施例中,对于第条网络日志,其异常重要性的计算表达式为:From the above embodiments, it can be seen that the abnormal importance is positively correlated with the sum of the abnormal degrees and the sum of the difference degrees. The unusual importance of the network log The calculation expression is:
(4) (4)
式中,为第条网络日志中第个异常数据点的异常程度,为第条网络日志中异常数据点的个数,为第条网络日志中第个正常数据点与异常数据点之间的差异程度,为第条网络日志中数据点总个数,为第条网络日志中正常数据点的个数。In the formula, For the Network log The degree of abnormality of the abnormal data point, For the The number of abnormal data points in the network log, For the Network log The difference between normal data points and abnormal data points, For the The total number of data points in the network log, For the The number of normal data points in a network log.
如图4所示,在一个实施例中,所述网络日志的异常程度的计算方法包括:As shown in FIG. 4 , in one embodiment, the method for calculating the abnormality degree of the network log includes:
S401、获取对应的历史日期网络日志以及日志中异常数据点个数,具体为:获取所述网络日志对应时间段的多个历史日期的网络日志,并分别计算所述网络日志的异常数据点个数与各个历史日期的网络日志的异常数据点个数的差值绝对值。S401. Obtain the corresponding historical date network log and the number of abnormal data points in the log, specifically: obtain the network logs of multiple historical dates in the time period corresponding to the network log, and respectively calculate the absolute value of the difference between the number of abnormal data points in the network log and the number of abnormal data points in the network log of each historical date.
通常情况下,网络日志为一天当中某一个时间段的网络日志,对应时间段的多个历史日期的网络日志是指当前日期之前的连续多天在该时间段的网络日志,所述连续多天的最后一天为当前日期的前一天。例如:假设当前的网络日志为今天一点至两点的日志记录,那么前天一点至两点与大前天一点至两点的日志记录,即为该日志对应时间段的历史日志记录。Generally, a network log is a network log of a certain time period in a day. The network logs of multiple historical dates of a corresponding time period refer to the network logs of the consecutive days before the current date in the time period, and the last day of the consecutive days is the day before the current date. For example, if the current network log is a log record from 1:00 to 2:00 today, then the log records from 1:00 to 2:00 the day before yesterday and from 1:00 to 2:00 the day before yesterday are the historical log records of the corresponding time period of the log.
在本实施例中连续多天为连续7天。In this embodiment, the consecutive multiple days are 7 consecutive days.
S402、计算网络日志的异常程度,具体为:依据所有所述差值绝对值之和计算所述网络日志的异常程度的可信度,所述可信度与所述绝对值之和呈负相关,并依据所述异常程度的可信度、所述网络日志的异常数据之和与各个历史日期的网络日志的异常数据之和的偏差的均值计算所述网络日志的异常程度,所述异常程度与所述异常程度的可信度以及所述偏差均呈正相关。S402, calculating the abnormality degree of the network log, specifically: calculating the credibility of the abnormality degree of the network log according to the sum of the absolute values of all the differences, the credibility is negatively correlated with the sum of the absolute values, and calculating the abnormality degree of the network log according to the credibility of the abnormality degree and the mean of the deviation between the sum of the abnormal data of the network log and the sum of the abnormal data of the network log on each historical date, the abnormality degree is positively correlated with the credibility of the abnormality degree and the deviation.
所述差值绝对值之和越大,则该网络日志中异常数据点个数存在趋势性变化的可能性越大,对应该日志异常程度就越不可信,因此,所述可信度与所述差值绝对值之和呈负相关。The larger the sum of the absolute values of the differences is, the more likely it is that there is a trend change in the number of abnormal data points in the network log, and the less credible the abnormality of the corresponding log is. Therefore, the credibility is negatively correlated with the sum of the absolute values of the differences.
对于第r条网络日志,其异常程度的可信度表示为:For the rth network log, the credibility of its abnormality It is expressed as:
(5) (5)
式中,为第条网络日志中异常数据点的个数,为第条历史网络日志的异常数据点个数,为历史日期的总个数,为以e为底的指数函数。In the formula, For the The number of abnormal data points in the network log, For the The number of abnormal data points in the historical network log, is the total number of historical dates, is an exponential function with base e.
在历史日期该时段的网络日志正常的情况下,当前采集的网络日志的异常数据之和与历史日期该时段的网络日志的异常数据之和的偏差越大,说明当前采集的网络日志的异常程度就越高;但是若该历史日期该时段的网络日志出现了异常,即便当前采集的网络日志得异常数据之和较大,当前采集的网络日志的异常数据之和与历史日期该时段的网络日志的异常数据之和的偏差也可能会较小,导致将当前采集的网络日志误判为无异常或异常程度较低。为了避免误判,分别计算当前采集的网络日志的异常数据之和与多个历史日期该时间段的日志的异常数据之和之间的偏差,然后取所有偏差的均值,依据该均值并结合异常程度的可信度来衡量当前采集的网络日志的异常程度,从而避免误判的情况,提高网络日志的异常程度计算结果的准确度。If the network log of the period of the historical date is normal, the greater the deviation between the sum of abnormal data of the currently collected network log and the sum of abnormal data of the network log of the historical date, the higher the abnormal degree of the currently collected network log; however, if the network log of the period of the historical date is abnormal, even if the sum of abnormal data of the currently collected network log is large, the deviation between the sum of abnormal data of the currently collected network log and the sum of abnormal data of the network log of the historical date may be small, resulting in the current collected network log being misjudged as no abnormality or low abnormality. In order to avoid misjudgment, the deviation between the sum of abnormal data of the currently collected network log and the sum of abnormal data of the logs of the period of the historical date is calculated respectively, and then the mean of all deviations is taken, and the abnormal degree of the currently collected network log is measured according to the mean and the credibility of the abnormal degree, so as to avoid misjudgment and improve the accuracy of the calculation result of the abnormal degree of the network log.
在一个实施例中,所述网络日志的异常程度的计算表达式为:In one embodiment, the calculation expression of the abnormality degree of the network log is:
(6) (6)
式中,为第条网络日志中第个异常数据点的数值,为第条网络日志中异常数据点的个数,为第个历史日期的网络日志中第个异常数据点的数值,为第个历史日期的网络日志中异常数据点个数,为历史日期的总个数,为第条网络日志异常程度的可信度。In the formula, For the Network log The value of the abnormal data point, For the The number of abnormal data points in the network log, For the The network log of the historical date The value of the abnormal data point, For the The number of abnormal data points in the network logs of historical dates, is the total number of historical dates, For the The credibility of the abnormality of the network log.
由以上实施例可知,所述网络日志的风险等级评判指标与所述存在风险的可能性和所述风险发生后的影响程度的乘积呈正相关,在一个实施例中,所述网络日志的风险等级评判指标的计算表达式为:It can be seen from the above embodiments that the risk level evaluation index of the network log is positively correlated with the product of the possibility of the risk and the impact degree after the risk occurs. In one embodiment, the calculation expression of the risk level evaluation index of the network log is:
(7) (7)
式中,为第条网络日志的风险发生后的影响程度,为第条网络日志存在风险的可能性,为指数函数,此处函数用以将结果控制在0-1之内。In the formula, For the The impact of the risk of network logs after it occurs, For the The possibility that network logs are risky, is an exponential function, where The function is used to control the result within 0-1.
由以上实施例可知,风险等级评判指标的取值范围为0至1,依据所述网络日志的风险等级评判指标获取所述电力信息网络的风险等级之前需将风险等级评判指标的取值范围划分为多个区间,在一个实施例中,可将取值范围划分为五个区间,分别为[0,0.2)、[0.2,0.5)、[0.5,0.7)、[0.7,0.9)以及(0.9,1],其中[0,0.2)对应的风险等级为可接受,[0.2,0.5)对应的风险等级为低风险,[0.5,0.7)对应的风险等级为中风险,[0.7,0.9)对应的风险等级为高风险,(0.9,1]对应的风险等级为超高风险。构建的风险矩阵如下表所示:It can be seen from the above embodiments that the value range of the risk level evaluation index is 0 to 1. Before obtaining the risk level of the power information network according to the risk level evaluation index of the network log, the value range of the risk level evaluation index needs to be divided into multiple intervals. In one embodiment, the value range can be divided into five intervals, namely [0, 0.2), [0.2, 0.5), [0.5, 0.7), [0.7, 0.9) and (0.9, 1], wherein the risk level corresponding to [0, 0.2) is acceptable, the risk level corresponding to [0.2, 0.5) is low risk, the risk level corresponding to [0.5, 0.7) is medium risk, the risk level corresponding to [0.7, 0.9) is high risk, and the risk level corresponding to (0.9, 1) is ultra-high risk. The constructed risk matrix is shown in the following table:
表1Table 1
电力信息网络安全风险评估系统实施例:Example of power information network security risk assessment system:
本发明还提供了一种电力信息网络安全风险评估系统。如图5所示,所述电力信息网络安全风险评估系统包括处理器和存储器,所述存储器存储有计算机程序指令,当所述计算机程序指令被所述处理器执行时实现根据本发明第一方面所述的电力信息网络安全风险评估方法。The present invention also provides a power information network security risk assessment system. As shown in FIG5 , the power information network security risk assessment system includes a processor and a memory, wherein the memory stores computer program instructions, and when the computer program instructions are executed by the processor, the power information network security risk assessment method according to the first aspect of the present invention is implemented.
所述电力信息网络安全风险评估系统还包括通信总线和通信接口等本领域技术人员熟知的其他组件,其设置和功能为本领域中已知,因此在此不再赘述。The electric power information network security risk assessment system also includes other components familiar to those skilled in the art, such as a communication bus and a communication interface, and their settings and functions are known in the art, so they will not be described in detail here.
在本发明中,前述的存储器可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。例如,计算机可读存储介质可以是任何适当的磁存储介质或者磁光存储介质,比如,阻变式存储器RRAM(Resistive RandomAccess Memory)、动态随机存取存储器DRAM(Dynamic Random Access Memory)、静态随机存取存储器SRAM(Static Random-Access Memory)、增强动态随机存取存储器EDRAM(Enhanced Dynamic Random Access Memory)、高带宽内存HBM(High-Bandwidth Memory)、混合存储立方HMC(Hybrid Memory Cube)等等,或者可以用于存储所需信息并且可以由应用程序、模块或两者访问的任何其他介质。任何这样的计算机存储介质可以是设备的一部分或可访问或可连接到设备。本发明描述的任何应用或模块可以使用可以由这样的计算机可读介质存储或以其他方式保持的计算机可读/可执行指令来实现。In the present invention, the aforementioned memory may be any tangible medium containing or storing a program that can be used by or in combination with an instruction execution system, apparatus or device. For example, a computer-readable storage medium may be any appropriate magnetic storage medium or magneto-optical storage medium, such as a resistive random access memory RRAM (Resistive Random Access Memory), a dynamic random access memory DRAM (Dynamic Random Access Memory), a static random access memory SRAM (Static Random-Access Memory), an enhanced dynamic random access memory EDRAM (Enhanced Dynamic Random Access Memory), a high-bandwidth memory HBM (High-Bandwidth Memory), a hybrid memory cube HMC (Hybrid Memory Cube), etc., or any other medium that can be used to store the required information and can be accessed by an application, a module, or both. Any such computer storage medium may be part of a device or accessible or connectable to a device. Any application or module described in the present invention may be implemented using computer-readable/executable instructions that may be stored or otherwise maintained by such a computer-readable medium.
在本说明书的描述中,“多个”、“若干个”的含义是至少两个,例如两个,三个或更多个等,除非另有明确具体的限定。In the description of this specification, "plurality" or "several" means at least two, such as two, three or more, etc., unless otherwise clearly and specifically defined.
虽然本说明书已经示出和描述了本发明的多个实施例,但对于本领域技术人员显而易见的是,这样的实施例只是以示例的方式提供的。本领域技术人员会在不偏离本发明思想和精神的情况下想到许多更改、改变和替代的方式。应当理解的是在实践本发明的过程中,可以采用对本文所描述的本发明实施例的各种替代方案。Although this specification has shown and described a number of embodiments of the present invention, it will be apparent to those skilled in the art that such embodiments are provided by way of example only. Those skilled in the art will conceive of many modifications, changes and alternatives without departing from the ideas and spirit of the present invention. It should be understood that in the practice of the present invention, various alternatives to the embodiments of the present invention described herein may be employed.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410986296.2ACN118523963B (en) | 2024-07-23 | 2024-07-23 | A method and system for assessing power information network security risks |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410986296.2ACN118523963B (en) | 2024-07-23 | 2024-07-23 | A method and system for assessing power information network security risks |
| Publication Number | Publication Date |
|---|---|
| CN118523963Atrue CN118523963A (en) | 2024-08-20 |
| CN118523963B CN118523963B (en) | 2024-10-01 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410986296.2AActiveCN118523963B (en) | 2024-07-23 | 2024-07-23 | A method and system for assessing power information network security risks |
| Country | Link |
|---|---|
| CN (1) | CN118523963B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN120151377A (en)* | 2025-05-15 | 2025-06-13 | 湖北华中电力科技开发有限责任公司 | Data transmission method and system for power grid dispatching data network |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016031034A1 (en)* | 2014-08-29 | 2016-03-03 | 株式会社日立製作所 | Apparatus and method for detecting unauthorized access |
| US20180004942A1 (en)* | 2016-06-20 | 2018-01-04 | Jask Labs Inc. | Method for detecting a cyber attack |
| US20190180207A1 (en)* | 2017-12-12 | 2019-06-13 | Electronics And Telecommunications Research Institute | System and method for managing risk factors in aeo (authorized economic operator) certificate process |
| CN113055362A (en)* | 2021-03-01 | 2021-06-29 | 深信服科技股份有限公司 | Method, device, equipment and storage medium for preventing abnormal behaviors |
| US20220012345A1 (en)* | 2019-02-20 | 2022-01-13 | Nec Corporation | History output apparatus, control method, and program |
| CN114022022A (en)* | 2021-11-16 | 2022-02-08 | 北京天融信网络安全技术有限公司 | Industrial network security risk assessment method, device, equipment and storage medium |
| CN115691044A (en)* | 2022-10-31 | 2023-02-03 | 中国石油大学(北京) | A dynamic risk assessment and early warning method, system and device |
| CN117634875A (en)* | 2023-11-22 | 2024-03-01 | 中国南方电网有限责任公司 | Power system risk assessment method, system, equipment and medium |
| CN118200950A (en)* | 2024-05-17 | 2024-06-14 | 武汉众诚华鑫科技有限公司 | A telecommunication base station inspection method and system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016031034A1 (en)* | 2014-08-29 | 2016-03-03 | 株式会社日立製作所 | Apparatus and method for detecting unauthorized access |
| US20180004942A1 (en)* | 2016-06-20 | 2018-01-04 | Jask Labs Inc. | Method for detecting a cyber attack |
| US20190180207A1 (en)* | 2017-12-12 | 2019-06-13 | Electronics And Telecommunications Research Institute | System and method for managing risk factors in aeo (authorized economic operator) certificate process |
| US20220012345A1 (en)* | 2019-02-20 | 2022-01-13 | Nec Corporation | History output apparatus, control method, and program |
| CN113055362A (en)* | 2021-03-01 | 2021-06-29 | 深信服科技股份有限公司 | Method, device, equipment and storage medium for preventing abnormal behaviors |
| CN114022022A (en)* | 2021-11-16 | 2022-02-08 | 北京天融信网络安全技术有限公司 | Industrial network security risk assessment method, device, equipment and storage medium |
| CN115691044A (en)* | 2022-10-31 | 2023-02-03 | 中国石油大学(北京) | A dynamic risk assessment and early warning method, system and device |
| CN117634875A (en)* | 2023-11-22 | 2024-03-01 | 中国南方电网有限责任公司 | Power system risk assessment method, system, equipment and medium |
| CN118200950A (en)* | 2024-05-17 | 2024-06-14 | 武汉众诚华鑫科技有限公司 | A telecommunication base station inspection method and system |
| Title |
|---|
| 康勇;: "电力信息网络风险量化评估分析", 电子技术与软件工程, no. 05* |
| 张扬;: "基于大数据技术的网络日志分析系统", 电子技术与软件工程, no. 17, 7 September 2018 (2018-09-07)* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN120151377A (en)* | 2025-05-15 | 2025-06-13 | 湖北华中电力科技开发有限责任公司 | Data transmission method and system for power grid dispatching data network |
| Publication number | Publication date |
|---|---|
| CN118523963B (en) | 2024-10-01 |
| Publication | Publication Date | Title |
|---|---|---|
| CN112162878B (en) | Database fault discovery method and device, electronic equipment and storage medium | |
| CN118523963B (en) | A method and system for assessing power information network security risks | |
| CN118211837A (en) | A performance evaluation method and device for smart electric meter | |
| CN116680112B (en) | Memory state detection method, device, communication equipment and storage medium | |
| CN111626498B (en) | Equipment running state prediction method, device, equipment and storage medium | |
| CN109165133B (en) | Data monitoring method, device, equipment and storage medium | |
| CN112564951B (en) | Method, device, computer equipment and storage medium for avoiding alarm storm | |
| CN119865372B (en) | DNS resolution-oriented secure access control method and system | |
| CN118673500A (en) | Intelligent terminal-based risk detection and assessment system and method | |
| CN116366374A (en) | Security assessment method, system and medium for power grid network management based on big data | |
| CN117873838B (en) | Method and system for monitoring ambient temperature of telecommunication equipment | |
| CN118296013B (en) | Data storage method and system based on industrial Internet | |
| CN120069280A (en) | Smart city environment supervision system | |
| CN114785616A (en) | Data risk detection method and device, computer equipment and storage medium | |
| CN114679335A (en) | Power monitoring system network security risk assessment training, assessment method and equipment | |
| CN118860449A (en) | DSP online upgrade processing method, system and medium based on CAN communication | |
| CN118861187A (en) | Interactive map system with multi-mode rendering | |
| CN117081965B (en) | Intranet application load on-line monitoring system | |
| CN116596336B (en) | State assessment method, device, electronic equipment and storage medium for electronic equipment | |
| CN118819994A (en) | Abnormal detection method and device for big data integrated host | |
| CN109766243B (en) | Multi-core host performance monitoring method based on power function | |
| CN118332035B (en) | Data processing method and system for power system | |
| CN120342697A (en) | Network environment security status assessment method, device, equipment and storage medium | |
| US20250199900A1 (en) | Early root cause localization | |
| CN119130654B (en) | A method and system for electricity transaction data settlement based on big data |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |