继电保护远程运维系统报文合规检测及入侵阻断技术应用
Application of Message Compliance Detection and Intrusion Blocking Technology in Remote Operation and Maintenance System of Relay Protection
余江 1高宏慧 1史泽兵 1蒋纬纬 2武芳瑛 2詹庆才 2张蕊2
作者信息
- 1. 中国南方电网电力调度控制中心,广东广州 510530
- 2. 北京四方继保自动化股份有限公司,北京 100085
- 折叠
摘要
继电保护远程运维中数据传输各环节存在网络入侵风险,现有安全措施未有效处理业务层风险,且存在风险阻断不及时等问题.为此,提出一种报文合规检测方法及入侵阻断技术,分析报文的对象、格式、业务逻辑和行为模式,建立报文合规规则库及不合规报文阻断策略,设计开发不合规报文阻断模块及"一键阻断"紧急控制模块.通过模拟仿真环境测试,结果表明,上述技术对不同类型异常报文进行的阻断效果与预期一致,可有效阻断非法入侵攻击,从而提高继电保护远程运维的安全性和稳定性.
Abstract
In the remote operation and maintenance of relay protection,there are network intrusion risks at every stage of data transmission.Existing security measures have not effectively addressed business layer risks,and some issues such as delayed risk response still exist.Therefore,a message compliance detection method and intrusion blocking technology have been proposed.By analyzing the objects,formats,business logic,and behavioral patterns of messages,a library of message compliance rules and a strategy for blocking non-compliant messages are established.Finally,modules for blocking non-compliant messages and an"emergency blocking"control module are designed and developed.The simulation testing results indicate that the proposed technology consistently blocks abnormal messages of different types as expected.This technology can effectively prevent the illegal intrusion attacks,thereby enhancing the security and stability of the remote operation and maintenance for relay protection.
关键词
继电保护/远程运维/网络安全/入侵检测/紧急控制Key words
relay protection/remote operation and maintenance/network security/intrusion detection/emergency control引用本文复制引用
基金项目
中国南方电网有限责任公司科技项目(ZDKJXM20200049)
出版年
2024