CN-120567476-B - Power network equipment vulnerability restoration method and system based on dynamic behavior analysis

Abstract

The invention provides a vulnerability restoration method and system for electric network equipment based on dynamic behavior analysis, which are characterized in that an operation data set of the electric network equipment is obtained, dynamic behavior analysis processing is carried out on the operation data set to obtain dynamic behavior feature sets of a plurality of operation period data, vulnerability feature extraction processing is carried out on the dynamic behavior feature sets based on preset dynamic policy matching rules to generate a vulnerability restoration policy set corresponding to an abnormal behavior mode, vulnerability restoration operation of the electric network equipment is triggered according to execution priority and execution condition parameters in the vulnerability restoration policy set, restored equipment operation verification data is obtained, restoration effect evaluation results are generated based on difference parameters between the equipment operation verification data and preset safety operation standards, and dynamic policy matching rules are adjusted according to the difference parameters. The invention can ensure that the vulnerability restoration system maintains a stable safety protection level in a complex and changeable power network environment.

Inventors

• LIU YUANLONG
• CHAI YUAN
• GAO KAIQIANG
• HUO JIAHAO
• GUAN TI
• ZHANG JIAN
• LIU LEI
• ZHANG KUN
• YUAN CHAO
• BAI YINGWEI
• LIANG DONG
• ZHOU JIANBO

Assignees

• 山东思极科技有限公司
• 国网山东省电力公司
• 中国电力科学研究院有限公司

Dates

Publication Date

20260505

Application Date

20250527

Claims (9)

1. 1. The utility model provides a power network equipment vulnerability restoration method based on dynamic behavior analysis, which is characterized by comprising the following steps: acquiring an operation data set of the power network equipment, wherein the operation data set comprises a plurality of operation period data, and each operation period data comprises at least one equipment operation state parameter and a corresponding external environment parameter; performing dynamic behavior analysis processing on the operation data set to obtain a dynamic behavior feature set of the operation period data; the dynamic behavior feature set is used for representing an abnormal behavior mode of the power network equipment in an operation period; Performing vulnerability feature extraction processing on the dynamic behavior feature set based on a preset dynamic policy matching rule to generate a vulnerability restoration policy set corresponding to the abnormal behavior mode, wherein the vulnerability restoration policy set comprises execution priority and execution condition parameters of a plurality of restoration instructions; triggering vulnerability restoration operation of the power network equipment according to the execution priority and the execution condition parameters in the vulnerability restoration strategy set, and acquiring restored equipment operation verification data; Generating a repair effect evaluation result based on a difference parameter between the equipment operation verification data and a preset safety operation standard, and adjusting the dynamic policy matching rule according to the difference parameter; the dynamic behavior analysis processing is performed on the operation data set to obtain a dynamic behavior feature set of the operation period data, including: Performing time sequence association analysis on equipment operation state parameters in each operation period data to generate a first behavior feature sequence related to a time dimension; Carrying out spatial distribution analysis on the external environment parameters and determining a spatial association feature set of the environment where the power network equipment is located; the method specifically comprises the steps of obtaining a real-time environment parameter set collected by a plurality of environment monitoring nodes deployed in an environment where electric power network equipment is located, wherein the real-time environment parameter set comprises temperature distribution data, humidity distribution data and electromagnetic interference intensity data, mapping deployment positions of the environment monitoring nodes to region division results corresponding to the physical layout topological graph according to the physical layout topological graph of the electric power network equipment, generating an environment parameter distribution map containing region identifiers, carrying out fluctuation consistency detection on the temperature distribution data, the humidity distribution data and the electromagnetic interference intensity data corresponding to the same region identifiers in the environment parameter distribution map, extracting parameter change trend characteristics meeting fluctuation consistency conditions, generating environment association intensity indexes between adjacent regions based on the parameter change trend characteristics, wherein the environment association intensity indexes are used for representing the cooperative influence degree of environment parameter changes of different regions on the operation of the electric power network equipment; Carrying out multidimensional fusion processing on the first behavior feature sequence and the space association feature set to obtain a fusion behavior feature vector of each operation period data; And carrying out abnormal pattern recognition processing on the fused behavior feature vector, extracting feature dimensions exceeding a preset safety threshold in the fused behavior feature vector, and determining abnormal fluctuation data corresponding to the feature dimensions as an abnormal behavior pattern in the dynamic behavior feature set.
2. 2. The method of claim 1, wherein the performing an abnormal pattern recognition process on the fused behavior feature vector comprises: Acquiring a standard behavior feature set of the power network equipment in a historical operation period, wherein the standard behavior feature set comprises a plurality of standard feature dimensions of the power network equipment and a standard fluctuation range corresponding to the standard feature dimensions in a vulnerability-free state; Matching each feature dimension in the fused behavior feature vector with the standard feature dimension, and determining a target feature dimension matched with the standard feature dimension in the fused behavior feature vector; calculating a deviation degree parameter between the current fluctuation data of the target feature dimension and the standard fluctuation range, and marking the target feature dimension as an abnormal feature dimension if the deviation degree parameter exceeds a preset deviation threshold; And generating an abnormal weight distribution diagram according to the deviation degree parameters of all abnormal feature dimensions, and determining the dominant abnormal type of the abnormal behavior mode through the abnormal feature dimension with the largest weight value in the abnormal weight distribution diagram.
3. 3. The method of claim 2, wherein the performing vulnerability feature extraction processing on the dynamic behavior feature set based on a preset dynamic policy matching rule to generate a vulnerability restoration policy set corresponding to the abnormal behavior pattern comprises: Matching a candidate repair strategy set from a preset vulnerability repair knowledge base according to the dominant anomaly type, wherein the candidate repair strategy set comprises a plurality of candidate repair instructions and corresponding repair condition constraints; Performing vulnerability influence range analysis on the dynamic behavior feature set, and determining a device component set and an associated environment area influenced by the abnormal behavior mode; screening target repair instructions meeting the repair condition constraint from the candidate repair strategy set according to the component types of the equipment component set and the environment parameters of the associated environment area; And calculating the comprehensive execution priority of each target repair instruction based on the execution resource consumption parameter and the repair timeliness parameter of the target repair instruction, and sequencing the target repair instructions from high to low according to the comprehensive execution priority to generate the vulnerability repair strategy set.
4. 4. The method of claim 3, wherein triggering the vulnerability repair operation of the power network device according to the execution priority and execution condition parameters in the vulnerability repair policy set comprises: Sequentially executing the target repair instructions according to the order of the execution priority from high to low, and detecting whether the current equipment running state meets the environmental constraint condition and the equipment resource condition in the execution condition parameters before executing each target repair instruction; If the environment constraint condition and the equipment resource condition are detected to be met, triggering a repair operation corresponding to the target repair instruction through a control interface of the power network equipment; If the environmental constraint condition or the equipment resource condition is not met, suspending executing the current target repair instruction, and generating a condition optimization strategy based on the unsatisfied condition parameters, wherein the condition optimization strategy is used for adjusting the resource allocation or the environmental parameters of the power network equipment so as to meet the execution condition parameters again.
5. 5. The method of claim 4, wherein the obtaining the repaired device operation verification data comprises: After the vulnerability restoration operation is completed, performing full-dimensional operation monitoring on the power network equipment, and collecting restored equipment operation state parameters and external environment parameters; Extracting the characteristics of the restored equipment operation state parameters to generate a restoration verification characteristic set; Comparing the repair verification feature set with the preset safe operation standard item by item to generate a verification result list containing comparison difference values; And determining whether the vulnerability restoration operation achieves an expected restoration effect according to whether the comparison difference values in the verification result list are all within a preset safety tolerance range.
6. 6. The method of claim 5, wherein generating a repair effect evaluation result based on a difference parameter between the device operation verification data and a preset safe operation standard comprises: Extracting an abnormal difference value exceeding the safety tolerance range from the verification result list, and determining the equipment operation dimension corresponding to the abnormal difference value; According to the device operation dimension, backtracking the executed target repair instruction from the vulnerability repair strategy set, and analyzing the repair contribution degree of the target repair instruction to the device operation dimension; if the repair contribution degree is lower than a preset contribution threshold, judging that the target repair instruction does not effectively repair the corresponding vulnerability, and generating a strategy adjustment instruction; the policy adjustment instruction is configured to re-match a complementary repair instruction associated with the device operation dimension from the vulnerability repair knowledge base, and add the complementary repair instruction to the vulnerability repair policy set.
7. 7. The method of claim 6, wherein said adjusting said dynamic policy matching rules according to said discrepancy gauge comprises: acquiring execution log data of a supplementary repair instruction corresponding to the strategy adjustment instruction recorded in the repair effect evaluation result; Extracting actual influence parameters of the supplementary repair instruction on the equipment operation dimension in the repair process from the execution log data, wherein the actual influence parameters comprise the abnormal difference value change amplitude and repair operation duration of the equipment operation dimension; comparing the actual influence parameters with expected influence parameters of the supplementary repair instruction recorded in the vulnerability repair knowledge base to generate an instruction effectiveness deviation value of the supplementary repair instruction; If the instruction efficacy deviation value exceeds a preset deviation tolerance range, expanding the strategy matching conditions in the dynamic strategy matching rules, and integrating the actual influence parameters into the strategy matching conditions as newly added matching conditions; And recalculating the matching adaptation degree of each candidate restoration instruction in the candidate restoration strategy set according to the expanded strategy matching condition, and updating the priority ordering rule of the candidate restoration strategy set according to the matching adaptation degree.
8. 8. The method according to claim 2, wherein when a change in the operating configuration of the power network device is detected, the method further comprises a process of performing a dynamic analysis rule adaptation process, comprising: Acquiring a new equipment operation state parameter set and a new external environment parameter set corresponding to the changed operation configuration; performing coverage verification on the new equipment running state parameter set and standard feature dimensions in the standard behavior feature set, and determining newly added feature dimensions and failure feature dimensions; Adjusting feature fusion weight distribution in the multidimensional fusion process according to the newly added feature dimension so that the weight value of the failure feature dimension is reassigned to the newly added feature dimension; performing fusion processing on the new equipment running state parameter set and the new external environment parameter set based on the adjusted feature fusion weight distribution to generate a fusion behavior feature vector under new configuration; And inputting the fusion behavior feature vector under the new configuration into the abnormal pattern recognition process, and updating the generation logic of the abnormal weight distribution diagram according to the data fluctuation characteristic of the newly added feature dimension.
9. 9. A computer system, comprising: a memory in which a computer program is stored; A processor for loading the computer program to implement the dynamic behavior analysis-based power network device vulnerability restoration method according to any one of claims 1-8.

Description

Power network equipment vulnerability restoration method and system based on dynamic behavior analysis Technical Field The invention relates to the field of data processing, in particular to a method and a system for repairing loopholes of power network equipment based on dynamic behavior analysis. Background With the rapid development of smart power grids, the vulnerability restoration technology of power network equipment becomes a core link for guaranteeing the safe operation of the power grid. The current mainstream vulnerability detection method is generally based on static feature matching of device operation logs, known security threats are identified through comparison of preset vulnerability feature libraries, and repair operation is executed according to fixed priority. Meanwhile, the fixed repair strategy lacks the response capability to the real-time load state of the equipment and the sudden environmental change, the problem that the critical bug repair is delayed or the system resources are occupied by unnecessary maintenance operation is easy to occur, and the defect of insufficient adaptability is exposed in complex and changeable power grid operation scenes. Disclosure of Invention The invention provides a method and a system for repairing loopholes of power network equipment based on dynamic behavior analysis. The embodiment of the invention provides a method for repairing a vulnerability of electric network equipment based on dynamic behavior analysis, which comprises the steps of obtaining an operation data set of the electric network equipment, wherein the operation data set comprises a plurality of operation period data, each operation period data comprises at least one equipment operation state parameter and a corresponding external environment parameter, carrying out dynamic behavior analysis processing on the operation data set to obtain a dynamic behavior feature set of the plurality of operation period data, wherein the dynamic behavior feature set is used for representing an abnormal behavior mode of the electric network equipment in an operation period, carrying out vulnerability feature extraction processing on the dynamic behavior feature set based on a preset dynamic policy matching rule to generate a vulnerability repairing policy set corresponding to the abnormal behavior mode, wherein the vulnerability repairing policy set comprises execution priority and execution condition parameters of a plurality of vulnerability repairing instructions, triggering vulnerability repairing operation of the electric network equipment according to the execution priority and the execution condition parameters in the vulnerability repairing policy set, obtaining repaired equipment operation verification data, generating a repairing effect evaluation result based on a difference parameter between the equipment operation verification data and a preset safety operation standard, and adjusting the dynamic policy matching rule according to the difference parameter. In a second aspect, an embodiment of the invention provides a computer system, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor is used for loading the computer program to realize the method for repairing the vulnerability of the power network equipment based on dynamic behavior analysis. The method for repairing the loopholes of the power network equipment provided by the invention has the advantages that a multidimensional analysis model is built by fusing equipment operation state parameters and external environment parameters, the limitation of equipment internal faults and environment induced cracking in traditional loopholes detection is broken through, hidden equipment abnormal behaviors caused by complex environment interaction are effectively identified, progressive loopholes characteristics changing along with the environment in the equipment operation process can be captured based on an abnormal mode extraction mechanism of a dynamic behavior characteristic set, the discovery capability of unknown loopholes types is obviously improved, a repair strategy set generated by a dynamic strategy matching rule is combined with the double constraint of an execution priority and an execution condition parameter, the self-adaption matching of repair operation and equipment real-time working conditions and environment states is realized, the priority treatment of key loopholes is ensured, meanwhile, the dynamic optimization strategy matching rule is realized by means of the difference feedback of repair verification data and safety operation standards, so that the loopholes repairing system has continuous evolution capability, and maintains stable safety protection level in complex and changeable power network environments. Drawings Fig. 1 is a flowchart of a method for repairing a vulnerability of a power network device based on dynamic behavior analysis according to an embodimen