Search

CN-121098965-B - Power cross-safety-zone safety interaction method and system based on deep protocol analysis

CN121098965BCN 121098965 BCN121098965 BCN 121098965BCN-121098965-B

Abstract

The invention provides a depth protocol analysis-based power safety interaction method and a depth protocol analysis-based power safety interaction system, wherein the method comprises the steps of acquiring each safety zone-crossing communication protocol frame, constructing a field semantic dependency graph, extracting a minimum semantic field subset and forming a semantic intermediate representation; based on the semantic intermediate representation, a sparse gating network is adopted to identify semantic intention and target equipment number of a control instruction, the control instruction is simulated and executed according to the semantic intention and the target equipment number to obtain a behavior path and an influence index, and a boundary decision mechanism with double thresholds is designed according to the behavior path and the influence index obtained by simulation and is used for deciding whether to release the cross-region communication instruction and generating an audit log. The invention has good protocol adaptability and expansion capability, can cover standard protocol and private protocol scenes, can adapt to various types of power equipment and safety area division modes, and has stronger universality and touchdown in actual engineering deployment.

Inventors

  • ZHAO RUIFENG
  • LI QIAN
  • GUO WENXIN
  • LI HAOBIN
  • CHEN MANLU
  • CHEN ZHIWEI

Assignees

  • 广东电网有限责任公司
  • 广东电网有限责任公司电力调度控制中心

Dates

Publication Date
20260512
Application Date
20251031

Claims (10)

  1. 1. The power cross-safety-zone safety interaction method based on deep protocol analysis is characterized by comprising the following steps of: S1, acquiring each communication protocol frame crossing a safety zone, constructing a field semantic dependency graph, and extracting a minimum semantic subgraph for expressing control intention from the field semantic dependency graph as a minimum semantic field subset to form semantic intermediate representation, wherein the minimum semantic field subset is control semantics which have the minimum field number and can completely express an original protocol; S2, based on the semantic intermediate representation, identifying semantic intent of a control instruction and a target equipment number of the control instruction in a power system topology by adopting a sparse gating network, wherein the target equipment number is a unique equipment identifier in the system topology; s3, according to the semantic intention and the number of the target equipment, on the basis of the current state of the target equipment, simulating and executing the control instruction to obtain a behavior path and evaluating the influence of the behavior path on the system topology as an influence index; and S4, designing a boundary decision mechanism with double thresholds according to the behavior path and the influence index obtained through simulation, and determining whether to release the control instruction or not and generating an audit log.
  2. 2. The deep protocol resolution-based power cross-security zone secure interaction method according to claim 1, wherein the S1 specifically comprises: each field in the structured field sequence comprises a field name, a field value, a byte offset and a field type; Constructing a field semantic dependency graph based on the constructed field sequence, wherein nodes of the field semantic dependency graph are each field of the constructed field, and edges represent semantic dependencies among the fields; Generating a candidate field subgraph through a protocol semantic mapping function based on the field semantic dependency graph; Extracting a minimum semantic subgraph from the candidate field subgraphs to serve as a minimum semantic field subset, so that the minimum semantic field subset can still completely express control semantics of an original protocol on the premise of minimum field quantity; And forming a semantic intermediate representation based on the structured field sequence corresponding to the field index set of the minimum semantic field subset.
  3. 3. The deep protocol resolution-based power cross-security zone secure interaction method of claim 2, wherein the protocol semantic mapping function is used for mapping field combinations to specific control intents, and is implemented based on a static protocol semantic mapping table.
  4. 4. The method for safely interacting power across a safe area based on deep protocol parsing according to claim 1, wherein the step S2 specifically comprises: Obtaining a structured field sequence corresponding to the semantic intermediate representation, so as to perform field-level embedded coding, and splicing to obtain a protocol semantic representation vector; Inputting the protocol semantic representation vector into a sparse gating network, and outputting the semantic intention of a control instruction and a target equipment number, wherein the semantic intention is one or more of tripping, closing, reading and setting; the sparse gating network adopts a double-branch analysis structure, wherein a first branch is used for analyzing the control action type, and a second branch is used for analyzing the target equipment identifier.
  5. 5. The method for safely interacting power across a safe area based on deep protocol parsing according to claim 4, wherein the field level embedded coding is specifically: and mapping each field in the structured field sequence corresponding to the semantic intermediate representation into a low-dimensional embedded vector, wherein the low-dimensional embedded vector comprises three parts, namely field type coding, protocol position coding and field value coding.
  6. 6. The method for safely interacting the electric power across the safety zone based on the deep protocol analysis according to claim 4, wherein a first branch of the sparse gating network is a layer of gating feedforward network plus a group of field coupling degree items based on a semantic dependency matrix for punishing joint activation of unassociated fields, and the second branch adopts a field rule mapping and topology position analysis fusion structure.
  7. 7. The method for safely interacting power across a safe area based on deep protocol parsing according to claim 1, wherein the step S3 specifically comprises: the semantic intent and the number of the target equipment are acquired, and a state transition diagram is predefined, wherein the state transition diagram comprises a finite state set and a state transition edge set; performing behavior simulation based on the state transition diagram to generate a behavior path; designing an influence index based on the behavior path, wherein the influence index is used for evaluating the propagation intensity of the control operation of the current control instruction on the power topological structure, and is determined based on whether the state of the adjacent equipment is changed after the control; the action path is a state change path which can be reached by the control action on the target equipment, the influence index is an influence range of the control action corresponding to the state change path in the topological structure, and the influence range represents the number of equipment which causes the state change in the operation.
  8. 8. The deep protocol resolution based power cross-security zone secure interaction method of claim 7, wherein the step of behavioral simulation comprises: initializing the state of equipment and reading the running state of the current equipment; simulating the execution process of the semantic intention of the control instruction based on the current equipment, namely judging whether a legal state transition path starting from the running state of the current equipment exists or not and judging whether the transition path is legal or not; if the transition path exists, further constructing a behavior path, and if the transition path does not exist, terminating the simulation and returning an abnormal identifier.
  9. 9. The method for secure interaction of power across a secure area based on deep protocol parsing of claim 7, wherein S4 specifically comprises: acquiring the behavior path and the influence index; judging whether the behavior path is legal or not, namely whether an reachable state path exists or not, and if the reachable state path exists, judging that the current behavior path is legal; Designing a boundary decision mechanism of a dual threshold to determine whether to release the control instruction, wherein the boundary decision mechanism of the dual threshold is that the instruction is released if and only if a legal action path exists in the control action and the influence index is not over-limited, or is blocked; The audit log comprises complete semantic link information, wherein the audit log comprises semantic intermediate representation, control intention, target equipment number, behavior path, influence index and a result of whether the control instruction is released or not, and the audit log adopts a hash chain-based sealing mode to ensure non-tamper property and traceability.
  10. 10. The utility model provides a safe interactive system of electric power cross security zone based on deep protocol analysis which characterized in that, the system includes: the protocol analysis module is used for acquiring each communication protocol frame crossing the security zone, constructing a field semantic dependency graph, extracting a minimum semantic subgraph for expressing control intention from the field semantic dependency graph as a minimum semantic field subset to form semantic intermediate representation, wherein the minimum semantic field subset is control semantics which have the minimum field number and can completely express an original protocol; The intention recognition module is used for recognizing the semantic intention of the control instruction and the target equipment number of the control instruction in the power system topology by adopting a sparse gating network based on the semantic intermediate representation, wherein the target equipment number is a unique equipment identifier in the system topology; The behavior simulation and verification module is used for simulating and executing the control instruction on the basis of the current state of the target equipment according to the semantic intention and the number of the target equipment, obtaining a behavior path and evaluating the influence of the behavior path on the system topology as an influence index; And the boundary decision and audit module is used for designing a boundary decision mechanism with double thresholds according to the behavior path and the influence index obtained by simulation, determining whether to release the control instruction and generating an audit log.

Description

Power cross-safety-zone safety interaction method and system based on deep protocol analysis Technical Field The invention belongs to the field of safe interaction of electric power across a safe zone, and particularly relates to a safe interaction method and a safe interaction system of electric power across the safe zone based on deep protocol analysis. Background Along with the continuous development of the power system to intellectualization and informatization, key services such as power dispatching, control, protection and the like increasingly depend on networked data interaction and remote control operation. In order to realize data transmission and instruction control between an information system and an automation system, an electric power network is generally divided into a plurality of safety areas according to safety levels, such as a control area, a monitoring area, a management information area and the like. For network security, border protection devices, such as firewalls, quarantine gateways, or secure access platforms, are typically provided between these secure zones to control cross-zone communications. However, as the coupling degree of the service system increases, the communication demands of the electric power secondary system among a plurality of safety areas are increasingly frequent, and particularly in aspects related to remote control instruction issuing, state data acquisition, equipment scheduling coordination and the like, higher real-time performance and reliability requirements are put forward on data interaction among the safety areas. The security interaction scheme commonly used in the industry at present mainly depends on a protocol white list mechanism, static rule configuration and a shallow protocol analysis means, and the mechanism can play a basic role in protecting standardized protocols with clear structures and stable field rules, but has a plurality of defects when facing complex conditions such as private protocols customized or expanded by a large number of manufacturers, protocol nested encapsulation, unknown field semantics and the like. On one hand, the traditional shallow layer analysis means is difficult to accurately identify the semantic meaning of a key control instruction in a protocol, the prevention and control capability of a message which is legal in format and is intended to be malicious is easily lost, on the other hand, an effective dynamic behavior verification mechanism is lacking in the cross-region communication process, the system state change after the instruction is executed cannot be prejudged, and the hidden attacks such as chain control, slow control and the like are easily performed. In addition, the deployment of existing security control systems is often dominated by unidirectional isolation and global disablement, and the lack of sophisticated control strategies for the power business continuity requirements results in a contradictory emphasis between security and availability. Therefore, how to realize semantic-level deep analysis of cross-security zone protocol interaction and to dynamically verify communication behaviors while ensuring the communication security of the power system becomes a key problem to be solved in the current power information security field. Disclosure of Invention The invention aims to provide a method and a system for safely interacting electric power across a safety zone based on deep protocol analysis, which are used for solving the defects of the existing method in terms of protocol identification accuracy, behavior controllability and safety usability. To achieve the above object, in a first aspect of the present invention, there is provided a method for safely interacting power across a safe zone based on deep protocol parsing, the method comprising: S1, acquiring each communication protocol frame crossing a safety zone, constructing a field semantic dependency graph, and extracting a minimum semantic subgraph for expressing control intention from the field semantic dependency graph as a minimum semantic field subset to form semantic intermediate representation, wherein the minimum semantic field subset is control semantics which have the minimum field number and can completely express an original protocol; S2, based on the semantic intermediate representation, identifying semantic intent of a control instruction and a target equipment number of the control instruction in a power system topology by adopting a sparse gating network, wherein the target equipment number is a unique equipment identifier in the system topology; s3, according to the semantic intention and the number of the target equipment, on the basis of the current state of the target equipment, simulating and executing the control instruction to obtain a behavior path and evaluating the influence of the behavior path on the system topology as an influence index; and S4, designing a boundary decision mechanism with double thresholds