Search

CN-122001616-A - NLP-based building block type power monitoring system attack and defense scene construction method and system

CN122001616ACN 122001616 ACN122001616 ACN 122001616ACN-122001616-A

Abstract

A building block type power monitoring system attack and defense scene construction method and system based on NLP comprises the steps of obtaining natural language text instructions of a user for constructing a specific attack and defense scene, converting the natural language text instructions into a structural requirement function model based on an NLP model of the power monitoring attack and defense scene, constructing a building block type function module library according to the attack and defense scene of the power monitoring system, enabling all the function modules to follow a predefined standardized interface, matching the requirement function model in the building block type function module library to obtain comprehensive matching scores corresponding to each function module, generating a module candidate list, selecting a plurality of function modules from the module candidate list according to the comprehensive matching scores to be combined, checking the combined function modules, and providing an executable module combination scheme for the user to generate the attack and defense scene when the combined function modules pass the check. According to the invention, manual configuration is reduced, and the scene switching response speed is improved.

Inventors

  • SUN FENG
  • LI TONG
  • REN SHUAI
  • Geng Panna
  • GUO SHAOYONG
  • LIU ZENGJI
  • SONG CHUNHE
  • ZHAO JIANMING
  • LI BAO

Assignees

  • 国网辽宁省电力有限公司电力科学研究院
  • 烽台科技(北京)有限公司
  • 北京邮电大学
  • 南京邮电大学
  • 沈阳工程学院

Dates

Publication Date
20260508
Application Date
20251225

Claims (10)

  1. 1. An NLP-based building block type power monitoring system attack and defense scene construction method is characterized by comprising the following steps of: acquiring a natural language text instruction submitted by a user for constructing a specific attack and defense scene; Establishing an electric power monitoring attack and defense scene NLP model, and converting a natural language text instruction into a structural requirement function model based on the electric power monitoring attack and defense scene NLP model; Building a building block type function module library according to the attack and defense scene of the power monitoring system, wherein all the function modules in the building block type function module library follow a predefined standardized interface; Matching the structural requirement function model in a building block type function module library to obtain a comprehensive matching score corresponding to each function module, and generating a module candidate list; and selecting a plurality of functional modules from the module candidate list according to the comprehensive matching score for combination, performing interface dependency check, time sequence logic constraint check and global conflict check on the combined functional modules, and providing an executable module combination scheme for a user to generate an attack and defense scene when the check passes.
  2. 2. The building block type power monitoring system attack and defense scene construction method based on NLP as set forth in claim 1, wherein the method comprises the following steps: The building block type functional module library comprises an attack module, a defense module and an environment module, wherein the attack module is used for packaging specific attack behaviors, the defense module is used for packaging specific defense or detection strategies, and the environment module is used for packaging simulation environment configuration.
  3. 3. The building block type power monitoring system attack and defense scene construction method based on NLP as set forth in claim 2, wherein the method comprises the following steps: Matching the structural requirement functional model in a building block type functional module library based on multi-dimensional indexes to obtain a matching degree score under each dimensional index, wherein the multi-dimensional indexes comprise functional fitness, parameter compatibility and dependence satisfaction; And distributing preset weights for each dimension index, and calculating the comprehensive matching score of each functional module based on the matching degree score corresponding to each dimension index and the corresponding preset weights.
  4. 4. The building block type power monitoring system attack and defense scene construction method based on NLP as set forth in claim 3, wherein the method comprises the following steps: and distributing preset weights to each dimension index according to the scene types, respectively calculating the number of shared functional modules in a module candidate list under each scene type, calculating the current ratio of the shared functional modules to the total functional modules in the candidate list, and iteratively adjusting the preset weights according to the current ratio until the change of the ratio after the weight adjustment and the current ratio is smaller than a change threshold or the number of iterations is reached.
  5. 5. The building block type power monitoring system attack and defense scene construction method based on NLP as set forth in claim 3, wherein the method comprises the following steps: calculating a matching degree score under the function fit degree comprises: Carrying out synonym expansion on keywords in the structural requirement function model and functional keywords in the functional module metadata by utilizing a pre-constructed synonym library in the power monitoring field so as to cover different term expressions in the field; combining the expanded demand keywords and the module keywords to form a unified word list; Respectively generating corresponding binary word frequency vectors for the required keywords and the module keywords according to the unified word list; And calculating the semantic similarity of the binary word frequency vector of the required keyword and the binary word frequency vector of the module keyword, and taking the semantic similarity as a matching degree score under the function fit degree.
  6. 6. The building block type power monitoring system attack and defense scene construction method based on NLP as set forth in claim 3, wherein the method comprises the following steps: Verifying whether technical parameters in the structural requirement function model are in a supporting range of the function module based on a verification rule, if so, indicating parameter compatibility in the range, and dividing the number of parameter compatibility in the function module by the number of total technical parameters to obtain the matching degree score of the function module under the parameter compatibility; The method comprises the steps of calculating the matching degree score under the dependence satisfaction degree, wherein the dependence satisfaction degree checking rule comprises operation environment dependence, system resource dependence and operation environment dependence, performing dependence satisfaction degree checking on the functional module, and obtaining the matching degree score under the dependence satisfaction degree of the functional module by the number of the satisfying dependent items in the total number of the dependent items.
  7. 7. The building block type power monitoring system attack and defense scene construction method based on NLP as set forth in claim 1, wherein the method comprises the following steps: Converting the natural language text instruction into the structural requirement function model based on the power monitoring attack and defense scene NLP model comprises the following steps: Attaching a structured data file of a formulated type to a natural language text language instruction, and analyzing the structured data file to obtain an analysis result; performing word segmentation, entity recognition and semantic analysis on the natural language text instruction, and extracting key entities, wherein the key entities comprise attack types, target equipment, defending actions, environment constraints and intents; Carrying out association search on the key entity and the built-in attack and defense knowledge base, and deducing potential attack paths and associated defense measures; And structuring the analysis result, the key entity and the associated defensive measures to obtain a functional demand model.
  8. 8. An NLP-based building block type power monitoring system attack and defense scene construction system for realizing the building block type power monitoring system attack and defense scene construction method based on NLP as set forth in any one of claims 1 to 7, wherein the system comprises: The acquisition module is used for acquiring a natural language text instruction submitted by a user for constructing a specific attack and defense scene; The NLP module is used for establishing an NLP model of the power monitoring attack and defense scene, and converting a natural language text instruction into a structural requirement function model based on the NLP model of the power monitoring attack and defense scene; The building block type function module is used for constructing a building block type function module library according to the attack and defense scene of the electric power monitoring system, and all the function modules in the building block type function module library follow a predefined standardized interface; The function matching module is used for matching the structural requirement function model in the building block type function module library to obtain a comprehensive matching score corresponding to each function module and generate a module candidate list; And the recommendation combination module is used for selecting a plurality of functional modules from the module candidate list to be combined according to the comprehensive matching score, performing interface dependency check, time sequence logic constraint check and global conflict check on the combined functional modules, and providing an executable module combination scheme for a user to generate an attack and defense scene when the check passes.
  9. 9. An electronic device comprises a processor and a storage medium, and is characterized in that: The storage medium is used for storing instructions; The processor is configured to operate according to the instructions to perform the steps of the building block type power monitoring system attack and defense scene construction method based on NLP according to any one of claims 1 to 7.
  10. 10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements the steps of the NLP-based modular power monitoring system attack and defense scenario construction method of any one of claims 1-7.

Description

NLP-based building block type power monitoring system attack and defense scene construction method and system Technical Field The application belongs to the technical field of power monitoring, and particularly relates to a building block type power monitoring system attack and defense scene construction method and system based on NLP. Background The safety protection of the power monitoring system is an organic component of the power safety production management system, and new business forms and operation modes emerge, so that unprecedented network safety threat and risks are brought to the safety protection of the power monitoring system. In order to strengthen network security management in the power industry, the method is used for coping with the ever-expanding risk exposure surface and increasingly-severe data potential safety hazards of the power monitoring system, simulating the simulation environment of the power monitoring system and constructing an attack and defense scene, improving the stability and security of the power monitoring system by using a practical means, and is an important development trend of network security work of the current power system. However, the current method for constructing the attack and defense scene of the power monitoring system often depends on the manual establishment of the attack and defense strategy and scene configuration by the user, which not only consumes a great deal of resources such as manpower and time, but also limits the flexibility of scene application. When switching between different attack and defense scenarios or simulation environments, extensive analysis and configuration are often required again to meet specific requirements. This mode is inefficient and difficult to quickly accommodate changing security challenges. Disclosure of Invention In order to solve the defects in the prior art, the application provides the building block type power monitoring system attack and defense scene construction method and system based on NLP, which reduces manual configuration, improves scene switching response speed, scene construction speed and automation degree, further improves scene construction efficiency, accuracy and reliability, and reduces overall scene construction cost. The application adopts the following technical scheme. The first aspect of the application provides an attack and defense scene construction method of a building block type power monitoring system based on NLP, comprising the following steps: acquiring a natural language text instruction submitted by a user for constructing a specific attack and defense scene; Establishing an electric power monitoring attack and defense scene NLP model, and converting a natural language text instruction into a structural requirement function model based on the electric power monitoring attack and defense scene NLP model; Building a building block type function module library according to the attack and defense scene of the power monitoring system, wherein all the function modules in the building block type function module library follow a predefined standardized interface; Matching the structural requirement function model in a building block type function module library to obtain a comprehensive matching score corresponding to each function module, and generating a module candidate list; and selecting a plurality of functional modules from the module candidate list according to the comprehensive matching score for combination, performing interface dependency check, time sequence logic constraint check and global conflict check on the combined functional modules, and providing an executable module combination scheme for a user to generate an attack and defense scene when the check passes. Optionally, the functional modules in the building block functional module library include an attack module, a defense module and an environment module, the attack module is used for packaging specific attack behaviors, the defense module is used for packaging specific defense or detection strategies, and the environment module is used for packaging simulation environment configuration. Optionally, matching the structural requirement functional model in a building block type functional module library based on multi-dimensional indexes to obtain a matching degree score under each dimension index, wherein the multi-dimensional indexes comprise functional fitness, parameter compatibility and dependence satisfaction; And distributing preset weights for each dimension index, and calculating the comprehensive matching score of each functional module based on the matching degree score corresponding to each dimension index and the corresponding preset weights. Optionally, a preset weight is allocated to each dimension index according to the scene type, the number of the shared functional modules in the module candidate list under each scene type is calculated respectively, the current ratio of the shared functional mod