Search

CN-122027253-A - Electric terminal flexible gray scale safety protection method integrating electric measurement and network behavior

CN122027253ACN 122027253 ACN122027253 ACN 122027253ACN-122027253-A

Abstract

The invention is suitable for the technical field of power system safety, and provides a flexible gray scale safety protection method of a power terminal integrating electric measurement and network behavior, which comprises the steps of collecting electric measurement data and network behavior data of the power terminal, and respectively extracting characteristics to obtain an electric safety characteristic vector and a network safety characteristic vector; the method comprises the steps of respectively carrying out electrical anomaly diagnosis and network threat diagnosis, carrying out collaborative analysis on a generated first diagnosis conclusion and a generated second diagnosis conclusion to obtain a fusion diagnosis report, inputting the fusion diagnosis report into a preset safety risk reasoning rule base, outputting a dynamic safety gray value based on a multi-level judgment logic, and switching the power terminal to a corresponding power supply control mode according to a preset risk level interval to which the dynamic safety gray value belongs. The invention effectively reduces the misjudgment rate, evaluates the safety risk by outputting the dynamic safety gray value, and realizes multistage flexible regulation and control by self-adaptive power supply control based on the gray value.

Inventors

  • MENG LIANG
  • LIN KONGSHENG
  • LIAN YUTING
  • XIE MING
  • ZENG MINGFEI
  • XIE JING
  • Zeng Hushuang
  • CHEN LINA
  • Wu Mingzhan
  • XIE PENGYU

Assignees

  • 广西电网有限责任公司

Dates

Publication Date
20260512
Application Date
20260129

Claims (10)

  1. 1. The utility model provides a flexible gray scale safety protection method of electric power terminal that fuses electric measurement and network behavior which characterized in that includes: collecting electric measurement data and network behavior data of the electric power terminal, and respectively extracting features to obtain an electric safety feature vector and a network safety feature vector; performing an electrical anomaly diagnosis based on the electrical safety feature vector, generating a first diagnosis conclusion including whether an electrical anomaly determination result exists; Performing network threat diagnosis based on the network security feature vector, and generating a second diagnosis conclusion including whether a network threat determination result exists; Performing collaborative analysis based on the first diagnosis conclusion and the second diagnosis conclusion to obtain a fusion diagnosis report; Inputting the fusion diagnosis report into a preset safety risk reasoning rule base, and outputting a dynamic safety gray value based on a multi-level judgment logic; And switching the power terminal to a corresponding power supply control mode according to a preset risk level interval to which the dynamic safety gray value belongs.
  2. 2. The method for flexible gray scale security of a power terminal with integrated electrical measurement and network behavior according to claim 1, wherein the performing electrical anomaly diagnosis based on the electrical security feature vector, generating a first diagnosis conclusion including whether there is an electrical anomaly determination result, comprises: performing multidimensional anomaly detection on the electrical safety feature vector, wherein the multidimensional anomaly detection comprises at least two of steady-state anomaly detection, transient anomaly detection and electric energy quality anomaly detection; judging whether the electric power terminal has electric abnormality or not according to the result of the multi-dimensional abnormality detection; If the electrical abnormality is judged to exist, determining an abnormality type and calculating an abnormality confidence coefficient, and generating a first diagnosis conclusion including an electrical abnormality judgment result, the abnormality type and the abnormality confidence coefficient; If it is determined that the electrical abnormality does not exist, a first diagnosis result including the electrical abnormality determination result is generated.
  3. 3. The method for flexible gray scale security protection of a power terminal integrating electrical measurement and network behavior according to claim 1, wherein the performing network threat diagnosis based on the network security feature vector, generating a second diagnosis conclusion including whether a network threat determination result exists, comprises: performing multi-dimensional threat detection on the network security feature vector, wherein the multi-dimensional threat detection comprises abnormal flow detection, protocol compliance detection and access behavior detection; judging whether the power terminal has network threat or not according to the multi-dimensional threat detection result; if the network threat is judged to exist, determining the threat type and calculating the threat confidence coefficient, and generating a second diagnosis conclusion containing the network threat judgment result, the threat type and the threat confidence coefficient; And if the network threat is judged to be absent, generating a second diagnosis conclusion containing the judgment result of the absence of the network threat.
  4. 4. The method for flexible gray scale security protection of a power terminal integrating electrical measurement and network behavior according to claim 1, wherein the collaborative analysis is performed based on the first diagnosis result and the second diagnosis result to obtain an integrated diagnosis report, comprising: if the first diagnosis conclusion judges that the electrical abnormality exists, generating a first association clue for guiding the network behavior data associated with the abnormal time information to carry out directional depth analysis according to the abnormal time information and the abnormal type corresponding to the electrical abnormality; If the second diagnosis conclusion judges that the network threat exists, generating a second association clue for guiding the electrical measurement data associated with the threat time information to carry out directional deep analysis according to the threat time information and the threat type corresponding to the network threat; Performing corresponding directional depth analysis based on the first correlation clue and/or the second correlation clue to obtain a directional analysis result; and generating a fusion diagnosis report according to the first diagnosis conclusion, the second diagnosis conclusion and the directional analysis result.
  5. 5. The method for flexible gray scale security protection of a power terminal integrating electrical measurement and network behavior according to claim 4, wherein the performing a corresponding directional depth analysis based on the first correlation clue comprises: Extracting network communication data of the power terminal in a corresponding time window according to the abnormal time information in the first association clue; Determining a network analysis focus according to the abnormal type in the first association clue; And performing deep analysis corresponding to the network analysis focus on the extracted network communication data to obtain a first directional analysis result, wherein the first directional analysis result is used for representing whether relevant network attack behavior signs exist in the electrical anomaly occurrence period.
  6. 6. The method for flexible gray scale security protection of a power terminal integrating electrical measurement and network behavior according to claim 4, wherein the performing a corresponding directional depth analysis based on the second correlation clue comprises: Extracting electrical measurement data of the power terminal in a corresponding time period according to threat time information in the second correlation clue; Determining an electrical analysis focus according to the threat type in the second associated clue; And performing depth analysis corresponding to the electrical analysis focus on the extracted electrical measurement data to obtain a second directional analysis result, wherein the second directional analysis result is used for representing whether relevant electrical response abnormal signs exist in the network threat occurrence period.
  7. 7. The method for flexible gray scale security of a power terminal integrating electrical measurement and network behavior according to claim 4, wherein said integrated diagnostic report comprises a temporal-spatial correlation determination of electrical side anomalies and network side threats, and a comprehensive risk level based on said first diagnostic conclusion, said second diagnostic conclusion, and said directional analysis result.
  8. 8. The method for flexible gray scale security protection of a power terminal integrating electrical measurement and network behavior according to claim 1, wherein the inputting the integrated diagnostic report into a preset security risk reasoning rule base and outputting a dynamic security gray scale value based on a multi-level decision logic comprises: extracting electrical anomaly information, network threat information, space-time correlation judgment and comprehensive risk level in the fusion diagnosis report; the multi-level decision logic includes the following four sequential decision levels: If the electrical anomaly information indicates that no electrical anomaly exists and the network threat information indicates that no network threat exists, judging that the electrical anomaly information is a first security level; If the electrical anomaly information indicates that electrical anomaly exists but the network threat information indicates that no network threat exists, or if the electrical anomaly information indicates that no electrical anomaly exists but the network threat information indicates that network threat exists, the space-time correlation judgment is performed; If the electrical anomaly information indicates that electrical anomaly exists and the network threat information indicates that network threat exists, and the time-space correlation is judged to be strong, judging to be a third security level; If the electrical anomaly information and the network threat information are logically contradictory and cannot be interpreted through space-time correlation, judging that the electrical anomaly information and the network threat information are of a fourth security level; and mapping the first security level, the second security level, the third security level and the fourth security level to different continuous numerical value intervals respectively to obtain corresponding dynamic security gray values.
  9. 9. The method for flexible gray scale security protection of a power terminal with integrated electrical measurement and network behavior according to claim 8, wherein mapping the first security level, the second security level, the third security level, and the fourth security level to different consecutive numerical intervals respectively comprises: the first security level is mapped to a numerical interval of 80-100; The second security level maps to a value interval of 50-79; The third security level maps to a numerical interval of 20-49; The fourth security level maps to a value interval of 0-19.
  10. 10. The method for flexible gray scale security protection of a power terminal integrating electrical measurement and network behavior according to claim 1, wherein switching the power terminal to a corresponding power supply control mode according to a preset risk level interval to which the dynamic security gray scale value belongs comprises: if the dynamic safety gray value belongs to the interval of 80-100, switching the power terminal to a normal power supply mode; If the dynamic safety gray value belongs to the interval of 50-79, switching the power terminal to an enhanced monitoring power supply mode; if the dynamic safety gray value belongs to the interval of 20-49, switching the power terminal to a limiting power supply mode; and if the dynamic safety gray value belongs to the interval of 0-19, switching the power terminal to a safety isolation mode.

Description

Electric terminal flexible gray scale safety protection method integrating electric measurement and network behavior Technical Field The invention relates to the technical field of power system safety, in particular to a flexible gray scale safety protection method for a power terminal integrating electrical measurement and network behavior. Background In the field of network security of power systems, the security protection of power terminals is generally based on an electrical measurement method to identify equipment faults and power quality problems by monitoring anomalies in physical quantities such as voltage and current. Also, a method based on network behavior analysis prevents network intrusion attacks by detecting network traffic, protocol compliance, and abnormal patterns in access logs. In the prior art, part of schemes analyze two types of information in parallel, for example, check whether synchronous electrical data is abnormal when network attack alarms are monitored, or trace back a weblog after electrical faults so as to realize cross-validation of security events. However, this method only regards electrical measurement and network behavior as two independent evidence sources, and the analysis process is essentially separated or post-correlated, so that cross-domain collaborative attacks cannot be effectively identified and judged, and it is difficult to accurately study and judge low-confidence alarms in a single dimension. The existing protection strategy can only adopt allowed or blocked rigid response, and cannot implement fine self-adaptive regulation and control according to the severity and nature of the threat, so that the problems that the safety protection system has high misjudgment rate, stiff response mode and cannot consider the reliability and safety of power supply when facing the complex hidden threat are caused. In view of the above, a flexible gray scale safety protection method for an electric power terminal integrating electric measurement and network behavior is provided. Disclosure of Invention The invention provides a flexible gray level safety protection method of an electric power terminal, which is used for solving the problems that a safety protection system has high misjudgment rate, a response mode is stiff and the reliability and the safety of power supply cannot be considered when facing to complex hidden threats. The invention provides a flexible gray level safety protection method of an electric power terminal integrating electric measurement and network behavior, which comprises the following steps: collecting electric measurement data and network behavior data of the electric power terminal, and respectively extracting features to obtain an electric safety feature vector and a network safety feature vector; performing an electrical anomaly diagnosis based on the electrical safety feature vector, generating a first diagnosis conclusion including whether an electrical anomaly determination result exists; Performing network threat diagnosis based on the network security feature vector, and generating a second diagnosis conclusion including whether a network threat determination result exists; Performing collaborative analysis based on the first diagnosis conclusion and the second diagnosis conclusion to obtain a fusion diagnosis report; Inputting the fusion diagnosis report into a preset safety risk reasoning rule base, and outputting a dynamic safety gray value based on a multi-level judgment logic; And switching the power terminal to a corresponding power supply control mode according to a preset risk level interval to which the dynamic safety gray value belongs. Still further, the performing the electrical anomaly diagnosis based on the electrical safety feature vector, generating a first diagnosis conclusion including whether there is an electrical anomaly determination result, includes: performing multidimensional anomaly detection on the electrical safety feature vector, wherein the multidimensional anomaly detection comprises at least two of steady-state anomaly detection, transient anomaly detection and electric energy quality anomaly detection; judging whether the electric power terminal has electric abnormality or not according to the result of the multi-dimensional abnormality detection; If the electrical abnormality is judged to exist, determining an abnormality type and calculating an abnormality confidence coefficient, and generating a first diagnosis conclusion including an electrical abnormality judgment result, the abnormality type and the abnormality confidence coefficient; If it is determined that the electrical abnormality does not exist, a first diagnosis result including the electrical abnormality determination result is generated. Still further, the performing network threat diagnosis based on the network security feature vector, generating a second diagnosis conclusion including whether the network threat determination result exists