CN-122027328-A - Method for identifying intranet loopholes of power system

Abstract

The invention discloses a method for identifying an intranet vulnerability of an electric power system, which belongs to the technical field of intranet vulnerabilities of electric power systems and comprises the following steps of S1, pre-constructing a vulnerability database based on request packet data and response packet data, S2, scanning a system to be detected, obtaining the request packet data and the response packet data, combining the vulnerability database to identify and classify the vulnerabilities, grading the vulnerabilities according to severity, and S3, pushing alarm information according to the vulnerability grading, and generating a report. The identification method remarkably improves the accuracy and the comprehensiveness of vulnerability identification through the deep analysis of the request packet and the response packet, shortens the period from vulnerability discovery to repair through hierarchical reminding and automatic report generation, ensures the priority treatment of high-risk risks, and effectively reduces the occurrence probability of internal network security events of the power system.

Inventors

• QIAN HAONAN
• WANG LIUYANG
• WANG CHENGKE
• QU PENG
• LI XIAOYU
• ZHENG MINGYI

Assignees

• 淮阴工学院

Dates

Publication Date

20260512

Application Date

20260317

Claims (8)

1. 1. The method for identifying the intranet loopholes of the electric power system is characterized by comprising the following steps of: s1, constructing a vulnerability database in advance based on request packet and response packet data, wherein the vulnerability database is used for identifying and classifying vulnerabilities; s2, scanning a system to be detected, acquiring request packet and response packet data, and identifying and classifying vulnerabilities by combining the vulnerability database and grading according to severity; And S3, pushing alarm information according to the loopholes in a grading manner, and generating a report.
2. 2. The method according to claim 1, wherein in the step S1, the request packet data includes a request method, a request URL and path parameter, header information, and a request body content, and the response packet data includes a status code, response Header information, response body content, response time, and a packet length.
3. 3. The method according to claim 1, wherein in the step S1, the vulnerability classification includes SQL injection vulnerability, unauthorized access and override vulnerability, weak password and authentication bypass vulnerability, information leakage vulnerability, command injection and script execution vulnerability.
4. 4. The method of claim 1, wherein in step S2, the request packet and the response packet data are subjected to one-to-one correspondence through a time stamp and a session ID after the request packet and the response packet data are acquired, so as to form a request-response data pair, and then data analysis is performed.
5. 5. The identification method of claim 4, wherein the data parsing comprises formatting and structuring each group of request-response data pairs, converting unstructured network data into a computable data model, performing semantic parsing, performing input verification analysis on parameters in a request packet, extracting variable names, data types, input lengths and character features, performing abnormal feature analysis on contents in a response packet, identifying whether database error information, system path exposure, stack backtracking, token leakage and sessionID plaintext transmission exist, performing consistency comparison on a Header field, and detecting whether cross-domain access, identity authentication deficiency and cookie unencrypted exist.
6. 6. The method according to claim 1, wherein in the step S2, the vulnerability classification comprises low risk, medium risk, high risk, and serious.
7. 7. The method of claim 1, wherein the number of loopholes, the number of request parameters, the degree of response anomalies and the historical statistical weight are comprehensively considered through a weighting algorithm, the risk level of the loopholes is calculated, and a unique loophole identification code is generated for tracking.
8. 8. The method of claim 1, wherein in step S3, the vulnerability data is de-duplicated and sorted, and the report including the vulnerability type, the trigger sample and the repair suggestion is generated according to the vulnerability hierarchical push alert information, wherein the high-risk/serious vulnerability is pushed in real time, and the medium-risk/low-risk vulnerability is periodically checked.

Description

Method for identifying intranet loopholes of power system Technical Field The invention relates to the technical field of intranet loopholes of electric power systems, in particular to a method for identifying intranet loopholes of an electric power system. Background Along with the continuous improvement of the networking degree of the intranet of the power system, the safety of the intranet becomes increasingly critical for guaranteeing the power supply. Existing electric power system vulnerability scanning tools mainly identify vulnerabilities by scanning network paths, but the tools can only detect the vulnerabilities in the paths, lack deep analysis of the vulnerabilities, and cannot evaluate the harmfulness and potential risks of the vulnerabilities. In addition, the existing tools generally lack an alarm mechanism after discovering the loopholes, so that related personnel cannot be timely notified to repair, and the safety of the system is affected. Therefore, a technology capable of combining comprehensive analysis and alarm of loopholes is needed to improve the safety protection capability of the intranet of the power system. Disclosure of Invention The application solves the problems that in the prior art, only a path can be identified by vulnerability scanning and a vulnerability comprehensive analysis and alarm mechanism is lacked, and achieves the technical effects of vulnerability comprehensive analysis, accurate identification and hierarchical alarm. The embodiment of the application provides a method for identifying an intranet vulnerability of a power system, which comprises the following steps: s1, constructing a vulnerability database in advance based on request packet and response packet data, wherein the vulnerability database is used for identifying and classifying vulnerabilities; s2, scanning a system to be detected, acquiring request packet and response packet data, and identifying and classifying vulnerabilities by combining the vulnerability database and grading according to severity; And S3, pushing alarm information according to the loopholes in a grading manner, and generating a report. The method for identifying the electric power intranet vulnerability has the beneficial effects that accurate identification, intelligent grading and efficient treatment of the electric power intranet vulnerability are realized through a vulnerability database construction-intranet scanning-data processing analysis-grading alarm process. Compared with the traditional path scanning tool, the method combines the deep analysis of the request packet and the response packet, remarkably improves the accuracy and the comprehensiveness of vulnerability identification, shortens the period from vulnerability discovery to restoration through hierarchical reminding and automatic report generation, ensures the priority treatment of high-risk risks, and effectively reduces the occurrence probability of intranet security events in the power system. On the basis of the above embodiments, the present application can be further improved, and specifically, the following steps are provided: In one embodiment of the present application, in the step S1, the request packet data includes a request method, a request URL and path parameter, header information, and request body content, and the response packet data includes a status code, response Header information, response body content, response time, and packet length. The method has the technical effects that through comprehensively capturing key fields (such as request body parameters, response state codes and Header authentication information) of request-response data, a complete data basis is provided for vulnerability feature matching, missed detection caused by information deletion is avoided, and the coverage rate of vulnerability identification is improved. In one embodiment of the present application, in the step S1, the vulnerability classification includes SQL injection vulnerability, unauthorized access and override vulnerability, weak password and authentication bypass vulnerability, information leakage vulnerability, command injection and script execution vulnerability. The method has the technical effects that special classification is carried out on common high-risk vulnerability types (such as industrial control equipment weak password and database SQL injection) of the power intranet, so that vulnerability identification is more fit for the power industry scene, irrelevant vulnerability interference is reduced, and false alarm rate is reduced. In one embodiment of the present application, in step S2, after the request packet and the response packet data are acquired, the request packet and the response packet data are required to be in one-to-one correspondence with each other through a timestamp and a session ID, so as to form a request-response data pair, and then data analysis is performed. The method has the technical effects that a complete comm