Search

CN-122027338-A - Digital safety protection method for thermal power plant and digital twin security assembly thereof

CN122027338ACN 122027338 ACN122027338 ACN 122027338ACN-122027338-A

Abstract

The invention discloses a digital safety protection method of a thermal power plant and a digital twin security ensemble thereof, belonging to the technical field of information safety, wherein the method comprises the following steps of generating a hybrid twin model of equipment according to real-time operation data and calibrating the hybrid twin model to obtain a real-time operation condition and a key variable prediction result; the method comprises the steps of acquiring communication data of a real industrial control network of a thermal power plant, analyzing industrial protocol behaviors, establishing a virtual industrial control network according to the communication data and the industrial protocol behaviors, simulating to obtain network operation state data, injecting simulated attack behaviors into the virtual industrial control network, identifying and verifying the simulated attack behaviors to obtain safety countermeasure scene data, and carrying out risk assessment and intelligent decision after fusing the real-time operation working condition, key variable prediction results, network operation state data and the safety countermeasure scene data to obtain an optimal protection scheduling scheme. The invention can solve the safety defect of the existing thermal power plant and improve the safety protection capability.

Inventors

  • LI DI
  • WANG YIJIE
  • CUI XIN
  • YANG DONG
  • WANG WENQING
  • Deng Nandie
  • DONG XIAXIN
  • LI KAI
  • LIU PENGJU
  • ZHU ZHAOPENG
  • JIE YINJUAN

Assignees

  • 华能国际电力股份有限公司
  • 西安热工研究院有限公司

Dates

Publication Date
20260512
Application Date
20260324

Claims (10)

  1. 1. The digital safety protection method of the thermal power plant is characterized by comprising the following steps of: Acquiring real-time operation data of key equipment of a thermal power plant, generating a hybrid twin model of the equipment according to the real-time operation data, and calibrating to obtain a real-time operation condition and a key variable prediction result; acquiring communication data of a real industrial control network of a thermal power plant, analyzing industrial protocol behaviors, establishing a virtual industrial control network according to the communication data and the industrial protocol behaviors, and simulating to obtain network running state data; Injecting a simulated attack behavior into the virtual industrial control network, and identifying and verifying the simulated attack behavior to obtain safety countermeasure scene data; And after fusing the real-time operation condition, the key variable prediction result, the network operation state data and the safety countermeasure scene data, performing risk assessment and intelligent decision to obtain an optimal protection scheduling scheme.
  2. 2. The digital safety protection method of a thermal power plant according to claim 1, wherein the hybrid twin model of the real-time operation data generating device specifically comprises: And according to the real-time operation data, a hybrid twin model of the equipment is constructed by combining a mechanism model and a data driving model, wherein the mechanism model is constructed by adopting Simulink, and the data driving model adopts an LSTM network.
  3. 3. The digital safety protection method for the thermal power plant according to claim 1, wherein the analyzing the industrial protocol behavior comprises analyzing at least one industrial protocol of IEC 60870-5-104, modbus, PROFINET and EtherNet/IP; the virtual industrial control network is divided into an online mirror mode and an offline sandbox mode.
  4. 4. A digital security protection method of a thermal power plant according to claim 1, wherein injecting simulated attack behavior in the virtual industrial control network comprises: Constructing an attack scene based on a threat modeling method, and injecting a simulated attack behavior in the virtual industrial control network through flow playback or attack script; The threat modeling method adopts at least one of an ATT & CK framework, an attack tree or a Petri network.
  5. 5. The digital security protection method of a thermal power plant according to claim 1, wherein the identifying and verifying the simulated attack behavior specifically comprises: And carrying out feature rule detection, abnormal behavior detection and intrusion detection on the simulated attack behaviors.
  6. 6. The digital safety protection method of the thermal power plant according to claim 1, wherein the risk assessment adopts a Bayesian network or a reinforcement learning model, and the intelligent decision adopts a deep reinforcement learning model or a graph neural network model.
  7. 7. A digital twin security ensemble comprising: The physical twin layer is used for collecting real-time operation data of key equipment of the thermal power plant, generating a hybrid twin model of the equipment according to the real-time operation data and calibrating the hybrid twin model to obtain a real-time operation condition and a key variable prediction result; The network twinning layer is used for acquiring communication data of a real industrial control network of the thermal power plant, analyzing industrial protocol behaviors, establishing a virtual industrial control network according to the communication data and the industrial protocol behaviors, and simulating to obtain network running state data; The safety twin layer is used for injecting simulated attack behaviors into the virtual industrial control network, and identifying and verifying the simulated attack behaviors to obtain safety countermeasure scene data; And the intelligent decision layer is used for carrying out risk assessment and intelligent decision after fusing the real-time operation condition, the key variable prediction result, the network operation state data and the safety countermeasure scene data to obtain an optimal protection scheduling scheme.
  8. 8. An electronic device comprising a memory, a processor and a computer program stored in the memory and executable in the processor, the processor implementing the steps of a digital thermal power plant protection method according to any one of claims 1 to 6 when the computer program is executed by the processor.
  9. 9. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program, which when executed by a processor, implements the steps of a digital safety protection method of a thermal power plant according to any one of claims 1 to 6.
  10. 10. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the steps of a thermal power plant digital security protection method according to any one of claims 1 to 6.

Description

Digital safety protection method for thermal power plant and digital twin security assembly thereof Technical Field The invention belongs to the technical field of information safety, and particularly relates to a digital safety protection method of a thermal power plant and a digital twin security system thereof. Background The thermal power plant is used as an important component of an energy system, and the production process of the thermal power plant is highly dependent on an automatic control system and an industrial network. Along with the construction promotion of "intelligent power plant" and "digital power plant", thermal power plant not only needs the steady operation of guarantee unit, still faces complicated network security threat such as malicious invasion, data manipulation, lux attack etc.. In this case, it is difficult to meet the requirements simply by means of conventional network security defense means (firewalls, IDS, antivirus software, etc.). Meanwhile, the running environment of equipment of a thermal power plant is complex, and high risk and high cost often exist in experimental safety test. The twin security system can virtualize and simulate physical operation, network communication and security attack and defense through a digital twin technology, so that prediction, defense and decision are performed in a secure and controllable environment. Disclosure of Invention The invention aims to provide a digital safety protection method and a digital twin safety system of a thermal power plant, which are used for solving the safety defect of the conventional thermal power plant and improving the safety protection capability. In order to achieve the above purpose, the invention adopts the following technical scheme: in a first aspect, a digital safety protection method for a thermal power plant includes the steps of: Acquiring real-time operation data of key equipment of a thermal power plant, generating a hybrid twin model of the equipment according to the real-time operation data, and calibrating to obtain a real-time operation condition and a key variable prediction result; acquiring communication data of a real industrial control network of a thermal power plant, analyzing industrial protocol behaviors, establishing a virtual industrial control network according to the communication data and the industrial protocol behaviors, and simulating to obtain network running state data; Injecting a simulated attack behavior into the virtual industrial control network, and identifying and verifying the simulated attack behavior to obtain safety countermeasure scene data; And after fusing the real-time operation condition, the key variable prediction result, the network operation state data and the safety countermeasure scene data, performing risk assessment and intelligent decision to obtain an optimal protection scheduling scheme. In some embodiments, generating a hybrid twin model of a device from the real-time operational data specifically includes: And according to the real-time operation data, a hybrid twin model of the equipment is constructed by combining a mechanism model and a data driving model, wherein the mechanism model is constructed by adopting Simulink, and the data driving model adopts an LSTM network. In some embodiments, the parsing industrial protocol behavior includes parsing at least one industrial protocol of IEC 60870-5-104, modbus, PROFINET and EtherNet/IP; the virtual industrial control network is divided into an online mirror mode and an offline sandbox mode. In some embodiments, injecting simulated aggression in the virtual industrial control network comprises: Constructing an attack scene based on a threat modeling method, and injecting a simulated attack behavior in the virtual industrial control network through flow playback or attack script; The threat modeling method adopts at least one of an ATT & CK framework, an attack tree or a Petri network. In some embodiments, the identifying and verifying the simulated attack behavior specifically includes: And carrying out feature rule detection, abnormal behavior detection and intrusion detection on the simulated attack behaviors. In some implementations, the risk assessment employs a bayesian network or a reinforcement learning model, and the intelligent decision employs a deep reinforcement learning model or a graph neural network model. In a second aspect, a digital twin security ensemble comprising: The physical twin layer is used for collecting real-time operation data of key equipment of the thermal power plant, generating a hybrid twin model of the equipment according to the real-time operation data and calibrating the hybrid twin model to obtain a real-time operation condition and a key variable prediction result; The network twinning layer is used for acquiring communication data of a real industrial control network of the thermal power plant, analyzing industrial protocol behaviors, establishing a virtual i