CN-122027488-A - Method for identifying key nodes of simulation experiment environment of electric power industrial control network

Abstract

The invention provides a key node identification method of an electric power industrial control network simulation experiment environment, and provides a key node identification method based on graph theory and community detection aiming at the characteristics of huge electric power industrial control network scale, complex structure, variable topology and the like in the electric power industrial control network simulation experiment environment. The method comprises the steps of modeling an electric power industrial control network in a simulation experiment environment into a graph structure, carrying out community division on the network by adopting a Louvain algorithm, disassembling a complex network into a plurality of sub-networks with tight internal connection according to modularity Modularity, and then, applying an influence maximization algorithm (greedy algorithm) in each community to identify core nodes with key roles in community connection and information transmission. The method can rapidly and accurately identify key nodes in a large-scale power simulation network, provides technical support for safety protection and operation stability of an electric power industrial control system, and has good practical value and application prospect.

Inventors

• ZHAO QIAN
• XU KE
• LIU WEIDONG
• Deng Nandie

Assignees

• 清华大学

Dates

Publication Date

20260512

Application Date

20251205

Claims (10)

1. 1. The method for identifying the key nodes of the simulation experiment environment of the electric power industrial control network is characterized by comprising the following steps of: s1, acquiring network identification information, entity/virtual equipment information, user behavior data and communication relation data in an electric power industrial control network simulation experiment environment, and carrying out standardization processing, outlier rejection, log aggregation and desensitization processing on the data; S2, constructing a graph model comprising nodes and edges based on the processed data, wherein the nodes comprise network attributes and behavior attributes, and the edges set direction attributes and weight attributes according to the directionality and connection strength of communication behaviors; S3, performing community division on the graph model by using a Louvain algorithm, decomposing the network into a plurality of community subgraphs with tight internal connection by using an iterative optimization module degree index, and performing attribution degree score adjustment and small community merging optimization on boundary nodes; And S4, calculating the marginal influence gain of the nodes by applying a greedy algorithm aiming at each community subgraph, and selecting the node with the largest influence gain as a key node.
2. 2. The method of claim 1, wherein S2 comprises: S21, the node mapping attribute comprises an IP address, a MAC address, a port and a network segment of the network attribute, and communication frequency, accessed times and alarm history of the behavior attribute; S22, generating a globally unique identifier for each node through a hash algorithm, and storing the globally unique identifier in a graph database or a graph storage structure so as to index and search.
3. 3. The method of claim 1, wherein S3 comprises: S31, the boundary node reassignment passes through the formula Calculating the attribution degree of the node to the communities, and taking the communities corresponding to the maximum attribution degree as final attributions; S32, small community merging is performed by setting a minimum community scale threshold value Calculating module degree increment of small communities and adjacent large communities And if the module degree after the combination is improved, executing the combination operation.
4. 4. The method of claim 1, wherein S4 further comprises: S41, influence function By the formula Calculation of wherein As a set of seed nodes, Is a node Is used to determine the neighbor set of a neighbor, Is a community node set; S42, marginal influence gain By the formula Calculating, selecting and making Maximum node As a key node.
5. 5. The utility model provides an electric power industry control network simulation experiment environment key node recognition device which characterized in that includes: The data acquisition and preprocessing module is used for acquiring network identification information, entity/virtual equipment information, user behavior data and communication relation data in the power industry control network simulation experiment environment, and carrying out standardized processing, outlier rejection, log aggregation and desensitization processing on the data; The graph model construction module is used for constructing a graph model comprising nodes and edges based on the processed data, wherein the nodes comprise network attributes and behavior attributes, and the edges are provided with direction attributes and weight attributes according to the directionality and connection strength of communication behaviors; The community division and optimization module is used for carrying out community division on the graph model by adopting a Louvain algorithm, decomposing the network into a plurality of community subgraphs which are closely connected with each other through iterative optimization module degree indexes, and carrying out attribution degree score adjustment and small community merging optimization on boundary nodes; and the key node identification module is used for calculating the marginal influence gain of the nodes by applying a greedy algorithm aiming at each community subgraph, and selecting the node with the largest influence gain as the key node.
6. 6. The apparatus of claim 5, wherein the graph model building module is further to: the node mapping attribute comprises an IP address, a MAC address, a port and a network segment which belong to the network attribute, and communication frequency, accessed times and alarm history in the behavior attribute; A globally unique identifier is generated for each node by a hash algorithm and stored in a graph database or graph storage structure for indexing and lookup.
7. 7. The apparatus of claim 5, wherein the community partitioning and optimization module is further to: Boundary node reassignment passes the formula Calculating the attribution degree of the node to the communities, and taking the communities corresponding to the maximum attribution degree as final attributions; small community merger by setting a minimum community size threshold Calculating module degree increment of small communities and adjacent large communities And if the module degree after the combination is improved, executing the combination operation.
8. 8. The apparatus of claim 5, wherein the critical node identification module is further to: Influence function By the formula Calculation of wherein As a set of seed nodes, Is a node Is used to determine the neighbor set of a neighbor, Is a community node set; Marginal influence gain By the formula Calculating, selecting and making Maximum node As a key node.
9. 9. A computer device comprising a processor and a memory; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to implement the method for identifying key nodes of the simulation experiment environment of the electrical power industrial control network according to any one of claims 1 to 4.
10. 10. A non-transitory computer-readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements the method for identifying key nodes of an electrical power industry control network simulation experiment environment according to any one of claims 1 to 4.

Description

Method for identifying key nodes of simulation experiment environment of electric power industrial control network Technical Field The invention belongs to the technical field of network security, and particularly relates to a key node identification method for an electric power industrial control network simulation experiment environment. Background As power systems continue to advance to intellectualization and informatization, the power Industry Control System (ICS) is an important component of the national critical infrastructure, and network security and operational stability thereof are the focus of great attention. The power industrial control network is large in scale, complex in structure, tight in connection among nodes and highly dependent, and failure of any key node can cause chain reaction, so that system dysfunction and even large-scale power interruption are caused. Therefore, the key nodes are accurately identified and effectively protected, and the method has important significance for guaranteeing the safety and stable operation of the whole power system. In the safety research of an electric power industrial control system, a simulation experiment environment is an important means for carrying out attack verification, fault simulation and protection strategy evaluation. However, unlike real networks, the network topology in the experimental environment is large-scale and has strong variability. The network structure needs to be dynamically adjusted according to the test purpose, the exercise planning or verification strategy and the like. In view of the highly flexible structural features, an efficient and automatic key node identification method is urgently needed so as to quickly adapt to topology changes and improve pertinence and effectiveness of security verification. The existing key node identification methods are mostly based on static graph theory indexes such as degree centrality, medium centrality and feature vector centrality, but the methods often neglect the functional partition structure in the network, are difficult to comprehensively reflect the real influence of nodes in information transmission and community connection, and have the problems of insufficient identification precision, poor adaptability and the like. Disclosure of Invention The present invention aims to solve at least one of the technical problems in the related art to some extent. Therefore, a first object of the present invention is to provide a method for identifying key nodes in an electrical power industrial control network simulation experiment environment. The second aim of the invention is to provide a key node identification device for the simulation experiment environment of the electric power industrial control network. A third object of the invention is to propose a computer device. A fourth object of the present invention is to propose a non-transitory computer readable storage medium. To achieve the above objective, an embodiment of a first aspect of the present invention provides a method for identifying key nodes in an electrical power industrial control network simulation experiment environment, including: s1, acquiring network identification information, entity/virtual equipment information, user behavior data and communication relation data in an electric power industrial control network simulation experiment environment, and carrying out standardization processing, outlier rejection, log aggregation and desensitization processing on the data; S2, constructing a graph model comprising nodes and edges based on the processed data, wherein the nodes comprise network attributes and behavior attributes, and the edges set direction attributes and weight attributes according to the directionality and connection strength of communication behaviors; S3, performing community division on the graph model by using a Louvain algorithm, decomposing the network into a plurality of community subgraphs with tight internal connection by using an iterative optimization module degree index, and performing attribution degree score adjustment and small community merging optimization on boundary nodes; And S4, calculating the marginal influence gain of the nodes by applying a greedy algorithm aiming at each community subgraph, and selecting the node with the largest influence gain as a key node. In one embodiment of the present invention, the S2 includes: S21, the node mapping attribute comprises an IP address, a MAC address, a port and a network segment of the network attribute, and communication frequency, accessed times and alarm history of the behavior attribute; S22, generating a globally unique identifier for each node through a hash algorithm, and storing the globally unique identifier in a graph database or a graph storage structure so as to index and search. In one embodiment of the present invention, the S3 includes: S31, the boundary node reassignment passes through the formula Calculating the attri