CN116760716A - Intelligent network topology management system and method for new energy station - Google Patents
Intelligent network topology management system and method for new energy station Download PDFInfo
- Publication number
- CN116760716A CN116760716A CN202311043816.8A CN202311043816A CN116760716A CN 116760716 A CN116760716 A CN 116760716A CN 202311043816 A CN202311043816 A CN 202311043816A CN 116760716 A CN116760716 A CN 116760716A
- Authority
- CN
- China
- Prior art keywords
- monitoring
- line segment
- value
- analysis
- marking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000012544 monitoring process Methods 0.000 claims abstract description 296
- 238000004458 analytical method Methods 0.000 claims abstract description 134
- 238000012795 verification Methods 0.000 claims abstract description 11
- 238000007726 management method Methods 0.000 claims description 49
- 238000004364 calculation method Methods 0.000 claims description 15
- 230000002159 abnormal effect Effects 0.000 claims description 11
- 238000001514 detection method Methods 0.000 claims description 10
- 230000000630 rising effect Effects 0.000 claims description 6
- 230000001174 ascending effect Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013211 curve analysis Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000007619 statistical method Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a new energy station intelligent network topology management system and a method thereof, which belong to the field of network topology management and are used for solving the problem that the existing network topology management system cannot monitor loopholes and analyze trends according to loopholes monitoring data; the access management module is used for performing verification analysis on access equipment of the topology network, and the vulnerability monitoring module is used for performing monitoring analysis on equipment vulnerabilities of the topology network; the method and the device can verify and analyze the access equipment of the topology network, judge whether the access equipment meets the access condition, thereby ensuring that the security of the connection equipment of the topology network meets the requirement and providing data support for the vulnerability monitoring module to monitor and analyze the equipment vulnerability.
Description
Technical Field
The application belongs to the field of network topology management, relates to a data analysis technology, and in particular relates to a system and a method for intelligent network topology management of a new energy station.
Background
Network topology refers to the physical layout of the various devices interconnected by transmission media, and refers to the specific physical, i.e., real, or logical, i.e., virtual, arrangement among the members that make up the network, and if the connection structures of two networks are the same we say that their network topologies are the same, although the physical connections within each and the distances between nodes may be different.
The existing network topology management system cannot monitor loopholes and analyze trends according to the loopholes monitoring data, so that the security of the access equipment of the topology network cannot be effectively monitored, and meanwhile, when the loopholes are processed, targeted measures cannot be adopted to optimize the system according to the results of the trend analysis.
Therefore, we propose a new energy station intelligent network topology management system and method.
Disclosure of Invention
The application aims to provide a new energy station intelligent network topology management system and a new energy station intelligent network topology management method, which are used for solving the problem that the existing network topology management system cannot monitor loopholes of access equipment and analyze trends according to loophole monitoring data;
the technical problems to be solved by the application are as follows: how to provide a new energy station intelligent network topology management system and method capable of performing vulnerability monitoring on access equipment and performing trend analysis according to vulnerability monitoring data.
The aim of the application can be achieved by the following technical scheme:
in a first aspect, a new energy station intelligent network topology management system includes a topology management platform, wherein the topology management platform is in communication connection with an access management module, a vulnerability monitoring module, a trend analysis module and a storage module;
the access management module is used for carrying out verification analysis on access equipment of the topology network;
the vulnerability monitoring module is used for monitoring and analyzing equipment vulnerabilities of the topological network: obtaining the vulnerability types of the topology network connection equipment, generating a monitoring period, dividing the monitoring period into a plurality of monitoring periods, obtaining the scanning success times of the vulnerability types of the topology network connection equipment in the monitoring period, marking the scanning success times as the scanning values of the vulnerability types in the monitoring period, forming a scanning set by the scanning values of all the vulnerability types in the monitoring period, performing variance calculation on the scanning set to obtain a scanning coefficient, marking the connection equipment corresponding to the vulnerability type scanning success as the association equipment of the vulnerability types, marking the times of the connection equipment marked as the association equipment in the monitoring period as the association value of the connection equipment, marking the connection equipment with the largest association value as the centralized equipment, obtaining the scanning threshold value and the association threshold value through a storage module, comparing the scanning coefficient and the association value of the centralized equipment with the scanning threshold value and the association threshold value respectively, and judging whether the monitoring state in the monitoring period meets the requirement or not through a comparison result;
the trend analysis module is used for analyzing vulnerability monitoring trends of the topology network and obtaining a trend coefficient QS, a trend threshold QSmax is obtained through the storage module, the trend coefficient QS is compared with the trend threshold QSmax, and the dominant trend and the recessive trend of the monitoring period are marked through comparison results.
As a preferred embodiment of the present application, the specific process of performing verification analysis on the access device of the topology network by the access management module includes: making a new host determination when an unregistered host requests entry into the topology network: if the host is new, performing intervention analysis: acquiring an IP address of the access device and judging whether the IP address of the access device exists or not: if yes, the access equipment is prevented from accessing the intranet; if not, performing vulnerability scanning on the access equipment, sending the scanned vulnerability information to a vulnerability monitoring module, detecting an access port of the access equipment, and accessing the access equipment into an intranet when the detection is qualified; and when the detection is unqualified, the access device is prevented from accessing the intranet.
As a preferred embodiment of the present application, the specific process of comparing the scan coefficient and the correlation value of the centralized equipment with the scan threshold and the correlation threshold respectively includes: if the scanning coefficient is smaller than the scanning threshold value and the association value is smaller than the association threshold value, marking the scanning characteristic in the monitoring period as a scanning division; if the scanning coefficient is greater than or equal to the scanning threshold value and the association value is smaller than the association threshold value, marking the scanning characteristic in the monitoring period as a scanning set score; if the scanning coefficient is smaller than the scanning threshold value and the association value is larger than or equal to the association threshold value, marking the scanning characteristic in the monitoring period as scanning in the scattered arrangement; if the scanning coefficient is greater than or equal to the scanning threshold value and the association value is greater than or equal to the association threshold value, marking the scanning characteristic in the monitoring period as scanning and gathering; acquiring the number of monitoring time periods with scanning characteristics of scanning in the scanning set setting, scanning in the scanning set setting and scanning in the scattering at the end time of the monitoring period, marking the number as a concentrated value JZ, a concentrated value JF and a scattered value SZ respectively, and carrying out numerical calculation on the concentrated value JZ, the concentrated value JF and the scattered value SZ to obtain a monitoring coefficient JC of the monitoring period; the monitoring threshold value JCmax is obtained through the storage module, the monitoring coefficient JC of the monitoring period is compared with the monitoring threshold value JCmax, and whether the vulnerability monitoring state in the monitoring period meets the requirement or not is judged according to the comparison result.
As a preferred embodiment of the present application, the specific process of comparing the monitoring coefficient JC of the monitoring period with the monitoring threshold JCmax includes: if the monitoring coefficient JC is smaller than the monitoring threshold JCmax, judging that the vulnerability monitoring state in the monitoring period meets the requirement, and sending a vulnerability normal signal to a topology management platform by the vulnerability monitoring module; if the monitoring coefficient JC is greater than or equal to the monitoring threshold JCmax, judging that the vulnerability monitoring state in the monitoring period does not meet the requirement, sending a vulnerability abnormal signal to a topology management platform by the vulnerability monitoring module, and sending the vulnerability abnormal signal to a mobile phone terminal of a manager after the topology management platform receives the vulnerability abnormal signal.
As a preferred embodiment of the application, the specific process of analyzing the vulnerability monitoring trend of the topological network by the trend analysis module comprises the following steps: establishing a rectangular coordinate system by taking the running time of a monitoring period as an X axis and the monitoring coefficient JC of a monitoring period as a Y axis, marking a plurality of monitoring points in the rectangular coordinate system by taking the middle moment of the monitoring period as an abscissa and the monitoring coefficient JC of the monitoring period as an ordinate, sequentially connecting the monitoring points from left to right to obtain a plurality of monitoring line segments, marking the rightmost monitoring line segment as a first analysis line segment, marking the monitoring line segment connected with the first analysis line segment as a marking line segment, if the slope of the marking line segment is the same as the positive and negative value of the first analysis line segment, forming a first analysis broken line by the marking line segment and the first analysis line segment, marking the monitoring line segment connected with the first analysis broken line segment as a marking line segment, and the like until the slope of the marking line segment and the first analysis line segment is different; marking a monitoring line segment connected with the first analysis line segment as a second analysis line segment, marking a left monitoring line segment connected with the second analysis line segment as a marking line segment, if the slopes of the marking line segment and the second analysis line segment are the same, forming the second analysis line segment by the marking line segment and the second analysis line segment, and marking the left monitoring line segment connected with the second analysis line segment as a marking line segment again until the slopes of the marking line segment and the second analysis line segment are different in positive and negative values; marking the number of the monitoring line segments of the first analysis broken line as a first analysis value YF, connecting two end points of the first analysis broken line and marking the absolute value of the slope value of the obtained line segment as a first amplitude value YD; marking the number of the monitoring line segments of the second analysis line segment as a second analysis value EF, connecting two end points of the second analysis line segment and marking the absolute value of the slope value of the obtained line segment as a second amplitude value ED; the trend coefficient QS of the monitoring period is obtained by performing numerical calculation on the first analysis value YF, the first amplitude value YD, the second analysis value EF and the second analysis value EF.
As a preferred embodiment of the present application, the specific process of comparing the trend coefficient QS with the trend threshold QSmax includes: if the trend coefficient QS is smaller than the trend threshold QSmax, determining the positive and negative values of the slope of the first analysis line segment: if the slope value of the first analysis line segment is a positive value, marking the dominant trend of the monitoring period as rising and marking the recessive trend as falling; if the slope value of the first analysis line segment is a negative value, marking the dominant trend of the monitoring period as descending and marking the recessive trend as ascending; if the trend coefficient QS is greater than or equal to the trend threshold QSmax, determining the positive and negative values of the slope of the first analysis line segment: if the slope value of the first analysis line segment is a positive value, marking the dominant trend and the recessive trend of the monitoring period as rising; if the slope value of the first analysis line segment is a negative value, marking the dominant trend and the recessive trend of the monitoring period as declining; and sending the dominant trend and the recessive trend of the monitoring period to a topology management platform.
In a second aspect, a new energy station intelligent network topology management method includes the following steps:
step one: performing verification analysis on access equipment of the topology network: when an unregistered host requests to enter a topology network, sequentially performing new host judgment, IP judgment, vulnerability monitoring and port detection;
step two: monitoring and analyzing equipment vulnerabilities of the topology network: obtaining the vulnerability type of the topological network connection equipment, generating a monitoring period, dividing the monitoring period into a plurality of monitoring periods, analyzing the scanning data of the vulnerability type of the connection equipment in the monitoring periods to obtain a monitoring coefficient JC of the monitoring period, and judging whether the vulnerability monitoring state in the monitoring period meets the requirement or not according to the monitoring coefficient JC;
step three: analyzing vulnerability monitoring trend of the topological network: establishing a rectangular coordinate system by taking the running time of the monitoring period as an X axis and the monitoring coefficient JC of the monitoring period as a Y axis, drawing a first analysis fold line and a second analysis fold line in the rectangular coordinate system, carrying out numerical calculation on a first analysis value YF, a first amplitude value YD, a second analysis value EF and a second amplitude value ED to obtain a trend coefficient QS, and marking the dominant trend and the recessive trend of the monitoring period by the trend coefficient QS.
Compared with the prior art, the application has the beneficial effects that:
1. the access device of the topology network can be verified and analyzed through the access management module, and whether the access device meets the access condition is judged, so that the security of the connection device of the topology network is ensured to meet the requirement, and vulnerability monitoring is carried out in the verification process, so that data support is provided for the vulnerability monitoring analysis of the equipment by the vulnerability monitoring module;
2. according to the method, the device loopholes of the topological network can be monitored and analyzed through the loophole monitoring module, the scanning characteristics in each monitoring period are marked in a time-division monitoring mode, and then the monitoring coefficients of the monitoring period are obtained through statistical analysis on the scanning characteristic marking conditions of all the monitoring periods in the monitoring period, so that the loophole monitoring state of the network topological platform is fed back through the monitoring coefficients, and early warning is timely carried out when the state is abnormal;
3. according to the method, the vulnerability monitoring trend of the topological network can be analyzed through the trend analysis module, the monitoring line segment is drawn in the rectangular coordinate system in a curve analysis mode, then the trend coefficient is obtained through extraction and calculation of the first analysis value, the first amplitude value, the second analysis value and the second amplitude value, the dominant trend and the recessive trend are marked according to the trend coefficient, and a vulnerability processing technician can take targeted processing measures according to the dominant trend and the recessive trend to conduct vulnerability processing.
Drawings
The present application is further described below with reference to the accompanying drawings for the convenience of understanding by those skilled in the art.
FIG. 1 is a system block diagram of a first embodiment of the present application;
fig. 2 is a flowchart of a method according to a second embodiment of the application.
Detailed Description
The technical solutions of the present application will be clearly and completely described in connection with the embodiments, and it is obvious that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Example 1
As shown in FIG. 1, the intelligent network topology management system for the new energy station comprises a topology management platform, wherein the topology management platform is in communication connection with an access management module, a vulnerability monitoring module, a trend analysis module and a storage module.
The access management module is used for carrying out verification analysis on access equipment of the topology network, and specifically:
making a new host decision when an unregistered host requests to enter a topology network;
if the host is a new host, performing intervention analysis;
acquiring an IP address of the access equipment and judging whether the IP address of the access equipment exists or not;
if yes, the access equipment is prevented from accessing the intranet;
if not, performing vulnerability scanning on the access equipment, sending the scanned vulnerability information to a vulnerability monitoring module, detecting an access port of the access equipment, and accessing the access equipment into an intranet when the detection is qualified; when the detection is unqualified, the access equipment is prevented from accessing the intranet; and verifying and analyzing the access equipment of the topology network, judging whether the access equipment meets the access condition, thereby ensuring that the security of the connection equipment of the topology network meets the requirement, performing vulnerability monitoring in the verification process, and providing data support for the vulnerability monitoring analysis of the equipment by the vulnerability monitoring module.
In this embodiment, the vulnerability monitoring module is configured to monitor and analyze a device vulnerability of a topology network:
obtaining a vulnerability type of the topological network connection device, wherein the vulnerability type comprises a password vulnerability, an interface vulnerability, a hardware vulnerability, a permission vulnerability and a transmission vulnerability;
meanwhile, a monitoring period is generated, the monitoring period is divided into a plurality of monitoring periods, the scanning success times of the vulnerability types of the topology network connection devices in the monitoring period are obtained and marked as the scanning values of the vulnerability types in the monitoring period, the scanning values of all the vulnerability types in the monitoring period form a scanning set, variance calculation is carried out on the scanning set to obtain a scanning coefficient, the connection devices corresponding to the vulnerability type scanning success are marked as associated devices of the vulnerability types, the times of the connection devices marked as associated devices in the monitoring period are marked as associated values of the connection devices, the connection device with the largest value of the associated values is marked as a centralized device, the scanning threshold and the associated threshold are obtained through a storage module, and the association values of the scanning coefficient and the centralized device are compared with the scanning threshold and the associated threshold respectively:
if the scanning coefficient is smaller than the scanning threshold value and the association value is smaller than the association threshold value, marking the scanning characteristic in the monitoring period as a scanning division; if the scanning coefficient is greater than or equal to the scanning threshold value and the association value is smaller than the association threshold value, marking the scanning characteristic in the monitoring period as a scanning set score; if the scanning coefficient is smaller than the scanning threshold value and the association value is larger than or equal to the association threshold value, marking the scanning characteristic in the monitoring period as scanning in the scattered arrangement; if the scanning coefficient is greater than or equal to the scanning threshold value and the association value is greater than or equal to the association threshold value, marking the scanning characteristic in the monitoring period as scanning and gathering;
acquiring the number of monitoring time periods with scanning characteristics of scanning in the scanning device, scanning device and scanning and scattering at the end time of a monitoring period, respectively marking the number as a concentrated value JZ, a concentrated value JF and a scattered value SZ, and obtaining a monitoring coefficient JC of the monitoring period through a formula JC= (alpha 1 x JZ+alpha 2 x JF+alpha 3 x SZ)/JS, wherein the monitoring coefficient is a numerical value reflecting the quality degree of the vulnerability monitoring state in the monitoring period, and the larger the numerical value of the monitoring coefficient is, the worse the vulnerability monitoring state in the monitoring period is indicated; wherein, alpha 1, alpha 2 and alpha 3 are all proportional coefficients, alpha 1 > alpha 2 > alpha 3 > 1, JS is the number value of the monitoring period in the monitoring period;
the monitoring threshold value JCmax is obtained through the storage module, and the monitoring coefficient JC of the monitoring period is compared with the monitoring threshold value JCmax:
if the monitoring coefficient JC is smaller than the monitoring threshold JCmax, judging that the vulnerability monitoring state in the monitoring period meets the requirement, and sending a vulnerability normal signal to a topology management platform by the vulnerability monitoring module; if the monitoring coefficient JC is greater than or equal to the monitoring threshold JCmax, judging that the vulnerability monitoring state in the monitoring period does not meet the requirement, sending a vulnerability abnormal signal to a topology management platform by the vulnerability monitoring module, and sending the vulnerability abnormal signal to a mobile phone terminal of a manager after the topology management platform receives the vulnerability abnormal signal; and carrying out monitoring analysis on equipment vulnerabilities of the topology network, marking scanning characteristics in each monitoring period in a time-division monitoring mode, and then carrying out statistical analysis on scanning characteristic marking conditions of all monitoring periods in the monitoring period to obtain a monitoring coefficient of the monitoring period, so that the vulnerability monitoring state of the network topology platform is fed back through the monitoring coefficient, and early warning is carried out in time when the state is abnormal.
Further, the trend analysis module is used for analyzing vulnerability monitoring trend of the topology network:
establishing a rectangular coordinate system by taking the running time of a monitoring period as an X axis and the monitoring coefficient JC of a monitoring period as a Y axis, marking a plurality of monitoring points in the rectangular coordinate system by taking the middle moment of the monitoring period as an abscissa and the monitoring coefficient JC of the monitoring period as an ordinate, sequentially connecting the monitoring points from left to right to obtain a plurality of monitoring line segments, marking the rightmost monitoring line segment as a first analysis line segment, marking the monitoring line segment connected with the first analysis line segment as a marking line segment, if the slope of the marking line segment is the same as the positive and negative value of the first analysis line segment, forming a first analysis broken line by the marking line segment and the first analysis line segment, marking the monitoring line segment connected with the first analysis broken line segment as a marking line segment, and the like until the slope of the marking line segment and the first analysis line segment is different;
marking a monitoring line segment connected with the first analysis line segment as a second analysis line segment, marking a left monitoring line segment connected with the second analysis line segment as a marking line segment, if the slopes of the marking line segment and the second analysis line segment are the same, forming the second analysis line segment by the marking line segment and the second analysis line segment, and marking the left monitoring line segment connected with the second analysis line segment as a marking line segment again until the slopes of the marking line segment and the second analysis line segment are different in positive and negative values;
marking the number of the monitoring line segments of the first analysis broken line as a first analysis value YF, connecting two end points of the first analysis broken line and marking the absolute value of the slope value of the obtained line segment as a first amplitude value YD; marking the number of the monitoring line segments of the second analysis line segment as a second analysis value EF, connecting two end points of the second analysis line segment and marking the absolute value of the slope value of the obtained line segment as a second amplitude value ED;
obtaining a trend coefficient QS of a monitoring period through a formula QS= (beta 1 x YF+beta 2 x YD)/(beta 1 x EF+beta 2 x ED), wherein beta 1 and beta 2 are both proportionality coefficients, and beta 1 is more than beta 2 is more than 1;
the trend threshold value QSmax is acquired through the storage module, and the trend coefficient QS is compared with the trend threshold value QSmax: if the trend coefficient QS is smaller than the trend threshold QSmax, determining the positive and negative values of the slope of the first analysis line segment: if the slope value of the first analysis line segment is a positive value, marking the dominant trend of the monitoring period as rising and marking the recessive trend as falling; if the slope value of the first analysis line segment is a negative value, marking the dominant trend of the monitoring period as descending and marking the recessive trend as ascending; if the trend coefficient QS is greater than or equal to the trend threshold QSmax, determining the positive and negative values of the slope of the first analysis line segment: if the slope value of the first analysis line segment is a positive value, marking the dominant trend and the recessive trend of the monitoring period as rising; if the slope value of the first analysis line segment is a negative value, marking the dominant trend and the recessive trend of the monitoring period as declining; sending the dominant trend and the recessive trend of the monitoring period to a topology management platform; analyzing the vulnerability monitoring trend of the topological network, drawing a monitoring line segment in a rectangular coordinate system in a curve analysis mode, extracting and calculating a trend coefficient through a first analysis value, a first amplitude value, a second analysis value and a second amplitude value, marking a dominant trend and a recessive trend according to the trend coefficient, and enabling a vulnerability processing technician to take targeted processing measures according to the dominant trend and the recessive trend to conduct vulnerability processing;
when the new energy station intelligent network topology management system works, new host judgment, IP judgment, vulnerability monitoring and port detection are sequentially carried out when an unregistered host requests to enter a topology network; obtaining the vulnerability type of the topological network connection equipment, generating a monitoring period, dividing the monitoring period into a plurality of monitoring periods, analyzing the scanning data of the vulnerability type of the connection equipment in the monitoring periods to obtain a monitoring coefficient JC of the monitoring period, and judging whether the vulnerability monitoring state in the monitoring period meets the requirement or not according to the monitoring coefficient JC; establishing a rectangular coordinate system by taking the running time of the monitoring period as an X axis and the monitoring coefficient JC of the monitoring period as a Y axis, drawing a first analysis fold line and a second analysis fold line in the rectangular coordinate system, carrying out numerical calculation on a first analysis value YF, a first amplitude value YD, a second analysis value EF and a second amplitude value ED to obtain a trend coefficient QS, and marking the dominant trend and the recessive trend of the monitoring period by the trend coefficient QS.
Example two
As shown in fig. 2, a new energy station intelligent network topology management method includes the following steps:
step one: performing verification analysis on access equipment of the topology network: when an unregistered host requests to enter a topology network, sequentially performing new host judgment, IP judgment, vulnerability monitoring and port detection;
step two: monitoring and analyzing equipment vulnerabilities of the topology network: obtaining the vulnerability type of the topological network connection equipment, generating a monitoring period, dividing the monitoring period into a plurality of monitoring periods, analyzing the scanning data of the vulnerability type of the connection equipment in the monitoring periods to obtain a monitoring coefficient JC of the monitoring period, and judging whether the vulnerability monitoring state in the monitoring period meets the requirement or not according to the monitoring coefficient JC;
step three: analyzing vulnerability monitoring trend of the topological network: establishing a rectangular coordinate system by taking the running time of the monitoring period as an X axis and the monitoring coefficient JC of the monitoring period as a Y axis, drawing a first analysis fold line and a second analysis fold line in the rectangular coordinate system, carrying out numerical calculation on a first analysis value YF, a first amplitude value YD, a second analysis value EF and a second amplitude value ED to obtain a trend coefficient QS, and marking the dominant trend and the recessive trend of the monitoring period by the trend coefficient QS.
The foregoing is merely illustrative of the structures of this application and various modifications, additions and substitutions for those skilled in the art can be made to the described embodiments without departing from the scope of the application or from the scope of the application as defined in the accompanying claims.
The formulas are all formulas obtained by collecting a large amount of data for software simulation and selecting a formula close to a true value, and coefficients in the formulas are set by a person skilled in the art according to actual conditions; such as: the formula jc= (α1×jz+α2×jf+α3×sz)/JS; collecting a plurality of groups of sample data by a person skilled in the art and setting a corresponding monitoring coefficient for each group of sample data; substituting the set monitoring coefficient and the acquired sample data into a formula, forming a ternary one-time equation set by any three formulas, screening the calculated coefficient, and taking an average value to obtain values of alpha 1, alpha 2 and alpha 3 of 5.48, 4.35 and 2.17 respectively;
in the application, if a corresponding calculation formula appears, the calculation formulas are all dimensionality-removed and numerical calculation, and the weight coefficient, the proportion coefficient and other coefficients in the formulas are set to be a result value obtained by quantizing each parameter, so long as the proportion relation between the parameter and the result value is not influenced.
In the description of the present specification, the descriptions of the terms "one embodiment," "example," "specific example," and the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The preferred embodiments of the application disclosed above are intended only to assist in the explanation of the application. The preferred embodiments are not intended to be exhaustive or to limit the application to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the application and the practical application, to thereby enable others skilled in the art to best understand and utilize the application. The application is limited only by the claims and the full scope and equivalents thereof.
Claims (7)
1. The intelligent network topology management system of the new energy station is characterized by comprising a topology management platform, wherein the topology management platform is in communication connection with an access management module, a vulnerability monitoring module, a trend analysis module and a storage module;
the access management module is used for carrying out verification analysis on access equipment of the topology network;
the vulnerability monitoring module is used for monitoring and analyzing equipment vulnerabilities of the topological network: obtaining the vulnerability types of the topology network connection equipment, generating a monitoring period, dividing the monitoring period into a plurality of monitoring periods, obtaining the scanning success times of the vulnerability types of the topology network connection equipment in the monitoring period, marking the scanning success times as the scanning values of the vulnerability types in the monitoring period, forming a scanning set by the scanning values of all the vulnerability types in the monitoring period, performing variance calculation on the scanning set to obtain a scanning coefficient, marking the connection equipment corresponding to the vulnerability type scanning success as the association equipment of the vulnerability types, marking the times of the connection equipment marked as the association equipment in the monitoring period as the association value of the connection equipment, marking the connection equipment with the largest association value as the centralized equipment, obtaining the scanning threshold value and the association threshold value through a storage module, comparing the scanning coefficient and the association value of the centralized equipment with the scanning threshold value and the association threshold value respectively, and judging whether the monitoring state in the monitoring period meets the requirement or not through a comparison result;
the trend analysis module is used for analyzing vulnerability monitoring trends of the topology network and obtaining a trend coefficient QS, a trend threshold QSmax is obtained through the storage module, the trend coefficient QS is compared with the trend threshold QSmax, and the dominant trend and the recessive trend of the monitoring period are marked through comparison results.
2. The intelligent network topology management system of claim 1, wherein the specific process of performing verification analysis on the access device of the topology network by the access management module comprises:
making a new host determination when an unregistered host requests entry into the topology network: if the host is new, performing intervention analysis: acquiring an IP address of the access device and judging whether the IP address of the access device exists or not: if yes, the access equipment is prevented from accessing the intranet; if not, performing vulnerability scanning on the access equipment, sending the scanned vulnerability information to a vulnerability monitoring module, detecting an access port of the access equipment, and accessing the access equipment into an intranet when the detection is qualified; and when the detection is unqualified, the access device is prevented from accessing the intranet.
3. The intelligent network topology management system of a new energy station according to claim 2, wherein the specific process of comparing the association values of the scan coefficients and the centralized equipment with the scan threshold and the association threshold respectively comprises:
if the scanning coefficient is smaller than the scanning threshold value and the association value is smaller than the association threshold value, marking the scanning characteristic in the monitoring period as a scanning division; if the scanning coefficient is greater than or equal to the scanning threshold value and the association value is smaller than the association threshold value, marking the scanning characteristic in the monitoring period as a scanning set score; if the scanning coefficient is smaller than the scanning threshold value and the association value is larger than or equal to the association threshold value, marking the scanning characteristic in the monitoring period as scanning in the scattered arrangement; if the scanning coefficient is greater than or equal to the scanning threshold value and the association value is greater than or equal to the association threshold value, marking the scanning characteristic in the monitoring period as scanning and gathering; acquiring the number of monitoring time periods with scanning characteristics of scanning in the scanning set setting, scanning in the scanning set setting and scanning in the scattering at the end time of the monitoring period, marking the number as a concentrated value JZ, a concentrated value JF and a scattered value SZ respectively, and carrying out numerical calculation on the concentrated value JZ, the concentrated value JF and the scattered value SZ to obtain a monitoring coefficient JC of the monitoring period; the monitoring threshold value JCmax is obtained through the storage module, the monitoring coefficient JC of the monitoring period is compared with the monitoring threshold value JCmax, and whether the vulnerability monitoring state in the monitoring period meets the requirement or not is judged according to the comparison result.
4. A new energy station intelligent network topology management system according to claim 3, wherein the specific process of comparing the monitoring coefficient JC of the monitoring period with the monitoring threshold JCmax comprises:
if the monitoring coefficient JC is smaller than the monitoring threshold JCmax, judging that the vulnerability monitoring state in the monitoring period meets the requirement, and sending a vulnerability normal signal to a topology management platform by the vulnerability monitoring module; if the monitoring coefficient JC is greater than or equal to the monitoring threshold JCmax, judging that the vulnerability monitoring state in the monitoring period does not meet the requirement, sending a vulnerability abnormal signal to a topology management platform by the vulnerability monitoring module, and sending the vulnerability abnormal signal to a mobile phone terminal of a manager after the topology management platform receives the vulnerability abnormal signal.
5. The intelligent network topology management system of claim 4, wherein the trend analysis module analyzes the vulnerability monitoring trend of the topology network, comprising:
establishing a rectangular coordinate system by taking the running time of a monitoring period as an X axis and the monitoring coefficient JC of a monitoring period as a Y axis, marking a plurality of monitoring points in the rectangular coordinate system by taking the middle moment of the monitoring period as an abscissa and the monitoring coefficient JC of the monitoring period as an ordinate, sequentially connecting the monitoring points from left to right to obtain a plurality of monitoring line segments, marking the rightmost monitoring line segment as a first analysis line segment, marking the monitoring line segment connected with the first analysis line segment as a marking line segment, if the slope of the marking line segment is the same as the positive and negative value of the first analysis line segment, forming a first analysis broken line by the marking line segment and the first analysis line segment, marking the monitoring line segment connected with the first analysis broken line segment as a marking line segment, and the like until the slope of the marking line segment and the first analysis line segment is different; marking a monitoring line segment connected with the first analysis line segment as a second analysis line segment, marking a left monitoring line segment connected with the second analysis line segment as a marking line segment, if the slopes of the marking line segment and the second analysis line segment are the same, forming the second analysis line segment by the marking line segment and the second analysis line segment, and marking the left monitoring line segment connected with the second analysis line segment as a marking line segment again until the slopes of the marking line segment and the second analysis line segment are different in positive and negative values; marking the number of the monitoring line segments of the first analysis broken line as a first analysis value YF, connecting two end points of the first analysis broken line and marking the absolute value of the slope value of the obtained line segment as a first amplitude value YD; marking the number of the monitoring line segments of the second analysis line segment as a second analysis value EF, connecting two end points of the second analysis line segment and marking the absolute value of the slope value of the obtained line segment as a second amplitude value ED; the trend coefficient QS of the monitoring period is obtained by performing numerical calculation on the first analysis value YF, the first amplitude value YD, the second analysis value EF and the second analysis value EF.
6. The intelligent network topology management system of claim 5, wherein comparing the trend coefficient QS to the trend threshold QSmax comprises:
if the trend coefficient QS is smaller than the trend threshold QSmax, determining the positive and negative values of the slope of the first analysis line segment: if the slope value of the first analysis line segment is a positive value, marking the dominant trend of the monitoring period as rising and marking the recessive trend as falling; if the slope value of the first analysis line segment is a negative value, marking the dominant trend of the monitoring period as descending and marking the recessive trend as ascending; if the trend coefficient QS is greater than or equal to the trend threshold QSmax, determining the positive and negative values of the slope of the first analysis line segment: if the slope value of the first analysis line segment is a positive value, marking the dominant trend and the recessive trend of the monitoring period as rising; if the slope value of the first analysis line segment is a negative value, marking the dominant trend and the recessive trend of the monitoring period as declining; and sending the dominant trend and the recessive trend of the monitoring period to a topology management platform.
7. A new energy station intelligent network topology management method, characterized in that based on the new energy station intelligent network topology management system of any one of claims 1-6, comprising the following steps:
step one: performing verification analysis on access equipment of the topology network: when an unregistered host requests to enter a topology network, sequentially performing new host judgment, IP judgment, vulnerability monitoring and port detection;
step two: monitoring and analyzing equipment vulnerabilities of the topology network: obtaining the vulnerability type of the topological network connection equipment, generating a monitoring period, dividing the monitoring period into a plurality of monitoring periods, analyzing the scanning data of the vulnerability type of the connection equipment in the monitoring periods to obtain a monitoring coefficient JC of the monitoring period, and judging whether the vulnerability monitoring state in the monitoring period meets the requirement or not according to the monitoring coefficient JC;
step three: analyzing vulnerability monitoring trend of the topological network: establishing a rectangular coordinate system by taking the running time of the monitoring period as an X axis and the monitoring coefficient JC of the monitoring period as a Y axis, drawing a first analysis fold line and a second analysis fold line in the rectangular coordinate system, carrying out numerical calculation on a first analysis value YF, a first amplitude value YD, a second analysis value EF and a second amplitude value ED to obtain a trend coefficient QS, and marking the dominant trend and the recessive trend of the monitoring period by the trend coefficient QS.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311043816.8A CN116760716B (en) | 2023-08-18 | 2023-08-18 | Intelligent network topology management system and method for new energy station |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311043816.8A CN116760716B (en) | 2023-08-18 | 2023-08-18 | Intelligent network topology management system and method for new energy station |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116760716A true CN116760716A (en) | 2023-09-15 |
| CN116760716B CN116760716B (en) | 2023-11-03 |
Family
ID=87948216
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311043816.8A Active CN116760716B (en) | 2023-08-18 | 2023-08-18 | Intelligent network topology management system and method for new energy station |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116760716B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040117624A1 (en) * | 2002-10-21 | 2004-06-17 | Brandt David D. | System and methodology providing automation security analysis, validation, and learning in an industrial controller environment |
| CN103905265A (en) * | 2012-12-27 | 2014-07-02 | 中国移动通信集团公司 | Method and apparatus for detecting new device in network |
| CN104219091A (en) * | 2014-08-27 | 2014-12-17 | 中国科学院计算技术研究所 | System and method for network operation fault detection |
| CN108810034A (en) * | 2018-08-20 | 2018-11-13 | 杭州安恒信息技术股份有限公司 | A kind of safety protecting method of industrial control system information assets |
| US20190238584A1 (en) * | 2018-01-30 | 2019-08-01 | Asimily, Inc | System and method for vulnerability management for connected devices |
| CN111881452A (en) * | 2020-07-17 | 2020-11-03 | 哈尔滨工业大学(威海) | A safety test system for industrial control equipment and its working method |
| CN112702300A (en) * | 2019-10-22 | 2021-04-23 | 华为技术有限公司 | Security vulnerability defense method and device |
| CN114430894A (en) * | 2020-07-20 | 2022-05-03 | 谷歌有限责任公司 | Minimize production disruptions with scanning rules engine |
| CN115314276A (en) * | 2022-08-03 | 2022-11-08 | 厦门国际银行股份有限公司 | Security check management system, method and terminal equipment |
| CN116244081A (en) * | 2023-03-10 | 2023-06-09 | 苏州亿铸智能科技有限公司 | A network topology control system for a multi-core storage-computing integrated accelerator network |
| CN116389130A (en) * | 2023-04-11 | 2023-07-04 | 江苏电子信息职业学院 | Large-scale network security defense system based on knowledge graph |
-
2023
- 2023-08-18 CN CN202311043816.8A patent/CN116760716B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040117624A1 (en) * | 2002-10-21 | 2004-06-17 | Brandt David D. | System and methodology providing automation security analysis, validation, and learning in an industrial controller environment |
| CN103905265A (en) * | 2012-12-27 | 2014-07-02 | 中国移动通信集团公司 | Method and apparatus for detecting new device in network |
| CN104219091A (en) * | 2014-08-27 | 2014-12-17 | 中国科学院计算技术研究所 | System and method for network operation fault detection |
| US20190238584A1 (en) * | 2018-01-30 | 2019-08-01 | Asimily, Inc | System and method for vulnerability management for connected devices |
| CN108810034A (en) * | 2018-08-20 | 2018-11-13 | 杭州安恒信息技术股份有限公司 | A kind of safety protecting method of industrial control system information assets |
| CN112702300A (en) * | 2019-10-22 | 2021-04-23 | 华为技术有限公司 | Security vulnerability defense method and device |
| CN111881452A (en) * | 2020-07-17 | 2020-11-03 | 哈尔滨工业大学(威海) | A safety test system for industrial control equipment and its working method |
| CN114430894A (en) * | 2020-07-20 | 2022-05-03 | 谷歌有限责任公司 | Minimize production disruptions with scanning rules engine |
| CN115314276A (en) * | 2022-08-03 | 2022-11-08 | 厦门国际银行股份有限公司 | Security check management system, method and terminal equipment |
| CN116244081A (en) * | 2023-03-10 | 2023-06-09 | 苏州亿铸智能科技有限公司 | A network topology control system for a multi-core storage-computing integrated accelerator network |
| CN116389130A (en) * | 2023-04-11 | 2023-07-04 | 江苏电子信息职业学院 | Large-scale network security defense system based on knowledge graph |
Non-Patent Citations (2)
| Title |
|---|
| 余贵水;李秀峰;蒋志归;魏钟记;: "一种实时告警分析的网络安全风险评估方法", 海军工程大学学报, no. 04 * |
| 杨豪璞;邱辉;王坤;: "面向多步攻击的网络安全态势评估方法", 通信学报, no. 01 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116760716B (en) | 2023-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3691189B1 (en) | Method, apparatus and computer program for predicting fault of optical module | |
| CN112491805B (en) | Network security equipment management system applied to cloud platform | |
| CN119449432B (en) | A network data risk assessment system for computers | |
| CN118413388B (en) | Online evaluation system and method based on network security test | |
| WO2024066331A1 (en) | Network abnormality detection method and apparatus, electronic device, and storage medium | |
| CN111934954A (en) | Broadband detection method and device, electronic equipment and storage medium | |
| CN114244751B (en) | Wireless sensor network anomaly detection method and system | |
| CN117614978A (en) | An information security communication management system for digital workshops | |
| CN117375889A (en) | Big data abnormal behavior monitoring method, system, equipment and storage medium | |
| CN118102372A (en) | Wireless quality detection method and device for communication terminal based on 5G power virtual private network | |
| CN116866012A (en) | Network risk monitoring method and system for electric power facility management platform | |
| CN116760716B (en) | Intelligent network topology management system and method for new energy station | |
| CN119106410B (en) | A method for verifying access identity of computer software | |
| CN115733679A (en) | A traceability method for data transfer-oriented power monitoring data | |
| CN117914742B (en) | Connection state monitoring method and system based on Internet of things equipment communication access network | |
| CN119743327A (en) | A security situation awareness system based on multi-source security data fusion analysis | |
| CN111490991B (en) | A system and method for requesting connection of multiple servers based on communication equipment | |
| CN115981192B (en) | Industrial network-based cooperative control and prejudgment method | |
| CN116933335A (en) | Security data analysis method based on real-time aggregation anomaly detection | |
| CN116736781A (en) | Safety state monitoring method and device for industrial automation control equipment | |
| CN117040784A (en) | Network security supervision method, device and storage medium | |
| CN113595820B (en) | Flow monitoring method and device | |
| CN113225319A (en) | Software defined network abnormal flow detection method | |
| CN116633770B (en) | Automatic configuration operation supervision system suitable for operation of local area network equipment | |
| CN118747340B (en) | Network data analysis system based on deep learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |