CN120358025B - A method, device, equipment and medium for secure transmission of power system information - Google Patents

A method, device, equipment and medium for secure transmission of power system information

Info

Publication number
CN120358025B
CN120358025B CN202510831289.XA CN202510831289A CN120358025B CN 120358025 B CN120358025 B CN 120358025B CN 202510831289 A CN202510831289 A CN 202510831289A CN 120358025 B CN120358025 B CN 120358025B
Authority
CN
China
Prior art keywords
information
data
generating
physical
auxiliary
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202510831289.XA
Other languages
Chinese (zh)
Other versions
CN120358025A (en
Inventor
裘建开
王勇
严钰君
叶明达
曹雅素
娄一艇
郑瑞云
张寒之
祝婉
陈晓杰
徐科兵
赵萌
胡一嗔
刘琛
郑皓元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202510831289.XA priority Critical patent/CN120358025B/en
Publication of CN120358025A publication Critical patent/CN120358025A/en
Application granted granted Critical
Publication of CN120358025B publication Critical patent/CN120358025B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method, a device, equipment and a medium for safely transmitting information of an electric power system, which relate to the technical field of information safety transmission, and the method comprises the steps of adopting a hash algorithm and asymmetric encryption to generate a digital encryption signature; the method comprises the steps of obtaining and locking a receiving file of a receiving end, decrypting a digital encryption signature, generating a receiving abstract identification, comparing an original abstract identification with the receiving abstract identification, generating an identification safety verification result, obtaining communication data between a sending end corresponding to information to be transmitted and the receiving end when the identification safety verification result is safe, inputting the communication data into a trained transmission behavior model, generating information safety probability, respectively collecting actual physical fingerprints and auxiliary physical fingerprints when the information safety probability is greater than or equal to a preset probability threshold, determining physical similarity, generating an information transmission normal report when the physical similarity is greater than or equal to a preset similarity threshold, and unlocking the receiving file. The invention can improve the safety.

Description

Method, device, equipment and medium for safely transmitting information of power system
Technical Field
The invention relates to the technical field of information security transmission, in particular to a method, a device, equipment and a medium for power system information security transmission.
Background
The information to be transmitted in the power system is various, and each link from power generation to power utilization is covered. Such information is critical to ensure stable operation of the power system, optimize resource allocation, and fast response.
In the related art, data in a power system is generally directly transmitted through a public or semi-public network, but these network environments are relatively open, and the risk that directly transmitted information is intercepted and tampered is high, so that the security of the power system information is low.
Disclosure of Invention
The invention solves the problem of how to improve the safety of power system information.
In order to solve the problems, the invention provides a method, a device, equipment and a medium for safely transmitting power system information.
In a first aspect, the present invention provides a method for safely transmitting information of an electric power system, including:
acquiring information to be transmitted of an electric power system, extracting an original abstract identifier of the information to be transmitted by adopting a hash algorithm, encrypting the original abstract identifier by adopting an asymmetrically encrypted private key, and generating a digital encryption signature;
packaging and packaging the information to be transmitted and the digital encryption signature, and sending the packaged information to a receiving end of the power system;
obtaining and locking a receiving file of the receiving end, decrypting the digital encryption signature by adopting an asymmetric encryption public key, generating a receiving abstract identifier, comparing the original abstract identifier with the receiving abstract identifier, verifying information transmission safety, and generating an identifier safety verification result;
When the identification security verification result is safe, acquiring communication data between a sending end and a receiving end corresponding to the information to be transmitted, inputting the communication data into a trained transmission behavior model, and generating information security probability;
When the information security probability is greater than or equal to a preset probability threshold, respectively acquiring an actual physical fingerprint of the transmitting end and an auxiliary physical fingerprint of a device homologous to the transmitting end, determining the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint, and when the physical similarity is greater than or equal to the preset similarity threshold, generating an information transmission normal report and unlocking the receiving file;
and when the identification security verification result is abnormal, or the information security probability is smaller than a preset probability threshold, or the physical similarity is smaller than a preset similarity threshold, generating an information transmission abnormal report.
Optionally, the communication data includes data frequency data, traffic pattern data, communication path data, protocol type data, and delay fluctuation data;
The trained transmission behavior model comprises an input processing layer, a multi-layer GCN network, a time sequence network, a fusion layer and an output layer;
The input processing layer is configured to classify the data frequency data, the traffic pattern data, the communication path data, the protocol type data, and the delay fluctuation data into graph data and non-graph data;
Extracting node representations corresponding to the graph data by the multi-layer GCN network based on an attention mechanism;
The time sequence network is used for extracting time sequence features corresponding to the non-graph data;
The fusion layer is used for fusing all the node representations and the time sequence features to generate fusion features;
the output layer is used for generating the information security probability by adopting an activation function according to the fusion characteristics.
Optionally, the timing network includes a dynamic time step embedding unit, a multi-scale convolution attention unit, an adaptive sparse memory enhancement transducer, and a state-aware gating loop unit;
The dynamic time step embedding unit is used for embedding the time sequence features into time intervals by adopting a position coding function to generate a time interval embedded vector sequence;
The multi-scale convolution attention unit is used for carrying out local correlation extraction and attention weighting on the time interval embedded vector sequence at a plurality of time granularities to generate an enhanced local attention characteristic;
The self-adaptive sparse memory enhancement transducer is used for fusing the external memory matrix with the local attention enhancement feature to generate a memory enhancement attention feature;
The state sensing gating circulating unit is used for capturing the long-term dependency relationship of the memory enhancing attention characteristic based on a state sensing mechanism and generating the time sequence characteristic.
Optionally, the fusion layer comprises a heterogeneous information network unit, a projective transformation unit and a deep neural decision forest unit;
the heterogeneous information network unit is used for capturing semantic relations between all node representations and the time sequence features and generating semantic relation embedding vectors;
the projection transformation unit is used for projecting the semantic relation embedded vector, all the node representations and the time sequence features to the same hidden space, and performing linear transformation to generate primary fusion features;
the deep neural decision forest unit is used for further refining the preliminary fusion feature based on the layering characteristic of the decision tree to generate the fusion feature.
Optionally, the determining the physical similarity of the actual physical fingerprint and the auxiliary physical fingerprint includes:
respectively constructing an actual spatial intensity spectrum of the actual physical fingerprint and an auxiliary spatial intensity spectrum of the auxiliary physical fingerprint;
Mapping the actual space intensity spectrum and the auxiliary space intensity spectrum to a low-dimensional space respectively, and adopting a kernel density estimation method to construct the actual probability distribution characteristics of the actual space intensity spectrum in the low-dimensional space and the auxiliary probability distribution characteristics of the auxiliary space intensity spectrum in the low-dimensional space respectively;
and generating the physical similarity according to the actual probability distribution characteristics and the auxiliary probability distribution characteristics.
Optionally, the generating the physical similarity according to the actual probability distribution feature and the auxiliary probability distribution feature includes:
And generating the physical similarity by adopting a physical similarity formula and an interference function according to the actual probability distribution characteristics and the auxiliary probability distribution characteristics, wherein the physical similarity formula comprises:
;
Wherein S is the physical similarity, F real is the actual probability distribution characteristics, F aux is the auxiliary probability distribution characteristics, For a scaling factor, D is the interference function,To enhance the non-linear discrimination capability factor.
Optionally, after the generating the information transmission abnormality report, the method further includes:
and disconnecting the communication connection between the sending end and the receiving end, and deleting the receiving file.
In a second aspect, the present invention provides a power system information security transmission device, including:
the encryption module is used for acquiring information to be transmitted of the power system, extracting an original abstract identifier of the information to be transmitted by adopting a hash algorithm, encrypting the original abstract identifier by adopting an asymmetrically encrypted private key, and generating a digital encryption signature;
the packaging module is used for packaging and packaging the information to be transmitted and the digital encryption signature and sending the information to a receiving end of the power system;
The decryption module is used for acquiring and locking a receiving file of the receiving end, decrypting the digital encryption signature by adopting an asymmetric encryption public key, generating a receiving abstract identifier, comparing the original abstract identifier with the receiving abstract identifier, verifying information transmission safety, and generating an identifier safety verification result;
The probability module is used for acquiring communication data between a sending end and a receiving end corresponding to the information to be transmitted when the identification security verification result is safe, inputting the communication data into a trained transmission behavior model, and generating information security probability;
The similarity module is used for respectively acquiring the actual physical fingerprint of the transmitting end and the auxiliary physical fingerprint of the equipment homologous to the transmitting end when the information security probability is greater than or equal to a preset probability threshold, determining the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint, generating an information transmission normal report when the physical similarity is greater than or equal to the preset similarity threshold, and unlocking the received file;
And the result module is used for generating an information transmission abnormal report when the identification safety verification result is abnormal, or the information safety probability is smaller than a preset probability threshold, or the physical similarity is smaller than a preset similarity threshold.
In a third aspect, the present invention provides an electronic device comprising a memory and a processor;
The memory is used for storing a computer program;
the processor is configured to implement the power system information security transmission method according to the first aspect when executing the computer program.
In a fourth aspect, the present invention provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, implements the power system information security transmission method according to the first aspect.
The method, the device, the equipment and the medium for safely transmitting the information of the power system have the beneficial effects that:
Since the abstract identifier generated by the hash algorithm has uniqueness, any tampering of the original information can lead to abstract change, the original abstract identifier of the information to be transmitted is extracted by adopting the hash algorithm, the original abstract identifier is encrypted by adopting an asymmetrically encrypted private key to generate a digital encryption signature, the identities of a transmitting end and a receiving end can be verified, the falsification of the identity by a third party is effectively prevented, the risk of interception and falsification of the information is reduced, the safety of an electric power system is improved, the information to be transmitted and the digital encryption signature are packaged and sent to the receiving end of the electric power system, the receiving file of the receiving end is obtained and locked, the safety of the electric power system is further improved only after the subsequent verification is carried out, the asymmetrically encrypted public key is adopted to decrypt the digital encryption signature to generate the receiving abstract identifier, and comparing the original abstract identification with the received abstract identification to verify the information transmission safety, generating an identification safety verification result, performing preliminary judgment on the received data to confirm whether the received data is tampered, inputting the communication data into a trained transmission behavior model when the preliminary judgment result is safe, performing secondary judgment on the communication process between the sending end and the receiving end to confirm whether the possibility of interception and tampering exists, generating an information safety probability, performing third judgment when the information safety probability is greater than or equal to a preset probability threshold value, namely, the second judgment is normal, respectively acquiring the actual physical fingerprint of the sending end and the auxiliary physical fingerprint of the source equipment of the sending end, determining the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint to confirm whether the equipment of the sending end is real, the possibility of interception of tampered information by the simulation equipment is avoided, an accurate normal information transmission report is finally generated, and the safe receiving file is unlocked for the system to use. According to the invention, through encryption and three-layer verification in a layer-by-layer progressive manner, the angles of each layer of verification are different, the risk of interception and tampering of information can be greatly reduced, whether the received information is tampered or not can be accurately confirmed, and finally, the security file subjected to three-layer accurate verification is unlocked for use, so that the security of a power system is greatly improved.
Drawings
Fig. 1 is a flow chart of a method for safely transmitting information of a power system according to an embodiment of the present invention;
Fig. 2 is a schematic structural diagram of an information security transmission device of an electric power system according to an embodiment of the present invention;
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order that the above objects, features and advantages of the invention will be readily understood, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. While the invention is susceptible of embodiment in the drawings, it is to be understood that the invention may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided to provide a more thorough and complete understanding of the invention. It should be understood that the drawings and embodiments of the invention are for illustration purposes only and are not intended to limit the scope of the present invention.
It should be understood that the various steps recited in the method embodiments of the present invention may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the invention is not limited in this respect.
The term "comprising" and variations thereof as used herein is meant to be open-ended, i.e., "including but not limited to," based at least in part on, "one embodiment" means "at least one embodiment," another embodiment "means" at least one additional embodiment, "some embodiments" means "at least some embodiments," and "optional" means "optional embodiment. Related definitions of other terms will be given in the description below. It should be noted that the concepts of "first", "second", etc. mentioned in this disclosure are only used to distinguish between different devices, modules or units, and are not intended to limit the order or interdependence of functions performed by these devices, modules or units.
It should be noted that references to "a" and "an" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
The names of messages or information interacted between the devices in the embodiments of the present invention are for illustrative purposes only and are not intended to limit the scope of such messages or information.
Aiming at the problems of the related art, the embodiment provides a method, a device, equipment and a medium for safely transmitting power system information.
As shown in fig. 1, a method for safely transmitting information of an electric power system according to an embodiment of the present invention includes:
and acquiring information to be transmitted of the electric power system, extracting an original abstract identifier of the information to be transmitted by adopting a hash algorithm, encrypting the original abstract identifier by adopting an asymmetrically encrypted private key, and generating a digital encryption signature.
Specifically, the information to be transmitted of the power system refers to various data and information that need to be exchanged and processed during the operation and management of the power system, such as telemetry data, remote control instructions, transaction information, maintenance information, and the like. Such information is critical to ensure safe, stable and efficient operation of the grid. The original digest identifier is a fixed-length unique identifier generated by a hash algorithm that computes an arbitrary length of input data, e.g., SHA-256 would generate a 256-bit hash value. And then, adopting an RSA tool of an asymmetric encryption algorithm to carry out private key encryption to generate a binary or Base64 coded digital encryption signature so as to realize double encryption and facilitate subsequent verification.
And packaging the information to be transmitted and the digital encryption signature, and sending the packaged information and the digital encryption signature to a receiving end of the power system.
Specifically, the information to be transmitted and the digital encryption signature are packaged and encapsulated, meanwhile, a lightweight MAC (message authentication code) can be adopted to combine with a time stamp to form an integrity tag which is attached to a packaged and encapsulated data packet and sent to a receiving end of the power system so as to carry out integrity and security verification later.
And obtaining and locking the receiving file of the receiving end, decrypting the digital encryption signature by adopting an asymmetric encryption public key, generating a receiving abstract identifier, comparing the original abstract identifier with the receiving abstract identifier, verifying the information transmission security, and generating an identifier security verification result.
Specifically, a receiving file of the receiving end is obtained, the receiving file of the receiving end is locked, and the using file is unlocked after verification is successful. The public key of an RSA tool adopting an asymmetric encryption algorithm is adopted to decrypt the digital encryption signature, a receiving abstract identification of a receiving end is generated, the original abstract identification and the receiving abstract identification are compared, namely, the integrity and the safety of information transmission are verified by comparing all contents of the original abstract identification and the receiving abstract identification, such as encoding, format, time stamp and the like, an identification safety verification result of all contents of the original abstract identification and the receiving abstract identification is generated, for example, when the encoding of the original abstract identification and the receiving abstract identification is consistent, the format of the original abstract identification and the receiving abstract identification is consistent, the time stamp of the original abstract identification and the receiving abstract identification is consistent, and the identification safety verification result is safe, and when any one of the contents is inconsistent, the identification safety verification result is abnormal.
And when the identification security verification result is safe, acquiring communication data between a sending end and a receiving end corresponding to the information to be transmitted, inputting the communication data into a trained transmission behavior model, and generating information security probability.
Specifically, when the identification security verification result is secure, communication data between a transmitting end and a receiving end corresponding to information to be transmitted is acquired, the communication data is input into a trained transmission behavior model, information security probability is generated, and second verification is performed, because, in an ideal case, if a hash algorithm is secure enough, a secret key is not leaked and the system is realized correctly, the fact that the digest decrypted by a public key is identical to the original digest means that the data is not tampered. However, in actual operation, there are some potential risks that even if the data is tampered, for example, the hash algorithm has a collision vulnerability, that is, if an attacker finds two different input data so that their hash values are the same (referred to as hash collision), the signature can be falsified after tampering the data, and the private key is revealed or falsified, that is, if the attacker steals the private key of the sender signer, the signature of any data can be falsified. The communication data between the sending end and the receiving end is verified again by adopting a trained transmission behavior model so as to determine whether abnormal behaviors exist in the communication process, such as interception of tampered data, etc., the transmission behavior model can adopt the combination of a neural network and a time sequence model so as to deeply analyze the characteristics and time sequence relation among the data, and the transmission behavior model can be trained by historical safe communication data so as to obtain the trained transmission behavior model so as to analyze the current data and generate information safety probability.
When the information security probability is greater than or equal to a preset probability threshold, respectively acquiring an actual physical fingerprint of the transmitting end and an auxiliary physical fingerprint of the homologous equipment of the transmitting end, determining the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint, and when the physical similarity is greater than or equal to the preset similarity threshold, generating an information transmission normal report and unlocking the receiving file.
Specifically, the preset probability threshold may be set according to practical situations, for example, 95%, and the preset similarity threshold may be set according to practical situations, for example, 96%, the homologous equipment refers to equipment with the same model, the same size and similar operation time as the transmitting end equipment, and the physical fingerprint refers to real-time operation parameters specific to the electric power system equipment, for example, an opening and closing coil current waveform, a power frequency harmonic component, a shafting torsional vibration frequency waveform and the like. When the information security probability is greater than or equal to the preset probability threshold, it is indicated that the transmission behavior model does not detect abnormal behavior in the communication process, but a vulnerability may also occur at this time, for example, an attacker uses a fake transmitting end device, a simulated transmitting end device or an intrusion transmitting end device to transmit information so as to propagate tampered information. Therefore, the actual physical fingerprint of the transmitting end and the auxiliary physical fingerprint of the equipment homologous to the transmitting end are respectively acquired, the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint is determined, when the physical similarity is larger than or equal to a preset similarity threshold value, the equipment of the transmitting end is determined to be real and not invaded, the safety of the received information is further proved, an information transmission normal report is generated, and the received file is unlocked for use.
And when the identification security verification result is abnormal, or the information security probability is smaller than a preset probability threshold, or the physical similarity is smaller than a preset similarity threshold, generating an information transmission abnormal report.
Specifically, when the identification security verification result is abnormal, or the information security probability is smaller than a preset probability threshold, or the physical similarity is smaller than a preset similarity threshold, the data transmission is described as abnormal, and an information transmission abnormal report is generated.
In this embodiment, since the digest identifier generated by the hash algorithm has uniqueness, any tampering of the original information will cause the digest to change, so the original digest identifier of the information to be transmitted is extracted by adopting the hash algorithm, and the original digest identifier is encrypted by adopting the asymmetric encrypted private key, so as to generate the digital encrypted signature, the identities of both the sending end and the receiving end can be verified, the falsified information of the third party is effectively prevented, the risk of falsifying the information is reduced, the security of the electric power system is improved, the information to be transmitted and the digital encrypted signature are packaged and sent to the receiving end of the electric power system, the receiving file of the receiving end is acquired and locked, the digital encrypted signature is decrypted only after the subsequent verification, so as to generate the receiving digest identifier, the transmission security of the original digest identifier is compared with the receiving digest identifier, the security verification result of the identifier is generated, the initial judgment can be performed on whether the received data is falsified, when the initial judgment result is safe, the communication data is input to the sending end in the transmission training, the second fingerprint is the preset, the second fingerprint is the fingerprint is equal to the actual physical judgment, the second fingerprint is performed on the second fingerprint, the fingerprint is actually determined, the fingerprint is similar to the second physical judgment device, and the fingerprint is actually determined, the fingerprint is actually similar to the fingerprint is generated, and the fingerprint is actually, the fingerprint is actually detected, and the fingerprint is not actually changed, the possibility of interception of tampered information by the simulation equipment is avoided, an accurate normal information transmission report is finally generated, and the safe receiving file is unlocked for the system to use. According to the invention, through encryption and three-layer verification in a layer-by-layer progressive manner, the angles of each layer of verification are different, the risk of interception and tampering of information can be greatly reduced, whether the received information is tampered or not can be accurately confirmed, and finally, the security file subjected to three-layer accurate verification is unlocked for use, so that the security of a power system is greatly improved.
Optionally, the communication data includes data frequency data, traffic pattern data, communication path data, protocol type data, and delay fluctuation data;
The trained transmission behavior model comprises an input processing layer, a multi-layer GCN network, a time sequence network, a fusion layer and an output layer;
The input processing layer is configured to classify the data frequency data, the traffic pattern data, the communication path data, the protocol type data, and the delay fluctuation data into graph data and non-graph data;
Extracting node representations corresponding to the graph data by the multi-layer GCN network based on an attention mechanism;
The time sequence network is used for extracting time sequence features corresponding to the non-graph data;
The fusion layer is used for fusing all the node representations and the time sequence features to generate fusion features;
the output layer is used for generating the information security probability by adopting an activation function according to the fusion characteristics.
Specifically, the communication data includes data frequency data, traffic pattern data, communication path data, protocol type data, and delay fluctuation data, wherein the communication path data is graph data, and the data frequency data, the traffic pattern data, the protocol type data, and the delay fluctuation data are non-graph data. The trained transmission behavior model comprises an input processing layer, a multi-layer GCN network, a time sequence network, a fusion layer and an output layer which are sequentially connected, wherein the input processing layer is used for classifying data frequency data, flow mode data, communication path data, protocol type data and time delay fluctuation data into graph data and non-graph data, and carrying out standardization and normalization processing to obtain the graph data and the non-graph data with unified standards, the multi-layer GCN network adopts the multi-layer GCN to capture the relationship among nodes with different depths, the model is allowed to dynamically pay attention to different nodes or edges through an attention mechanism, sensitivity to key information is improved, node representation corresponding to the graph data is extracted, the time sequence network is used for extracting time sequence features corresponding to the non-graph data, the fusion layer is used for fusing all node representations and the time sequence features to generate fusion features, and the output layer outputs the safety probability of the current communication data through a series of full connection layers and a Softmax activation function according to the fusion features to generate information safety probability.
Optionally, the timing network includes a dynamic time step embedding unit, a multi-scale convolution attention unit, an adaptive sparse memory enhancement transducer, and a state-aware gating loop unit;
The dynamic time step embedding unit is used for embedding the time sequence features into time intervals by adopting a position coding function to generate a time interval embedded vector sequence;
The multi-scale convolution attention unit is used for carrying out local correlation extraction and attention weighting on the time interval embedded vector sequence at a plurality of time granularities to generate an enhanced local attention characteristic;
The self-adaptive sparse memory enhancement transducer is used for fusing the external memory matrix with the local attention enhancement feature to generate a memory enhancement attention feature;
The state sensing gating circulating unit is used for capturing the long-term dependency relationship of the memory enhancing attention characteristic based on a state sensing mechanism and generating the time sequence characteristic.
The time sequence network comprises a dynamic time step embedding unit, a multi-scale convolution attention unit, an adaptive sparse memory enhancement transducer and a state perception gating circulating unit which are sequentially connected, wherein the dynamic time step embedding unit is used for adopting a position coding function to code irregular time intervals into vector representations and embedding time sequence features into the time intervals so as to help a model understand the relative time distance between events and generate a time interval embedded vector sequence, the multi-scale convolution attention unit is used for carrying out local correlation extraction and attention weighting on the time interval embedded vector sequence at a plurality of time granularities, namely extracting local correlation and carrying out attention weighting from the plurality of time granularities, the multi-scale convolution attention unit is used for extracting local features by using a plurality of one-dimensional convolution kernels (such as kernel_size= [3, 5, 7 ]), each convolution layer is connected with LayerNorm and ReLU in sequence, then each convolution output is spliced, the convolution outputs are compressed to a unified dimension through linear transformation, and then a multi-head attention mechanism is applied to capture the cross-scale context dependence, and the enhanced local attention features are generated. The self-adaptive sparse memory enhancement transducer adds a long-term memory mechanism on the basis of the traditional transducer, improves modeling capability of a model on long-term dependence, introduces an external memory matrix, calculates similarity between the current enhancement local attention characteristic and a memory bank in each transducer block, selects the most relevant memory segment, fuses the most relevant memory segment and the enhancement local attention characteristic to generate the memory enhancement attention characteristic with long-term memory enhancement, a State perception gating unit further captures long-term dependency in a sequence, introduces a State perception mechanism to enhance sensitivity of the model to abnormal behaviors, generates a time sequence characteristic, wherein the State perception gating unit firstly obtains a preliminary sequence hidden State through the two-way gating unit, inputs a result into a State perception LSTM model (State-AWARE LSTM), adjusts activation thresholds of a forgetting gate and an input gate according to State change of the last step, defines a State change detection function such as Euclidean distance or cosine similarity, dynamically adjusts the gating mechanism, and finally generates the time sequence characteristic.
Optionally, the fusion layer comprises a heterogeneous information network unit, a projective transformation unit and a deep neural decision forest unit;
the heterogeneous information network unit is used for capturing semantic relations between all node representations and the time sequence features and generating semantic relation embedding vectors;
the projection transformation unit is used for projecting the semantic relation embedded vector, all the node representations and the time sequence features to the same hidden space, and performing linear transformation to generate primary fusion features;
the deep neural decision forest unit is used for further refining the preliminary fusion feature based on the layering characteristic of the decision tree to generate the fusion feature.
Specifically, the fusion layer comprises a heterogeneous information network unit, a projective transformation unit and a deep neural decision forest unit which are connected in sequence. The heterogeneous information network (Heterogeneous Information Network, HIN) unit can model nodes (e.g. users, objects, places, etc.) and edges (e.g. friendships, access records, etc.) of different types, which may mean that for communication data, the relevance between different communication modes can be better understood, such as how data of a certain protocol type affects traffic patterns on a specific path, the heterogeneous information network unit can capture complex semantic relations between these different types of entities, i.e. between all node representations and time sequence features, through the learned embedding vectors, enhance the understanding ability of the model on different data sources, improve the robustness and accuracy of the overall system, and generate the semantic relation embedding vectors. The projection transformation unit is used for projecting the semantic relation embedded vector, all node representations and the time sequence features to the same hidden space, and performing linear transformation to generate primary fusion features. The deep neural decision forest unit is used to further refine the preliminary fusion features based on the hierarchical nature of the decision trees, train a series of decision trees using the preliminary fusion features as inputs, each tree splitting based on a different subset of features. For each sample data of the decision tree, its path in all trees is recorded and converted into a binary coded form, forming a new feature representation, i.e. generating a fusion feature.
Optionally, the determining the physical similarity of the actual physical fingerprint and the auxiliary physical fingerprint includes:
respectively constructing an actual spatial intensity spectrum of the actual physical fingerprint and an auxiliary spatial intensity spectrum of the auxiliary physical fingerprint;
Mapping the actual space intensity spectrum and the auxiliary space intensity spectrum to a low-dimensional space respectively, and adopting a kernel density estimation method to construct the actual probability distribution characteristics of the actual space intensity spectrum in the low-dimensional space and the auxiliary probability distribution characteristics of the auxiliary space intensity spectrum in the low-dimensional space respectively;
and generating the physical similarity according to the actual probability distribution characteristics and the auxiliary probability distribution characteristics.
Specifically, each sampling point in the physical fingerprint is taken as a node of an actual space intensity spectrum, the sampling points are specific data points extracted from the physical fingerprint, the specific data points can reflect the working characteristics of equipment at the moment, and when the physical fingerprint comprises an opening and closing coil current waveform, a power frequency harmonic component and a shafting torsional vibration frequency waveform, the opening and closing coil current waveform, the power frequency harmonic component and the shafting torsional vibration frequency waveform are firstly time aligned and then sampled, so that sampling points with uniform time sequences are obtained. The method comprises the steps of firstly determining the connection distance between nodes, wherein the connection distance refers to the time distance between two nodes, then determining the signal difference between the nodes, wherein the signal difference refers to the difference between signal characteristics represented by the two nodes, measuring the difference by using Euclidean distance, and setting the combination result of the connection distance between sampling points and the signal difference as an edge weight, wherein the combination result of the connection distance and the signal difference can be calculated by adopting a weighting method. And then constructing a spatial intensity map according to the nodes and the edge weights, namely constructing an edge between two nodes if the edge weights between the two nodes are smaller than a preset edge threshold value, judging and constructing the edge between every two nodes until all the nodes are judged, and obtaining the spatial intensity map. Therefore, based on this step, an actual spatial intensity map may be constructed from the nodes and edge weights of the actual physical fingerprints, and an auxiliary spatial intensity map may be constructed from the nodes and edge weights of the auxiliary physical fingerprints. And mapping the actual space intensity spectrum and the auxiliary space intensity spectrum to a low-dimensional space by using Laplacian feature mapping, respectively constructing the actual probability distribution feature of the actual space intensity spectrum in the low-dimensional space and the auxiliary probability distribution feature of the auxiliary space intensity spectrum in the low-dimensional space by using a kernel density estimation method, wherein the actual probability distribution feature and the auxiliary probability distribution feature express the distribution characteristics of the actual physical fingerprint and the auxiliary physical fingerprint in the low-dimensional space, so that the physical similarity can be determined according to the actual probability distribution feature and the auxiliary probability distribution feature.
Optionally, the generating the physical similarity according to the actual probability distribution feature and the auxiliary probability distribution feature includes:
And generating the physical similarity by adopting a physical similarity formula and an interference function according to the actual probability distribution characteristics and the auxiliary probability distribution characteristics, wherein the physical similarity formula comprises:
;
Wherein S is the physical similarity, F real is the actual probability distribution characteristics, F aux is the auxiliary probability distribution characteristics, For a scaling factor, D is the interference function,To enhance the non-linear discrimination capability factor.
Specifically, an interference function is set in the physical similarity formula to simulate the interference of environmental changes on signals, so that the accuracy of the technology is improved, the nonlinear distinguishing capability factor can be enhanced, the small difference is amplified when the similarity score is calculated, the sensitivity to nuances is improved, and accurate physical similarity is generated.
Optionally, after the generating the information transmission abnormality report, the method further includes:
and disconnecting the communication connection between the sending end and the receiving end, and deleting the receiving file.
Specifically, under abnormal conditions, in order to avoid further harm caused by intercepted and tampered files, the Xu Duankai sending end is in communication connection with the receiving end, the received files are deleted, and the safety of the power system is ensured.
As shown in fig. 2, an apparatus for securely transmitting information in an electric power system according to an embodiment of the present invention includes:
the encryption module is used for acquiring information to be transmitted of the power system, extracting an original abstract identifier of the information to be transmitted by adopting a hash algorithm, encrypting the original abstract identifier by adopting an asymmetrically encrypted private key, and generating a digital encryption signature;
the packaging module is used for packaging and packaging the information to be transmitted and the digital encryption signature and sending the information to a receiving end of the power system;
The decryption module is used for acquiring and locking a receiving file of the receiving end, decrypting the digital encryption signature by adopting an asymmetric encryption public key, generating a receiving abstract identifier, comparing the original abstract identifier with the receiving abstract identifier, verifying information transmission safety, and generating an identifier safety verification result;
The probability module is used for acquiring communication data between a sending end and a receiving end corresponding to the information to be transmitted when the identification security verification result is safe, inputting the communication data into a trained transmission behavior model, and generating information security probability;
The similarity module is used for respectively acquiring the actual physical fingerprint of the transmitting end and the auxiliary physical fingerprint of the equipment homologous to the transmitting end when the information security probability is greater than or equal to a preset probability threshold, determining the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint, generating an information transmission normal report when the physical similarity is greater than or equal to the preset similarity threshold, and unlocking the received file;
And the result module is used for generating an information transmission abnormal report when the identification safety verification result is abnormal, or the information safety probability is smaller than a preset probability threshold, or the physical similarity is smaller than a preset similarity threshold.
As shown in fig. 3, an electronic device 300 according to an embodiment of the present invention includes a memory 310 and a processor 320, where the memory 310 is configured to store a computer program, and the processor 320 is configured to implement the power system information secure transmission method as described above when executing the computer program.
Alternatively stated, an electronic device 300 comprises a memory 310 and a processor 320 coupled to the memory 310, the memory 310 being configured to store a computer program, the processor 320 being configured to, when executing the computer program:
acquiring information to be transmitted of an electric power system, extracting an original abstract identifier of the information to be transmitted by adopting a hash algorithm, encrypting the original abstract identifier by adopting an asymmetrically encrypted private key, and generating a digital encryption signature;
packaging and packaging the information to be transmitted and the digital encryption signature, and sending the packaged information to a receiving end of the power system;
obtaining and locking a receiving file of the receiving end, decrypting the digital encryption signature by adopting an asymmetric encryption public key, generating a receiving abstract identifier, comparing the original abstract identifier with the receiving abstract identifier, verifying information transmission safety, and generating an identifier safety verification result;
When the identification security verification result is safe, acquiring communication data between a sending end and a receiving end corresponding to the information to be transmitted, inputting the communication data into a trained transmission behavior model, and generating information security probability;
When the information security probability is greater than or equal to a preset probability threshold, respectively acquiring an actual physical fingerprint of the transmitting end and an auxiliary physical fingerprint of a device homologous to the transmitting end, determining the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint, and when the physical similarity is greater than or equal to the preset similarity threshold, generating an information transmission normal report and unlocking the receiving file;
and when the identification security verification result is abnormal, or the information security probability is smaller than a preset probability threshold, or the physical similarity is smaller than a preset similarity threshold, generating an information transmission abnormal report.
The embodiment of the invention provides a computer readable storage medium, wherein a computer program is stored on the storage medium, and when the computer program is executed by a processor, the power system information security transmission method is realized.
Alternatively, a non-transitory computer readable storage medium having a computer program stored thereon, which when executed by a processor, causes the processor to:
acquiring information to be transmitted of an electric power system, extracting an original abstract identifier of the information to be transmitted by adopting a hash algorithm, encrypting the original abstract identifier by adopting an asymmetrically encrypted private key, and generating a digital encryption signature;
packaging and packaging the information to be transmitted and the digital encryption signature, and sending the packaged information to a receiving end of the power system;
obtaining and locking a receiving file of the receiving end, decrypting the digital encryption signature by adopting an asymmetric encryption public key, generating a receiving abstract identifier, comparing the original abstract identifier with the receiving abstract identifier, verifying information transmission safety, and generating an identifier safety verification result;
When the identification security verification result is safe, acquiring communication data between a sending end and a receiving end corresponding to the information to be transmitted, inputting the communication data into a trained transmission behavior model, and generating information security probability;
When the information security probability is greater than or equal to a preset probability threshold, respectively acquiring an actual physical fingerprint of the transmitting end and an auxiliary physical fingerprint of a device homologous to the transmitting end, determining the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint, and when the physical similarity is greater than or equal to the preset similarity threshold, generating an information transmission normal report and unlocking the receiving file;
and when the identification security verification result is abnormal, or the information security probability is smaller than a preset probability threshold, or the physical similarity is smaller than a preset similarity threshold, generating an information transmission abnormal report.
An electronic device 300 that can be a server or a client of the present invention will now be described as an example of a hardware device that can be applied to aspects of the present invention. Electronic device 300 is intended to represent various forms of digital electronic computer devices, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other suitable computers. Electronic device 300 may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
The electronic device 300 includes a computing unit that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) or a computer program loaded from a storage unit into a Random Access Memory (RAM). In the RAM, various programs and data required for the operation of the device may also be stored. The computing unit, ROM and RAM are connected to each other by a bus. An input/output (I/O) interface is also connected to the bus.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), or the like. In the present application, the units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present application. In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
Although the invention is disclosed above, the scope of the invention is not limited thereto. Various changes and modifications may be made by one skilled in the art without departing from the spirit and scope of the invention, and these changes and modifications will fall within the scope of the invention.

Claims (7)

1. A method for securely transmitting information in an electrical power system, comprising:
acquiring information to be transmitted of an electric power system, extracting an original abstract identifier of the information to be transmitted by adopting a hash algorithm, encrypting the original abstract identifier by adopting an asymmetrically encrypted private key, and generating a digital encryption signature;
packaging and packaging the information to be transmitted and the digital encryption signature, and sending the packaged information to a receiving end of the power system;
obtaining and locking a receiving file of the receiving end, decrypting the digital encryption signature by adopting an asymmetric encryption public key, generating a receiving abstract identifier, comparing the original abstract identifier with the receiving abstract identifier, verifying information transmission safety, and generating an identifier safety verification result;
When the identification security verification result is safe, acquiring communication data between a sending end and a receiving end corresponding to the information to be transmitted, inputting the communication data into a trained transmission behavior model, and generating information security probability;
When the information security probability is greater than or equal to a preset probability threshold, respectively acquiring an actual physical fingerprint of the transmitting end and an auxiliary physical fingerprint of a device homologous to the transmitting end, determining the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint, and when the physical similarity is greater than or equal to the preset similarity threshold, generating an information transmission normal report and unlocking the receiving file;
When the identification security verification result is abnormal, or the information security probability is smaller than a preset probability threshold, or the physical similarity is smaller than a preset similarity threshold, an information transmission abnormal report is generated;
The communication data comprises data frequency data, traffic pattern data, communication path data, protocol type data and time delay fluctuation data;
The trained transmission behavior model comprises an input processing layer, a multi-layer GCN network, a time sequence network, a fusion layer and an output layer;
The input processing layer is configured to classify the data frequency data, the traffic pattern data, the communication path data, the protocol type data, and the delay fluctuation data into graph data and non-graph data;
the multi-layer GCN network extracts node representations corresponding to the graph data based on an attention mechanism;
The time sequence network is used for extracting time sequence features corresponding to the non-graph data;
The fusion layer is used for fusing all the node representations and the time sequence features to generate fusion features;
The output layer is used for generating the information security probability by adopting an activation function according to the fusion characteristics;
the determining the physical similarity of the actual physical fingerprint and the auxiliary physical fingerprint includes:
respectively constructing an actual spatial intensity spectrum of the actual physical fingerprint and an auxiliary spatial intensity spectrum of the auxiliary physical fingerprint;
Mapping the actual space intensity spectrum and the auxiliary space intensity spectrum to a low-dimensional space respectively, and adopting a kernel density estimation method to construct the actual probability distribution characteristics of the actual space intensity spectrum in the low-dimensional space and the auxiliary probability distribution characteristics of the auxiliary space intensity spectrum in the low-dimensional space respectively;
Generating the physical similarity according to the actual probability distribution characteristics and the auxiliary probability distribution characteristics;
the generating the physical similarity according to the actual probability distribution feature and the auxiliary probability distribution feature comprises the following steps:
And generating the physical similarity by adopting a physical similarity formula and an interference function according to the actual probability distribution characteristics and the auxiliary probability distribution characteristics, wherein the physical similarity formula comprises:
;
Wherein S is the physical similarity, F real is the actual probability distribution characteristics, F aux is the auxiliary probability distribution characteristics, For a scaling factor, D is the interference function,To enhance the non-linear discrimination capability factor.
2. The power system information security transmission method according to claim 1, wherein the timing network comprises a dynamic time step embedding unit, a multi-scale convolution attention unit, an adaptive sparse memory enhancement transducer and a state-aware gating circulation unit;
The dynamic time step embedding unit is used for embedding the time sequence features into time intervals by adopting a position coding function to generate a time interval embedded vector sequence;
The multi-scale convolution attention unit is used for carrying out local correlation extraction and attention weighting on the time interval embedded vector sequence at a plurality of time granularities to generate an enhanced local attention characteristic;
The self-adaptive sparse memory enhancement transducer is used for fusing the external memory matrix with the local attention enhancement feature to generate a memory enhancement attention feature;
The state sensing gating circulating unit is used for capturing the long-term dependency relationship of the memory enhancing attention characteristic based on a state sensing mechanism and generating the time sequence characteristic.
3. The power system information security transmission method according to claim 1, wherein the fusion layer comprises a heterogeneous information network unit, a projective transformation unit and a deep neural decision forest unit;
the heterogeneous information network unit is used for capturing semantic relations between all node representations and the time sequence features and generating semantic relation embedding vectors;
the projection transformation unit is used for projecting the semantic relation embedded vector, all the node representations and the time sequence features to the same hidden space, and performing linear transformation to generate primary fusion features;
the deep neural decision forest unit is used for further refining the preliminary fusion feature based on the layering characteristic of the decision tree to generate the fusion feature.
4. A power system information security transmission method according to any one of claims 1 to 3, characterized by further comprising, after the generation of the information transmission abnormality report:
and disconnecting the communication connection between the sending end and the receiving end, and deleting the receiving file.
5. A power system information security transmission device, characterized by comprising:
the encryption module is used for acquiring information to be transmitted of the power system, extracting an original abstract identifier of the information to be transmitted by adopting a hash algorithm, encrypting the original abstract identifier by adopting an asymmetrically encrypted private key, and generating a digital encryption signature;
the packaging module is used for packaging and packaging the information to be transmitted and the digital encryption signature and sending the information to a receiving end of the power system;
The decryption module is used for acquiring and locking a receiving file of the receiving end, decrypting the digital encryption signature by adopting an asymmetric encryption public key, generating a receiving abstract identifier, comparing the original abstract identifier with the receiving abstract identifier, verifying information transmission safety, and generating an identifier safety verification result;
The probability module is used for acquiring communication data between a sending end and a receiving end corresponding to the information to be transmitted when the identification security verification result is safe, inputting the communication data into a trained transmission behavior model, and generating information security probability;
The similarity module is used for respectively acquiring the actual physical fingerprint of the transmitting end and the auxiliary physical fingerprint of the equipment homologous to the transmitting end when the information security probability is greater than or equal to a preset probability threshold, determining the physical similarity between the actual physical fingerprint and the auxiliary physical fingerprint, generating an information transmission normal report when the physical similarity is greater than or equal to the preset similarity threshold, and unlocking the received file;
The result module is used for generating an information transmission abnormal report when the identification safety verification result is abnormal, or the information safety probability is smaller than a preset probability threshold, or the physical similarity is smaller than a preset similarity threshold;
The communication data comprises data frequency data, traffic pattern data, communication path data, protocol type data and time delay fluctuation data;
The trained transmission behavior model comprises an input processing layer, a multi-layer GCN network, a time sequence network, a fusion layer and an output layer;
The input processing layer is configured to classify the data frequency data, the traffic pattern data, the communication path data, the protocol type data, and the delay fluctuation data into graph data and non-graph data;
Extracting node representations corresponding to the graph data by the multi-layer GCN network based on an attention mechanism;
The time sequence network is used for extracting time sequence features corresponding to the non-graph data;
The fusion layer is used for fusing all the node representations and the time sequence features to generate fusion features;
The output layer is used for generating the information security probability by adopting an activation function according to the fusion characteristics;
the determining the physical similarity of the actual physical fingerprint and the auxiliary physical fingerprint includes:
respectively constructing an actual spatial intensity spectrum of the actual physical fingerprint and an auxiliary spatial intensity spectrum of the auxiliary physical fingerprint;
Mapping the actual space intensity spectrum and the auxiliary space intensity spectrum to a low-dimensional space respectively, and adopting a kernel density estimation method to construct the actual probability distribution characteristics of the actual space intensity spectrum in the low-dimensional space and the auxiliary probability distribution characteristics of the auxiliary space intensity spectrum in the low-dimensional space respectively;
Generating the physical similarity according to the actual probability distribution characteristics and the auxiliary probability distribution characteristics;
the generating the physical similarity according to the actual probability distribution feature and the auxiliary probability distribution feature comprises the following steps:
And generating the physical similarity by adopting a physical similarity formula and an interference function according to the actual probability distribution characteristics and the auxiliary probability distribution characteristics, wherein the physical similarity formula comprises:
;
Wherein S is the physical similarity, F real is the actual probability distribution characteristics, F aux is the auxiliary probability distribution characteristics, For a scaling factor, D is the interference function,To enhance the non-linear discrimination capability factor.
6. An electronic device comprising a memory and a processor;
The memory is used for storing a computer program;
The processor is configured to implement the power system information security transmission method according to any one of claims 1 to 4 when executing the computer program.
7. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when executed by a processor, implements the power system information secure transmission method according to any one of claims 1 to 4.
CN202510831289.XA 2025-06-20 2025-06-20 A method, device, equipment and medium for secure transmission of power system information Active CN120358025B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510831289.XA CN120358025B (en) 2025-06-20 2025-06-20 A method, device, equipment and medium for secure transmission of power system information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510831289.XA CN120358025B (en) 2025-06-20 2025-06-20 A method, device, equipment and medium for secure transmission of power system information

Publications (2)

Publication Number Publication Date
CN120358025A CN120358025A (en) 2025-07-22
CN120358025B true CN120358025B (en) 2025-09-26

Family

ID=96406116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510831289.XA Active CN120358025B (en) 2025-06-20 2025-06-20 A method, device, equipment and medium for secure transmission of power system information

Country Status (1)

Country Link
CN (1) CN120358025B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119155305A (en) * 2024-07-19 2024-12-17 安徽淮南洛能发电有限责任公司 Method and system for synchronizing data between trusted DCS terminals
CN120017670A (en) * 2025-02-13 2025-05-16 江西学说教育科技有限公司 An Internet of Things information platform and implementation method thereof

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102318642B1 (en) * 2021-04-16 2021-10-28 (주)엠제이티 Online platform using voice analysis results
US12512997B2 (en) * 2023-05-01 2025-12-30 Rahul Parthe System and method for AI-based digital identity verification field of disclosure
CN117354251A (en) * 2023-09-28 2024-01-05 国网上海市电力公司 An automated extraction method for power Internet of Things terminal features
CN119966720A (en) * 2025-02-06 2025-05-09 南京华设云信息技术有限公司 A communication method for power asset management master station system and mobile terminal

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119155305A (en) * 2024-07-19 2024-12-17 安徽淮南洛能发电有限责任公司 Method and system for synchronizing data between trusted DCS terminals
CN120017670A (en) * 2025-02-13 2025-05-16 江西学说教育科技有限公司 An Internet of Things information platform and implementation method thereof

Also Published As

Publication number Publication date
CN120358025A (en) 2025-07-22

Similar Documents

Publication Publication Date Title
Torroledo et al. Hunting malicious TLS certificates with deep neural networks
CN107749848B (en) Internet of things data processing method and device and Internet of things system
Aljuhani et al. A deep-learning-integrated blockchain framework for securing industrial IoT
Accorsi Safe-keeping digital evidence with secure logging protocols: State of the art and challenges
Shrivastava et al. Data leakage detection in Wi-Fi networks
CN120151084B (en) Block chain-based intelligent money box antitheft control method, system and storage medium
CN120017424B (en) A method and system for secure access to encrypted enterprise network data
CN120512278A (en) Electronic data security management system and method
Rahal et al. Fuse and Federate: Enhancing EV Charging Station Security with Multimodal Fusion and Federated Learning
CN120671186B (en) Information security contract signing system based on block chain
CN120672341B (en) Big data transaction security management and control method and system
Schmidbauer et al. Hunting shadows: Towards packet runtime-based detection of computational intensive reversible covert channels
CN120979701A (en) Data analysis methods, apparatus, computer equipment and storage media
CN120896766A (en) Attacker attribution tracing methods, equipment, media, and products in cybersecurity penetration testing
CN120675796A (en) Intrusion detection method and system based on countermeasure generation network and trusted execution environment
CN120358025B (en) A method, device, equipment and medium for secure transmission of power system information
CN120165847A (en) Authentication method, device, equipment and storage medium based on quantum key and PUF
CN113918977A (en) User information transmission device based on Internet of things and big data analysis
CN118784335A (en) A USB security isolation method and system
Rao et al. An Improved Biometric Fuzzy Signature with Timestamp of Blockchain Technology for Electrical Equipment Maintenance
Couder et al. Machine Learning for Digital Signatures
CN121261875B (en) A method and system for physical layer key distribution in optical networks based on server hardware characteristics
CN120415718B (en) Electric power data safety convergence communication method based on attack and defense integration
CN121030715B (en) Information processing method and electronic device
CN119766517B (en) Multilayer certificate verification method and system based on digital certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant