The hottest security protection based on Active De

Security protection based on active defense technology

Abstract: This paper expounds the current situation of security protection of dispatching automation system, designs the security protection model of dispatching automation system according to the dynamic information security P2DR model and combined with the new active defense technology, gives the physical structure of the specific implementation, and discusses its characteristics and advantages

key words: P2DR model active defense technology SCADA dispatching automation with the agricultural transformation, the dispatching automation system of various power departments has developed rapidly. In addition to completing the SCADA function, it has basically realized advanced analysis functions, such as network topology analysis, state estimation, power flow calculation, safety. According to the friction movement mode, it can be divided into: linear reciprocating friction and wear experimental machine analysis, economic scheduling, etc, The level of power dispatching automation has been greatly improved. The application of dispatching automation improves the efficiency of power operation, improves the working conditions of dispatching operators, and accelerates the pace of unattended substation. At present, power dispatching automation system has become the "heart" of power enterprises [1]. For this reason, the dispatching automation system puts forward higher requirements for preventing viruses and hacker attacks. The security level of the power monitoring system is higher than that of the power management information system and office automation system stipulated in the regulations on the security protection of the computer monitoring system and dispatching data network of electric power and power plants (Order No. 30 of the State Economic and Trade Commission of the people's Republic of China) [9]. Each power monitoring system must have its own safety protection facilities with high reliability, and shall not be directly connected with the system with low safety level. From the current survey results of the application of dispatching automation security protection technology, many power departments have deployed some network security products in the dispatching automation system network, but these products have not formed a system, some have only purchased anti-virus software and firewall, the technology to ensure security is single, there are still many weak links not covered, and there is no unified long-term plan for the dispatching automation network security, There are many potential safety hazards in the network that have brought great help to the industry. Some places have not even considered the safety protection issues, such as the safety of data transmission between dispatching automation and distribution automation, and between dispatching automation system and MIS system. How to ensure the safe and stable operation of dispatching automation system and prevent virus intrusion has become increasingly important. In terms of the existing security protection technology and methods adopted by the environmental force system, most of the dispatching automation systems of power enterprises adopt passive defense technology, including firewall technology and intrusion detection technology. With the development of network technology, its defects are gradually exposed. Firewall can not play a role in protecting network security, such as viruses, access restrictions, backdoor threats and internal hacker attacks. Intrusion detection has a high rate of false positives and false positives [4]. These must require higher technical means to prevent hacker attacks and virus intrusion. Based on the combination of traditional security technology and active defense technology, this paper designs a set of security protection model according to the dynamic information security P2DR model and considering the actual situation of the dispatching automation system, which has a good reference value for improving the anti-virus and hacker attack level of the dispatching automation system. 1 technical factors threatening the network security of the dispatching automation system. Most of the current dispatching automation system networks, such as ies-500 system [10], open2000 system, are based on windows as the operating system platform, and are connected to the Internet at the same time. The sharing and openness of the Internet network make the information security congenital deficiency, because the tcp/ip protocol on which it depends lacks the corresponding security mechanism, and the initial design of the Internet did not consider the security problem, Therefore, it is inadaptable in terms of safety, reliability, service quality and convenience [3]. In addition, with the continuous increase of data exchange in dispatching automation and office automation systems, security vulnerabilities or "back doors" in the system are also inevitable. The development of interconnection and other requirements among various systems within power enterprises has led to more and more virus, external and internal attacks, and it is increasingly prominent to further strengthen the security protection of dispatching automation systems from a technical point of view. 2 security protection design based on new active defense technology 2.1 interface between dispatching automation system and other systems due to the nature and characteristics of the work of dispatching automation system itself, it mainly needs to realize information sharing with office automation (MIS) system [6] and distribution automation system. In order to ensure the transparency of power operation, the production, maintenance, operation and other departments within the enterprise must be able to understand the power operation from the office automation system. Therefore, the dispatching automation system has its own web server to realize data sharing. Since the dispatching automation system and the distribution automation system involve the 10 kV outgoing line switch of the correct reset station that needs to control the transformer response force pointer at the same time, information exchange needs to be carried out between them, and the operation of the distribution automation system needs to be published to the public through its Web server [5]. At the same time, due to the security requirements of the distribution automation system itself, considering the investment problem, Its security protection and scheduling automation can be considered together for design. 2.2 types of active defense technology at present, there are two kinds of new active defense technologies. One is trap technology, which includes honeypot technology and honeynet technology. Honeypot technology is to set up a trap system containing vulnerabilities to provide an attacker with an easy target by simulating one or more vulnerable hosts [2]. The function of honeypot is to provide false services for the outside world, delay the attacker's attack on the real target, and let the attacker waste time on honeypot. Honeypots are divided into product type and research type according to the design purpose. At present, there are many commercial honeypot products, such as BOF, a tool developed by Marcus ranum and NFR company to monitor back office. Specter is a commercial low interaction honeypot, similar to BOF, but it can simulate a wider range of services and functions. Honey technology is the most famous open honeypot project [7]. It is a specially designed network for people to "capture", which is mainly used to analyze all information, tools, strategies and purposes of intruders. Another technology is forensics, which includes static forensics and dynamic forensics. Static forensics technology is to use various technical means to analyze and obtain evidence in the case of having been invaded. Now it is this static forensics method that is widely used to confirm, extract, analyze and extract data after intrusion