CN118170662A

CN118170662A - Fuzzy test method and device for power protocol and power protocol test system

Info

Publication number: CN118170662A
Application number: CN202410329348.9A
Authority: CN
Inventors: 陶佳冶; 梁志宏; 付鋆; 洪超; 班秋成; 杨祎巍; 魏力鹏; 李攀登; 周泽元; 张宇南; 刘俊荣; 蒋屹新; 严彬元; 徐文倩; 张猛
Original assignee: China South Power Grid International Co ltd; Information Center of Guizhou Power Grid Co Ltd
Current assignee: China South Power Grid International Co ltd; Information Center of Guizhou Power Grid Co Ltd
Priority date: 2024-03-21
Filing date: 2024-03-21
Publication date: 2024-06-11

Abstract

The application provides a fuzzy test method and device of an electric power protocol and an electric power protocol test system, wherein the method comprises the following steps: carding the target power protocol and the target system to obtain first target data, and determining a state transition diagram according to the first target data; acquiring a first data set, marking the first data set to obtain a second data set, and determining a first target neural network according to the second data set; inputting the second data set into the first target neural network to obtain a third data set, and processing the third data set to obtain a fourth data set; dividing the fourth data set into a fifth data set and a sixth data set, training the neural network according to the fifth data set and testing according to the sixth data set to obtain a second target neural network; and determining a target fuzzy test set according to the fourth data set, and carrying out fuzzy test on the target system according to the target fuzzy test set. The method solves the problems that in the prior art, the power protocol analysis needs to be manually carried out, and the accuracy is low.

Description

Fuzzy test method and device for power protocol and power protocol test system

Technical Field

The invention relates to the technical field of industrial control systems, in particular to a fuzzy test method and device for an electric power protocol, a computer readable storage medium and an electric power protocol test system.

Background

The power protocol in an industrial control system refers to a communication protocol for monitoring, managing and controlling the power system. The power system is a huge and complex system, and comprises a plurality of links such as power generation, transmission, distribution and the like. In order to enable monitoring and control of the various components of the power system, specific communication protocols are required to ensure that information is effectively exchanged between the devices. However, with the continued development of network technology, power systems are also faced with new security challenges, such as network attacks, malware, and the like.

Currently, power protocols commonly used in power systems are IEC61850, modbus, DNP3, and the like, and these protocols have more or less vulnerabilities such as buffer overflows, unverified accesses, plaintext communications, protocol parsing problems, and the like. These vulnerabilities may be exploited by hackers or attackers, resulting in security risks for the power system.

Therefore, safety assessment of the power protocol and monitoring of the power becomes critical to ensure robustness of the power system against potential threats. In this regard, security professionals must employ some means to periodically review and update protocols to accommodate evolving cyber-security threats. In existing protocol testing methods, the assessment of the power protocol is mostly made dependent on the experience of the practitioner.

Disclosure of Invention

The application mainly aims to provide a fuzzy test method, a fuzzy test device, a computer-readable storage medium and a power protocol test system for a power protocol, which at least solve the problems that in the prior art, the power protocol analysis needs to be manually performed and the accuracy is low.

To achieve the above object, according to one aspect of the present application, there is provided a ambiguity test method of a power protocol, including: carding a target power protocol and a target system to obtain first target data, determining a state transition diagram according to the first target data, wherein the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, format and structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing the transition relation between the system states of the target system; monitoring operation data of the target system to obtain a first data set, marking the first data set to obtain a second data set, determining at least one first target neural network according to the second data set, wherein different first target neural networks are used for extracting different types of characteristic data; inputting the second data set into the first target neural network to obtain a third data set, processing the third data set, and converting data in the third data set into a preset format to obtain a fourth data set; dividing the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, training a neural network according to the fifth data set and testing according to the sixth data set, and determining the neural network as a second target neural network under the condition that a loss function of the neural network is smaller than a threshold value, wherein the neural network is used for generating a fuzzy testing set based on operation data of the target system; inputting the fourth data set into the second target neural network to obtain a target fuzzy test set, carrying out fuzzy test on the target system according to the target fuzzy test set, and determining a fuzzy test result according to the response of the target system, wherein the fuzzy test result comprises an abnormal state and an abnormal behavior of the target system.

Optionally, carding the target power protocol and the target system to obtain first target data, including: analyzing the target system, and determining a protocol type of the target power protocol, wherein the protocol type comprises one or more of DNP3, modbus and IEC 61850; analyzing the target power protocol, and determining a protocol role of the target power protocol, wherein the protocol role at least comprises one or more of monitoring a power equipment state in the target system, executing a control command and transmitting alarm information; analyzing the target power protocol, and determining format information of the target power protocol, wherein the format information comprises at least one of a message header, a message body and a checksum; analyzing the target power protocol, and determining message content of the target power protocol, wherein the message content comprises at least one of a device identifier, a command type, a control parameter and a device address; analyzing the target power protocol, determining a security mechanism of the target power protocol, the security mechanism including at least one of encrypted communication, identity verification, and integrity verification; analyzing the target power protocol, and determining a risk type of the target power protocol, wherein the risk type comprises at least one of man-in-the-middle attack and data injection; the first target data is structured according to the protocol type, the protocol role, the format information, the message content, the security mechanism and the risk type.

Optionally, determining a state transition diagram according to the first target data includes: the method comprises the steps that under the control of a target power protocol, equipment in the target system allows data to be sent and received, and the state allowing monitoring operation and control operation to be carried out on the target system is determined to be a connection establishment state; the equipment in the target system periodically performs the monitoring operation and sends monitoring data or periodically receives instructions of other equipment and executes the control operation under the control of the target power protocol to determine a normal monitoring state; under the control of the target power protocol, the state that equipment in the target system generates alarm information and executes safety measures is determined to be an abnormal alarm state; determining a state that the equipment in the target system does not allow data to be sent as a disconnection state under the control of the target power protocol; and determining corresponding triggerable target events under the condition that the target system is in the connection establishment state, the normal monitoring state, the abnormal alarm state or the disconnection state based on the first target data, determining the system state of the target system after triggering according to the corresponding target events, and drawing the state transition diagram.

Optionally, monitoring the operation data of the target system to obtain a first data set, and marking the first data set to obtain a second data set includes: monitoring Modbus communication data of the target system in the normal monitoring state to obtain first operation data; monitoring query data, response data and monitoring data among devices in the target system to obtain second operation data; monitoring abnormal input data of equipment in the target system to obtain third operation data; monitoring abnormal response data of equipment in the target system to obtain fourth operation data; the first data set is constructed according to the first operation data, the second operation data, the third operation data and the fourth operation data, first identification information is added to the first operation data and the second operation data in the first data set, second identification information is added to the third operation data and the fourth operation data to obtain the second data set, the first identification information is used for representing that the data is normal data, and the second identification information is used for representing that the data is abnormal data.

Optionally, determining at least one first target neural network from the second data set includes: determining that the first target neural network is a recurrent neural network and a convolutional neural network when the second data set comprises a message sequence, wherein the recurrent neural network is used for extracting time sequence characteristics of data in the second data set, and the convolutional neural network is used for extracting structural information of the data in the second data set; and determining that the first target neural network is the convolutional neural network if the second data set does not include the message sequence.

Optionally, inputting the second data set into the first target neural network to obtain a third data set, and processing the third data set to convert data in the third data set into a preset format to obtain a fourth data set, including: extracting data structure characteristics of data in the second data set under the condition that the first target neural network is the convolutional neural network, wherein the data structure characteristics comprise a message header, a function code, a register address and a numerical value or coding representation corresponding to content data; extracting data length characteristics of data in the second data set, wherein the data length characteristics comprise lengths of different types of data; extracting preset matching features of data in the second data set, wherein the preset matching features comprise numerical values or coded representations obtained by text conversion matched with preset keywords in the convolutional neural network; extracting data timing characteristics of data in the second data set under the condition that the first target neural network is the cyclic neural network, wherein the data timing characteristics comprise sequence relations of all data in the second data set; constructing the third data set according to the data structure characteristic, the data length characteristic, the preset matching characteristic and the data time sequence characteristic; converting the type data in the third data set into numerical data, constructing a message sequence according to the data time sequence characteristics by the data in the third data set, carrying out normalized mapping on the numerical data in the third data set to a preset numerical range, carrying out data filling on the numerical data in the third data set to obtain a seventh data set, and converting the fifth data set into a vector combination form to represent the seventh data set to obtain an eighth data set; the fourth data set is constructed from the seventh data set and the eighth data set.

Optionally, inputting the fourth data set into the second target neural network to obtain a target fuzzy test set, including: introducing random noise into the data of the fourth data set; and/or randomly altering the data of the fourth data set; and/or replacing a second preset field in the data of the fourth data set according to the first preset field; and/or adding boundary numerical data corresponding to different data types in the fourth data set according to the data types corresponding to the data of the fourth data set; and/or adding error data corresponding to different data types in the fourth data set according to the data types corresponding to the data of the fourth data set; and/or changing the time sequence of the message sequence in the fourth data set to obtain the target fuzzy test set.

According to another aspect of the present application, there is provided a ambiguity test apparatus for a power protocol, the apparatus comprising: the system comprises a first acquisition unit, a state transition diagram and a second acquisition unit, wherein the first acquisition unit is used for carding a target power protocol and a target system to obtain first target data, a state transition diagram is determined according to the first target data, the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, the format and the structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing the transition relation among the system states of the target system; the second acquisition unit is used for monitoring the operation data of the target system to obtain a first data set, marking the first data set to obtain a second data set, determining at least one first target neural network according to the second data set, and extracting different types of characteristic data from different first target neural networks; the first input unit is used for inputting the second data set into the first target neural network to obtain a third data set, processing the third data set and converting the data in the third data set into a preset format to obtain a fourth data set; the training unit is used for dividing the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, training a neural network according to the fifth data set and testing according to the sixth data set, determining the neural network as a second target neural network under the condition that the loss function of the neural network is smaller than a threshold value, and generating a fuzzy testing set based on the operation data of the target system by the neural network; the second input unit is used for inputting the fourth data set into the second target neural network to obtain a target fuzzy test set, performing fuzzy test on the target system according to the target fuzzy test set, and determining a fuzzy test result according to the response of the target system, wherein the fuzzy test result comprises an abnormal state and an abnormal behavior of the target system.

According to still another aspect of the present application, there is provided a computer readable storage medium including a stored program, wherein the program when run controls a device in which the computer readable storage medium is located to perform any one of the methods.

According to still another aspect of the present application, there is provided a power protocol test system including: one or more processors, memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing any of the methods.

In the fuzzy test method of the power protocol, firstly, a target power protocol and a target system are combed to obtain first target data, a state transition diagram is determined according to the first target data, the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, format and structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing the transition relation between the system states of the target system; then, monitoring the operation data of the target system to obtain a first data set, marking the first data set to obtain a second data set, determining at least one first target neural network according to the second data set, wherein different first target neural networks are used for extracting different types of characteristic data; then, inputting the second data set into the first target neural network to obtain a third data set, processing the third data set, and converting the data in the third data set into a preset format to obtain a fourth data set; then, dividing the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, training a neural network according to the fifth data set and testing according to the sixth data set, determining the neural network as a second target neural network when the loss function of the neural network is smaller than a threshold value, wherein the neural network is used for generating a fuzzy testing set based on the operation data of the target system; and finally, inputting the fourth data set into the second target neural network to obtain a target fuzzy test set, carrying out fuzzy test on the target system according to the target fuzzy test set, and determining a fuzzy test result according to the response of the target system, wherein the fuzzy test result comprises the abnormal state and the abnormal behavior of the target system. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower.

Drawings

Fig. 1 is a block diagram showing a hardware configuration of a mobile terminal according to a power protocol ambiguity test method provided in an embodiment of the present application;

FIG. 2 is a flow chart of a power protocol ambiguity test method according to an embodiment of the present application;

fig. 3 shows a block diagram of a power protocol ambiguity test method according to an embodiment of the present application.

Wherein the above figures include the following reference numerals:

102. A processor; 104. a memory; 106. a transmission device; 108. and an input/output device.

Detailed Description

It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.

In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the application herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

As described in the background art, in the existing protocol test method in the prior art, the evaluation of the power protocol is mostly performed by relying on experience of professionals, so as to solve the problem that in the prior art, the power protocol analysis needs to be performed manually, and the accuracy is low.

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.

The method embodiments provided in the embodiments of the present application may be performed in a mobile terminal, a computer terminal or similar computing device. Taking the mobile terminal as an example, fig. 1 is a block diagram of a hardware structure of the mobile terminal according to a power protocol ambiguity test method according to an embodiment of the present application. As shown in fig. 1, a mobile terminal may include one or more (only one is shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 104 for storing data, wherein the mobile terminal may also include a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those skilled in the art that the structure shown in fig. 1 is merely illustrative and not limiting of the structure of the mobile terminal described above. For example, the mobile terminal may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1.

The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to a display method of device information in an embodiment of the present invention, and the processor 102 executes the computer program stored in the memory 104 to perform various functional applications and data processing, that is, to implement the above-described method. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located relative to the processor 102, which may be connected to the mobile terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The transmission device 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, simply referred to as a NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is configured to communicate with the internet wirelessly.

In this embodiment, a method for ambiguity testing of a power protocol running on a mobile terminal, a computer terminal or a similar computing device is provided, it being noted that the steps shown in the flowchart of the figures may be performed in a computer system such as a set of computer executable instructions, and although a logical order is shown in the flowchart, in some cases the steps shown or described may be performed in an order different from that shown herein.

Fig. 2 is a flowchart of a power protocol ambiguity test method according to an embodiment of the present application. As shown in fig. 2, the method comprises the steps of:

Step S201, carding a target power protocol and a target system to obtain first target data, determining a state transition diagram according to the first target data, wherein the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, format and structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing the transition relation between the system states of the target system;

Specifically, the power protocol to be tested is analyzed according to a plan, the basic working principle of the power protocol in a related system is obtained, the first target data is obtained, the working principle is further explored, and a state transition diagram of the power protocol is determined and used for representing various possible states and transition between the states.

Step S202, monitoring the operation data of the target system to obtain a first data set, marking the first data set to obtain a second data set, determining at least one first target neural network according to the second data set, wherein different first target neural networks are used for extracting different types of characteristic data;

Specifically, data related to the power protocol in the related system is collected, including valid protocol messages and a field input, to obtain the first data set. And further, marking the data in the first data set, and distinguishing the data into normal data and abnormal data so as to facilitate the neural network to learn and extract relevant characteristics to obtain the second data set. And selecting a proper neural network model according to the useful characteristics in the related protocol message to obtain the first target neural network.

Step S203, inputting the second data set into the first target neural network to obtain a third data set, processing the third data set, and converting the data in the third data set into a preset format to obtain a fourth data set;

Specifically, the second data set is input into the first target neural network to perform feature extraction to obtain a feature data set, namely the third data set. And further, performing data processing on the third data set to convert the data in the third data set into a data format suitable for processing by the neural network to obtain the fourth data set.

Step S204, dividing the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, training a neural network according to the fifth data set and testing according to the sixth data set, determining the neural network as a second target neural network when the loss function of the neural network is smaller than a threshold value, wherein the neural network is used for generating a fuzzy testing set based on the operation data of the target system;

Specifically, the fourth data set is divided to obtain a training set and a testing set, namely the fifth data set and the sixth data set. And further training the model according to the training set, and evaluating the performance of the model according to the testing set. And determining that the performance of the model meets the requirement under the condition that the loss function of the neural network is smaller than a threshold value, and determining the model as a second target neural network.

Step S205, inputting the fourth data set into the second target neural network to obtain a target fuzzy test set, performing fuzzy test on the target system according to the target fuzzy test set, and determining a fuzzy test result according to the response of the target system, wherein the fuzzy test result comprises an abnormal state and an abnormal behavior of the target system.

Specifically, the feature data set after format conversion is input into the second target neural network to generate a fuzzy test set, further, the fuzzy test set is used for carrying out fuzzy test on the power system, the response of the system is monitored, the abnormal behavior and the error state of the system are collected, and the vulnerability and the risk of the power protocol are determined according to the test result.

According to the embodiment, first, a target power protocol and a target system are combed to obtain first target data, a state transition diagram is determined according to the first target data, the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, format and structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing a transition relation among system states of the target system; then, monitoring the operation data of the target system to obtain a first data set, marking the first data set to obtain a second data set, determining at least one first target neural network according to the second data set, wherein different first target neural networks are used for extracting different types of characteristic data; then, inputting the second data set into the first target neural network to obtain a third data set, processing the third data set, and converting the data in the third data set into a preset format to obtain a fourth data set; then, dividing the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, training a neural network according to the fifth data set and testing according to the sixth data set, determining the neural network as a second target neural network when the loss function of the neural network is smaller than a threshold value, wherein the neural network is used for generating a fuzzy testing set based on the operation data of the target system; and finally, inputting the fourth data set into the second target neural network to obtain a target fuzzy test set, carrying out fuzzy test on the target system according to the target fuzzy test set, and determining a fuzzy test result according to the response of the target system, wherein the fuzzy test result comprises the abnormal state and the abnormal behavior of the target system. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower.

In order to obtain the first target data, in an alternative embodiment, the step S201 includes:

Step S20101, analyzing the target system to determine the protocol type of the target power protocol, wherein the protocol type comprises one or more of DNP3, modbus and IEC 61850;

specifically, carding the power protocol includes: the type of power system communication protocol is determined, including DNP3, modbus, IEC 61850, etc.

Step S20102, analyzing the target power protocol, determining a protocol role of the target power protocol, wherein the protocol role at least comprises one or more of monitoring a power equipment state in the target system, executing a control command and transmitting alarm information;

specifically, carding the power protocol includes: the main purposes of determining that the power protocol is configured in the power system include monitoring the status of the power equipment in real time, executing control commands, transmitting alarm information, etc.

Step S20103, analyzing the target power protocol, and determining format information of the target power protocol, wherein the format information comprises at least one of a message header, a message body and a checksum;

Specifically, carding the power protocol includes: the format, the field and the structure of the message in the power protocol are determined, wherein the format, the field and the structure comprise a message body, a message header, a check code and the like.

Step S20104, analyzing the target power protocol, and determining message content of the target power protocol, wherein the message content comprises at least one of a device identifier, a command type, a control parameter and a device address;

specifically, carding the power protocol includes: the content, such as a device identifier, command type, parameters, device address, etc., contained in the message between the devices in the power protocol is determined.

Step S20105, analyzing the target power protocol, and determining a security mechanism of the target power protocol, wherein the security mechanism comprises at least one of encryption communication, identity verification and integrity verification;

specifically, carding the power protocol includes: the security mechanisms used in the power protocol are determined, including encryption, authentication, integrity verification, and the like.

Step S20106, analyzing the target power protocol, and determining a risk type of the target power protocol, wherein the risk type comprises at least one of man-in-the-middle attack and data injection;

specifically, carding the power protocol includes: and determining risks existing in villages in the communication process of the power protocol, including man-in-the-middle attack, malicious data injection and the like.

Step S20107, constructing the first target data according to the protocol type, the protocol role, the format information, the message content, the security mechanism, and the risk type.

Specifically, the data is integrated in a preset format to obtain the first target data.

In order to obtain the state transition diagram, in an alternative embodiment, the step S201 further includes:

step S20108, the device in the target system allows data transmission and reception under the control of the target power protocol, and the state of allowing monitoring operation and control operation to the target system is determined as a connection establishment state;

Specifically, a state transition diagram is drawn, states that may exist in a power protocol are first combed, in one embodiment, the system is divided into a normal working state and an abnormal state, meaning and expected behavior of each state are further determined, the states are further refined, and the states in which the device can send and receive data and perform normal monitoring and control operations are determined as connection establishment states.

Step S20109, determining that the state of the target system in which the device in the target system periodically performs the monitoring operation and transmits monitoring data or periodically receives instructions of other devices and performs the control operation is a normal monitoring state under the control of the target power protocol;

specifically, the device periodically transmits monitoring data, receives instructions of other devices, and determines a state of executing corresponding control operations as required as a normal monitoring state.

Step S20110, determining the state that the target system generates alarm information and executes safety measures as an abnormal alarm state under the control of the target power protocol;

Specifically, the device may send an alarm message informing other system components of the problem, and may take predetermined emergency measures such as cutting off the power or changing the state of the operation mode to determine an abnormal alarm state.

Step S20111, determining a state in which the device in the target system does not allow data transmission as a disconnected state under the control of the target power protocol;

Specifically, stopping the device from transmitting data may provide a notification of disconnection, and a state waiting for reconnection or performing a maintenance operation is determined as a disconnected state.

Step S20112, determining, based on the first target data, a triggerable target event corresponding to each of the connection establishment state, the normal monitoring state, the abnormal alarm state, and the disconnection state of the target system, and drawing the state transition diagram according to the system state of the target system after the triggering determined by the corresponding target event.

Specifically, in addition to the above-mentioned conventional states, the system eventually has a state triggered by a special event, and further, based on a state transition diagram of each system state, a possible transition path of the power protocol between different states is displayed; identifying events and conditions that trigger state transitions, including receipt of a specific type of message that includes a specified alarm identifier that indicates that the device detected an abnormal condition at a remote location; a timeout event, the device not receiving an acknowledgement message from the key device within a specified time, triggering the timeout event, possibly causing the device to switch to a disconnected state; an error detection event, wherein errors occur in the transmission process of the received message, verification and verification fail, and the error detection event is triggered, so that the equipment can be switched to an abnormal alarm state; a user command event, the device receiving the user command may perform a state transition according to the command content, for example, performing an emergency shutdown or switching to a standby mode; the internal triggering condition of the system is that the equipment detects the internal fault and triggers the internal protection mechanism of the system, so that the equipment can be switched to an abnormal alarm state and take corresponding emergency measures; confirming the handling mode of errors and abnormal conditions in a communication protocol, wherein the handling mode comprises error codes, and the protocol prescribes a set of error codes for indicating various error types possibly occurring in communication, including message format errors, check sum errors; a retry mechanism, which may be defined by the protocol in some error situations, allowing the device to attempt to send a message multiple times over a period of time; switching to the secure state, in some severe error cases, the protocol may prescribe a behavior to switch to the secure state to avoid further damage to the system; refusing bad messages, the protocol may specify the manner of handling when the device receives an invalid or abnormal message, including directly ignoring, returning an error response, or disconnecting; the abnormal input processing, the protocol may define the processing mode of the abnormal input to prevent potential attack and abnormal condition; consider boundary conditions that may cause a change in the state of the protocol including the message size exceeding a limit, the protocol prescribing a maximum size of 1000 bytes per message; the overtime value is abnormal, and the protocol prescribes that under normal conditions, the overtime time of the equipment waiting for response is 5 seconds; abnormal state duration, the longest duration of the device in the abnormal state is 10 minutes; frequent state transitions, the protocol prescribes a minimum time interval of 1 second between two state transitions; invalid parameter ranges, (the protocol specifies a valid range of a certain parameter of 1 to 100.

In order to obtain training data of the neural network, in an alternative embodiment, the step S202 includes:

step S2021, monitoring Modbus communication data of the target system in the normal monitoring state to obtain first operation data;

specifically, the first operation network data is obtained by capturing and recording Modbus communication messages in a normal working state from an actual power monitoring system.

Step S2022, monitoring the query data, the response data and the monitoring data among the devices in the target system to obtain second operation data;

Specifically, the query and response messages between the devices are collected, and the periodically transmitted monitoring data obtain the second operation data.

Step S2023, monitoring the abnormal input data of the equipment in the target system to obtain third operation data;

specifically, collecting exception inputs, including artificially creating some exception conditions, including sending a message of a format error, invalid function codes, or corrupted data, yields the third operational data described above.

Step S2023, monitoring the abnormal response data of the devices in the target system to obtain fourth operation data;

specifically, the collecting system obtains the fourth operation data when receiving the abnormal response data at the time of the abnormal input.

Step S2024, constructing the first data set according to the first operation data, the second operation data, the third operation data and the fourth operation data, adding first identification information to the first operation data and the second operation data in the first data set, adding second identification information to the third operation data and the fourth operation data to obtain the second data set, wherein the first identification information is used for representing that the data is normal data, and the second identification information is used for representing that the data is abnormal data.

Specifically, the first operation data, the second operation data, the third operation data and the fourth operation data are stored in a preset format to obtain the first data set, normal data are added to the first operation data and the second operation data to obtain marks, and abnormal data are added to the third operation data and the fourth operation data to obtain the second data set.

In order to determine the first target neural network, in an optional embodiment, the step S202 further includes:

Step S2025, when the second data set includes a message sequence, of determining that the first target neural network is a recurrent neural network and a convolutional neural network, where the recurrent neural network is used to extract a time sequence feature of data in the second data set, and the convolutional neural network is used to extract structural information of data in the second data set;

In particular, a Recurrent Neural Network (RNN) may be used to capture timing characteristics in messages, including sequencing of messages and transitions between states; modeling a sequence of consecutive protocol messages using the RNN to capture timing relationships between the messages; RNNs can help models understand transition patterns between states in a sequence of messages, helping to detect abnormal states or behavior; the memory properties of the RNN enable the model to take into account past messages, facilitating the processing of current messages.

Step S2026, in a case where the second data set does not include the message sequence, determining that the first target neural network is the convolutional neural network.

In particular, in the context of a power protocol, capturing a message by a convolution operation may comprise a regular structure including a message header, a message body; extracting structural information in the message by using a convolution layer, wherein the structural information comprises characteristics of a message header and a message body; convolutional Neural Networks (CNNs) can capture spatial relationships between different parts of a message, helping to understand the overall structure of the message; through the learning of the convolution kernel, the CNN can automatically capture key features in the message, and the sensitivity of the model to important information is improved.

In order to obtain the fourth data set, in an alternative embodiment, the step S203 includes:

Step S2031, extracting data structure characteristics of data in the second data set, where the first target neural network is the convolutional neural network, where the data structure characteristics include a message header, a function code, a register address, and a numerical value or a coded representation corresponding to content data;

Specifically, the message structure feature extraction includes: the message is parsed and the numerical or coded representation of each field is extracted using the fields defined by the protocol specification, and for the Modbus protocol, the message includes a header, a function code, a register address, and data, and by extracting these fields, the structural characteristics of the message may be obtained.

Step S2032, extracting data length characteristics of the data in the second data set, where the data length characteristics include lengths of different types of data;

Specifically, the message length features include: the length of the messages may be different for different types of messages, and the message length may be an important feature as one of the input features of the neural network.

Step S2033, extracting preset matching features of the data in the second data set, where the preset matching features include numerical values or coded representations obtained by text conversion matched with preset keywords in the convolutional neural network;

Specifically, the keyword matching features include: keywords contained in the message are detected and converted into corresponding values or codes, including "query", "response", etc., using text processing techniques.

Step S2034, extracting a data timing characteristic of the data in the second data set, where the first target neural network is the recurrent neural network, the data timing characteristic including a sequential relationship of the data in the second data set;

in particular, the timing characteristics of the messages may be obtained by recording the transmission time stamps of the messages, the time intervals between the messages, and the like.

Step S2035, constructing the third data set according to the data structure feature, the data length feature, the preset matching feature, and the data timing feature;

Specifically, the extracted data is stored in a data set to obtain the third data set.

Step S2036, converting the category type data in the third data set into numerical data, constructing a message sequence according to the data time sequence characteristics by the data in the third data set, normalizing and mapping the numerical data in the third data set to a preset numerical range, filling the numerical data in the third data set to obtain a seventh data set, converting the fifth data set into a vector combination form, and representing the seventh data set to obtain an eighth data set;

Specifically, the method of converting the message into a format suitable for the neural network processing includes techniques such as numerical value/encoding (using one-hot encoding), converting the class type data into a numerical value type so that the neural network can process, serializing (sorting the extracted features by time stamp to form a message sequence so that RNN can effectively capture timing information), normalization/normalization (mapping the feature values to a suitable numerical range using standard deviation normalization or minimum-maximum normalization, etc.), padding (adding a specific value or cutting after a short sequence to ensure that all the sequence lengths are consistent so as to form a fixed length input), feature vector combining (combining all the features into one vector, which may be an embedded vector or a connected feature vector, including extracted structural features, length features, for CNN processing).

Step S2037, constructing the fourth data set according to the seventh data set and the eighth data set.

Specifically, the seventh data set and the eighth data set are stored in a preset sequence to obtain the fourth data set.

In order to obtain the target fuzzy test set, in an alternative embodiment, the step S205 includes:

step S2051, introducing random noise into the data of the fourth data set; and/or

Step S2052, randomly changing the data of the fourth data set; and/or

Step S2053, replacing a second preset field in the data of the fourth data set according to the first preset field; and/or

Step S2054, adding boundary numerical data corresponding to different data types in the fourth data set according to the data types corresponding to the data of the fourth data set; and/or

Step S2055, adding error data corresponding to different data types in the fourth data set according to the data types corresponding to the data of the fourth data set; and/or

Step S2056, changing the timing of the message sequence in the fourth data set to obtain the target fuzzy test set.

Specifically, the way the target fuzzy test set is generated includes introducing noise, by introducing random noise in the normal message, including randomly modifying certain bytes in the message or adding additional nonsensical information; changing the message structure, on the basis of normal message, randomly changing the message structure, including exchanging the position of message field, adding or deleting some fields; simulating an abnormal condition, and introducing a specific abnormal condition, wherein the abnormal condition comprises the steps of setting a checksum in a message as an invalid value and simulating a timeout condition; mechanically generating a message, randomly generating a message which accords with the specification but is unusual according to the protocol specification, wherein the message comprises unusual function codes and register addresses; error parameter injection, which is to inject error values or out-of-range values for parameters in the message, including register addresses and data values; time sequence perturbation, which introduces a temporal perturbation to the generated message sequence, including randomly changing the transmission time stamp or time interval of the message; an attack sample is generated, and a message with misleading property is generated by using the generation of the neural network to resist the network, so that the message is legal under normal conditions and has one or more of aggressiveness.

It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.

The embodiment of the application also provides a fuzzy testing device of the power protocol, and the fuzzy testing device of the power protocol can be used for executing the fuzzy testing method for the power protocol. The device is used for realizing the above embodiments and preferred embodiments, and is not described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.

The following describes a power protocol ambiguity test device provided by an embodiment of the present application.

Fig. 3 is a block diagram of a power protocol ambiguity test apparatus according to an embodiment of the present application. As shown in fig. 3, the apparatus includes:

A first obtaining unit 10, configured to comb a target power protocol and a target system to obtain first target data, and determine a state transition diagram according to the first target data, where the target system is a power system deployed by the target power protocol, and the first target data at least includes a type, a format, and a structure of the target power protocol and an operation principle of the target system, and the state transition diagram is used to characterize a transition relationship between system states of the target system;

A second obtaining unit 20, configured to monitor operation data of the target system to obtain a first data set, mark the first data set to obtain a second data set, determine at least one first target neural network according to the second data set, where different first target neural networks are used to extract different types of feature data;

A first input unit 30, configured to input the second data set into the first target neural network to obtain a third data set, and process the third data set to convert data in the third data set into a preset format to obtain a fourth data set;

A training unit 40, configured to divide the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, train a neural network according to the fifth data set and test according to the sixth data set, determine the neural network as a second target neural network if a loss function of the neural network is less than a threshold value, where the neural network is configured to generate a fuzzy testing set based on operation data of the target system;

And a second input unit 50, configured to input the fourth data set into the second target neural network to obtain a target fuzzy test set, perform a fuzzy test on the target system according to the target fuzzy test set, and determine a fuzzy test result according to a response of the target system, where the fuzzy test result includes an abnormal state and an abnormal behavior of the target system.

According to the embodiment, a first obtaining unit obtains first target data by combing a target power protocol and a target system, a state transition diagram is determined according to the first target data, the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, format and structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing a transition relation between system states of the target system; the second acquisition unit monitors the operation data of the target system to obtain a first data set, marks the first data set to obtain a second data set, determines at least one first target neural network according to the second data set, and is used for extracting different types of characteristic data from different first target neural networks; the first input unit inputs the second data set into the first target neural network to obtain a third data set, processes the third data set, and converts data in the third data set into a preset format to obtain a fourth data set; the training unit divides the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, trains the neural network according to the fifth data set and tests according to the sixth data set, determines the neural network as a second target neural network when the loss function of the neural network is smaller than a threshold value, and the neural network is used for generating a fuzzy testing set based on the operation data of the target system; and the second input unit inputs the fourth data set into the second target neural network to obtain a target fuzzy test set, the target system is subjected to fuzzy test according to the target fuzzy test set, and a fuzzy test result is determined according to the response of the target system, wherein the fuzzy test result comprises the abnormal state and the abnormal behavior of the target system. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower.

In order to obtain the first target data, in an alternative embodiment, the first obtaining unit includes:

the first determining module is used for analyzing the target system and determining the protocol type of the target power protocol, wherein the protocol type comprises one or more of DNP3, modbus and IEC 61850;

The second determining module is used for analyzing the target power protocol and determining the protocol action of the target power protocol, and the protocol action at least comprises one or more of monitoring the state of power equipment in the target system, executing control commands and transmitting alarm information;

A third determining module, configured to analyze the target power protocol, and determine format information of the target power protocol, where the format information includes at least one of a message header, a message body, and a checksum;

A fourth determining module, configured to analyze the target power protocol, and determine a message content of the target power protocol, where the message content includes at least one of a device identifier, a command type, a control parameter, and a device address;

A fifth determining module, configured to analyze the target power protocol and determine a security mechanism of the target power protocol, where the security mechanism includes at least one of encrypted communication, identity verification, and integrity verification;

A sixth determining module, configured to analyze the target power protocol, and determine a risk type of the target power protocol, where the risk type includes at least one of man-in-the-middle attack and data injection;

The first construction module is configured to construct the first target data according to the protocol type, the protocol role, the format information, the message content, the security mechanism, and the risk type.

In order to obtain the state transition diagram, in an alternative embodiment, the first obtaining unit further includes:

A seventh determining module, configured to determine, as a connection establishment state, a state in which the device in the target system is allowed to perform data transmission and reception and is allowed to perform a monitoring operation and a control operation on the target system under the control of the target power protocol;

An eighth determining module, configured to determine, as a normal monitoring state, a state in which the target system periodically performs the monitoring operation and sends monitoring data or periodically receives an instruction of another device and performs the control operation under the control of the target power protocol;

A ninth determining module, configured to determine, as an abnormal alarm state, a state in which the target system generates alarm information and performs security measures by devices in the target system under the control of the target power protocol;

A tenth determining module, configured to determine, as a disconnection state, a state in which the device in the target system does not allow transmission of data under the control of the target power protocol by the target system;

And the second construction module is used for determining corresponding triggerable target events respectively under the condition that the target system is in the connection establishment state, the normal monitoring state, the abnormal alarm state or the disconnection state based on the first target data, determining the system state of the target system after triggering according to the corresponding target events, and drawing the state transition diagram.

In order to obtain training data of the neural network, in an alternative embodiment, the second obtaining unit includes:

The first acquisition module is used for monitoring Modbus communication data of the target system in the normal monitoring state to obtain first operation data;

The second acquisition module is used for monitoring query data, response data and monitoring data among devices in the target system to obtain second operation data;

The third acquisition module is used for monitoring abnormal input data of equipment in the target system to obtain third operation data;

A fourth obtaining module, configured to monitor abnormal response data of the device in the target system to obtain fourth operation data;

The third construction module is configured to construct the first data set according to the first operation data, the second operation data, the third operation data and the fourth operation data, add first identification information to the first operation data and the second operation data in the first data set, add second identification information to the third operation data and the fourth operation data to obtain the second data set, where the first identification information is used to represent that the data is normal data, and the second identification information is used to represent that the data is abnormal data.

In order to determine the first target neural network, in an optional embodiment, the second acquisition unit further includes:

An eleventh determining module, configured to determine, when the second data set includes a message sequence, that the first target neural network is a recurrent neural network and a convolutional neural network, where the recurrent neural network is used to extract a time sequence feature of data in the second data set, and the convolutional neural network is used to extract structure information of data in the second data set;

A twelfth determining module, configured to determine that the first target neural network is the convolutional neural network if the second data set does not include the message sequence.

In order to obtain the fourth data set, in an alternative embodiment, the first input unit comprises:

a fifth obtaining module, configured to extract a data structure feature of the data in the second data set when the first target neural network is the convolutional neural network, where the data structure feature includes a message header, a function code, a register address, and a numerical value or a coded representation corresponding to content data;

A sixth obtaining module, configured to extract a data length characteristic of the data in the second dataset, where the data length characteristic includes lengths of different types of data;

A seventh obtaining module, configured to extract a preset matching feature of the data in the second data set, where the preset matching feature includes a numerical value or a coded representation obtained by converting a text that matches a preset keyword in the convolutional neural network;

An eighth obtaining module, configured to extract a data timing characteristic of data in the second data set when the first target neural network is the recurrent neural network, where the data timing characteristic includes a sequential relationship of each data in the second data set;

A fourth construction module, configured to construct the third data set according to the data structure feature, the data length feature, the preset matching feature, and the data timing feature;

A fifth construction module, configured to convert the type data in the third data set into numerical data, construct a message sequence according to the data timing characteristic of the third data set, normalize and map the numerical data in the third data set to a preset numerical range, fill the numerical data in the third data set into data to obtain a seventh data set, and convert the fifth data set into a vector combination form to represent the seventh data set to obtain an eighth data set;

A sixth construction module, configured to construct the fourth data set according to the seventh data set and the eighth data set.

In order to obtain the target fuzzy test set, in an alternative embodiment, the second input unit includes:

a first processing module for introducing random noise into the data of the fourth data set; and/or

The second processing module is used for randomly changing the data of the fourth data set; and/or

The third processing module is used for replacing a second preset field in the data of the fourth data set according to the first preset field; and/or

A fourth processing module, configured to add boundary numerical data corresponding to different data types in the fourth data set according to the data types corresponding to the data of the fourth data set; and/or

A fifth processing module, configured to add error data corresponding to different data types in the fourth data set according to the data types corresponding to the data of the fourth data set; and/or

And a sixth processing module, configured to change the timing sequence of the message sequence in the fourth data set, so as to obtain the target fuzzy test set.

The fuzzy test device for the power protocol comprises a processor and a memory, wherein the first acquisition unit, the second acquisition unit, the first input unit, the training unit, the second input unit and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions. The modules are all located in the same processor; or the above modules may be located in different processors in any combination.

The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more, and the accuracy of the power protocol test is improved by adjusting the kernel parameters.

The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.

The embodiment of the invention provides a computer readable storage medium, which comprises a stored program, wherein the program is used for controlling equipment where the computer readable storage medium is located to execute a fuzzy test method of the power protocol.

The embodiment of the invention provides a processor, which is used for running a program, wherein the program runs to execute the fuzzy test method of the power protocol.

The embodiment of the invention provides a communication system, which comprises a primary communication domain, a secondary communication domain processor, a memory and a program which is stored in the memory and can run on the processor, wherein the processor realizes the steps of a fuzzy test method of at least the power protocol when executing the program.

The application also provides a computer program product adapted to perform a program of method steps of a fuzzy test method initialized with at least the above-mentioned power protocol when executed on a data processing device.

It will be appreciated by those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.

From the above description, it can be seen that the above embodiments of the present application achieve the following technical effects:

1) According to the fuzzy test method of the power protocol, firstly, a target power protocol and a target system are combed to obtain first target data, a state transition diagram is determined according to the first target data, the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, the format and the structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing the transition relation among the system states of the target system; then, monitoring the operation data of the target system to obtain a first data set, marking the first data set to obtain a second data set, determining at least one first target neural network according to the second data set, wherein different first target neural networks are used for extracting different types of characteristic data; then, inputting the second data set into the first target neural network to obtain a third data set, processing the third data set, and converting the data in the third data set into a preset format to obtain a fourth data set; then, dividing the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, training a neural network according to the fifth data set and testing according to the sixth data set, determining the neural network as a second target neural network when the loss function of the neural network is smaller than a threshold value, wherein the neural network is used for generating a fuzzy testing set based on the operation data of the target system; and finally, inputting the fourth data set into the second target neural network to obtain a target fuzzy test set, carrying out fuzzy test on the target system according to the target fuzzy test set, and determining a fuzzy test result according to the response of the target system, wherein the fuzzy test result comprises the abnormal state and the abnormal behavior of the target system. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower.

2) According to the fuzzy test device for the power protocol, a first acquisition unit carries out carding on a target power protocol and a target system to obtain first target data, a state transition diagram is determined according to the first target data, the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, the format and the structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing the transition relation among the system states of the target system; the second acquisition unit monitors the operation data of the target system to obtain a first data set, marks the first data set to obtain a second data set, determines at least one first target neural network according to the second data set, and is used for extracting different types of characteristic data from different first target neural networks; the first input unit inputs the second data set into the first target neural network to obtain a third data set, processes the third data set, and converts data in the third data set into a preset format to obtain a fourth data set; the training unit divides the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, trains the neural network according to the fifth data set and tests according to the sixth data set, determines the neural network as a second target neural network when the loss function of the neural network is smaller than a threshold value, and the neural network is used for generating a fuzzy testing set based on the operation data of the target system; and the second input unit inputs the fourth data set into the second target neural network to obtain a target fuzzy test set, the target system is subjected to fuzzy test according to the target fuzzy test set, and a fuzzy test result is determined according to the response of the target system, wherein the fuzzy test result comprises the abnormal state and the abnormal behavior of the target system. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower. The application combines the data in the actual scene of the power equipment with the neural network, analyzes the characteristics in the data through the neural network, further processes the data based on the actual data through the neural network to obtain the fuzzy test data set, and controls the power equipment to perform the state transition fuzzy test according to the fuzzy test data set so as to verify the risks and the like in the power protocol, thereby solving the problems of the prior art that the power protocol analysis needs to be performed manually and the accuracy is lower.

The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims

1. A method for ambiguity testing of a power protocol, comprising:

Carding a target power protocol and a target system to obtain first target data, determining a state transition diagram according to the first target data, wherein the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, format and structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing the transition relation between the system states of the target system;

monitoring operation data of the target system to obtain a first data set, marking the first data set to obtain a second data set, determining at least one first target neural network according to the second data set, wherein different first target neural networks are used for extracting different types of characteristic data;

Inputting the second data set into the first target neural network to obtain a third data set, processing the third data set, and converting data in the third data set into a preset format to obtain a fourth data set;

Dividing the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, training a neural network according to the fifth data set and testing according to the sixth data set, and determining the neural network as a second target neural network under the condition that a loss function of the neural network is smaller than a threshold value, wherein the neural network is used for generating a fuzzy testing set based on operation data of the target system;

Inputting the fourth data set into the second target neural network to obtain a target fuzzy test set, carrying out fuzzy test on the target system according to the target fuzzy test set, and determining a fuzzy test result according to the response of the target system, wherein the fuzzy test result comprises an abnormal state and an abnormal behavior of the target system.

2. The method of claim 1, wherein the target power protocol and the target system are carded to obtain first target data, comprising:

analyzing the target system, and determining a protocol type of the target power protocol, wherein the protocol type comprises one or more of DNP3, modbus and IEC 61850;

Analyzing the target power protocol, and determining a protocol role of the target power protocol, wherein the protocol role at least comprises one or more of monitoring a power equipment state in the target system, executing a control command and transmitting alarm information;

analyzing the target power protocol, and determining format information of the target power protocol, wherein the format information comprises at least one of a message header, a message body and a checksum;

Analyzing the target power protocol, and determining message content of the target power protocol, wherein the message content comprises at least one of a device identifier, a command type, a control parameter and a device address;

analyzing the target power protocol, determining a security mechanism of the target power protocol, the security mechanism including at least one of encrypted communication, identity verification, and integrity verification;

analyzing the target power protocol, and determining a risk type of the target power protocol, wherein the risk type comprises at least one of man-in-the-middle attack and data injection;

The first target data is structured according to the protocol type, the protocol role, the format information, the message content, the security mechanism and the risk type.

3. The method of claim 1, wherein determining a state transition diagram from the first target data comprises:

The method comprises the steps that under the control of a target power protocol, equipment in the target system allows data to be sent and received, and the state allowing monitoring operation and control operation to be carried out on the target system is determined to be a connection establishment state;

The equipment in the target system periodically performs the monitoring operation and sends monitoring data or periodically receives instructions of other equipment and executes the control operation under the control of the target power protocol to determine a normal monitoring state;

Under the control of the target power protocol, the state that equipment in the target system generates alarm information and executes safety measures is determined to be an abnormal alarm state;

determining a state that the equipment in the target system does not allow data to be sent as a disconnection state under the control of the target power protocol;

And determining corresponding triggerable target events under the condition that the target system is in the connection establishment state, the normal monitoring state, the abnormal alarm state or the disconnection state based on the first target data, determining the system state of the target system after triggering according to the corresponding target events, and drawing the state transition diagram.

4. A method according to claim 3, wherein monitoring the operational data of the target system to obtain a first data set, and marking the first data set to obtain a second data set, comprises:

Monitoring Modbus communication data of the target system in the normal monitoring state to obtain first operation data;

monitoring query data, response data and monitoring data among devices in the target system to obtain second operation data;

monitoring abnormal input data of equipment in the target system to obtain third operation data;

monitoring abnormal response data of equipment in the target system to obtain fourth operation data;

The first data set is constructed according to the first operation data, the second operation data, the third operation data and the fourth operation data, first identification information is added to the first operation data and the second operation data in the first data set, second identification information is added to the third operation data and the fourth operation data to obtain the second data set, the first identification information is used for representing that the data is normal data, and the second identification information is used for representing that the data is abnormal data.

5. The method of claim 1, wherein determining at least one first target neural network from the second data set comprises:

Determining that the first target neural network is a recurrent neural network and a convolutional neural network when the second data set comprises a message sequence, wherein the recurrent neural network is used for extracting time sequence characteristics of data in the second data set, and the convolutional neural network is used for extracting structural information of the data in the second data set;

And determining that the first target neural network is the convolutional neural network if the second data set does not include the message sequence.

6. The method of claim 5, wherein inputting the second data set into the first target neural network to obtain a third data set, and processing the third data set to convert data in the third data set to a preset format to obtain a fourth data set, comprises:

Extracting data structure characteristics of data in the second data set under the condition that the first target neural network is the convolutional neural network, wherein the data structure characteristics comprise a message header, a function code, a register address and a numerical value or coding representation corresponding to content data;

Extracting data length characteristics of data in the second data set, wherein the data length characteristics comprise lengths of different types of data;

Extracting preset matching features of data in the second data set, wherein the preset matching features comprise numerical values or coded representations obtained by text conversion matched with preset keywords in the convolutional neural network;

extracting data timing characteristics of data in the second data set under the condition that the first target neural network is the cyclic neural network, wherein the data timing characteristics comprise sequence relations of all data in the second data set;

Constructing the third data set according to the data structure characteristic, the data length characteristic, the preset matching characteristic and the data time sequence characteristic;

Converting the type data in the third data set into numerical data, constructing a message sequence according to the data time sequence characteristics by the data in the third data set, carrying out normalized mapping on the numerical data in the third data set to a preset numerical range, carrying out data filling on the numerical data in the third data set to obtain a seventh data set, and converting the fifth data set into a vector combination form to represent the seventh data set to obtain an eighth data set;

The fourth data set is constructed from the seventh data set and the eighth data set.

7. The method of claim 6, wherein inputting the fourth data set into the second target neural network results in a target fuzzy test set, comprising:

Introducing random noise into the data of the fourth data set; and/or

Randomly changing the data of the fourth data set; and/or

Replacing a second preset field in the data of the fourth data set according to the first preset field; and/or

Adding boundary numerical data corresponding to different data types in the fourth data set according to the data types corresponding to the data of the fourth data set; and/or

Adding error data corresponding to different data types in the fourth data set according to the data types corresponding to the data of the fourth data set; and/or

And changing the time sequence of the message sequence in the fourth data set to obtain the target fuzzy test set.

8. A ambiguity test arrangement for a power protocol, the arrangement comprising:

The system comprises a first acquisition unit, a state transition diagram and a second acquisition unit, wherein the first acquisition unit is used for carding a target power protocol and a target system to obtain first target data, a state transition diagram is determined according to the first target data, the target system is a power system deployed by the target power protocol, the first target data at least comprises the type, the format and the structure of the target power protocol and the operation principle of the target system, and the state transition diagram is used for representing the transition relation among the system states of the target system;

The second acquisition unit is used for monitoring the operation data of the target system to obtain a first data set, marking the first data set to obtain a second data set, determining at least one first target neural network according to the second data set, and extracting different types of characteristic data from different first target neural networks;

the first input unit is used for inputting the second data set into the first target neural network to obtain a third data set, processing the third data set and converting the data in the third data set into a preset format to obtain a fourth data set;

The training unit is used for dividing the fourth data set into a training set and a testing set to obtain a fifth data set and a sixth data set, training a neural network according to the fifth data set and testing according to the sixth data set, determining the neural network as a second target neural network under the condition that the loss function of the neural network is smaller than a threshold value, and generating a fuzzy testing set based on the operation data of the target system by the neural network;

The second input unit is used for inputting the fourth data set into the second target neural network to obtain a target fuzzy test set, performing fuzzy test on the target system according to the target fuzzy test set, and determining a fuzzy test result according to the response of the target system, wherein the fuzzy test result comprises an abnormal state and an abnormal behavior of the target system.

9. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored program, wherein the program, when run, controls a device in which the computer readable storage medium is located to perform the method of any one of claims 1 to 7.

10. A power protocol testing system, comprising: one or more processors, memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing the method of any of claims 1-7.