基于Web的电力系统自适应安全事件管理设计

湘潭大学硕士学位论文基于Web的电力系统自适应安全事件管理设计姓名：马茜申请学位级别：硕士专业：电力电子与电力传动指导教师：段斌20070501IWebWebCORBAWebIIABSTRACTWiththedevelopmentinPowerInformation,PowerInformationNetworkisalsoupagainstattacksanddestruction.Alongwiththemeansofattacksaremorediversiformcomplicatedandintelligent,itisdifficulttofulfilthenetworksecurityneedsonlyrelyingonsafetyequipment’sdefending.Wemanagetheunattachednetworkandsafetyequipmentcentralizedly.Andwemakethenetworkandsecurityequipmentdefendagainsttheattacksinterrelatedly.Fulfillingnetworksecurityhasimportantsignificanceinsocietyandeconomy.AdaptiveWeb-basedelectricitynetworksecuritymanagementsystemcameintobeingforsuchdemand.Thepurposeofthispaperistoestablishadistributedmanagementplatformforsecurityevents.Itwillmanagethesecurityequipmentcentralizedlywhichhavedifferentpositionsanddiversefunctionsinthenetwork.Itwillfulfillinkageandmutualoperationamongallkindsofequipments.Anditwillachievethepurposethatdefendingagainstattacks.Groundedonthestudyoftraditionalnetworkmanagement,thepaperbringsforwardaforsecurityeventsmanagementinthenetwork.Anditdesignsthesystemmodel.Thepaper’sworkthathasbeendoneisasfollowing:1Afteranalysingandresearchingthetraditionalnetworkmanagement,wedesignaWeb-baseddistributedarchitectureforsecurityequipmentmanagementwhichbandtogethertheCORBAtechnology.Itfulfilsunitivemanagementforsecurityequipmentandhighlyefficientlinkage.(2)Weanalyseandresearchthecommonsecurityequipmentandlogdeeply.Atthesametimeweusethedataminingtechnologytodealwiththesecurityeventlogdata.Inthepaperwebringdetectionmodelautomatically.Itwillimprovetheefficiencygreatlyinpatternrecognitionandrulesstructure.Thisdesignnotonlyadaptstotheanomalydetectionbutalsoadaptstomisusedetection.Anditcanfindtheknownandunknownattackmodeeffectively.Inthepaperthedistributedmanagementplatformforpowersecurityeventshasmultiplicatefeatures,includingautomaticidentificationforsecurityeventsmodel,multi-layeredinitiativedefense,andextensiblefunction.Itisusefulfordesigningtheframeofthepowercorporation’snetworksecuritymanagement.KeyWordsWeb;PowerSystem;NetworkSecurityManagement;dataminingWeb1651.1[1][2]206020038145000200010IP(InternetProtocol)TCP/IP(TransmissionControlProtocol/InternetProtocol)InternetIntranetSPDnetStatePowerdatanetwork57IECTC57[3]1.1[3]IECTC5715IEC62351,Web2651.1[4-14][15]IDSIntrusionDetectionSystemWeb365IEC62351Web(AdaptiveWebbasedElectricityNetworkSecurityManagementSystemAWENSMS)JMXAgentJMXAgent1.2AIDE(AutomatedIntrusionDetectionEnvironment)[16]CIDF(CommonIntrusionDetectionFramework)[17]IDSIDWG(IntrusionDetectionWorkingGroup)[18]IETFInternetEngineeringTaskForceIDSIntrusionDetectionMessageExchangeFormat(IDMEF)[19]EVILIODEF(IncidentObjectDescriptionandExchangeFormat)[20]AIRCERT[21]CERT()SANS()CERTCERTSandia(CLCSI)[22]Web4651.3Web1.4WebCORBAWeb5652.1DoSDenialofServiceTCPSYNTCPSYNFlooding2.2(SPDnet)[23]:2.1Web665I()II()III()IV()III()IV()I()II()IPIPIPVPNSPDnetVPNIPShPTnet2.1[24]VPNB/SWebEmail2.3[25]SPDnetWeb765DMISMIS2.42.4.12.4.1.1ISO(InternationalOrganizationforStandardization)ISO/IEC7497-4faultmanagementaccountingmanagementconfigurationmanagementperformancemanagementsecuritymanagementWeb8652.4.1.2Q3CMIPCommonManagementInformationProtocolInternet/SNMPSNMP(SimpleNetworkManagementProtocol)SNMPIETFTCP/IPCMIPSNMPSNMPv1,SNMPv2,SNMPv3SNMPOSI:A,BABBSNMPOSISNMP2.2SNMPUDPIPSNMPUDPIPMIBSNMP2.2SNMPSNMP;SNMP(Web965)SNMPtrapSNMPManager/AgentSNMP(Proxy)SNMPSNMPSNMPSNMPSNMPOSIOSISNMPSNMPSNMPSNMPSNMPMIBSNMPMIB:ID,SNMPSMI(StructureofManagementInformation)SNMPMIBSMIMIBMIBInternetMgnt(2)ExperimentalPrivateDirectroyMix-bSystemInterfacesSNMP2.3SNMPSNMP2.3Web1065InternetSNMPInternetMIBMIBOSIOSISNMPSNMPSNMPSNMPSNMPSNMPMIBSNMPManagerAgentSNMPSNMPSNMPS3:get,settrap;trapSNMPSNMP3MIBSNMPSNMPMIBSNMPSNMPget-requestget-next-requestset-requestget-responsetrapSNMPSNMPSNMPSNMPUDPUDPSNMPSNMPWeb1165SNMPISOCMIS/CMIPCommonManagementInformationProtocolandService/CMIPISOOSICMIPCMIP()OSI2.4Manager(Agent)(operation)(Agent(notification)2.5OSICMIPOperationOSIOSINotificationOSINotificationOperation2.4OSIOSICMISCMIPWeb1265NMS2.52.6CMIPASN.1(AbstractSyntaxNotationOne)CMIP2.6CMIPOSICMIPCMIPCMIPCMIP(CMISE)(ACSE)(ROSE)2.7CMISECMISEACSEROSEROSEOSI(CMIS)CMIPCMISCMIPISO:Web1365CMIPCMISEACSEROSECMISEACSEROSEOSI2.7CMIP2.4.2VPNInternet()[26]()Internet:(Packetfiltering)TPTCPUDPUDPEZPCWeb1465(ApplicationProxy)(ApplicationGateway)OSLIPIP()[2728][29]IDS[30]IDS[3132]Web1565[3334]VPNVPNVirtualPrivateNetwork)VPNVPNInternetIntranetVPN(PPTP)/(L2TP),IPSec(TnternetProtocolSecurity)SOCKSv_5[35]VPNVPN:VPDN,IntranetVPNExtranetVPNVPNIP;[36]Web1665WEB3.1IEC62351part36-/12TCP/IPTCPTCPWeb176512345///3.2Web18653.3:WebWebWebWeb(Web)3.4WebWebmanagementobject/MOWebCORBA3.4.1WebWeb3.1:HTTPAppletJAVAJAVAAppletWebCORBA()Web2065CORBA2847351423121CORBAIIOPCORBAIIOPCORBAIIOPCORBAIIOPCORBAIIOP6WebHttp3.1WebCORBA3.4.23.2TASE2IDSSCADAIDSWAN3.2SCADAWeb21653.33.31)2)3.4.3CORBACORBACORBACORBACORBAIDLCORBAWeb2265CORBACORBACORBACORBA3.1CORBA3.43.4Web2365IDS3.4.4Web()3.5:CORBAJavaAppletHTTPWebHTMLJavaAppletHTTPCORBA