[go: up one dir, main page]

CN114745287A - Assessment method and system for network space security of power monitoring system - Google Patents

Assessment method and system for network space security of power monitoring system Download PDF

Info

Publication number
CN114745287A
CN114745287A CN202210398273.0A CN202210398273A CN114745287A CN 114745287 A CN114745287 A CN 114745287A CN 202210398273 A CN202210398273 A CN 202210398273A CN 114745287 A CN114745287 A CN 114745287A
Authority
CN
China
Prior art keywords
security
information
score
factor
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210398273.0A
Other languages
Chinese (zh)
Other versions
CN114745287B (en
Inventor
钱珂翔
张道娟
王玉曼
叶洪波
肖飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Shanghai Electric Power Co Ltd
State Grid Smart Grid Research Institute of SGCC
State Grid Corp of China SGCC
Original Assignee
State Grid Shanghai Electric Power Co Ltd
State Grid Smart Grid Research Institute of SGCC
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Shanghai Electric Power Co Ltd, State Grid Smart Grid Research Institute of SGCC, State Grid Corp of China SGCC filed Critical State Grid Shanghai Electric Power Co Ltd
Priority to CN202210398273.0A priority Critical patent/CN114745287B/en
Publication of CN114745287A publication Critical patent/CN114745287A/en
Application granted granted Critical
Publication of CN114745287B publication Critical patent/CN114745287B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S10/00Systems supporting electrical power generation, transmission or distribution
    • Y04S10/50Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Algebra (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种电力监控系统网络空间安全的评估方法及系统,包括:建立安全评级数据库,实时获取每种影响要素的安全信息,并将每种要素的安全信息存储至安全评级数据库中;根据每种要素的安全信息和每种要素的影响因子及惩罚因子,计算每种要素的安全信息的初始安全评分;根据每种要素的安全信息,利用每种要素的安全信息的多个惩罚因子,以及每种要素的安全信息的初始安全评分,计算每种要素的安全信息的最终评分;基于每种要素的安全信息的最终评分,计算网络空间的安全评分,并根据网络空间的安全评分,判定网络空间的安全等级。本发明从多维度、多角度对网络空间安全进行评分,从而能够动态量化网络安全,并提高了评估结果的精准度。

Figure 202210398273

The invention discloses a method and system for evaluating cyberspace security of a power monitoring system, comprising: establishing a security rating database, acquiring the security information of each influencing element in real time, and storing the security information of each element in the security rating database; According to the safety information of each element and the influence factor and penalty factor of each element, the initial safety score of the safety information of each element is calculated; according to the safety information of each element, the multiple penalty factors of the safety information of each element are used , and the initial security score of the security information of each element, calculate the final score of the security information of each element; based on the final score of the security information of each element, calculate the security score of the cyberspace, and Determine the security level of cyberspace. The invention scores the cyberspace security from multiple dimensions and multiple angles, so that the cybersecurity can be dynamically quantified, and the accuracy of the evaluation result is improved.

Figure 202210398273

Description

Assessment method and system for network space security of power monitoring system
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for evaluating network space security of a power monitoring system.
Background
The power monitoring system is basically composed of a computer, communication equipment and a measurement and control unit, provides a basic platform for real-time data acquisition, on-off state detection and remote control of a power transformation and distribution system, can form any complex monitoring system with detection and control equipment, plays a core role in power transformation and distribution monitoring, can help enterprises eliminate islands, reduce operation cost, improve production efficiency and accelerate abnormal response speed in the power transformation and distribution process.
The application function module of the power monitoring system mainly comprises: the system comprises modules such as a remote measurement module, a remote signaling module, a remote control module and the like, a relay protection module, an electrical protection module, an electric energy quality management module, an illumination ventilation control module, a tunnel and traffic monitoring linkage module, an energy management module, a power distribution automation module, an operation auxiliary management module, a substation environment monitoring module and the like. The network safety state of the power monitoring system is accurately and dynamically evaluated, the safety factor of the network can be improved, and the good and stable operation of the network is ensured.
The acquisition of network related information and the quantitative processing of the information are the premise of network dynamic security assessment, while the traditional method realizes assessment by acquiring key factors such as assets, threats, weaknesses and the like in network security and calculating corresponding values, but the network security cannot be dynamically quantified, and the problem of large security assessment deviation exists.
Disclosure of Invention
Therefore, the technical problem to be solved by the present invention is to overcome the defects that the method for evaluating the network space security in the prior art cannot dynamically quantify the network security and has a large security evaluation deviation, so as to provide a method and a system for evaluating the network space security of an electric power monitoring system.
In order to achieve the purpose, the invention provides the following technical scheme:
in a first aspect, an embodiment of the present invention provides a method for evaluating network space security of a power monitoring system, including: acquiring security information of each element influencing network space security, and storing the security information of each element into an established security rating database; calculating an initial security score of the security information of each element according to the security information of each element in the security rating database and the influence factor and the penalty factor of each element; calculating a final score of the security information of each element according to the security information of each element in the security rating database by using a plurality of penalty factors of the security information of each element and the initial security score of the security information of each element; and calculating the security score of the network space based on the final score of the security information of each element, and judging the security level of the network space according to the security score of the network space.
In one embodiment, the security information of the elements affecting cyberspace security includes: device security information, protocol security information, and policy security information.
In one embodiment, the process of calculating an initial security score of the security information of each element according to the security information of each element in the security rating database and the influence factor and penalty factor of each element comprises: classifying the equipment in the power monitoring system according to the equipment safety information; acquiring a preset grade weight corresponding to each grade, and calculating an initial security score of each grade device according to the number of each grade device, the influence factor of the security information and the preset grade weight corresponding to each grade; taking the ratio of the influence factors of the protocol security information to the number of protocols used by the network space as an initial security score of the protocol security information; and taking the ratio of the influence factor of the policy security information to the number of the penalty factors of the policy security information as the initial security score of the policy security information.
In one embodiment, the process of calculating the final score of the security information of each element by using the penalty factor of the security information of each element and the initial security score comprises the following steps: according to the safety information of each element, acquiring a corresponding weighted weight of the safety information of each element under each punishment factor; and calculating the final score of the safety information of each element according to the corresponding weighted weight of the safety information of each element under each punishment factor, the initial safety score and the number of the punishment factors of the safety information of each element.
In one embodiment, the penalty factors for device security information include: risk factor punishment factor, network availability punishment factor, network attack rate punishment factor, influence equipment punishment factor, equipment influenced time punishment factor, attack tool quantity punishment factor and attack time punishment factor.
In one embodiment, the penalty factors for the protocol security information include: the system comprises a protocol vulnerability quantity penalty factor, a protocol authentication penalty factor, a protocol authority distinguishing penalty factor, a protocol broadcast inhibition penalty factor, a protocol encryption penalty factor and a protocol programmability penalty factor.
In one embodiment, the penalty factors for policy security information include: the system comprises a system password penalty factor, a system firewall penalty factor, a system access control penalty factor, a system backup recovery penalty factor, a system audit penalty factor and a system vulnerability check penalty factor.
In a second aspect, an embodiment of the present invention provides an evaluation apparatus for network space security of a power monitoring system, including: the information acquisition module is used for establishing a security rating database, acquiring the security information of each element influencing the network space security in real time, and storing the security information of each element into the security rating database, wherein the security rating database is also used for storing the disclosed danger factor information; the initial scoring module is used for calculating the initial security score of the security information of each element according to the security information of each element in the security rating database and the influence factor and the penalty factor of each element; the final grading module is used for calculating the final grade of the safety information of each element according to the safety information of each element in the safety rating database by utilizing a plurality of punishment factors of the safety information of each element and the initial safety grade of the safety information of each element; and the rating module is used for calculating the security score of the network space based on the final score of the security information of each element, and judging the security level of the network space according to the security score of the network space.
In one embodiment, the initial scoring apparatus includes: the first computing unit is used for grading the equipment in the power monitoring system according to the equipment safety information; acquiring a preset grade weight corresponding to each grade, and calculating an initial security score of each grade device according to the number of each grade device, the influence factor of the security information and the preset grade weight corresponding to each grade; a second calculating unit, configured to use a ratio of an influence factor of protocol security information to a number of protocols used by the network space as an initial security score of the protocol security information; and the third calculating unit is used for taking the ratio of the influence factor of the policy security information to the number of the penalty factors of the policy security information as the initial security score of the policy security information.
In one embodiment, the final scoring module includes: the weighting module is used for acquiring a corresponding weighting value of the safety information of each element under each punishment factor according to the safety information of each element; and the final scoring module is used for calculating the final scoring of the safety information of each element according to the corresponding weighted weight of the safety information of each element under each punishment factor, the initial safety scoring and the number of the punishment factors of the safety information of each element.
In a third aspect, an embodiment of the present invention provides a computer device, including: the system comprises at least one processor and a memory which is in communication connection with the at least one processor, wherein the memory stores instructions which can be executed by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor executes the evaluation method for the network space security of the power monitoring system in the first aspect of the embodiment of the invention.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where computer instructions are stored, and the computer instructions are configured to enable a computer to execute the method for evaluating network space security of a power monitoring system according to the first aspect of the embodiment of the present invention.
The technical scheme of the invention has the following advantages:
1. the invention provides an evaluation method and system for network space security of a power monitoring system, which comprises the steps of establishing a security rating database, acquiring security information of each element influencing network space security in real time, and storing the security information of each element into the security rating database; calculating an initial security score of the security information of each element according to the security information of each element in the security rating database and the influence factor and the penalty factor of each element; calculating a final score of the security information of each element according to the security information of each element in the security rating database by using a plurality of penalty factors of the security information of each element and the initial security score of the security information of each element; and calculating the security score of the network space based on the final score of the security information of each element, and judging the security level of the network space according to the security score of the network space. The invention scores the network space security from multiple dimensions and multiple angles, thereby dynamically quantifying the network security and improving the accuracy of the evaluation result.
2. According to the method and the system for evaluating the network space security of the power monitoring system, the equipment in the power monitoring system is classified according to the equipment security information; acquiring a preset grade weight corresponding to each grade, and calculating an initial security score of each grade device according to the number of each grade device, the influence factor of the security information and the preset grade weight corresponding to each grade; taking the ratio of the influence factors of the protocol security information to the number of the protocols used by the network space as the initial security score of the protocol security information; and taking the ratio of the influence factor of the strategy safety information to the number of the punishment factors of the strategy safety information as the initial safety score of the strategy safety information. The method and the device score the network space safety in multiple dimensions from the equipment safety information, the protocol safety information and the strategy safety information, comprehensively consider and set the influence factors of each kind of safety information, and finally calculate the initial safety score of each kind of safety information, thereby improving the accuracy of the evaluation result.
3. According to the method and the system for evaluating the network space security of the power monitoring system, provided by the invention, a plurality of punishment factors are set for each type of security information, the security information is scored and calculated again by utilizing the punishment factors, and finally the final score of the security information is obtained based on the initial security score and the punishment factors, so that the influence of various punishment factors on the network security is comprehensively considered from multiple angles, and the most complete and comprehensive evaluation method and system are obtained.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a specific example of an evaluation method provided by an embodiment of the present invention;
FIG. 2 is a flow chart of another specific example of an evaluation method provided by an embodiment of the present invention;
FIG. 3 is a flow chart of another specific example of an evaluation method provided by an embodiment of the present invention;
FIG. 4 is a flow chart of a specific example of an evaluation apparatus provided by an embodiment of the present invention;
fig. 5 is a block diagram of a specific example of a computer device according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; the two elements may be directly connected or indirectly connected through an intermediate medium, or may be communicated with each other inside the two elements, or may be wirelessly connected or wired connected. The specific meanings of the above terms in the present invention can be understood in a specific case to those of ordinary skill in the art.
In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Example 1
The embodiment of the invention provides an evaluation method for network space security of a power monitoring system, which comprises the following steps of S11-S14 as shown in FIG. 1:
step S11: and acquiring security information of each element influencing the network space security, and storing the security information of each element into the established security rating database.
Specifically, before a security rating database is established, a network space to be tested needs to be communicated so that the network space to be tested can normally communicate with the network space, the security rating database of the embodiment of the present invention stores and periodically updates the published risk factor information in a network, and the risk factor information includes: NVD, CVE and the like disclose information such as bugs, trojans, viruses and the like in the database.
Specifically, the security rating database of the embodiment stores the security information of various elements affecting network security detected by the system to be tested, and the security information of each element dynamically changes along with the change of the network state and configuration; because the device security in the power monitoring system is mainly affected by the device security information, the protocol security is mainly affected by the protocol security information, and the policy security is mainly affected by the policy security information, the security information of the elements affecting the network space security of the embodiment of the present invention includes: device security information, protocol security information, and policy security information.
Specifically, the device security information may include the number of device connections, the type of information stored, the device permissions, bugs, the number of trojans and viruses, the number of times of network disconnection, the time of network disconnection, the number of times of attacks, the number of times of successful attacks, the security rating database entry state, the number of affected devices, the total number of devices to be tested, the time of affected devices, the test time, the number of attack tools, the attack time, and the like.
Specifically, the protocol security information may include the number of protocols, the number of vulnerabilities, authentication mechanisms, authority differentiation, data transmission encryption, broadcast suppression, programmability, and the like.
Specifically, the policy security information may include user password or password complexity, number of all users, firewall configuration, access control policy, backup and recovery mechanism, security audit, periodic vulnerability check and repair, vulnerability check and repair frequency, and the like; and finally, summing the equipment, protocol and strategy safety scores to obtain a network safety total score in the power monitoring system, and grading according to the corresponding strategy.
Step S12: and calculating the initial security score of the security information of each element according to the security information of each element in the security rating database and the influence factor and the penalty factor of each element.
Specifically, according to three major factors (device security, protocol security, and policy security) that affect the security of the power monitoring system, the embodiments of the present invention respectively allocate security allocation impact factors to devices, protocols, and policies in a network space according to actual situations, for example: security information for devices, security information for protocols, and protocolsThe influence factor of the security information is A1=30、A2=40、A350, satisfies A1+A2+A3=100。
Specifically, as shown in fig. 2, step S12 is executed by steps S21 to S23, which are as follows:
step S21: classifying equipment in the power monitoring system according to the equipment safety information; and acquiring a preset grade weight corresponding to each grade, and calculating an initial security score of each grade device according to the number of each grade device, the influence factor of the security information and the preset grade weight corresponding to each grade.
Specifically, the embodiments of the present invention classify devices in a network space according to device security information obtained in real time, where the classification may be based on the importance of the devices, and the devices may be classified into A, B, C classes, where the class a device at least meets one of the following conditions: (1) the number of other directly connected devices is more than or equal to 10, (2) the devices with the storage information types of password and the like are used, (3) the device with the authority of an administrator in the power monitoring system is used; class B devices must satisfy the following two conditions: (1) the number of other directly connected devices is less than 10 and is more than or equal to 5, (2) the stored information type is important service information, or adjacent devices of A-level devices; the class C device is a device other than the class a device and the class B device.
Specifically, according to the number of each level of equipment, the preset level weight corresponding to each level and the influence factor of the equipment safety information, the initial safety score T of each level of equipment is calculatedoThe calculation formula is as follows:
Figure BDA0003598359430000091
wherein, A1Influencing factors representing safety information of the installation, CA、CB、CCRespectively representing the number of class A, B and C devices, A11、A12、A13Respectively preset grades of A-grade equipment, B-grade equipment and C-grade equipmentThe weight, specifically the preset level weight, is set according to the actual situation, and is not limited herein.
Step S22: and taking the ratio of the influence factors of the protocol security information to the number of the protocols used by the network space as the initial security score of the protocol security information.
In particular, an initial security score T for protocol security informationPThe calculation formula of (a) is as follows:
Figure BDA0003598359430000101
wherein A is2Influencing factors representing protocol security information, CPRepresenting the number of protocols used in the network space.
Step S23: and taking the ratio of the influence factor of the policy security information to the number of the penalty factors of the policy security information as the initial security score of the policy security information.
In particular, an initial security score T for policy security informationSThe calculation formula of (a) is as follows:
Figure BDA0003598359430000102
wherein A is3Factor of influence, N, representing policy security information1The number of penalty factors for policy security information.
Step S13: and calculating a final grade of the safety information of each element according to the safety information of each element in the safety rating database by using a plurality of penalty factors of the safety information of each element and the initial safety grade of the safety information of each element.
Specifically, since the security of each element is affected by multiple factors, the embodiment of the present invention sets multiple penalty factors for each element, scores the security information of each element in multiple dimensions, and combines the initial scores of the security information of each element to finally obtain the final score of the security information of each element, as shown in fig. 3, where step S13 is performed by steps S31 to S32, and specifically, the following steps are performed:
step S31: and acquiring the corresponding weighting value of the safety information of each element under each punishment factor according to the safety information of each element.
Specifically, the penalty factors of the device security information include: risk factors penalty factor P1Network availability penalty factor P2Network attack rate punishment factor P3Impact device penalty factor P4Device affected time penalty factor P5Attack tool quantity penalty factor P6Penalty factor P for time spent on attacks7
Specifically, according to the embodiment of the invention, the safety information of the equipment of the power monitoring system is analyzed according to the actual situation, and then the P is determined1、P2、P3、P4、P5、P6、P7In which P is1、P2、P3、P4、P5、P6、P7Independent of each other, the segments of each penalty factor of the device safety information are shown in formulas (4) to (12), wherein each segment is set according to the actual condition and the weighted weight setting basis corresponding to each segment, and no limitation is made here.
Figure BDA0003598359430000111
Wherein, P1Representing equipment vulnerability, Trojan horse, virus penalty factor, n1E is the sum of the number of the loopholes, the trojans and the viruses on the equipment, the safety rating database of the loopholes, the trojans and the viruses represents that the recording state is recorded,
Figure BDA0003598359430000112
and the safety rating database recording state representing the vulnerability, Trojan horse and virus is not recorded.
Figure BDA0003598359430000121
Wherein, P2And expressing a network availability penalty factor, U expressing network availability, and a network availability calculation formula is as follows:
Figure BDA0003598359430000122
the method comprises the following steps that a represents the network disconnection times of a network to be tested in a test time caused by equipment bugs, trojans and viruses, and b represents the network disconnection times of the network to be tested in the test time caused by the equipment bugs, the trojans and the viruses, wherein the network disconnection times are cubic roots due to the fact that the magnitude of the network disconnection times is different from the magnitude of the network disconnection times, and a is greater than or equal to 0, and b is greater than or equal to 0.
Figure BDA0003598359430000123
Wherein, P3And (3) representing a network attack rate punishment factor, wherein R represents the network attack rate, and the network attack rate calculation formula is as follows:
Figure BDA0003598359430000124
wherein, CIFor the number of successful attacks of the network under test during the test time, CTFor the number of attacks on the network to be tested during the test time, when CI=CTWhen R is 0, R is 0.
Figure BDA0003598359430000131
Wherein, P4The penalty factors of the influencing equipment are represented, M represents the quantity of the equipment directly connected with the equipment, M represents the total number of the equipment to be tested, and M is equal to CA+CB+CC
Figure BDA0003598359430000132
Wherein, P5Representing the time penalty factor, t, of the affected equipment1Indicating the affected time of the equipment and T indicating the test time.
Figure BDA0003598359430000133
Wherein, P6Penalty factor, n, representing the number of attack tools2Representing the number of attack tools used to implement the attack.
Figure BDA0003598359430000134
Wherein, P7Represents a time-consuming penalty factor for the attack, t2Indicating that the attack is time consuming.
Specifically, the penalty factors of the protocol security information include: protocol vulnerability quantity penalty factor Q1Protocol authentication penalty factor Q2Protocol authority distinguishing penalty factor Q3Protocol broadcast suppression penalty factor Q4Protocol encryption penalty factor Q5Protocol programmability penalty factor Q6
According to the embodiment of the invention, the protocol safety information of the power monitoring system is analyzed according to the actual situation, and then Q is determined1、Q2、Q3、Q4、Q5、Q6In which Q1、Q2、Q3、Q4、Q5、Q6Independent of each other, the segments of each penalty factor of the protocol security information are shown in formulas (13) to (18), wherein each segment and the weighted weight setting basis corresponding to each segment are set according to the actual situation, and are not limited herein.
Figure BDA0003598359430000141
Wherein Q is1A penalty factor, n, representing the number of protocol vulnerabilities3The number of the network protocol loopholes to be detected.
Figure BDA0003598359430000142
Wherein Q is2Indicating a protocol authentication penalty factor, G indicating that the protocol has an authentication mechanism,
Figure BDA0003598359430000145
indicating that the protocol has no authentication mechanism.
Figure BDA0003598359430000143
Wherein Q is3A penalty factor for indicating the authority discrimination of the protocol, V indicates that the protocol has authority discrimination,
Figure BDA0003598359430000146
indicating that the protocol has no authority to distinguish.
Figure BDA0003598359430000144
Wherein Q is4Represents a protocol broadcast suppression penalty factor, J represents a protocol broadcast suppression,
Figure BDA0003598359430000147
indicating that the protocol has no broadcast suppression.
Figure BDA0003598359430000151
Wherein Q is5Representing a protocol encryption penalty factor.
Figure BDA0003598359430000152
Wherein Q is6A penalty factor for the programmability of the protocol, I indicates that the protocol is programmable,
Figure BDA0003598359430000154
indicating that the protocol is not programmable.
Specifically, the penalty factors of the policy security information include: the system comprises a system password penalty factor R1, a system firewall penalty factor R2, a system access control penalty factor R3, a system backup recovery penalty factor R4, a system audit penalty factor R5 and a system vulnerability check penalty factor R6.
Specifically, the embodiment of the invention analyzes the policy security message of the power monitoring system according to the actual situation, and further determines R1、R2、R3、R4、R5、R6In which R is1、R2、R3、R4、R5、R6Independent of each other, the segments of each penalty factor of the policy security information are shown in formulas (19) to (24), wherein each segment basis and the weighted weight setting basis corresponding to each segment are set according to the actual situation, and no limitation is made here.
Figure BDA0003598359430000153
Wherein R is1Representing a system cryptographic penalty factor, NCThe number of users with password length and password complexity (number, letter, underline and other character types) more than or equal to 3 in the system to be tested is shown, N2Indicating the number of all registered users in the system to be tested.
Figure BDA0003598359430000161
Wherein R is2Indicating the system firewall penalty factor, F indicating the system to be tested has the firewall, E indicating the system to be tested has the firewall configured correctly,
Figure BDA0003598359430000166
indicating that the system under test is not firewall-free,
Figure BDA0003598359430000167
indicating a firewall configuration error for the system under test.
Figure BDA0003598359430000162
Wherein R is3Represents a system access control penalty factor, W represents that the system to be tested has an access control strategy,
Figure BDA0003598359430000168
indicating that the system under test has no access control policy.
Figure BDA0003598359430000163
Wherein R is4The system backup and recovery penalty factor is represented, O represents that the system to be tested has a backup and recovery mechanism,
Figure BDA0003598359430000169
indicating that the system under test has no backup and recovery mechanism.
Figure BDA0003598359430000164
Wherein R is5Indicating a system audit punishment factor, H indicating that the system to be tested has safety audit,
Figure BDA00035983594300001610
indicating that the system under test has no security audit.
Figure BDA0003598359430000165
Wherein R is6Indicating system leaksHole inspection punishment factor D represents that the system to be tested has regular bug inspection and repair,
Figure BDA00035983594300001611
and K represents the bug checking and repairing frequency of the system to be tested.
Step S32: and calculating the final score of the safety information of each element according to the corresponding weighted weight of the safety information of each element under each punishment factor, the initial safety score and the number of the punishment factors of the safety information of each element.
Specifically, the final score S of the device security information is calculated as follows1I.e. initial rating of the safety information of the device, except for a final rating S of the penalty factor corresponding to the rating1
Figure BDA0003598359430000171
Wherein S isARepresenting the total security score, S, of all class A devices in the network spaceBRepresenting the total security score, S, of all class B devices in the network spaceCRepresenting the total security score, T, of all class C devices in the network spaceO3Initial Security score, T, representing Security information for A-class deviceO2Initial security score, T, representing security information for class B devicesO1An initial security score representing level C device security information,
Figure BDA0003598359430000172
represents the jth penalty factor for the ith class a device,
Figure BDA0003598359430000173
represents the jth penalty factor for the ith class B device,
Figure BDA0003598359430000174
denotes the j penalty factor, C, of the ith class C deviceA、CB、CCRespectively representing the number of devices of class a, class B and class C.
Specifically, the final score S of the protocol security information is calculated as follows2Namely, the initial score of the protocol safety information deducts the final score of the score corresponding to the protocol penalty factor:
Figure BDA0003598359430000175
wherein, TPRepresents the initial security score, Q, of the protocol(i,j)A j penalty factor, C, representing the ith protocolPRepresenting the number of protocols used in the network under test;
specifically, the final score S of the policy security information is calculated according to the following formula3Namely, the initial score of the policy security information deducts the final score of the score corresponding to the policy penalty factor:
Figure BDA0003598359430000181
wherein, TSRepresenting the policy initial Security score, RKRepresenting a security policy penalty factor.
Step S14: and calculating the security score of the network space based on the final score of the security information of each element, and judging the security level of the network space according to the security score of the network space.
Specifically, the network security total score S of the system to be tested is calculated according to the following formula:
S=S1+S2+S3 (28)
specifically, the network security rating L of the system to be tested may be obtained according to the following formula, and may also be in other rating forms, which is not limited herein:
Figure BDA0003598359430000182
example 2
An embodiment of the present invention provides an evaluation apparatus for network space security of a power monitoring system, as shown in fig. 4, including:
the information acquisition module 1 is used for establishing a security rating database, acquiring the security information of each element influencing the network space security in real time, and storing the security information of each element into the security rating database, wherein the security rating database is also used for storing the disclosed danger factor information; this module executes the method described in step S11 in embodiment 1, and is not described herein again.
The initial scoring module 2 is used for calculating the initial security score of the security information of each element according to the security information of each element in the security rating database and the influence factor and the penalty factor of each element; this module executes the method described in step S12 in embodiment 1, and is not described herein again.
A final scoring module 3, configured to calculate a final score of the security information of each element according to the security information of each element in the security rating database, using a plurality of penalty factors of the security information of each element and the initial security score of the security information of each element; this module executes the method described in step S13 in embodiment 1, and is not described herein again.
The rating module 4 is used for calculating the security score of the network space based on the initial security score and the final score of the security information of each element and the number of penalty factors of the security information of each element, and judging the security level of the network space according to the security score of the network space; this module executes the method described in step S14 in embodiment 1, and is not described herein again.
In one embodiment, the initial scoring apparatus includes:
the first computing unit is used for grading the equipment in the power monitoring system according to the equipment safety information; acquiring a preset grade weight corresponding to each grade, and calculating an initial security score of each grade device according to the number of each grade device, the influence factor of the security information and the preset grade weight corresponding to each grade; this module executes the method described in step S21 in embodiment 1, and is not described herein again.
The second calculation unit is used for taking the ratio of the influence factor of the protocol security information to the number of the protocols used by the network space as the initial security score of the protocol security information; this module executes the method described in step S22 in embodiment 1, and is not described herein again.
The third calculation unit is used for taking the ratio of the influence factor of the policy security information to the number of the penalty factors of the policy security information as the initial security score of the policy security information; this module executes the method described in step S23 in embodiment 1, and is not described herein again.
In one embodiment, the final scoring module includes:
the weighting module is used for acquiring a corresponding weighting value of the safety information of each element under each punishment factor according to the safety information of each element; this module executes the method described in step S31 in embodiment 1, and is not described herein again.
The final scoring module is used for calculating the final score of the safety information of each element according to the corresponding weighted weight of the safety information of each element under each punishment factor, the initial safety score and the number of the punishment factors of the safety information of each element; this module executes the method described in step S32 in embodiment 1, and is not described herein again.
Example 3
An embodiment of the present invention provides a computer device, as shown in fig. 5, including: at least one processor 401, such as a CPU (Central Processing Unit), at least one communication interface 403, memory 404, and at least one communication bus 402. Wherein a communication bus 402 is used to enable connective communication between these components. The communication interface 403 may include a Display (Display) and a Keyboard (Keyboard), and the optional communication interface 403 may also include a standard wired interface and a standard wireless interface. The Memory 404 may be a RAM (random Access Memory) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The memory 404 may optionally be at least one memory device located remotely from the processor 401. Wherein the processor 401 may execute the evaluation method for cyber-space security of the power monitoring system of embodiment 1. A set of program codes is stored in the memory 404, and the processor 401 calls the program codes stored in the memory 404 for executing the evaluation method of the cyber-space security of the power monitoring system of embodiment 1.
The communication bus 402 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The communication bus 402 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one line is shown in FIG. 5, but this does not represent only one bus or one type of bus.
The memory 404 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (english: non-volatile memory), such as a flash memory (english: flash memory), a hard disk (english: hard disk drive, abbreviated: HDD) or a solid-state drive (english: SSD); the memory 404 may also comprise a combination of memories of the kind described above.
The processor 401 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP.
The processor 401 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
Optionally, the memory 404 is also used to store program instructions. The processor 401 may call a program instruction to implement the method for evaluating the cyber-space security of the power monitoring system according to embodiment 1.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer-executable instruction is stored on the computer-readable storage medium, and the computer-executable instruction can execute the method for evaluating the network space security of the power monitoring system in embodiment 1. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid-State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications of the invention may be made without departing from the scope of the invention.

Claims (10)

1.一种电力监控系统网络空间安全的评估方法,其特征在于,包括:1. an evaluation method for cyberspace security of a power monitoring system, characterized in that, comprising: 获取每种影响所述网络空间安全的要素的安全信息,并将每种要素的安全信息存储至建立的安全评级数据库中;Obtain the security information of each element that affects the cyberspace security, and store the security information of each element into the established security rating database; 根据所述安全评级数据库中的每种要素的安全信息和每种要素的影响因子及惩罚因子,计算每种要素的安全信息的初始安全评分;Calculate the initial safety score of the safety information of each element according to the safety information of each element and the impact factor and penalty factor of each element in the safety rating database; 根据所述安全评级数据库中的每种要素的安全信息,利用每种要素的安全信息的多个惩罚因子,以及每种要素的安全信息的初始安全评分,计算每种要素的安全信息的最终评分;According to the safety information of each element in the safety rating database, using the multiple penalty factors of the safety information of each element and the initial safety score of the safety information of each element, calculate the final score of the safety information of each element ; 基于每种要素的安全信息的最终评分,计算所述网络空间的安全评分,并根据所述网络空间的安全评分,判定所述网络空间的安全等级。Based on the final score of the security information of each element, the security score of the cyberspace is calculated, and the security level of the cyberspace is determined according to the security score of the cyberspace. 2.根据权利要求1所述的电力监控系统网络空间安全的评估方法,其特征在于,影响所述网络空间安全的要素的安全信息包括:设备安全信息、协议安全信息及策略安全信息。2 . The method for evaluating cyberspace security of a power monitoring system according to claim 1 , wherein the security information of the elements affecting the cyberspace security includes: equipment security information, protocol security information and policy security information. 3 . 3.根据权利要求2所述的电力监控系统网络空间安全的评估方法,其特征在于,根据所述安全评级数据库中的每种要素的安全信息和每种要素的影响因子及惩罚因子,计算每种要素的安全信息的初始安全评分的过程,包括:3. The method for evaluating cyberspace security of a power monitoring system according to claim 2, characterized in that, according to the security information of each element in the security rating database and the impact factor and penalty factor of each element, calculate each The process of initial security scoring of security information for various elements, including: 根据所述设备安全信息,对电力监控系统中的设备进行分级;获取每个等级所对应的预设等级权值,并根据每级设备的数量、所述安全信息的影响因子、每个等级所对应的预设等级权值,计算每个等级设备的初始安全评分;Classify the devices in the power monitoring system according to the device safety information; obtain the preset class weights corresponding to each class, and classify the devices in each class according to the number of devices at each class, the impact factor of the safety information, and the value of each class. The corresponding preset level weights are used to calculate the initial safety score of each level of equipment; 将协议安全信息的影响因子与所述网络空间所使用的协议数量的比值,作为所述协议安全信息的初始安全评分;Taking the ratio of the impact factor of the protocol security information to the number of protocols used in the cyberspace as the initial security score of the protocol security information; 将策略安全信息的影响因子与所述策略安全信息的惩罚因子的数量的比值,作为所述策略安全信息的初始安全评分。The ratio of the impact factor of the policy security information to the number of penalty factors of the policy security information is taken as the initial security score of the policy security information. 4.根据权利要求2所述的电力监控系统网络空间安全的评估方法,其特征在于,利用每种要素的安全信息的惩罚因子及初始安全评分,计算每种要素的安全信息的最终评分的过程包括:4. The method for evaluating cyberspace security of a power monitoring system according to claim 2, wherein the process of calculating the final score of the security information of each element is calculated using the penalty factor and the initial security score of the security information of each element include: 根据每种要素的安全信息,获取每种要素的安全信息在每种惩罚因子下的对应的加权权值;According to the security information of each element, obtain the corresponding weighted weight of the security information of each element under each penalty factor; 根据每种要素的安全信息在每种惩罚因子下的对应的加权权值、初始安全评分、每种要素的安全信息的惩戒因子的数量,计算每种要素的安全信息的最终评分。The final score of the security information of each element is calculated according to the corresponding weighted weight of the security information of each element under each penalty factor, the initial security score, and the number of penalty factors of the security information of each element. 5.根据权利要求4所述的电力监控系统网络空间安全的评估方法,其特征在于,所述设备安全信息的惩罚因子包括:危险因素惩戒因子、网络可用性惩罚因子、网络攻破率惩罚因子、影响设备惩罚因子、设备受影响时间惩罚因子、攻击工具数量惩罚因子、攻击花费时间惩罚因子。5 . The method for evaluating cyberspace security of a power monitoring system according to claim 4 , wherein the punishment factors of the equipment safety information include: risk factor punishment factor, network availability punishment factor, network breach rate punishment factor, influence Device penalty factor, device impact time penalty factor, number of attack tools penalty factor, and attack time penalty factor. 6.根据权利要求4所述的电力监控系统网络空间安全的评估方法,其特征在于,所述协议安全信息的惩罚因子包括:协议漏洞数量惩罚因子、协议认证惩罚因子、协议权限区分惩罚因子、协议广播抑制惩罚因子、协议加密惩罚因子、协议编程性惩罚因子。6. The method for evaluating cyberspace security of a power monitoring system according to claim 4, wherein the penalty factor of the protocol security information comprises: a protocol loophole number penalty factor, a protocol authentication penalty factor, a protocol authority distinction penalty factor, Protocol broadcast suppression penalty factor, protocol encryption penalty factor, and protocol programming penalty factor. 7.根据权利要求4所述的电力监控系统网络空间安全的评估方法,其特征在于,所述策略安全信息的惩罚因子包括:系统密码惩罚因子、系统防火墙惩罚因子、系统访问控制惩罚因子、系统备份恢复惩罚因子、系统审计惩罚因子、系统漏洞检查惩罚因子。7. The method for evaluating cyberspace security of a power monitoring system according to claim 4, wherein the penalty factor of the policy security information comprises: a system password penalty factor, a system firewall penalty factor, a system access control penalty factor, a system Backup recovery penalty factor, system audit penalty factor, system vulnerability check penalty factor. 8.一种电力监控系统网络空间安全的评估装置,其特征在于,包括:8. An evaluation device for cyberspace security of a power monitoring system, characterized in that it comprises: 信息获取模块,用于获取每种影响所述网络空间安全的要素的安全信息,并将每种要素的安全信息存储至建立的安全评级数据库中;an information acquisition module, used for acquiring the security information of each element affecting the cyberspace security, and storing the security information of each element in the established security rating database; 初始评分模块,用于根据所述安全评级数据库中的每种要素的安全信息和每种要素的影响因子及惩罚因子,计算每种要素的安全信息的初始安全评分;an initial scoring module, configured to calculate the initial safety score of the safety information of each element according to the safety information of each element and the impact factor and penalty factor of each element in the safety rating database; 最终评分模块,用于根据所述安全评级数据库中的每种要素的安全信息,利用每种要素的安全信息的多个惩罚因子,以及每种要素的安全信息的初始安全评分,计算每种要素的安全信息的最终评分;A final scoring module, configured to calculate each element according to the safety information of each element in the safety rating database, using the multiple penalty factors of the safety information of each element, and the initial safety score of the safety information of each element the final score of the security information; 评级模块,用于基于每种要素的安全信息的最终评分,计算所述网络空间的安全评分,并根据所述网络空间的安全评分,判定所述网络空间的安全等级。The rating module is configured to calculate the security score of the cyberspace based on the final score of the security information of each element, and determine the security level of the cyberspace according to the security score of the cyberspace. 9.一种计算机设备,其特征在于,包括:至少一个处理器,以及与所述至少一个处理器通信连接的存储器,其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器执行权利要求1-7中任一所述的电力监控系统网络空间安全的评估方法。9. A computer device, comprising: at least one processor, and a memory communicatively connected to the at least one processor, wherein the memory stores instructions executable by the at least one processor, The instructions are executed by the at least one processor to cause the at least one processor to execute the method for evaluating cyberspace security of a power monitoring system according to any one of claims 1-7. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机指令,所述计算机指令用于使所述计算机执行权利要求1-7中任一所述的电力监控系统网络空间安全的评估方法。10. A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions, the computer instructions are used to make the computer perform the power monitoring according to any one of claims 1-7 Methods for evaluating system cyberspace security.
CN202210398273.0A 2022-04-15 2022-04-15 A method and system for evaluating cyberspace security of power monitoring system Active CN114745287B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210398273.0A CN114745287B (en) 2022-04-15 2022-04-15 A method and system for evaluating cyberspace security of power monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210398273.0A CN114745287B (en) 2022-04-15 2022-04-15 A method and system for evaluating cyberspace security of power monitoring system

Publications (2)

Publication Number Publication Date
CN114745287A true CN114745287A (en) 2022-07-12
CN114745287B CN114745287B (en) 2025-02-28

Family

ID=82281772

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210398273.0A Active CN114745287B (en) 2022-04-15 2022-04-15 A method and system for evaluating cyberspace security of power monitoring system

Country Status (1)

Country Link
CN (1) CN114745287B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115622783A (en) * 2022-10-21 2023-01-17 国网上海市电力公司 A Vulnerability Risk Grading Method for Power Monitoring System Based on Complex Network
CN116015813A (en) * 2022-12-19 2023-04-25 北京威努特技术有限公司 A self-protection device for firewall equipment and its protection strategy processing method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106355343A (en) * 2016-09-06 2017-01-25 深圳供电局有限公司 A comprehensive risk assessment method for distribution network
CN106651219A (en) * 2017-01-06 2017-05-10 东方电子股份有限公司 Power distribution network frame risk assessment method considering penalty factor
CN111556037A (en) * 2020-04-21 2020-08-18 杭州安恒信息技术股份有限公司 Method and device for evaluating security index of website system
CN111565184A (en) * 2020-04-29 2020-08-21 杭州安恒信息技术股份有限公司 Network security assessment device, method, equipment and medium
US20210211450A1 (en) * 2020-01-02 2021-07-08 Saudi Arabian Oil Company Method and system for prioritizing and remediating security vulnerabilities based on adaptive scoring

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106355343A (en) * 2016-09-06 2017-01-25 深圳供电局有限公司 A comprehensive risk assessment method for distribution network
CN106651219A (en) * 2017-01-06 2017-05-10 东方电子股份有限公司 Power distribution network frame risk assessment method considering penalty factor
US20210211450A1 (en) * 2020-01-02 2021-07-08 Saudi Arabian Oil Company Method and system for prioritizing and remediating security vulnerabilities based on adaptive scoring
CN111556037A (en) * 2020-04-21 2020-08-18 杭州安恒信息技术股份有限公司 Method and device for evaluating security index of website system
CN111565184A (en) * 2020-04-29 2020-08-21 杭州安恒信息技术股份有限公司 Network security assessment device, method, equipment and medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115622783A (en) * 2022-10-21 2023-01-17 国网上海市电力公司 A Vulnerability Risk Grading Method for Power Monitoring System Based on Complex Network
CN115622783B (en) * 2022-10-21 2026-01-16 国网上海市电力公司 A vulnerability risk assessment method for power monitoring systems based on complex networks
CN116015813A (en) * 2022-12-19 2023-04-25 北京威努特技术有限公司 A self-protection device for firewall equipment and its protection strategy processing method

Also Published As

Publication number Publication date
CN114745287B (en) 2025-02-28

Similar Documents

Publication Publication Date Title
US11637853B2 (en) Operational network risk mitigation system and method
CN103905451B (en) System and method for trapping network attack of embedded device of smart power grid
CN114584405A (en) Electric power terminal safety protection method and system
JP7396371B2 (en) Analytical equipment, analytical methods and analytical programs
CN103905450B (en) Intelligent grid embedded device network check and evaluation system and check and evaluation method
Chalvatzis et al. Evaluation of security vulnerability scanners for small and medium enterprises business networks resilience towards risk assessment
CN118041673A (en) Network security analysis system based on big data
CN119484153B (en) A vulnerability accessibility rating method based on EPSS
CN114745287A (en) Assessment method and system for network space security of power monitoring system
CN120050067B (en) Satellite network multi-dimensional threat simulation method and system based on isolation forest detection
CN111786974A (en) Network security assessment method and device, computer equipment and storage medium
WO2025081596A1 (en) Risk assessment method and apparatus
CN118802195A (en) Network security situation assessment method, device, equipment and storage medium
CN113627808B (en) Security assessment method and system for third-party intelligent electric power Internet of things equipment of power distribution network
CN112738107B (en) Network security evaluation method, device, equipment and storage medium
CN118312961A (en) APP safety detection method and system
CN118194318A (en) A method, device and equipment for adjusting data processing strategy
CN114117337B (en) Unidirectional safety detection and multi-factor weighted evaluation system for industrial control terminal equipment
CN119011300B (en) SCAP-based security baseline checking method
CN118432945B (en) Network security assessment method and related device based on cloud computing
CN110489969B (en) System and electronic equipment for handling host mining virus based on SOAR
CN118075007A (en) A security protection method, device, electronic device and storage medium
CN115696339A (en) Security state assessment model construction and assessment method, device, medium and equipment
CN119513883B (en) Data security management and control method based on data application management platform
CN113127882B (en) A terminal security protection method, device, equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant