Research And Development Of Terminal Security Monitoring Technology For Power Internet Of Things

The power Internet of Things is applied to all aspects of the business and production of the power system.The network intrusion of the Internet of Things devices and the security protection of the devices are constrained by the performance and operating environment of the Internet of Things.The traditional protection methods cannot effectively solve the security threats of the Internet of Things.The power Internet of Things urgently needs to study the technical means of network security monitoring suitable for power Internet of Things terminals based on the traditional boundary isolation defense and the analysis of network message attack characteristics.This paper proposes a zero-trust-based power Internet of Things security protection architecture,based on the four dimensions of subject,object,environment,and behavior,building a security system for terminal applications,terminal systems,and user operations.Secondly,based on device network traffic monitoring,dynamic behavior monitoring of devices is constructed from three aspects:traffic characteristics,message keyword characteristics,and network behavior characteristics.1.Analyze the packet header characteristics of network traffic to obtain the network flow order vector;2.Use the method of packet clustering to extract the keywords and keyword combinations of the network flow order vector,and obtain the external characteristics of the network traffic through analysis to realize the flow Feature monitoring;3.Analyze the frequency and time slot of key fields and keyword combinations in the terminal network traffic,establish a whitelist of protocol keywords;4.Analyze the frequency and time slots of keywords and keyword combinations,and determine the device portrait The security threshold of the frequency of the protocol keywords and the time slot;5.By portraying the security baseline of the devices network access behavior,statistical analysis from the aspects of ICMP,DNS,WEB,the baseline of the device network access behavior is obtained,and the network access profile of the device is realized Monitoring.Based on the device portrait,it can effectively monitor malicious or counterfeit terminal devices to achieve the effect of terminal network security monitoring.