스마트그리드 기기의 침해사고 탐지 장치 및 방법

The present invention the attached HTML page through detailed as follows. Wherein, repeated description, the subject matter of the present invention can be unnecessarily haze known function, and description to operate dispensed to each other. Embodiments of the present invention per industry with average knowledge to account for the entire surface to which are disclosed. Thus, the shape and size of the elements in the drawing for and apparatus or the like can be described more specifically.

Below, preferred embodiments according to the present invention attached HTML page through detailed as follows.

Figure 1 shows a one embodiment of the invention smart grid device schematic represents a breach of event detection for comparing the surface environment are disclosed.

As shown in fig. 1, smart grid device a breach of event detection device (200) is applied environment smart grid device 1 (100 _ 1), smart grid device 2 (100 _ 2), ... N smart grid device (100 _N) (also referred to as "a plurality of smart grid devices" below.) is the lungs. And a plurality of smart grid device (100) are smart grid device a breach of event detection device (200) on a wired or wireless connected thereto.

A plurality of smart grid device (100) are non-volatile memory dump Image, system and application system comprising change information generated by the log data of each smart grid delivers the event detection device (200) components in the. The non-volatile memory dump Image system and application log data generated by smart grid device (100) is determined voltage coil in a base material are disclosed.

Also, a plurality of smart grid device (100) are smart grid device (100) identification information, the risky information, model name information comprising at least one smart grid device information along with information of smart grid voltage coil delivers the event detection device (200) can be sent. At this time, a plurality of smart grid device (100) are identification information, the risky information, model name at least one can be equal to each other.

And a plurality of smart grid device (100) of voltage coil receiving information from smart grid delivers the event detection device (200) has a analyzes the change information, determining whether or not the smart grid of security breach accident compared to other.

Unlike general PC or server system generally smart grid device, iteratively performs only the particular embedded devices, changes is relatively disclosed. Also, the same smart grid business the smart grid devices under similar environmental into a product for the application to installation and resident, to provide the same service based on the policies. The, smart grid Company are installed smart grid devices system change is almost similar shape.

The, smart grid device a breach of event detection device (200) is the smart grid devices utilizing characteristics of, time smart grid of system input port is made of a red substrate. The smart grid device detecting an object corresponding to a plurality of trend information model name or the same smart grid devices to smart grid information recording risky information corresponding mutual information similarity compared to trend information other. Well as grasp similar result, when the best similarity, abnormally activated and the corresponding smart grid device determined to be as follows.

Also, smart grid device a breach of event detection device (200) is generated by a particular security breach accident that the progression of interest smart grid device detecting a trend of information classifies information mutually compares.

Mutual comparison result, the maximum value or more similar degree, smart grid device a breach of event detection device (200) which receives security breach accident or determines, corresponding security breach accident is can be suspected.

Figure 2 shows a breach of event detection components of a smart grid device also one embodiment of the invention indicating block are disclosed.

Also such as 2, smart grid device a breach of event detection device (200) received by a receiver (210), analysis unit (220) and a judging section (230) having a predetermined wavelength.

First, receiver (210) comprises a plurality of smart grid device (100) each system and application log data from non-volatile memory dump Image system including change information d2..

And analyzing portion (220) of received a plurality of system if there is a change information, file system information including at least one input port and input port log data produce a smart grid device according trend information.

Also, analysis unit (220) includes a non-volatile memory dump analyzing the images is generated searches the files, comprising using at least one of modified time and access time information, file system produce a input port information.

And analyzing unit (220) has a time information searches the log data analysis and applications, produce a log data input port information.

Analysis unit (220) includes a non-volatile memory dump storing processes, the creation of the file, modifying, and deleting access time and event from analyzing the contents of at least one of the event occurs or, system and application log data to event occurs a time and event from analyzing the contents of each other.

Finally, a judging section (230) is smart grid device 1 (100 _ 1) smart grid device 1 has resistant corresponding trend information 1 (100 _ 1) rest subfields has resistant corresponding trend 2 drive the smart grid devices, smart grid device 1 (100 _ 1) of security breach accident occurred even under the substrate.

The, a judging section (230) is received from each file system remaining smart grid device input port and input port information one event log data obtained, time-wise first 2 produce a trend information.

And a judging section (230) the seam unit, one unit, during the progress of information associated with the first 2 main units and wall unit number 1 is set in first compares trend information.

Also, a judging section (230) adjusted to correspond to the kind of the comparison a setup file system log data using at least one input port and input port information 1 2 compares first trend information associated with the first trend information.

Descriptions for the sake of convenience, smart grid device a breach of event detection device (200) is detected target smart grid device 1 (100 _ 1) corresponding to the first 1 and the remainder smart grid devices has resistant corresponding trend information by comparing the trend information 2, smart grid device 1 (100 _ 1) or an accident security breach of which are described. However limited without, smart grid device a breach of event detection device (200) is trend information corresponding to a plurality of smart grid devices using security breach accident is suspected of detecting smart grid device may be filled.

The, a judging section (230) comprises a plurality of smart grid devices using input from the classification algorithms is moved along the trend information, information corresponding to the number of best smart grid device security breach accident progression determines that other.

Also, a judging section (230) includes a security breach accident is to determine the smart grid device for storing the security breach accident trend information corresponding to information corresponding to the breach accident progression compared, to determine the similar degree. Similar degree and the maximum value or more, smart grid device a breach of event detection device (200) is for storing the corresponding security breach accident or determines, corresponding security breach accident is can be suspected.

Embodiments of the invention also is less than the 3 and 4 also seen through the smart grid device a breach of event detection method more detailed as follows.

Figure 3 shows a one embodiment of the invention smart grid device a breach of event detection presents a flow operation are disclosed.

First, smart grid device a breach of event detection device (200) comprises a plurality of smart grid devices (100) receives a (S310) system from the change information.

Smart grid device a breach of event detection device (200) comprises a plurality of smart grid devices (100) from non-volatile memory dump Image, system and application log data system including receives a change information.

The, smart grid device a breach of event detection device (200) has a corresponding change information smart grid device identification information, the risky information, model name information comprising at least one smart grid voltage coil can be smart grid data storage device information along with information. Also, smart grid device a breach of event detection device (200) includes a smart grid device identification information, the risky information and model name information for managing change information based on the system database information can be stored.

The smart grid device a breach of event detection device (200) of received system change information to analyze, produce a trend information (S320).

Smart grid device a breach of event detection device (200) includes a non-volatile memory dump storing processes, stores file with time, modified, access and to deleting the corresponding event is confirmed, produce a file system input port information. The, file system can be input port information table format. Also, smart grid device a breach of event detection device (200) includes a non-volatile memory dump Image analysis, of the deleted file is generated files, the file system easily modified time and access time can be input port information.

The smart grid device a breach of event detection device (200) has a and application log data to, system and application event is confirmed with time, produce a log data input port information. The, log data can be input port information table format.

Also, smart grid device a breach of event detection device (200) includes a smart grid device information is generated based on a database can be progression information managing information.

Finally, smart grid device a breach of event detection device (200) includes a security breach accident occurred even under the other (S330).

Smart grid device a breach of event detection device (200) includes a smart grid device 1 (100 _ 1) smart grid device 1 has resistant corresponding trend information 1 (100 _ 1) rest subfields has resistant corresponding trend 2 drive the smart grid devices, smart grid device 1 (100 _ 1) of security breach accident occurred even under the substrate. The, remaining smart grid tools are smart grid device 1 (100 _ 1) identification information, the risky information, model name information is equal to the at least one can be.

Figure 4 shows a S330 in security breach accident to explain the order of Figure 3 also determine whether the process are disclosed.

Such as also 4, smart grid device a breach of event detection device (200) is 2 (S410) produce a time-wise first trend information.

Smart grid device a breach of event detection device (200) includes a smart grid device 1 (100 _ 1) rest subfields smart grid device input port and input port information received from each file system contents of trend information receiving one event log data obtained, time-wise first 2 produce a trend information. The, time unit is minutes, be a molding unit and one unit.

The smart grid device a breach of event detection device (200) compares a setup of the progress of information number (S420).

Smart grid device a breach of event detection device (200) the seam unit, one unit, main unit, and wall unit in number 1 2 compares first set trend information associated with the first trend information.

For example, mutual molding unit reference is established, component-wise progression to exploit information, one unit mutual reference is established, wise in that by the trend information, mutual reference main units or wall unit is established one-wise progression trend information can be obtained through the mutual comparisons.

Next smart grid device a breach of event detection device (200) is adjusted depending on the type of comparison compares a setup of the progress of information (S430).

Smart grid device a breach of event detection device (200) adjusted to correspond to the kind of the comparison a setup file system log data using at least one input port and input port information 1 2 compares first trend information associated with the first trend information.

Setting from a user can be supplied with the kind of mutual comparison, comparison between circuit network information input port file system, file system log data input port log data between circuit network information inputted through a microphone and input port information input port information set corresponding to the kind of mutual comparison between the combined information during a comparison can in order to perform a comparison.

Finally, smart grid device a breach of event detection device (200) includes classifying progression, security breach accident occurred even under the other (S440).

Smart grid device a breach of event detection device (200) comprises a plurality of smart grid devices progression using designation information inputted from classification algorithms. The smart grid device a breach of event detection device (200) is less than the threshold number of smart grid device security breach accident information corresponding to progression determines that other.

Also, smart grid device a breach of event detection device (200) includes a security breach accident is to determine the smart grid device for storing the security breach accident trend information corresponding to information corresponding to the breach accident progression compared, to determine the similarity.

Any smart grid device security breach accident offered or any smart grid devices where abnormally operating outside, smart grid device information of the target smart grid information recording a plurality of smart grid devices the same progression information received from the inputs. Designation information input and progression using classification algorithms.

The, smart grid device a breach of event detection device (200) is best classified smart grid device offers a progression with low number information corresponding to the data be abnormal accident or device.

Also, security breach accident is generated when the, smart grid device a breach of event detection device (200) is generated security breach accident is mounted generated security breach an accident the same security breach accident judges whether other. The, smart grid device a breach of event detection device (200) is generated by a particular security breach accident that the progression of interest smart grid device detecting a trend of information classifies information mutually compares.

Mutual comparison result, the maximum value or more similar degree, smart grid device a breach of event detection device (200) is an object detection device judges that the smart grid corresponding to security breach accident or, can corresponding security breach accident is suspected.

One embodiment of the invention through smart grid device also is less than the 5 and 6 also breach of event detection device further progression information generated detailed as follows.

Figure 5 shows a one embodiment of the invention smart grid device a breach of accident detector for analyzing non-volatile memory dump Image representing the result of example are disclosed.

As also shown in the 5, smart grid device a breach of event detection device (200) includes a non-volatile memory dump storing processes, the creation of the file, modifying, and deleting contents of database information corresponding to an event type table access time event generated can be stored.

Figure 6 shows a one embodiment of the invention smart grid device a breach of accident detector system and application log data representing the result of analysis of the example are disclosed.

Also such as 6, of [su[su] E grid delivers the event detection device (200) has a and application log data to, event time and content database information stored in the memory table type can be generated.

The laser diode smart grid device a breach of apparatus and methods for detecting accident as described embodiments but can be applied to configuration and method of defined, various modifications can be made to the embodiments all or a portion of a front end of the selectively combined each embodiments of the disapproval.