Intelligent detection of IT assets in power grid enterprises based on signal processing and cyberspace

Abstract

Signal processing can complete the processing of various types of signals to obtain key data. Signal processing can also filter out redundant noise signals and ensure the quality of source signals. Due to the various functions of signal processing technology, it is widely used in network security, especially in IT asset detection and other aspects. Cyberspace is a general concept, which represents all devices associated with network connections. Detecting network assets in cyberspace means finding all networked devices. The detection of IT assets for power grid enterprises can help power grid enterprise IT administrators understand enterprise IT assets. At the same time, it can also discover the security loopholes existing in the operation of the current enterprise IT assets, and use the detection results to fix the loopholes as soon as possible to prevent the occurrence of network security incidents. This paper firstly sorts out the concepts of signal processing, cyberspace and power grid IT assets, then combines CNN and signal processing technology to design an intelligent detection strategy for power grid IT assets, and compares the designed strategy with the efficiency and other indicators of traditional detection methods. In contrast, finally, a cyberspace-based IT asset intelligent detection strategy was designed, and a power grid enterprise IT asset intelligent detection system was designed. Through the deployment strategy test environment, a test case was written in Python language, and the cyberspace-based IT asset intelligent detection was found. Compared with the traditional power grid enterprise IT asset detection scheme, the strategy has better performance in all aspects. The research adopts the method of modeling and analysis to calculate the signal values of the IT assets involved as much as possible, thereby greatly reducing the possible errors in the evaluation of enterprise IT assets. The test of the results obtained by the formula shows that the IT asset detection combined with the cyberspace search method shows superiority in different indicators.

Keywords

Signal processing cyberspace power grid enterprises IT asset detection

1. Introduction

1.1 Signal processing

Signal processing technology is the basis of the development of modern electronic technology, and it is widely used in the fields of communication and information [1]. Signal processing is divided into different types of operations, mainly filtering, switching signal time domain and frequency domain states, signal enhancement, noise removal and other operations. Fourier transformation, Laplace transformation and z transformation are the basic transformation operations in the field of signal processing [2]. With the continuous progress of oscillometric technology and signal display technology research, the application of signal processing to computer IT asset detection has become the focus of some scholars. Important directions, of which the main applications are shown in Table 1.

Table 1
Signal processing for IT asset detection

Num	Signal processing category	IT asset detection process
1	Time-frequency switching	Asset system confirmation
2	Signal enhancement	Assets are bound to the responsible person
3	Remove noise	Asset information confusion

1.2 Cyberspace

Cyberspace usually represents the network environment composed of all devices related to network domain names. There are many types of devices involved in cyberspace, among which computers are the main devices that make up the cyberspace environment. In the field of asset detection, cyberspace represents an asset detection method [3]. Cyberspace detection can not only discover the existence of all networked devices, but also further obtain the services running on the devices, the ports opened by the devices and the software corresponding to the system [4]. The agency predicts the development trend of cyberspace technology as shown in Fig. 1.

Figure 1.

The development trend of cyberspace technology.

1.3 Grid IT assets

IT assets usually represent network use-related equipment owned by an organization or enterprise. Because they have certain value and belong to the organization or enterprise, they are called enterprise IT assets [5]. Due to the needs of their own projects and company management, power grid enterprises usually need to deploy a large number of servers, computers, network communication and network switches and other equipment, which are collectively referred to as power grid enterprise IT assets [6]. The IT asset classes of grid companies are generally shown in Table 2.

Table 2
IT asset categories of power grid companies

Num	Type
1	Computer
2	Network switching equipment
3	Industrial IoT devices
4	Other

1.4 CNN

The difference between CNN and ordinary neural networks lies in the feature extraction method it has. The key lies in the special design of the convolution layer, and the pooling acquisition is also a key part. Because of its unique design, CNN can efficiently complete various classification problems. A large number of scholars use CNN to complete the work of classifying images with a high degree of discrimination, because the arrangement of its neural units is based on the length, width and height of the cube [7]. Some scholars have also used the neural network in the direction of vulnerability detection and classification in the field of network information protection [8]. After a large number of successful cases, the classification combined with CNN technology will significantly improve the efficiency of data set feature extraction compared with other traditional classification methods to reduce the labor cost in the manual data extraction part. Institutions predict the development trend of CNN technology, as shown in Fig. 2.

Figure 2.

Institutions predict the development trend of CNN technology.

2. Significance of IT asset detection for power grid enterprises

With the further increase in the popularity of the network, the relevant laws and regulations of my country’s network security have been promulgated, and enterprise information security has gradually become the focus of public attention [9]. Due to its importance in public life, power grid companies are particularly concerned about the security of their corporate IT assets. Important [10]. IT asset detection can directly and indirectly obtain the list of IT equipment running in power grid enterprises, use specific asset tags to obtain the specific information of IT assets, and bind IT assets with existing security vulnerabilities [11]. Deploy solutions to security vulnerabilities in advance of security incidents. In contrast, the traditional manual IT asset search method not only wastes a lot of labor costs, but also takes a lot of time and the statistical results are inaccurate.

The number of IT assets of power grid enterprises is extremely large and the scale is also large. After more than ten years of power IT development, a large number of different types of IT facilities have emerged. This situation requires the design of an effective IT asset detection method to solve the drawbacks of human statistics [12]. In addition, the power grid industry has high requirements for professional knowledge, and its equipment security is also different from other industries. For example, it may adopt communication methods of different protocols. In this case, the IT assets are unique to the power grid industry, and it is also the identification of IT assets of power grid enterprises. There’s also the issue of security. As the guardians of people’s daily electricity consumption, power grid enterprises manage IT equipment in different areas. This division of areas brings certain complexity to the detection of IT assets, and direct IT detection may trigger the equipment firewalls and firewalls of the IT assets themselves. The alarm mechanism can easily lead to a chaotic situation. These are the issues that power grid enterprises should pay attention to when detecting IT assets.

3. Intelligent detection strategy of IT assets based on CNN $+$ signal processing

For IT asset detection, if the asset belongs to the type with the system, the identification of the IT asset operating system will be carried out in most cases. In the case of a huge amount of IT assets total equipment, the identified operating system category will also be extremely complex. The feature of convolution feature extraction and classification allows it to participate in the classification of the operating system of IT assets and equipment at this time. However, when the operating systems of various equipment obtained by traditional IT asset detection are cluttered, manual analysis is required. data is processed [13].

IT asset detection is not able to obtain all the equipment types of IT assets. For switches, routers, printers and other IT assets that do not have an operating system, their intelligence is relatively low, and the asset detection process cannot be quickly determined. Category, the use of signal processing technology to actively detect such signals can find patterns in the testing process. For example, when a large number of unidentifiable devices appear in the detection of power grid IT assets, the regular wave after signal processing is actively sent to various unidentifiable IT devices of the power grid enterprise. If the pattern of the regular wave feedback also has specific rules, it can be used. The CNN technology further classifies the waveforms of specific feedback rules, further classifies the equipment into one category through on-site testing or other detection methods, and determines its asset type [14]. Due to the characteristics of its equipment type, most IT assets of the same type will feedback the same. After further processing the waveform by signal processing technology, the information corresponding to the waveform can be obtained, and finally, the specific type of the device can be detected.

The operation of IT assets and equipment of power grid enterprises often produces regular real-time changing signals, but due to the complex network environment, there may be noise. The Fourier transform in the signal processing technology can be used for basic processing, and the plunging and Z changes can further change the domain [15]. Combined with signal processing methods such as Kalman filtering, it can effectively remove the noise existing in IT assets and equipment. The interference increases its output signal, which is more conducive to CNN technology to classify and identify the IT assets of the power grid enterprise. In order to accurately obtain the role that signal processing technology can provide in the detection of IT assets of power grid enterprises, this paper adopts the calculation method of historical state distribution to perform time-frequency switching and denoising processing of signals [16]. This method sets the signal to be the sum of a special sequence of specified state rules. The proportion of the specific IT asset type signal of a power grid enterprise is set to $A(p)$ . The use of the historical state distribution calculation method to detect the IT asset needs to go through the following signal processing process.

(1) The first step is to pre-store the signal: let $A({p})=A({u})$ , ${u}=1$ , and select a special value.

(2) The signal value of the u-th IT asset is limited to $E({p})$ , and $E({p})$ signal pre-storage, signal extreme value calculation, signal fluctuation line division, absolute value calculation, signal mean value calculation, and signal variance calculation are also performed. The final pass $EP=\frac{\sum|A({u})|^{2}}{\sum{\left|{E({p})}\right|^{2}}}$ determines whether the signal conforms to the initially set rules.

(3) If the above steps can meet the characteristics of the historical state distribution calculation method, then the information of the IT asset equipment is successfully obtained at this time. The specific formulas and algorithms involved in this strategy are shown in Eqs (1) and (2).

$\displaystyle Q=\frac{Y}{10}\sum\limits_{x=1}^{n}{\sum\limits_{i=1}^{n}{\sum% \limits_{j=1,j\neq 1}^{n}{V_{ij}V_{xj}+\frac{U}{10}}}}\sum\limits_{x=1}^{n}{% \sum\limits_{i=1}^{n}{\sum\limits_{y=1,y=x}^{n}{P_{xi}P_{yi}}}}$ (1) $\displaystyle\frac{K}{10}\left[{\sum\limits_{x=1}^{n}{\left({\sum\limits_{i=1}% ^{n}{Q_{xi}-1}}\right)}^{6}\sum\limits_{i=1}^{n}{\left({\sum\limits_{x=1}^{n}{% Q-1}}\right)^{6}}}\right]$ (2)

After code analysis, the efficiency comparison between the strategy and the traditional detection method is shown in Fig. 3.

Figure 3.

Efficiency comparison between the strategy and traditional detection methods.

The accuracy of policy and traditional IT detection is shown in Fig. 4.

Figure 4.

Accuracy comparison between the strategy and traditional detection methods.

4. Intelligent detection strategy of IT assets based on cyberspace

Cyberspace-based IT detection is currently a relatively advanced information security management technology. When using direct and indirect solutions to get the list of IT assets, it can also combine information such as the operating system of the IT assets with the vulnerabilities discovered by scanning. It is necessary to continuously monitor the IT assets with security vulnerabilities. When the risks of security incidents are discovered, the IT asset administrators of the power grid enterprises are reminded in time to quickly resolve the risks. Cyberspace IT asset detection has been proposed by scholars as early as the millennium, and it represents a comprehensive exploration of different types of assets in the network environment [17]. The current direct and indirect asset detection methods correspond to the active and passive detection methods described by scholars to describe the asset situation in the network environment. For example, a power grid enterprise can monitor the assets related to the IP domain name of the power grid under the national network environment. The IT assets of these power grid enterprises mainly include Internet of Things equipment, industrial IT equipment, network-related equipment and computer system equipment. Combined with the IT assets of power grid enterprises, the specific mark of the network device is related to the address, network plug-in, port opening information, device version and manufacturer, computer system type, domain name situation, IP binding situation and the type of network equipment.

With the further application of network security technology, IT asset detection methods are also improving. The current IT asset detection also takes into account the overall structure of the enterprise IT assets and the detection and data display capabilities of the corresponding IT infrastructure equipment, and emphasizes the overall IT personal identity, equipment location, security vulnerabilities, network architecture and the basic situation of the assets in the cyberspace. Fusion, through rapid application in power grid enterprises to establish intelligent detection solutions, such as detection by combining convolutional neural networks and signal processing methods. Further characterization of the binding information of IT identities in cyberspace has gradually enriched the library of cyberspace detection methods.

Combining IT asset detection security technology with grid IT asset management requires the completion of the following functions: The first is dynamic scanning of grid IT assets. There is a dynamic change process in the IT assets of power grid enterprises. Manual statistics cannot obtain the dynamic changes of IT assets in real time. Direct detection can scan IT assets by continuously sending signals to establish a dynamic inventory [18]. The second is to complete statistics on the plug-ins, port openings, and computer systems corresponding to IT asset tags, bind IT assets to security vulnerabilities, and report assets with security vulnerabilities to the IT asset administrator. After that, the IT asset is bound to the corresponding person in charge. By binding the IT asset with the corresponding user information, the person in charge of the abnormal IT equipment can be detected, so that it can be notified in time, and security incident protection measures can be taken. The last step is the discovery of security vulnerabilities of IT assets. The vulnerability information is stored in the database in real time, and the subsequent asset vulnerabilities are compared with historical data, so as to quickly solve the current IT asset vulnerabilities based on historical experience. The efficiency comparison between the intelligent detection of IT assets in cyberspace and the traditional solution is shown in Fig. 5.

Figure 5.

Comparison of the efficiency of IT asset intelligent detection combined with cyberspace and traditional solutions.

5. Design and test of IT asset detection system for power grid enterprises

5.1 Overall scheme of the system

After an in-depth investigation of the IT asset security of power grid enterprises and the corresponding needs, the author designs the overall design of the power grid enterprise IT asset detection system based on the detection scheme designed in the first two chapters. Among them, the IT asset detection system of power grid enterprises mainly adopts three layers: operation, scheduling and engine. The top layer is the operation layer, which mainly supports functions such as vulnerability detection. This different level design can make the detection system more flexible and can also be used for different grid companies. The separation of vulnerability and IT asset detection will also be more conducive to subsequent expansion of new IT assets and equipment. The existence of the intermediate task management layer can ensure that all operations are recorded, which is convenient for the existence of logs. The top-level normative division can raise the IT asset management of power grid companies to more stringent standards. The details of the stratification are shown in Table 3.

Table 3
The overall scheme layering of the system

Layered	Details
Bottom layer	Engine
Middle layer	Schedule
Peak	Operate

5.2 IT asset detection

The system combines CNN signal processing and cyberspace technology strategy to comprehensively detect the IT assets of power grid enterprises through the direct detection scheme. The system can also use the indirect detection scheme in the signal processing technology to comprehensively analyze the regular signals returned by the unobvious equipment [19]. The signal processing method can also further reduce the IT equipment firewall alarm events caused by the direct detection of the IT equipment of the power grid enterprise. On the whole, the direct detection and indirect detection schemes cooperate to complete the effective detection of IT assets of power grid enterprises, and can display their asset information more comprehensively.

5.3 Vulnerability detection

The system designed this time not only has the detection function, but also adds the function of database history query. The administrator can analyze the IT asset security situation of his own enterprise by viewing and comparing the occurrence of information security incidents of other enterprise assets. The location of the security hole. In addition, due to the large number of IT assets in power grid enterprises, the software of the equipment is constantly being updated, and the possibility of loopholes is constantly changing. In order to realize the timely management of IT asset loopholes, the engine layer of the system can be combined to complete the information discovery from loopholes. IT asset binding, relevant responsible person binding, and automatic processes reported by enterprise security officers to achieve fully automated vulnerability avoidance operations.

5.4 IT asset management of power grid enterprises

This system classifies the IT assets of power grid enterprises according to their importance, and combined with the CNN classification scheme, it can complete automatic classification operations based on feature extraction during asset detection without manual operation. The system has also set a button to customize the import of IT asset categories. After importing the IT assets of power grid companies into the system through Excel or other text, the subsequent detection can be combined with its information to conduct in-depth searches. In addition, this system can also complete the association and binding of IT assets with the corresponding person in charge of IT assets of the power grid enterprise, and allocate non-responsible equipment according to the situation of the enterprise to ensure that each IT asset is assigned to the corresponding person in charge. This facilitates subsequent management.

Since many information security incidents of power grid enterprises are caused by inaccurate detection of IT asset vulnerabilities, establishing an effective IT asset detection scheme to find IT asset vulnerabilities in advance is the best solution for power grid enterprise IT asset security management. The CNN, signal processing and cyberspace engine solutions introduced in this paper can achieve better solutions than traditional solutions in terms of vulnerability classification, vulnerability noise filtering and personnel warning corresponding to vulnerabilities. A system that integrates multiple solutions can realize vulnerability detection. Prediction and early resolution, but the premise is to build a good software and hardware environment for the detection of IT assets of power grid enterprises. Since this paper also needs to pre-store historical enterprise IT asset information security events and vulnerability information, and the number of devices scanned each time is also huge, it is necessary to adopt a higher system configuration to complete the effective operation of the system. The hardware environment is shown in Table 4.

Table 4
System hardware

Configuration content	Details
CPU	Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz 2.21GHz
Memory	64.00 GB
Graphic	ROG 12900K RTX3090 3080ti

The software configuration of this system is shown in Table 5. The closed-source Linux system is selected to run the training set, the program running software is Anaconda, and the CNN convolutional neural network is developed using the Tensorflow platform.

Table 5

Software environment for network construction

Configuration	Version
System class	Ubuntu
Code package	Annaconda
Signal process	Matlab
Training platform	Tensorflow

6. Conclusion

Cyberspace detection can not only discover the existence of all networked devices, but also further obtain the services running on the device, the ports opened by the device, and the version of the device software and the system. The use of signal processing for computer IT asset detection is also a current trend. This paper first describes the basic theory of signal processing, cyberspace and power grid IT assets, then combines CNN and signal processing technology to design a method for intelligent detection of power grid IT assets, shows the advanced nature of its design by comparing with traditional detection methods, and finally designs an IT asset intelligent detection strategy based on cyberspace. Through the test environment of the deployment strategy, a test program for the cyberspace exploration strategy was written in Python language. The final test results showed that the IT asset detection combined with the cyberspace search method. It s

hows superiority in different indicators. The construction of the research model, to a large extent, solves the problem of estimation error caused by the change in the quantity of IT assets of power grid companies and the continuous updating of equipment software. However, due to the large differences in the situation of each power grid enterprise, the coefficients of various assets cannot be simply unified. Therefore, in the following research, a representative power grid enterprise is prepared to conduct case analysis, and find out the optimization scheme of the coefficient of determination.

References

Khosravian

Amirkhani

Masih-Tehrani

. Enhancing the robustness of the convolutional neural networks for traffic sign detection. Proc Inst Mech Eng, Part D: J Auto Eng. 2021; 236(8): 1849-1861.

Mirmazloumi

Gambin

ÁF

Wassie

Barra

Palamà

Crosetto

Monserrat

Crippa

. INSAR deformation time series classification using a convolutional neural network. Int Arch Photogramm, Remote Sens Spatial Inf Sci. 2022; XLIII-B3-2022: 307-312.

Huang

Guo

Jiang

. Research on power network spatial mapping and infiltration technology. Electr Power Inf Commun Technol. 2021; 19(12): 49-54.

Wang

Xiang

Pan

Chen

Zhou

Zhang

. A deep convolutional neural network for topology optimization with perceptible generalization ability. Eng Optim. 2022; 54(6): 973-988.

BDNA Corporation. BDNA and InQuisient partner to demonstrate increased IT asset visibility, enriched enterprise architecture, new cybersecurity planning capability. Information Technology Newsweekly; 2016.

Zhang

Qian

Chen

Shi

. Design and characterization of third-order Sallen-Key digital filter in nuclear signal processing. Appl Radiat Isotopes. 2022; 186: 110277.

Cox

James

Aimone

. A signal processing approach for cyber data classification with deep neural networks. Proc Comput Sci. 2015; 61: 349-354.

Cornaggia

Ferrari

Zola

Rizzi

Gentile

. Signal processing methodology of response data from a historical arch bridge toward reliable modal identification. Infrastruct. 2022; 7(5): 74.

. Combining cyberspace assets to detect vulnerability information. China Edu Network. 2021; (12): 57-58.

10.

Shimoda

Kokuyama

Nozato

. Precise sinusoidal signal extraction from noisy waveform in vibration calibration. Metrologia. 2022. Available from: doi: 10.1088/1681-7575/ac6cba.

11.

Liu

Yao

Sun

Liu

Bao

Jia

. Overview of classification and application of cyberspace surveying and mapping system. Inf Technol Network Secur. 2021; 40(10): 16-21+28.

12.

Ebihara

Ogasawara

Mizutani

. Underwater acoustic communication using orthogonal signal division multiplexing with windowing. Jpn J Appl Phys. 2016; 55: 037301.

13.

Cheng

Zhang

Liu

. Research on cyberspace asset detection and analysis technology. Confidential Sci Technol. 2021; (3): 13-19.

14.

. Analysis and application of intelligent detection in cyberspace. Sci Technol Innovation. 2020; (7): 83-84.

15.

Shi

Ruan

. Application research of cyberspace surveying and mapping technology. Confidential Sci Technol. 2021; (3): 20-28.

16.

Luo

Liu

. A new information space defined by algorithms: Research on comprehensive management based on the characteristics of network search engines. Academic Forum. 2019; 42(3): 1-13.

17.

. Principle research and security application of cyberspace search engine. Cyberspace Secur. 2016; 7(5): 6-10.

18.

Chen

Qian

. Development of network asset identification and security risk detection software. Technol Mark. 2021; 28(3): 87-88+91.

19.

. Research and design of intelligent detection platform for regional Internet important information systems. Network Secur Technol Appl. 2020; (7): 26-27.

Intelligent detection of IT assets in power grid enterprises based on signal processing and cyberspace

Abstract

Keywords

1. Introduction

1.1 Signal processing

Table 1 Signal processing for IT asset detection

Table 2 IT asset categories of power grid companies

3. Intelligent detection strategy of IT assets based on CNN + signal processing

5.1 Overall scheme of the system

Table 3 The overall scheme layering of the system

5.3 Vulnerability detection

5.4 IT asset management of power grid enterprises

Table 4 System hardware

References

Table 1
Signal processing for IT asset detection

Table 2
IT asset categories of power grid companies

3. Intelligent detection strategy of IT assets based on CNN $+$ signal processing

Table 3
The overall scheme layering of the system

Table 4
System hardware