基于区块链的电力企业漏洞管理系统研究

doi:10.3969/j.issn.1008-0198.2025.06.004

湖南电力 ›› 2025, Vol. 45 ›› Issue (6): 26-32.doi: 10.3969/j.issn.1008-0198.2025.06.004

• 专家专栏：考虑复杂安全边界的大规模新型电力系统规划建模与优化问题研究 • 上一篇下一篇

基于区块链的电力企业漏洞管理系统研究

周刚¹, 舒忠虎¹, 黄振兴², 马丹彤², 卢贤应³

1.国家能源集团岳阳发电有限公司,湖南岳阳 414203;
2.国家能源集团湖南电力有限公司,湖南长沙 410007;
3.中南财经政法大学信息工程学院,湖北武汉 430073

收稿日期:2025-08-11 修回日期:2025-10-13 出版日期:2025-12-25 发布日期:2026-01-13
通信作者: 卢贤应（2002）,男,硕士研究生,主要从事信息安全研究工作。
作者简介:周刚（1988）,男,工程师,主要研究领域为电力企业安全管理。舒忠虎（1972）,男,高级工程师,主要研究领域为电力企业安全管理。黄振兴（1986）,男,工程师,主要研究领域为火电优化调控。马丹彤（1990）,女,助理工程师,主要研究领域为电力企业安全运维。

Research on a Vulnerability Management System for Power Enterprises Based on Block Chain

ZHOU Gang¹, SHU Zhonghu¹, HUANG Zhenxing², MA Dantong², LU Xianying³

1. State Energy Group Yueyang Power Generation Co., Ltd., Yueyang 414203, China;
2. State Energy Group Hunan Electric Power Co., Ltd., Changsha 410007, China;
3. School of Information Engineering, Zhongnan University of Economics and Law,Wuhan 430073, China

Received:2025-08-11 Revised:2025-10-13 Online:2025-12-25 Published:2026-01-13

摘要/Abstract

摘要： 传统漏洞管理系统存在管理体系碎片化、数据篡改风险、修复责任追溯困难及参与者激励不足等问题,导致漏洞修复流程低效且难以监管。基于区块链技术的去中心化架构特性、不可篡改性与全链路追溯能力,集成智能合约、Token激励机制、定责机制及星际文件系统的分布式存储技术,构建电力企业漏洞管理系统。通过对漏洞数据存证、修复进度追踪、责任溯源、奖惩激励等多功能性模块的系统分析论证,表明该系统在区块链环境下能够有效保证电力企业漏洞管理的高效率和闭环管理,为电力企业漏洞管理提供一种新的解决方案。

关键词: 漏洞管理, 区块链, 激励机制, 闭环管理

Abstract: Traditional vulnerability management systems often face issues such as fragmented management frameworks, risks of data tampering, difficulties in tracing repair responsibilities, and insufficient incentives for participants, leading to inefficiency and hard-to-supervise of vulnerability remediation processes. To address these challenges, this study proposes a vulnerability management system for power enterprises based on the decentralized architecture, immutability, and full-chain traceability of block chain technology. The system integrates smart contracts, token-driven incentive mechanisms, responsibility assignment mechanisms, and distributed storage technology via the InterPlanetary File System (IPFS). Through systematic analysis and demonstration of multiple functional modules, including vulnerability data notarization, remediation progress tracking, responsibility tracing, and reward-punishment incentives, the proposed system can ensure high efficiency and closed-loop management of vulnerability management in power enterprises within a block chain environment, providing a novel solution for strengthening vulnerability management in the power sector.

Key words: vulnerability management, block chain, incentive mechanisms, closed-loop governance

中图分类号:

TP399
TM763

周刚, 舒忠虎, 黄振兴, 马丹彤, 卢贤应. 基于区块链的电力企业漏洞管理系统研究[J]. 湖南电力, 2025, 45(6): 26-32.

ZHOU Gang, SHU Zhonghu, HUANG Zhenxing, MA Dantong, LU Xianying. Research on a Vulnerability Management System for Power Enterprises Based on Block Chain[J]. Hunan Electric Power, 2025, 45(6): 26-32.

参考文献

[1] 国家能源局. 电力发展“十三五”规划[R]. 北京:国家能源局,2016.
[2] ANURAG K S,VENKATESH V,CARL H.Cyber infrastructure for the smart electric grid[M]. Hoboken,New Jersey:Wiley IEEE Press,2022:171-182.
[3] 国家信息安全漏洞库.CNNVD关于Apache Struts安全漏洞的通报[EB/OL]. (2024-12-12)[2025-05-23].https://www.cnnvd.org.cn/.
[4] 中华人民共和国国务院. 关键信息基础设施安全保护条例[EB/OL]. (2021-04-27)[2025-05-23]. https://www.gov.cn/gongbao/content/2021/content_5636138.htm.
[5] 杨一未,孙成昊. 关键信息基础设施保护体系建设与漏洞管理标准化研究[J]. 信息安全研究,2022,8(1):62-70.
[6] 赵永安,谢文博,张泽斌. 关于企业漏洞管理实践的探讨[J]. 中国信息安全,2022(6):47-50.
[7] 刘畅. 统一漏洞管理平台研究设计[J]. 信息安全研究,2022,8(2):190-195.
[8] MURUGIAH SOUPPAYA,KAREN SCARFONE. Guide to enterprise patch management planning: preventive maintenance for technology[EB/OL]. (2022-04-06)[2025-05-23]. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r4.pdf.
[9] Tenable Vulnerability Management. Expose and close your cyber weaknesses with the market-leading vulnerability management solution[EB/OL]. (2025-05-23)[2025-09-16]. https://www.tenable.com/products/vulnerability-management.
[10] Rapid7 InsightVM:vulnerability management tool[EB/OL].(2025-05-23)[2025-09-16].https://www.rapid7.com/products/insightvm/.
[11] Microsoft. Microsoft defender vulnerability management documentation[EB/OL]. (2025-05-23)[2025-09-16]. https://learn.microsoft.com/en-us/defender-vulnerability-management.
[12] 启明星辰. 天镜漏洞管理平台[EB/OL].(2025-09-16)[2025-09-16]. https://www.venustech.com.cn/u/cms/www/202305/11171158t2hu.pdf.
[13] 绿盟科技. 浙江省电力漏洞统一管理平台建设实践[EB/OL].(2025-09-16)[2025-09-16]. https://www.nsfocus.com.cn/html/2015/21_1231/240.html.
[14] 司冰茹,肖江,刘存扬,等. 区块链网络综述[J]. 软件学报,2024,35(2):773-799.
[15] 单瑞卿,盛阳,苏盛,等. 考虑攻击方身份的电力监控系统网络安全风险分析[J]. 电力科学与技术学报,2022,37(5):3-16.
[16] 冯陈佳,朱江,朱寅,等. 电力监控网安设备策略统一管理体系及其实践[J]. 信息安全研究,2024,10(5):481-488.
[17] 张亚伟,张问银,王九如,等. 基于区块链的数字资产管理系统框架设计与分析[J]. 计算机科学与应用,2019,9(1):28-37.
[18] 李森. 基于漏洞管理平台的聚焦爬虫技术研究分析[D]. 北京:北京邮电大学,2015.
[19] 陈泓达,冯云霞,牛云鹤. 基于IPFS区块链技术的工业互联网数据可信存储系统[J]. 计算机科学与应用,2022,12(5):1292-1300.
[20] 刘超,梁雪青,袁兴佳,等. 基于IPFS和区块链技术的可信数据安全存储和共享系统[J]. 微型电脑应用,2024,40(10):143-147.
[21] 李辰洋. BRaft:一种拜占庭容错的Raft算法[D]. 广州:华南理工大学,2018.
[22] ASIAMAH E A,KEELSON E,AGBEMENU A S,et al.Optimizing blockchain querying:a comprehensive review of techniques,challenges, and future directions[J]. IEEE Access,2024,12:196282-196305.
[23] NIST. Guide to enterprise vulnerability management:SP 800-40 Rev. 4[S]. Gaithersburg:National Institute of Standards and Technology,2023.
[24] ZHANG Y,XU C,LI H,et al.Chronos:Secure and accurate time-stamping scheme for digital files via blockchain[C] //ICC 2019:2019 IEEE International Conference on Communications(ICC). Shanghai,China. IEEE,2019:1-6.
[25] ALAVI S,BESSLER N,MASSOTH M.A comparative evaluation of automated vulnerability scans versus manual penetration tests on false-negative errors[C] //International Conference on Cyber-Technologies and Cyber-Systems. 2018.

基于区块链的电力企业漏洞管理系统研究

Research on a Vulnerability Management System for Power Enterprises Based on Block Chain

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价