High-risk Problem of Penetration Testing of Power Grid Rainstorm Disaster Artificial Intelligence Prediction System and Its Countermeasures

摘要

System penetration testing is an important measure of discovering information system security issues. This paper summarizes and analyzes the high-risk problems found in the penetration testing of the artificial storm prediction system for power grid storm disasters from four aspects: application security, middleware security, host security and network security. In particular, in order to overcome the blindness of PGRDAIPS current SQL injection penetration test, this paper proposes a SQL blind bug based on improved second-order fragmentation reorganization. By modeling the SQL injection attack behavior and comparing the SQL injection vulnerability test in PGRDAIPS, this method can effectively reduce the blindness of SQL injection penetration test and improve its accuracy. With the prevalence of ubiquitous power internet of things, the electric power information system security defense work has to be taken seriously. This paper can not only guide the design, development and maintenance of disaster prediction information systems, but also provide security for the Energy Internet disaster safety and power meteorological service technology support.