Research on a Vulnerability Management System for Power Enterprises Based on Block Chain

周刚; 舒忠虎; 黄振兴; 马丹彤; 卢贤应

doi:10.3969/j.issn.1008-0198.2025.06.004

English Version Reader LoginJournal Login

您当前的位置：

首页 >

文章列表页 >

Research on a Vulnerability Management System for Power Enterprises Based on Block Chain

更新时间：2026-02-06

- Research on a Vulnerability Management System for Power Enterprises Based on Block Chain
- Vol. 45, Issue 6, Pages: 26-32(2025)
- 作者机构：
  
  1. 国家能源集团岳阳发电有限公司,湖南,岳阳,414203
  2. 国家能源集团湖南电力有限公司,湖南,长沙,410007
  3. 中南财经政法大学信息工程学院,湖北,武汉,430073
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.1008-0198.2025.06.004
  CLC： TP399TM763
- Online First：13 January 2026，
  
  Published：2025
- 稿件说明：
移动端阅览
周刚, 舒忠虎, 黄振兴, 马丹彤, 卢贤应. 基于区块链的电力企业漏洞管理系统研究[J]. 湖南电力, 2025, 45(6): 26-32.

周刚, 舒忠虎, 黄振兴, et al. Research on a Vulnerability Management System for Power Enterprises Based on Block Chain[J]. 2025, 45(6): 26-32.
周刚, 舒忠虎, 黄振兴, 马丹彤, 卢贤应. 基于区块链的电力企业漏洞管理系统研究[J]. 湖南电力, 2025, 45(6): 26-32. DOI： 10.3969/j.issn.1008-0198.2025.06.004.

周刚, 舒忠虎, 黄振兴, et al. Research on a Vulnerability Management System for Power Enterprises Based on Block Chain[J]. 2025, 45(6): 26-32. DOI： 10.3969/j.issn.1008-0198.2025.06.004.

摘要

传统漏洞管理系统存在管理体系碎片化、数据篡改风险、修复责任追溯困难及参与者激励不足等问题

导致漏洞修复流程低效且难以监管。基于区块链技术的去中心化架构特性、不可篡改性与全链路追溯能力

集成智能合约、Token激励机制、定责机制及星际文件系统的分布式存储技术

构建电力企业漏洞管理系统。通过对漏洞数据存证、修复进度追踪、责任溯源、奖惩激励等多功能性模块的系统分析论证

表明该系统在区块链环境下能够有效保证电力企业漏洞管理的高效率和闭环管理

为电力企业漏洞管理提供一种新的解决方案。

Abstract

Traditional vulnerability management systems often face issues such as fragmented management frameworks

risks of data tampering

difficulties in tracing repair responsibilities

and insufficient incentives for participants

leading to inefficiency and hard-to-supervise of vulnerability remediation processes. To address these challenges

this study proposes a vulnerability management system for power enterprises based on the decentralized architecture

immutability

and full-chain traceability of block chain technology. The system integrates smart contracts

token-driven incentive mechanisms

responsibility assignment mechanisms

and distributed storage technology via the InterPlanetary File System (IPFS). Through systematic analysis and demonstration of multiple functional modules

including vulnerability data notarization

remediation progress tracking

responsibility tracing

and reward-punishment incentives

the proposed system can ensure high efficiency and closed-loop management of vulnerability management in power enterprises within a block chain environment

providing a novel solution for strengthening vulnerability management in the power sector.

关键词

Keywords

references

国家能源局. 电力发展“十三五”规划[R]. 北京:国家能源局,2016.

ANURAG K S,VENKATESH V,CARL H.Cyber infrastructure for the smart electric grid[M]. Hoboken,New Jersey:Wiley IEEE Press,2022:171-182.

杨一未,孙成昊. 关键信息基础设施保护体系建设与漏洞管理标准化研究[J]. 信息安全研究,2022,8(1):62-70.

赵永安,谢文博,张泽斌. 关于企业漏洞管理实践的探讨[J]. 中国信息安全,2022(6):47-50.

刘畅. 统一漏洞管理平台研究设计[J]. 信息安全研究,2022,8(2):190-195.

司冰茹,肖江,刘存扬,等. 区块链网络综述[J]. 软件学报,2024,35(2):773-799.

单瑞卿,盛阳,苏盛,等. 考虑攻击方身份的电力监控系统网络安全风险分析[J]. 电力科学与技术学报,2022,37(5):3-16.

冯陈佳,朱江,朱寅,等. 电力监控网安设备策略统一管理体系及其实践[J]. 信息安全研究,2024,10(5):481-488.

张亚伟,张问银,王九如,等. 基于区块链的数字资产管理系统框架设计与分析[J]. 计算机科学与应用,2019,9(1):28-37.

李森. 基于漏洞管理平台的聚焦爬虫技术研究分析[D]. 北京:北京邮电大学,2015.

陈泓达,冯云霞,牛云鹤. 基于IPFS区块链技术的工业互联网数据可信存储系统[J]. 计算机科学与应用,2022,12(5):1292-1300.

刘超,梁雪青,袁兴佳,等. 基于IPFS和区块链技术的可信数据安全存储和共享系统[J]. 微型电脑应用,2024,40(10):143-147.

李辰洋. BRaft:一种拜占庭容错的Raft算法[D]. 广州:华南理工大学,2018.

ASIAMAH E A,KEELSON E,AGBEMENU A S,et al.Optimizing blockchain querying:a comprehensive review of techniques,challenges, and future directions[J]. IEEE Access,2024,12:196282-196305.

NIST. Guide to enterprise vulnerability management:SP 800-40 Rev. 4[S]. Gaithersburg:National Institute of Standards and Technology,2023.

ZHANG Y,XU C,LI H,et al.Chronos:Secure and accurate time-stamping scheme for digital files via blockchain[C] //ICC 2019:2019 IEEE International Conference on Communications(ICC). Shanghai,China. IEEE,2019:1-6.

ALAVI S,BESSLER N,MASSOTH M.A comparative evaluation of automated vulnerability scans versus manual penetration tests on false-negative errors[C] //International Conference on Cyber-Technologies and Cyber-Systems. 2018.

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

No data

Related Author

No data

Related Institution

No data

AI问答

⁰