CN110221581A - Industrial control network monitoring device and method - Google Patents
Industrial control network monitoring device and method Download PDFInfo
- Publication number
- CN110221581A CN110221581A CN201910342151.8A CN201910342151A CN110221581A CN 110221581 A CN110221581 A CN 110221581A CN 201910342151 A CN201910342151 A CN 201910342151A CN 110221581 A CN110221581 A CN 110221581A
- Authority
- CN
- China
- Prior art keywords
- industrial control
- control network
- module
- monitoring device
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012806 monitoring device Methods 0.000 title claims abstract description 40
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012544 monitoring process Methods 0.000 claims abstract description 101
- 238000004891 communication Methods 0.000 claims abstract description 69
- 238000004458 analytical method Methods 0.000 claims abstract description 26
- 230000008569 process Effects 0.000 claims abstract description 14
- 239000000463 material Substances 0.000 claims description 11
- 238000001914 filtration Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 5
- 235000013399 edible fruits Nutrition 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 6
- 238000011161 development Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 230000007704 transition Effects 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 230000013016 learning Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
- G05B19/4185—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/31—From computer integrated manufacturing till monitoring
- G05B2219/31105—Remote control of network controller
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Manufacturing & Machinery (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present embodiments relate to field of information security technology, a kind of industrial control network monitoring device and method are disclosed.In the present invention, a kind of industrial control network monitoring device, comprising: policy enforcement module and safety monitoring module;Policy enforcement module obtains preset business game, and execute safety monitoring operation according to business game for carrying out the parsing result that deep analysis obtains according to the communication data in industrial control network;Wherein, different parsing results corresponds to different business games;Safety monitoring module is connect with policy enforcement module, monitoring data obtained in safety monitoring operating process is executed for acquisition strategy execution module, and analyze monitoring data, to determine whether there is exception.The embodiment of the invention also provides a kind of industrial control network monitoring methods, and the security protection ability of industrial control system can be improved.
Description
Technical field
The present embodiments relate to field of information security technology, in particular to a kind of industrial control network monitoring device and side
Method.
Background technique
Industry internet is that global industry system is merged with advanced calculating, analysis, induction technology and internet connection
As a result, as the important foundation stone of the fourth industrial revolution and the critical support strength of digitlization transition, industry internet greatly adds
The speed depth integration of traditional industry and Information and Communication Technology, just constantly overturns conventionally manufactured mode, production group in the world
Knit mode and Industrial form, become push conventional industries accelerate transition and upgrade, new industry accelerated development grow new power and
New engine.Wherein, industrial data is the critical resource factor of industry internet acquisition, transmission, storage, analysis and application, and with
Industry internet innovation and development strategy deeply carry out and implement and be constantly endowed new mission, become boosting modern industry body
The baseline power of system's upgrading and support manufacturing industry digitlization, networking, intelligent transition.
However, it is found by the inventors that at least there are the following problems in the prior art: since traditional industrial control system is mostly
It using the close network of special technology, does not interconnect externally, correspondingly, the various Industry Controls in industrial control system are set
Standby, application, system, communication protocol are all designed mainly for proprietary enclosed environment.Due to not real information security prestige
The side of body, industrial automation control system consider network attack, information security etc. during design, realizing with deployment, without excessive
Problem.But with the universal of industry internet and development, outstanding day by day, Industry Control the problems such as network attack, information security
The lower security protection ability of system becomes current technical problem urgently to be resolved.
Summary of the invention
Embodiment of the present invention is designed to provide a kind of industrial control network monitoring device and method, allows to mention
The security protection ability of high industrial control system.
In order to solve the above technical problems, embodiments of the present invention provide a kind of industrial control network monitoring device, packet
It includes: policy enforcement module and safety monitoring module;Policy enforcement module, for according to the communication data in industrial control network
The parsing result that deep analysis obtains is carried out, obtains preset business game, and safety monitoring operation is executed according to business game;
Wherein, different parsing results corresponds to different business games;Safety monitoring module is connect with policy enforcement module, for obtaining
Policy enforcement module executes monitoring data obtained in safety monitoring operating process, and analyzes monitoring data, with determination
With the presence or absence of exception.
Embodiments of the present invention additionally provide a kind of industrial control network monitoring method, comprising: according to Industry Control
Communication data in network carries out the parsing result that deep analysis obtains, and obtains preset business game, and according to business game
Execute safety monitoring operation;Wherein, different parsing results corresponds to different business games;Execution safety monitoring is obtained to operate
Monitoring data obtained in journey, and monitoring data are analyzed, to determine whether there is exception.
In terms of existing technologies, a kind of industrial control network monitoring device provided includes: embodiment of the present invention
Policy enforcement module and safety monitoring module;Policy enforcement module, for according to the communication data in industrial control network into
The parsing result that row deep analysis obtains obtains preset business game, and executes safety monitoring operation according to business game;Its
In, different parsing results corresponds to different business games;Safety monitoring module is connect with policy enforcement module, for obtaining plan
Slightly execution module executes monitoring data obtained in safety monitoring operating process, and analyzes monitoring data, is with determination
It is no to there is exception.In present embodiment, parsed by carrying out deep analysis to the communication data in industrial control network
As a result, business game corresponding with parsing result is got again, and in the step of executing safety monitoring operation according to business game,
Since different parsing results corresponds to different business games, and the safety monitoring operation of policy enforcement module is specifically basis
Business game is performed, so that can execute different safety monitoring operations according to different business games, i.e., safely
The specific aim of monitoring operation is stronger, so as to improve the security protection ability of industrial control system.
In addition, protocol resolution module, is also used to before determining the protocol type of industrial control network, to industrial control network
Communication data in network carries out safety filtering;If filter result meets early warning requirement, alert, and forbids determining work
The protocol type of industry control network.By carrying out safety filtering to the communication data in industrial control network in advance, and filtering
Alert when as a result meeting early warning requirement does not need to determine the protocol type of industrial control network, can make related work
Personnel's timely learning industrial control system is by security threat, to improve safety monitoring efficiency, further enhances industrial control
The security protection ability of system processed.
In addition, industrial control network monitoring device, further includes: state generation module;State generation module and data acquisition
Module connection, the communication data in industrial control network for being provided according to data acquisition module are automatically generated for characterizing
The network structure of each equipment working state in industrial control network.Since network structure can show industrial control network
In each equipment working state, facilitate relevant staff to the course of work, the communications status etc. of equipment each in industrial control network
Information is combed, so that precise positioning is rapidly carried out to anomalies determining that industrial control system deposits when abnormal, from
And improve safety monitoring efficiency.
In addition, being additionally provided in industrial control network monitoring device: expansion interface, expansion interface and data acquisition module connect
It connects;Expansion interface is for supporting privately owned industrial control protocols;Data acquisition module is also used to acquire the communication of expansion interface transmission
Data, and the communication data that expansion interface transmits is sent to protocol resolution module.By in industrial control network monitoring device
Expansion interface is set, and the secondary development of convenient privately owned being customized of industrial control protocols to different user can provide more
Add flexible extension and customization function, meets the individual demand of user.
Detailed description of the invention
One or more embodiments are illustrated by the picture in corresponding attached drawing, these exemplary theorys
The bright restriction not constituted to embodiment, the element in attached drawing with same reference numbers label are expressed as similar element, remove
Non- to have special statement, composition does not limit the figure in attached drawing.
Fig. 1 is that a kind of structure connection for industrial control network monitoring device that first embodiment provides according to the present invention is shown
It is intended to;
Fig. 2 is the structure connection for another industrial control network monitoring device that first embodiment provides according to the present invention
Schematic diagram;
Fig. 3 is that a kind of structure connection for industrial control network monitoring device that second embodiment provides according to the present invention is shown
It is intended to;
Fig. 4 is that a kind of structure connection for industrial control network monitoring device that third embodiment provides according to the present invention is shown
It is intended to;
Fig. 5 is a kind of flow chart for industrial control network monitoring method that the 4th embodiment provides according to the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Each embodiment be explained in detail.However, it will be understood by those skilled in the art that in each embodiment party of the present invention
In formula, in order to make the reader understand this application better, many technical details are proposed.But even if without these technical details
And various changes and modifications based on the following respective embodiments, the application technical solution claimed also may be implemented.
The first embodiment of the present invention is related to a kind of industrial control network monitoring devices, as shown in Figure 1, comprising: strategy
Execution module 11 and safety monitoring module 12;Policy enforcement module 11, for according to the communication data in industrial control network
The parsing result that deep analysis obtains is carried out, obtains preset business game, and safety monitoring operation is executed according to business game;
Wherein, different parsing results corresponds to different business games;Safety monitoring module 12 is connect with policy enforcement module 11, is used for
Acquisition strategy execution module 11 executes monitoring data obtained in safety monitoring operating process, and analyzes monitoring data,
To determine whether there is exception.
In present embodiment, parsing knot is being obtained by carrying out deep analysis to the communication data in industrial control network
Fruit, then business game corresponding with parsing result is got, and in the step of executing safety monitoring operation according to business game, by
Different business games is corresponded in different parsing results, and the safety monitoring operation of policy enforcement module 11 is specifically basis
Business game is performed, so that can execute different safety monitoring operations according to different business games, i.e., safely
The specific aim of monitoring operation is stronger, so as to improve the security protection ability of industrial control system.
The realization details of the industrial control network monitoring device of present embodiment is specifically described below, it is interior below
Hold only for convenience of the realization details provided is understood, not implements the necessary of this programme.
Specifically, policy enforcement module 11, for carrying out depth solution according to the communication data in industrial control network
Obtained parsing result is analysed, obtains preset business game, and safety monitoring operation is executed according to business game;Wherein, different
Parsing result correspond to different business games.Communication data in industrial control network mentioned here may include but not
It is limited to following one of any or any combination thereof: the input value and output valve of function code, register address and controller.
Industrial control network monitoring device in present embodiment can also include: data acquisition module 13 and agreement solution
Module 14 is analysed, as shown in Figure 2.Data acquisition module 13 and protocol resolution module 14 connect, for acquiring in industrial control network
Communication data, and the communication data in industrial control network is sent to protocol resolution module 14;Protocol resolution module 14 with
Policy enforcement module 11 connects, for obtaining parsing result to the communication data progress deep analysis in industrial control network, and
Parsing result is sent to policy enforcement module 11.
Wherein, the protocol resolution module 14 in present embodiment can be supported to carry out depth to the communication data of several agreements
Parsing, agreement mentioned here can include but is not limited to: Modbus communication protocol, OPC communication protocol, IEC104 communication protocols
View, DNP3 communication protocol, IEC61850-GOOSE communication protocol, Fins communication protocol.
In addition, the protocol resolution module 14 in present embodiment, specifically for determining the protocol type of industrial control network,
And after determining the protocol type of industrial control network, based on identified protocol type to the communication number in industrial control network
According to progress deep analysis.Wherein, since the form of the function code of different communication protocol is different, protocol resolution module 14 can be combined
Port diagnostic and function code feature in data packet determine the protocol type of industrial control network, are determining industrial control network
Protocol type after, based on identified protocol type in industrial control network communication data carry out deep analysis.
In the present embodiment, protocol resolution module 14 can be also used in the protocol type for determining industrial control network
Before, safety filtering is carried out to the communication data in industrial control network;If filter result meets early warning requirement, alarm is issued
Information, and forbid determining the protocol type of industrial control network.
Specifically, data acquisition module 13 can store facility information all in industrial control network, protocol analysis mould
Communication data in the industrial control network that block 14 acquires data acquisition module 13 carries out layered security filtering.For example, agreement
Parsing module 14 first can be in the IP address and MAC Address of the communication data in link layer parsing industrial control network, inquiry
The facility information whether IP address and MAC Address belong to the storage of data acquisition module 13 issues alarm signal if be not belonging to
Breath, does not need to determine the protocol type of industrial control network, if the IP address and MAC Address belong to the storage of data acquisition module 13
Facility information, then the IP address and MAC Address are legal, then continue determine industrial control network protocol type.This reality
It applies in mode, by carrying out safety filtering to the communication data in industrial control network in advance, and meets early warning in filter result
It is required that when alert, do not need to determine the protocol type of industrial control network, relevant staff's timely learning can be made
Industrial control system is by security threat, to improve safety monitoring efficiency, further enhances the safety of industrial control system
Protective capacities.
It will be understood by those skilled in the art that by being carried out to the communication data in industrial control network in present embodiment
Deep analysis, host computer is to the instruction operation of slave computer, engineer station to situ industrial control in available Industry Control scene
The configuration change of device processed and to parsing results such as the inputs of live switching value and process variable threshold value.Policy enforcement module 11
According to preset business game acquired in parsing result, can include but is not limited to: based on intelligent material transhipment business game with
And the business game based on intelligent security guard.
It is illustrated by taking the business game transported based on intelligent material as an example:
Intelligent material transhipment is based on three-dimensional workshop map and industry internet, using high-definition monitoring camera, to intelligence
Can floor truck, the position of intelligent machine arm, movement, process flow carry out intelligent monitoring and control, realize to material from
Main carrying and self-loading and unloading.
The business game based on intelligent material transhipment in present embodiment may include: to obtain to pre-establish workshop
Threedimensional model obtains high accuracy three-dimensional workshop map, and executes safety prison according to the planning path and Navigation Control preset
Survey operation.In present embodiment, policy enforcement module 11 is operated according to the safety monitoring that business game executes, and mainly may include
Safety monitoring operation to Intelligent carrier and intelligent machine arm.
In practical applications, high-definition monitoring can be passed through according to the unique encodings index point being arranged on Intelligent carrier
Camera carries out real-time monitoring to Intelligent carrier;Vehicle-mounted vision, radar, laser sensor be can be combined with simultaneously to ring around
Border is perceived;According to three-dimensional workshop map realizing route planning, automatic obstacle avoiding, more Che Xiezuo, real-time holding and Industry Control
The location updating of network monitor device.The loading information of Intelligent carrier itself, such as weight, class can also be obtained simultaneously
Type, volume etc..Intelligent machine arm is equipped with visual sensor, so as in limited range to Intelligent carrier and object
Material carries out perception identification, finds Intelligent carrier and material level postpones, and material is grabbed in guidance intelligent machine arm handgrip completion
It takes or piles up, while material information being uploaded to the safety monitoring module 12 of industrial control network monitoring device, and in real time by intelligence
Can mechanical arm itself working condition, such as will identify, grab, grab completions, operate completion etc. states pass through industry
Internet is uploaded to safety monitoring module 12, executes safety monitoring so that safety monitoring module 12 gets policy enforcement module 11
Monitoring data obtained in operating process.
In present embodiment, due to safety monitoring module 12 can also be obtained by industry internet it is each intelligence carry it is small
Vehicle and the essential information (such as number, model, current working status, loading information, seized condition) of intelligent machine arm etc. are matched
Confidence breath, therefore, safety monitoring module 12 can be obtained based on these configuration informations acquired and from policy enforcement module 11
The monitoring data got, analyze monitoring data, to determine whether there is exception.
It is illustrated by taking the business game based on intelligent security guard as an example:
Intelligent security guard refers to the monitoring to circumference, the people of warning line or object progress is invaded in factory, enterprise.
The business game based on intelligent security guard in present embodiment may include: to obtain intelligent safety and defence system software frame
Structure, and safety monitoring operation is executed based on obtained intelligent safety and defence system software architecture.In present embodiment, policy enforcement module
11 operate according to the safety monitoring that business game executes, and mainly may include to the access in intelligent safety and defence system software architecture
Layer, basal layer, data Layer and the safety monitoring of service layer operation.
Wherein, access layer is mainly used for providing unified interface service system, controls with camera, off-line data and industry
The external equipments such as network monitor device processed carry out video image data acquisition with dock.
Basal layer is mainly used for providing Computational frame, such as off-line calculation, calculating and streaming computing etc. in real time, meets intelligence
The big datas such as all kinds of batch datas processing, online business diagnosis and real time monitoring, early warning calculate demand in energy security protection.
Data Layer can be divided into face special topic library and (refer to the face snap based on face picture corresponding to different applications
Library, face registration library and face blacklist library etc.), vehicle special topic library (referred to vehicle information bank, vehicle library, vehicle registration library and vehicle
Blacklist library), dangerous cargo warehouse etc..
Service layer: mainly including the functions such as recognition of face, vehicle identification and dangerous material identification.It is primarily implemented in data Layer
On the basis of, identified and compared using intelligent algorithms such as deep learnings, extract video and face in image, vehicle or
The features such as article.
In present embodiment, have since safety monitoring module 12 can also be got in factory, enterprise by industry internet
Permission enters the relevant information of circumference, the people of warning line or object, therefore, safety monitoring module 12 can based on these have permission into
Enter the monitoring data that circumference, the relevant information of the people of warning line or object and policy enforcement module 11 are got, to monitoring data
It is analyzed, to determine whether there is exception.
It should be noted that industrial control network monitoring device can be built-in with database, which has several
Business game carries out deep analysis to the communication data in industrial control network in protocol resolution module 14, obtains parsing result
Afterwards, policy enforcement module 11 can search business game corresponding with the parsing result according to the parsing result from database,
And safety monitoring operation is executed according to obtained business game.
In addition, it is necessary to illustrate, the preset business game in present embodiment, although providing only based on intelligent object
Expect the business game of transhipment and the specific example of the business game based on intelligent security guard, however in practical applications should not be with this
It is limited.
Specifically, safety monitoring module 12 is connect with policy enforcement module 11, is held for acquisition strategy execution module 11
Monitoring data obtained in row safety monitoring operating process, and monitoring data are analyzed, to determine whether there is exception.?
In practical application, it can execute every the preset time and once the analysis of monitoring data is operated, and analysis can be automatically generated
Report carries out statistical management convenient for relevant staff.Industrial control network monitoring device is built-in assessment template, to prison
After measured data is analyzed, assessment marking is carried out to analysis result automatically, if score is lower than preset threshold, it is determined that there are different
Often;If score is more than or equal to preset threshold, it is determined that there is no abnormal.
It is not difficult to find that a kind of industrial control network monitoring device that present embodiment provides, by industrial control network
Communication data in network carries out deep analysis and obtains parsing result, then gets business game corresponding with parsing result, and root
In the step of executing safety monitoring operation according to business game, since different parsing results corresponds to different business games, and
The safety monitoring operation of policy enforcement module 11 is specifically to be performed according to business game, so that can be according to different
Business game executes different safety monitoring operations, i.e. the specific aim of safety monitoring operation is stronger, so as to improve industrial control
The security protection ability of system processed.
Second embodiment of the present invention is related to a kind of industrial control network monitoring device.Second embodiment is first
It is further improved on the basis of embodiment, specifically thes improvement is that: in the present embodiment, industrial control network prison
Survey device, further includes: state generation module 21, as shown in Figure 3.
Industrial control network monitoring device in present embodiment, can also include: state generation module 21, and state generates
Module 21 and data acquisition module 13 connect, the communication number in industrial control network for being provided according to data acquisition module 13
According to, be automatically generated for characterization industrial control network in each equipment working state network structure.
Specifically, data acquisition module 13 can store the facility information of all devices in industrial control network, here
Described equipment refers to all equipment for having IP address in industrial control network.State generation module 21 can be controlled according to industry
These equipment that the facility information of all devices and data acquisition module 13 provide in network processed are in industrial control network
Communication data generates the network structure of each equipment working state, for characterizing each equipment working state in industrial control network,
So as to show the information such as the ongoing course of work of each equipment in industrial control network, communications status, security incident,
Relevant staff is facilitated to carry out information combing.
It should be noted that the network structure generated in present embodiment, can be network topology structure figure;In addition,
Relevant staff can carry out drafting adjustment to the network structure, form adjusted, final network structure.
It is not difficult to find that a kind of industrial control network monitoring device that present embodiment provides, since network structure can be with
Each equipment working state in industrial control network is showed, facilitates relevant staff to the work of equipment each in industrial control network
Make the information such as process, communications status to be combed, so that determining that industrial control system deposits when abnormal, it is quick to anomalies
Ground carries out precise positioning, to improve safety monitoring efficiency.
Third embodiment of the invention is related to a kind of industrial control network monitoring device, and third embodiment is real first
It applies and is further improved on the basis of mode, specifically the improvement is that: in the present embodiment, industrial control network monitoring
It is additionally provided on device: expansion interface 31, as shown in Figure 4.
Specifically, expansion interface 31 and data acquisition module 13 connect;Expansion interface 31 is for supporting privately owned industry control
Agreement processed;Data acquisition module 13 is also used to acquire the communication data of the transmission of expansion interface 31, and expansion interface 31 is transmitted
Communication data is sent to protocol resolution module 14.
That is, the industrial control network monitoring device in present embodiment is in addition to supporting Modbus communication protocol, OPC
Communication protocol, IEC104 communication protocol, DNP3 communication protocol, IEC61850-GOOSE communication protocol, Fins communication protocol etc. are main
Flow industrial control protocols.
It should be noted that present embodiment is also possible to the improvement made on the basis of second embodiment.
It is not difficult to find that a kind of industrial control network monitoring device that present embodiment provides, by industrial control network
Monitoring device setting expansion interface 31, the secondary development of convenient privately owned being customized of industrial control protocols to different user,
More flexible extension and customization function can be provided, the individual demand of user is met.
It is noted that each module involved in present embodiment is logic module, and in practical applications, one
A logic unit can be a physical unit, be also possible to a part of a physical unit, can also be multiple physics lists
The combination of member is realized.In addition, in order to protrude innovative part of the invention, it will not be with solution institute of the present invention in present embodiment
The technical issues of proposition, the less close unit of relationship introduced, but this does not indicate that there is no other single in present embodiment
Member.
Four embodiment of the invention is related to a kind of industrial control network monitoring method.As shown in Figure 5, comprising:
Step 101, the parsing result that deep analysis obtains is carried out according to the communication data in industrial control network, obtained
Preset business game.
Step 102, safety monitoring operation is executed according to business game.Wherein, different parsing results corresponds to different industry
Business strategy.
Step 103, it obtains and executes monitoring data obtained in safety monitoring operating process.
Step 104, monitoring data are analyzed, to determine whether there is exception.
Compared with prior art, a kind of industrial control network monitoring method that present embodiment provides, by industry
Communication data in control network carries out deep analysis and obtains parsing result, then gets business plan corresponding with parsing result
Slightly, in the step of and executing safety monitoring operation according to business game, since different parsing results corresponds to different business plans
Slightly, and the safety monitoring of policy enforcement module operation is specifically to be performed according to business game, so that can basis
Different business games executes different safety monitoring operations, i.e. the specific aim of safety monitoring operation is stronger, so as to improve
The security protection ability of industrial control system.
It is not difficult to find that present embodiment is embodiment of the method corresponding with first embodiment, present embodiment can be with
First embodiment is worked in coordination implementation.The relevant technical details mentioned in first embodiment still have in the present embodiment
Effect, in order to reduce repetition, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment are also applicable in
In first embodiment.
The step of various methods divide above, be intended merely to describe it is clear, when realization can be merged into a step or
Certain steps are split, multiple steps are decomposed into, as long as including identical logical relation, all in the protection scope of this patent
It is interior;To adding inessential modification in algorithm or in process or introducing inessential design, but its algorithm is not changed
Core design with process is all in the protection scope of the patent.
It will be understood by those skilled in the art that implementing the method for the above embodiments is that can pass through
Program is completed to instruct relevant hardware, which is stored in a storage medium, including some instructions are used so that one
A equipment (can be single-chip microcontroller, chip etc.) or processor (processor) execute each embodiment the method for the application
All or part of the steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey
The medium of sequence code.
It will be understood by those skilled in the art that the respective embodiments described above are to realize specific embodiments of the present invention,
And in practical applications, can to it, various changes can be made in the form and details, without departing from the spirit and scope of the present invention.
Claims (10)
1. a kind of industrial control network monitoring device characterized by comprising policy enforcement module and safety monitoring module;
The policy enforcement module, for carrying out the parsing that deep analysis obtains according to the communication data in industrial control network
As a result, obtaining preset business game, and safety monitoring operation is executed according to the business game;Wherein, different parsing knot
Fruit corresponds to different business games;
The safety monitoring module is connect with the policy enforcement module, executes the peace for obtaining the policy enforcement module
Monitoring data obtained in full monitoring operation process, and the monitoring data are analyzed, to determine whether there is exception.
2. industrial control network monitoring device according to claim 1, which is characterized in that the preset business game,
Specifically include: based on intelligent material transhipment business game and based on the business game of intelligent security guard.
3. industrial control network monitoring device according to claim 1, which is characterized in that the industrial control network monitoring
Device, further includes: data acquisition module and protocol resolution module;
The data acquisition module is connected with the protocol resolution module, for acquiring the communication data in industrial control network,
And the communication data in the industrial control network is sent to the protocol resolution module;
The protocol resolution module is connect with the policy enforcement module, for carrying out to the communication data in industrial control network
Deep analysis obtains the parsing result, and the parsing result is sent to the policy enforcement module.
4. industrial control network monitoring device according to claim 3, which is characterized in that the protocol resolution module, tool
Body is used to determine the protocol type of the industrial control network, and after the protocol type for determining the industrial control network, base
Deep analysis is carried out to the communication data in industrial control network in the protocol type.
5. industrial control network monitoring device according to claim 4, which is characterized in that the protocol resolution module, also
For pacifying before the protocol type of the determination industrial control network to the communication data in industrial control network
Full filtering;If filter result meets early warning requirement, alert, and forbids determining the agreement of the industrial control network
Type.
6. industrial control network monitoring device according to claim 3, which is characterized in that the protocol resolution module, tool
Body is used to support to carry out the deep analysis to the communication data of following agreement:
Modbus communication protocol, OPC communication protocol, IEC104 communication protocol, DNP3 communication protocol, IEC61850-GOOSE communication
Agreement, Fins communication protocol.
7. industrial control network monitoring device according to claim 3, which is characterized in that the industrial control network monitoring
Device, further includes: state generation module;
The state generation module is connected with the data acquisition module, for according to data acquisition module offer
Communication data in industrial control network is automatically generated for characterizing the net of each equipment working state in the industrial control network
Network structure chart.
8. industrial control network monitoring device according to claim 3, which is characterized in that the industrial control network monitoring
Be additionally provided on device: expansion interface, the expansion interface are connected with the data acquisition module;
The expansion interface is for supporting privately owned industrial control protocols;
The data acquisition module is also used to acquire the communication data of the transmission of expansion interface described in industrial control network, and by institute
The communication data for stating expansion interface transmission is sent to the protocol resolution module.
9. industrial control network monitoring device as claimed in any of claims 1 to 8, which is characterized in that the work
Industry controls the communication data in network, specifically includes following one of any or any combination thereof:
The input value and output valve of function code, register address and controller.
10. a kind of industrial control network monitoring method characterized by comprising
The parsing result that deep analysis obtains is carried out according to the communication data in industrial control network, obtains preset business plan
Slightly, and according to the business game safety monitoring operation is executed;Wherein, different parsing results corresponds to different business games;
It obtains and executes monitoring data obtained in the safety monitoring operating process, and the monitoring data are analyzed, with
Determine whether there is exception.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910342151.8A CN110221581B (en) | 2019-04-26 | 2019-04-26 | Industrial control network monitoring device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910342151.8A CN110221581B (en) | 2019-04-26 | 2019-04-26 | Industrial control network monitoring device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110221581A true CN110221581A (en) | 2019-09-10 |
| CN110221581B CN110221581B (en) | 2022-03-15 |
Family
ID=67819931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910342151.8A Active CN110221581B (en) | 2019-04-26 | 2019-04-26 | Industrial control network monitoring device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110221581B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111654477A (en) * | 2020-05-21 | 2020-09-11 | 杭州安恒信息技术股份有限公司 | Information topology method and device of industrial control network based on FINS protocol and computer equipment |
| CN112180863A (en) * | 2020-09-25 | 2021-01-05 | 工业互联网创新中心(上海)有限公司 | Flexible sand table simulation engine attack system based on industrial internet |
| CN113364746A (en) * | 2021-05-24 | 2021-09-07 | 湖南华菱涟源钢铁有限公司 | Equipment identification method, device, equipment and computer storage medium |
| CN114553537A (en) * | 2022-02-22 | 2022-05-27 | 上海帝焚思信息科技有限公司 | Abnormal flow monitoring method and system for industrial Internet |
| CN116360301A (en) * | 2022-12-02 | 2023-06-30 | 国家工业信息安全发展研究中心 | Industrial control network flow acquisition and analysis system and method |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1848838A (en) * | 2005-04-15 | 2006-10-18 | 华为技术有限公司 | Method and system for realizing radio network business control in wireless communication system |
| CN102752792A (en) * | 2011-12-26 | 2012-10-24 | 华为技术有限公司 | Method, device and system for monitoring internet service quality of mobile terminal |
| CN105208018A (en) * | 2015-09-09 | 2015-12-30 | 上海三零卫士信息安全有限公司 | Industrial control network information security monitoring method based on funnel type white list |
| CN106998326A (en) * | 2017-03-22 | 2017-08-01 | 北京匡恩网络科技有限责任公司 | Industrial control network behavior monitoring method, device and system |
| CN107135234A (en) * | 2017-07-03 | 2017-09-05 | 福建六壬网安股份有限公司 | The method and apparatus that a kind of data traffic monitors control |
| CN107612890A (en) * | 2017-08-24 | 2018-01-19 | 中国科学院信息工程研究所 | A kind of network monitoring method and system |
| CN107612733A (en) * | 2017-09-19 | 2018-01-19 | 杭州安恒信息技术有限公司 | A kind of network audit and monitoring method and its system based on industrial control system |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| CN109617865A (en) * | 2018-11-29 | 2019-04-12 | 中国电子科技集团公司第三十研究所 | A kind of network security monitoring and defence method based on mobile edge calculations |
| US20190238470A1 (en) * | 2018-01-29 | 2019-08-01 | Ge Aviation Systems Limited | Configurable network swtich for industrial control systems including deterministic networks |
-
2019
- 2019-04-26 CN CN201910342151.8A patent/CN110221581B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1848838A (en) * | 2005-04-15 | 2006-10-18 | 华为技术有限公司 | Method and system for realizing radio network business control in wireless communication system |
| CN102752792A (en) * | 2011-12-26 | 2012-10-24 | 华为技术有限公司 | Method, device and system for monitoring internet service quality of mobile terminal |
| CN105208018A (en) * | 2015-09-09 | 2015-12-30 | 上海三零卫士信息安全有限公司 | Industrial control network information security monitoring method based on funnel type white list |
| CN106998326A (en) * | 2017-03-22 | 2017-08-01 | 北京匡恩网络科技有限责任公司 | Industrial control network behavior monitoring method, device and system |
| CN107135234A (en) * | 2017-07-03 | 2017-09-05 | 福建六壬网安股份有限公司 | The method and apparatus that a kind of data traffic monitors control |
| CN107612890A (en) * | 2017-08-24 | 2018-01-19 | 中国科学院信息工程研究所 | A kind of network monitoring method and system |
| CN107612733A (en) * | 2017-09-19 | 2018-01-19 | 杭州安恒信息技术有限公司 | A kind of network audit and monitoring method and its system based on industrial control system |
| US20190238470A1 (en) * | 2018-01-29 | 2019-08-01 | Ge Aviation Systems Limited | Configurable network swtich for industrial control systems including deterministic networks |
| CN109617865A (en) * | 2018-11-29 | 2019-04-12 | 中国电子科技集团公司第三十研究所 | A kind of network security monitoring and defence method based on mobile edge calculations |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111654477A (en) * | 2020-05-21 | 2020-09-11 | 杭州安恒信息技术股份有限公司 | Information topology method and device of industrial control network based on FINS protocol and computer equipment |
| CN112180863A (en) * | 2020-09-25 | 2021-01-05 | 工业互联网创新中心(上海)有限公司 | Flexible sand table simulation engine attack system based on industrial internet |
| CN112180863B (en) * | 2020-09-25 | 2024-04-12 | 工业互联网创新中心(上海)有限公司 | Flexible sand table simulation engine attack system based on industrial Internet |
| CN113364746A (en) * | 2021-05-24 | 2021-09-07 | 湖南华菱涟源钢铁有限公司 | Equipment identification method, device, equipment and computer storage medium |
| CN114553537A (en) * | 2022-02-22 | 2022-05-27 | 上海帝焚思信息科技有限公司 | Abnormal flow monitoring method and system for industrial Internet |
| CN116360301A (en) * | 2022-12-02 | 2023-06-30 | 国家工业信息安全发展研究中心 | Industrial control network flow acquisition and analysis system and method |
| CN116360301B (en) * | 2022-12-02 | 2023-12-12 | 国家工业信息安全发展研究中心 | Industrial control network flow acquisition and analysis system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110221581B (en) | 2022-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110221581A (en) | Industrial control network monitoring device and method | |
| Roukounaki et al. | Scalable and configurable end-to-end collection and analysis of IoT security data: towards end-to-end security in IoT systems | |
| Windt et al. | Changing paradigms in logistics—understanding the shift from conventional control to autonomous cooperation and control | |
| US20190340909A1 (en) | Advanced industrial safety notification systems | |
| JP2018530089A (en) | Generation of space-time object inventory using object observation results of mobile robot, and determination of monitoring parameters for mobile robot using the inventory | |
| CN113516244B (en) | Intelligent operation and maintenance method and device, electronic equipment and storage medium | |
| US10452044B2 (en) | Operating system and method for identifying and displaying operator accesses to process objects and operator system | |
| CN109978215B (en) | Patrol management method and device | |
| CN113537584A (en) | Inspection task conflict processing method and device, electronic equipment and storage medium | |
| CN108510086A (en) | Failure counte-rplan determine method and device | |
| US20210173395A1 (en) | Formally safe symbolic reinforcement learning on visual inputs | |
| CN109840454A (en) | Object localization method, device, storage medium and equipment | |
| CN110216661A (en) | Fall the method and device of region recognition | |
| US20230291737A1 (en) | Digital data access control and automated synthesization of capabilities | |
| CN111243016A (en) | Automatic identification and positioning method for container | |
| Indri et al. | Sen3Bot Net: A meta-sensors network to enable smart factories implementation | |
| Jakovlev et al. | Development of an intelligent digital twins framework for secure container terminal operations | |
| JP7368582B1 (en) | Certification management system and method for power plant patrol equipment | |
| CN114663698A (en) | Production violation event detection method and device | |
| Padmajothi et al. | Review of machine learning and deep learning mechanism in cyber-physical system | |
| CN113220020A (en) | Unmanned aerial vehicle task planning method based on graphic label | |
| Basan et al. | The Methodology for assessing information security risks for robotic systems | |
| Oates | The suitability of the dendritic cell algorithm for robotic security applications | |
| CN113327423B (en) | Behavior tree-based lane detection method and device and server | |
| US20230373096A1 (en) | Systems and methods for anomaly detection and correction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |