CN114137934A - Industrial control system with intrusion detection function and detection method - Google Patents
Industrial control system with intrusion detection function and detection method Download PDFInfo
- Publication number
- CN114137934A CN114137934A CN202111391295.6A CN202111391295A CN114137934A CN 114137934 A CN114137934 A CN 114137934A CN 202111391295 A CN202111391295 A CN 202111391295A CN 114137934 A CN114137934 A CN 114137934A
- Authority
- CN
- China
- Prior art keywords
- instruction
- module
- storage unit
- control system
- industrial control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 48
- 230000002159 abnormal effect Effects 0.000 claims abstract description 75
- 238000004891 communication Methods 0.000 claims abstract description 50
- 230000005540 biological transmission Effects 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 16
- 238000000034 method Methods 0.000 claims description 7
- 241000700605 Viruses Species 0.000 claims description 6
- 238000013461 design Methods 0.000 description 8
- 230000006872 improvement Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 230000006378 damage Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0208—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
- G05B23/0213—Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24065—Real time diagnostics
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of computer systems, and particularly discloses an industrial control system with an intrusion detection function and a detection method, wherein the industrial control system comprises an intrusion detection system, the intrusion detection system comprises a network communication module, an intrusion scanning module, a virtual intranet module, an instruction analysis module and a bug alarm module, the bug alarm module is connected with the industrial control system and is used for controlling the industrial control system to send an alarm, and the intrusion scanning module comprises a white list storage unit and a black list storage unit; the invention can match the white list and the black list of the network communication command, can send out an alarm in time when matching the abnormal command recorded in the black list storage unit, forbids the abnormal command to control the intranet, and can further detect whether the matched white list command is formed by disguising the abnormal command when matching the command recorded in the white list storage unit, thereby further improving the safety performance of the industrial control system.
Description
Technical Field
The invention relates to the technical field of computer systems, in particular to an industrial control system with an intrusion detection function and a detection method.
Background
The network is a tool, which can bring convenience and rapidness to people, but is easy to be used by other people with other plans in the society, various network security situations become more and more complex, and events such as data leakage, hacking and the like become more and more severe. The network brings good factors for industrial development and challenges for industrial internet of things. When an industrial system is invaded by a hacker, the hacker may rewrite the control program, causing a series of subsequent problems.
The existing industrial control system has defects in the aspect of detection before hacker intrusion, the abnormality of the system is often detected after the intrusion occurs, and once the abnormality occurs, great damage and destruction are caused to individuals, enterprises and the society, so that the abnormal instruction detection before the industrial control system is invaded is necessary to solve the potential safety hazard in time so as to reinforce the control system.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides the industrial control system with the intrusion detection function and the detection method, and the design scheme has the advantages that the abnormal instruction before the industrial control system is intruded can be detected, and the abnormal instruction disguised as the normal instruction can be detected.
The industrial control system with the intrusion detection function comprises an intrusion detection system, wherein the intrusion detection system comprises a network communication module, an intrusion scanning module, a virtual intranet module, an instruction analysis module and a vulnerability alarm module, and the vulnerability alarm module is connected with the industrial control system and is used for controlling the industrial control system to send an alarm;
the intrusion scanning module comprises a white list storage unit and a black list storage unit, wherein the white list storage unit comprises a known and authorized request instruction or software installation program in the intranet, and the black list storage unit comprises an abnormal instruction or a virus program recorded in the intranet;
the virtual intranet module comprises a virtual program unit, an instruction rescanning unit, an instruction matching unit and a data transmission unit;
the instruction analysis module comprises a new instruction storage unit, a historical instruction storage unit and an alarm information sending unit.
As a further improvement of the invention, the system also comprises an outer net, a router, an inner net and an industrial control system, wherein the intrusion detection system is arranged on a connecting channel of the outer net and the inner net and is connected with the router through a network communication module, the router is connected with the outer net, and the inner net is connected with the industrial control system.
Through the design of the technical scheme, the intrusion detection system can be arranged between the outer net and the inner net, and then the abnormal instructions are cut off and processed before invading the inner net, so that the industrial system can be prevented from being damaged.
As a further improvement of the invention, the network communication module is connected with the intrusion scanning module, the intrusion scanning module is connected with the virtual intranet module through the white list storage unit, and the virtual intranet module is connected with the instruction analysis module through the data transmission unit.
Through the technical scheme design, data transmission among a plurality of modules can be realized, and the checking and processing of abnormal instructions can be realized at the first time.
As a further improvement of the invention, a blacklist storage unit in the intrusion scanning module and a data transmission unit in the virtual intranet module are connected with the vulnerability alarm module through an alarm information sending unit in the instruction analysis module.
Through the technical scheme design, when any one of the modules finds an abnormal instruction, alarm information can be generated through the vulnerability alarm module at the first time, and then management personnel can conveniently process the abnormal instruction at the first time.
As a further improvement of the present invention, the network communication module is configured to receive a network communication command of an external network, generate a data packet to be detected, and send the data packet to the intrusion scanning module, where the network communication module is one or more of a GPRS communication unit, an EDGE communication unit, a CDMA communication unit, a WCDMA communication unit, and a CDMA communication unit.
Through the technical scheme design, the instruction of the external network can be received through the network communication module, and the instruction is transmitted to the intrusion detection system.
As a further improvement of the invention, the virtual program unit comprises a part of virtual programs of the intranet and is used for receiving vulnerability attacks, and the instruction rescanning unit performs illegal instruction scanning on the request instruction or the software installation program received by the virtual intranet module.
Through the technical scheme design, the part of the virtual program of the intranet is arranged in the virtual program unit, the abnormal instruction disguised as the white list instruction can be exposed, and the system and workers can conveniently find and intercept the abnormal instruction disguised as the white list instruction to attack the virtual program.
As a further improvement of the invention, the new instruction storage unit stores the abnormal instruction transmitted by the data transmission unit, generates an instruction information table in real time, and configures a unique instruction ID;
the historical instruction storage unit receives the instruction information table generated by the new instruction storage unit and performs instruction ID matching with data stored in the newly received instruction information table;
the alarm information sending unit is used for sending the information of the leak generated at the moment to the leak alarm module.
Through the technical scheme design, the new abnormal instruction can be recorded and stored, and different processing modes are used for processing according to different abnormal instructions.
To achieve the above object, there is provided a detection method of an industrial control system having an intrusion detection function,
the method comprises the following steps:
step S1, the network communication module receives the network communication instruction of the external network, generates the data packet to be detected and sends the data packet to the intrusion scanning module;
step S2, scanning and comparing the data packet to be detected from the network communication module with the data recorded in the white list storage unit and the black list storage unit respectively;
step S2-1, when the scanning result is the recorded instruction of the white list storage unit, a data channel between the outer net and the virtual inner net module is opened, and when the scanning result is the recorded abnormal instruction or virus program, the information is sent to the bug alarm module;
step S3, the virtual program unit receives the instruction recorded in the white list storage unit, and detects whether the instruction recorded in the white list storage unit is an abnormal instruction through a virtual program built in the virtual program unit;
step S3-1, when the scanning result is an abnormal instruction which is not recorded in the blacklist storage unit or a normal instruction which is recorded in the white list storage unit, opening a connection channel of a real intranet;
step S3-2, when the scanning result is an abnormal instruction recorded by the blacklist storage unit or a normal instruction not recorded by the whitelist storage unit, a data channel between the external network and the instruction analysis module is opened, the request of the abnormal instruction is immediately rejected, and information is sent to the bug alarm module;
step S4, the new instruction storage unit receives the abnormal instruction for storage, generates an abnormal instruction information table in real time, configures a unique instruction ID, and matches the abnormal instruction ID with the data stored in the historical instruction storage unit;
step S4-1, when the same abnormal instruction ID is matched, processing by using a processing mode corresponding to the historical abnormal instruction ID, generating a vulnerability processing table and sending information to a vulnerability alarm module;
step S4-2, when a new abnormal instruction ID is found, analyzing the corresponding new abnormal instruction ID by using an analysis tool, acquiring corresponding vulnerability information, and generating a new abnormal instruction analysis table;
and step S5, the bug alarm module receives abnormal instruction information formed by the intrusion scanning module, the virtual intranet module and the instruction analysis module at the same time, and controls the industrial control system to give an alarm.
Compared with the prior art, the invention has the following beneficial effects:
according to the invention, through the designed intrusion scanning module, white list and black list matching can be carried out on the network communication command from the network communication module, when the abnormal command recorded in the black list storage unit is matched, an alarm can be sent out in time, the abnormal command is forbidden to control an intranet, and when the command recorded in the white list storage unit is matched, the matched command can be matched with the virtual intranet module to carry out simulation detection on the matched command through the virtual program unit, so that whether the matched white list command is disguised by the abnormal command or not is further detected, and the abnormal command from the network communication module can be further detected through multiple means, so that the safety performance of an industrial control system can be further improved; through the instruction analysis module of design, can also carry out the record to unusual instruction, unusual instruction this moment is recorded in the system, can be quick handle through historical processing mode, unusual instruction this moment if pretend to become the new unusual instruction of white list, the analysis record is carried out to new unusual instruction to utilization analysis instrument that can be quick, makes things convenient for the staff to handle new unusual instruction fast.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic diagram of a framework of an intrusion detection system according to the present invention;
FIG. 2 is a schematic diagram of a frame structure of an intrusion scanning module according to the present invention;
FIG. 3 is a schematic diagram of a frame structure of a virtual intranet module according to the present invention;
FIG. 4 is a block diagram of an exemplary embodiment of a command analysis module;
FIG. 5 is a schematic flow chart of the method of the present invention.
In the figure: 10. a network communication module; 20. an intrusion scanning module; 201. a white list storage unit; 202. a blacklist storage unit; 30. a virtual intranet module; 301. a virtual program unit; 302. an instruction rescanning unit; 303. an instruction matching unit; 304. a data transmission unit; 40. an instruction analysis module; 401. a new instruction storage unit; 402. a history instruction storage unit; 403. an alarm information sending unit; 50. and a vulnerability alarm module.
Detailed Description
In the following description, for purposes of explanation, numerous implementation details are set forth in order to provide a thorough understanding of the various embodiments of the present invention. It should be understood, however, that these implementation details are not to be interpreted as limiting the invention. That is, in some embodiments of the invention, such implementation details are not necessary. In addition, some conventional structures and components are shown in simplified schematic form in the drawings.
In addition, the descriptions related to the first, the second, etc. in the present invention are only used for description purposes, do not particularly refer to an order or sequence, and do not limit the present invention, but only distinguish components or operations described in the same technical terms, and are not understood to indicate or imply relative importance or implicitly indicate the number of indicated technical features. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
Referring to fig. 1-4, an industrial control system with intrusion detection function includes an intrusion detection system, the intrusion detection system includes a network communication module 10, an intrusion scanning module 20, a virtual intranet module 30, an instruction analysis module 40, and a bug alarm module 50, the bug alarm module 50 is connected to the industrial control system for controlling the industrial control system to send an alarm;
the intrusion scanning module 20 includes a white list storage unit 201 and a black list storage unit 202, the white list storage unit 201 includes a known and authorized request instruction or software installation program in the intranet, and the black list storage unit 202 includes an abnormal instruction or virus program recorded in the intranet;
the virtual intranet module 30 includes a virtual program unit 301, an instruction scanning unit 302, an instruction matching unit 303, and a data transmission unit 304;
the instruction analysis module 40 includes a new instruction storage unit 401, a history instruction storage unit 402, and an alarm information transmission unit 403.
Further, the system comprises an external network, a router, an internal network and an industrial control system, wherein the intrusion detection system is arranged on a connecting channel between the external network and the internal network, the intrusion detection system is connected with the router through a network communication module 10, the router is connected with the external network, and the internal network is connected with the industrial control system; the intrusion detection system can be arranged between an outer net and an inner net, and then the abnormal instructions are cut off and processed before invading the inner net, so that the industrial system can be prevented from causing damage.
Further, the network communication module 10 is connected to the intrusion scanning module 20, the intrusion scanning module 20 is connected to the virtual intranet module 30 through the white list storage unit 201, and the virtual intranet module 30 is connected to the instruction analysis module 40 through the data transmission unit 304; the data transmission among a plurality of modules can be realized, and the inspection and the processing of abnormal instructions can be realized at the first time.
Further, the blacklist storage unit 202 in the intrusion scanning module 20 and the data transmission unit 304 in the virtual intranet module 30 are both connected to the vulnerability alarm module 50 through the alarm information sending unit 403 in the instruction analysis module 40; when any one of the modules finds an abnormal instruction, alarm information can be generated through the vulnerability alarm module 50 at the first time, and then management personnel can conveniently process the abnormal instruction at the first time.
Further, the network communication module 10 is configured to receive a network communication instruction of an external network, generate a to-be-detected data packet, and send the to-be-detected data packet to the intrusion scanning module 20, where the network communication module 10 is one or more of a GPRS communication unit, an EDGE communication unit, a CDMA communication unit, a WCDMA communication unit, and a CDMA2000 communication unit; the network communication module 10 can receive the command from the external network and transmit the command to the intrusion detection system.
Further, the virtual program unit 301 includes a partial virtual program of the intranet, and is configured to accept a bug attack, and the instruction rescanning unit 302 performs illegal instruction scanning on a request instruction or a software installation program received by the virtual intranet module 30; by setting part of virtual programs of the intranet in the virtual program unit 301, abnormal instructions disguised as white list instructions can be exposed, and by attacking the virtual programs by the abnormal instructions disguised as white list instructions, the system and workers can conveniently find and intercept the abnormal instructions in time.
Further, the new instruction storage unit 401 stores the abnormal instruction transmitted by the data transmission unit 304, and generates an instruction information table in real time, and configures a unique instruction ID;
the historical instruction storage unit 402 receives the instruction information table generated by the new instruction storage unit 401, and performs instruction ID matching with data stored in the newly received instruction information table;
the alarm information sending unit 403 is configured to send information about the vulnerability generated at this time to the vulnerability alarm module 50; through the structure, the new abnormal instruction can be recorded and stored, and different processing modes are used for processing according to different abnormal instructions.
Referring to fig. 5, to achieve the above object, a method for detecting an industrial control system with intrusion detection function is provided,
the method comprises the following steps:
step S1, the network communication module 10 receives a network communication instruction of the external network, generates a to-be-detected data packet, and sends the to-be-detected data packet to the intrusion scanning module 20;
step S2, scanning and comparing the data packet to be detected from the network communication module 10 with the data recorded in the white list storage unit 201 and the black list storage unit 202 respectively;
step S2-1, when the scan result is an instruction recorded by the white list storage unit 201, the data channel between the extranet and the virtual intranet module 30 is opened, and when the scan result is an abnormal instruction or a virus program recorded, the information is sent to the bug alarm module 50;
step S3, the virtual program unit 301 receives the instruction already recorded in the white list storage unit 201, and detects whether the instruction already recorded in the white list storage unit 201 is an abnormal instruction by the virtual program built in the virtual program unit 301;
step S3-1, when the scanning result is an abnormal instruction not recorded in the blacklist storage unit 202 or a normal instruction recorded in the whitelist storage unit 201, opening a connection channel of a real intranet;
step S3-2, when the scanning result is an abnormal instruction already recorded in the blacklist storage unit 202 or a normal instruction not recorded in the whitelist storage unit 201, opening a data channel between the external network and the instruction analysis module 40, immediately rejecting a request for the abnormal instruction, and sending information to the bug alarm module 50;
step S4, the new instruction storage unit 401 receives the abnormal instruction and stores it, and generates an abnormal instruction information table in real time, configures a unique instruction ID, and matches the abnormal instruction ID with the data stored in the historical instruction storage unit 402;
step S4-1, when the same abnormal instruction ID is matched, processing by using a processing mode corresponding to the historical abnormal instruction ID, generating a vulnerability processing table and sending the information to the vulnerability alarm module 50;
step S4-2, when a new abnormal instruction ID is found, analyzing the corresponding new abnormal instruction ID by using an analysis tool, acquiring corresponding vulnerability information, and generating a new abnormal instruction analysis table;
step S5, the bug alarm module 50 receives the abnormal instruction information from the intrusion scanning module 20, the virtual intranet module 30, and the instruction analysis module 40, and controls the industrial control system to send an alarm.
The above description is only an embodiment of the present invention, and is not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (10)
1. An industrial control system with intrusion detection, comprising: the system comprises an intrusion detection system, wherein the intrusion detection system comprises a network communication module, an intrusion scanning module, a virtual intranet module, an instruction analysis module and a vulnerability alarm module;
the intrusion scanning module comprises a white list storage unit and a black list storage unit;
the virtual intranet module comprises a virtual program unit, an instruction scanning unit, an instruction matching unit and a data transmission unit;
the instruction analysis module comprises a new instruction storage unit, a historical instruction storage unit and an alarm information sending unit.
2. The industrial control system with intrusion detection capability of claim 1, wherein: still including extranet, router, intranet and industrial control system, intrusion detection system sets up on the interface channel of extranet and intranet, just intrusion detection system passes through network communication module and is connected with the router, the router is connected with the extranet, the intranet is connected with industrial control system.
3. The industrial control system with intrusion detection capability of claim 1, wherein: the network communication module is connected with the intrusion scanning module, the intrusion scanning module is connected with the virtual intranet module through the white list storage unit, and the virtual intranet module is connected with the instruction analysis module through the data transmission unit.
4. The industrial control system with intrusion detection capability of claim 1, wherein: and the blacklist storage unit in the intrusion scanning module and the data transmission unit in the virtual intranet module are connected with the vulnerability alarm module through the alarm information sending unit in the instruction analysis module.
5. The industrial control system with intrusion detection capability of claim 1, wherein: the white list storage unit comprises known and authorized request instructions or software installation programs in the intranet, and the black list storage unit comprises recorded abnormal instructions or virus programs in the intranet.
6. The industrial control system with intrusion detection capability of claim 1, wherein: the network communication module is used for receiving a network communication instruction of an external network, generating a data packet to be detected and sending the data packet to the intrusion scanning module, and the network communication module is one or more of a GPRS communication unit, an EDGE communication unit, a CDMA communication unit, a WCDMA communication unit and a CDMA2000 communication unit.
7. The industrial control system with intrusion detection capability of claim 1, wherein: the virtual program unit comprises a part of virtual programs of the intranet and is used for receiving vulnerability attacks, and the instruction scanning unit scans illegal instructions of request instructions or software installation programs received by the virtual intranet module.
8. The industrial control system with intrusion detection capability of claim 1, wherein: the new instruction storage unit stores the abnormal instruction transmitted by the data transmission unit, generates an instruction information table in real time and configures a unique instruction ID;
the historical instruction storage unit receives the instruction information table generated by the new instruction storage unit and performs instruction ID matching with data stored in the newly received instruction information table;
the alarm information sending unit is used for sending the information of the leak generated at the moment to the leak alarm module.
9. The industrial control system with intrusion detection capability of claim 1, wherein: and the vulnerability alarm module is connected with the industrial control system and is used for controlling the industrial control system to send an alarm.
10. A detection method of an industrial control system with intrusion detection function, which employs the industrial control system with intrusion detection function of any one of claims 1 to 9, characterized in that: the method comprises the following steps:
step S1, the network communication module receives the network communication instruction of the external network, generates the data packet to be detected and sends the data packet to the intrusion scanning module;
step S2, scanning and comparing the data packet to be detected from the network communication module with the data recorded in the white list storage unit and the black list storage unit respectively;
step S2-1, when the scanning result is the recorded instruction of the white list storage unit, a data channel between the outer net and the virtual inner net module is opened, and when the scanning result is the recorded abnormal instruction or virus program, the information is sent to the bug alarm module;
step S3, the virtual program unit receives the instruction recorded in the white list storage unit, and detects whether the instruction recorded in the white list storage unit is an abnormal instruction through a virtual program built in the virtual program unit;
step S3-1, when the scanning result is an abnormal instruction which is not recorded in the blacklist storage unit or a normal instruction which is recorded in the white list storage unit, opening a connection channel of a real intranet;
step S3-2, when the scanning result is an abnormal instruction recorded by the blacklist storage unit or a normal instruction not recorded by the whitelist storage unit, a data channel between the external network and the instruction analysis module is opened, the request of the abnormal instruction is immediately rejected, and information is sent to the bug alarm module;
step S4, the new instruction storage unit receives the abnormal instruction for storage, generates an abnormal instruction information table in real time, configures a unique instruction ID, and matches the abnormal instruction ID with the data stored in the historical instruction storage unit;
step S4-1, when the same abnormal instruction ID is matched, processing by using a processing mode corresponding to the historical abnormal instruction ID, generating a vulnerability processing table and sending information to a vulnerability alarm module;
step S4-2, when a new abnormal instruction ID is found, analyzing the corresponding new abnormal instruction ID by using an analysis tool, acquiring corresponding vulnerability information, and generating a new abnormal instruction analysis table;
and step S5, the bug alarm module receives abnormal instruction information formed by the intrusion scanning module, the virtual intranet module and the instruction analysis module at the same time, and controls the industrial control system to give an alarm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111391295.6A CN114137934A (en) | 2021-11-23 | 2021-11-23 | Industrial control system with intrusion detection function and detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111391295.6A CN114137934A (en) | 2021-11-23 | 2021-11-23 | Industrial control system with intrusion detection function and detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114137934A true CN114137934A (en) | 2022-03-04 |
Family
ID=80390756
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111391295.6A Pending CN114137934A (en) | 2021-11-23 | 2021-11-23 | Industrial control system with intrusion detection function and detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114137934A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001779A (en) * | 2022-05-26 | 2022-09-02 | 中国农业银行股份有限公司 | Verification method, device, equipment and medium of operation instruction |
| CN115150197A (en) * | 2022-08-31 | 2022-10-04 | 深顶科技(北京)有限公司 | Method and system for preventing command attack of UPS (uninterrupted Power supply) air conditioning equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101650768A (en) * | 2009-07-10 | 2010-02-17 | 深圳市永达电子股份有限公司 | Security guarantee method and system for Windows terminals based on auto white list |
| US20140283047A1 (en) * | 2013-03-13 | 2014-09-18 | General Electric Company | Intelligent cyberphysical intrusion detection and prevention systems and methods for industrial control systems |
| CN111931180A (en) * | 2020-09-22 | 2020-11-13 | 江西业力医疗器械有限公司 | Network security implementation system based on big data platform |
| CN214306527U (en) * | 2021-01-25 | 2021-09-28 | 北京航天拓扑高科技有限责任公司 | Gas pipe network scheduling monitoring network safety system |
| CN113472765A (en) * | 2021-06-24 | 2021-10-01 | 北京卫达信息技术有限公司 | Method for detecting malicious network content |
-
2021
- 2021-11-23 CN CN202111391295.6A patent/CN114137934A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101650768A (en) * | 2009-07-10 | 2010-02-17 | 深圳市永达电子股份有限公司 | Security guarantee method and system for Windows terminals based on auto white list |
| US20140283047A1 (en) * | 2013-03-13 | 2014-09-18 | General Electric Company | Intelligent cyberphysical intrusion detection and prevention systems and methods for industrial control systems |
| CN111931180A (en) * | 2020-09-22 | 2020-11-13 | 江西业力医疗器械有限公司 | Network security implementation system based on big data platform |
| CN214306527U (en) * | 2021-01-25 | 2021-09-28 | 北京航天拓扑高科技有限责任公司 | Gas pipe network scheduling monitoring network safety system |
| CN113472765A (en) * | 2021-06-24 | 2021-10-01 | 北京卫达信息技术有限公司 | Method for detecting malicious network content |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001779A (en) * | 2022-05-26 | 2022-09-02 | 中国农业银行股份有限公司 | Verification method, device, equipment and medium of operation instruction |
| CN115150197A (en) * | 2022-08-31 | 2022-10-04 | 深顶科技(北京)有限公司 | Method and system for preventing command attack of UPS (uninterrupted Power supply) air conditioning equipment |
| CN115150197B (en) * | 2022-08-31 | 2022-11-15 | 深顶科技(北京)有限公司 | Method and system for preventing command attack of UPS (uninterrupted Power supply) air conditioning equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7549168B1 (en) | Network-based risk-assessment tool for remotely detecting local computer vulnerabilities | |
| CN114137934A (en) | Industrial control system with intrusion detection function and detection method | |
| US20040111636A1 (en) | Defense mechanism for server farm | |
| CN112351017B (en) | Transverse penetration protection method, device, equipment and storage medium | |
| CN111510436B (en) | Network security system | |
| KR102222377B1 (en) | Method for Automatically Responding to Threat | |
| CN107493256A (en) | Security incident defence method and device | |
| CN109995727B (en) | Active protection method, device, equipment and medium for penetration attack behavior | |
| CN113596028B (en) | Method and device for handling network abnormal behaviors | |
| Hegazy et al. | A multi-agent based system for intrusion detection | |
| CN113037713B (en) | Network attack resisting method, device, equipment and storage medium | |
| CN114826880B (en) | Data safety operation on-line monitoring system | |
| CN101621428A (en) | Botnet detection method, botnet detection system and related equipment | |
| CN105554022A (en) | Automatic testing method of software | |
| CN109150853A (en) | The intruding detection system and method for role-base access control | |
| CN108429746B (en) | Privacy data protection method and system for cloud tenants | |
| CN113079182B (en) | Network security control system | |
| CN110674499A (en) | Method, device and storage medium for identifying computer threat | |
| CN113079180B (en) | Execution context based firewall fine-grained access control method and system | |
| Ye et al. | Research on network security protection strategy | |
| CN114398642A (en) | Enterprise economic management information safety system | |
| Li et al. | A Risk Assessment Method for the Internet Boundary Security | |
| Wang | Design and research on the test of internal network penetration test | |
| Liao | Analysis of Computer Network Security Problems and Countermeasures | |
| CN117768147A (en) | System for improving enterprise network security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 330096 No. 88, Minqiang Road, private science and Technology Park, Qingshanhu District, Nanchang City, Jiangxi Province Applicant after: STATE GRID JIANGXI ELECTRIC POWER COMPANY LIMITED Research Institute Applicant after: State Grid Co., Ltd. Address before: 330096 No.88 Minqiang Road, private science and Technology Park, high tech Zone, Nanchang City, Jiangxi Province Applicant before: STATE GRID JIANGXI ELECTRIC POWER COMPANY LIMITED Research Institute Applicant before: State Grid Co., Ltd. |
|
| CB02 | Change of applicant information |