CN105245555B - One kind is used for electric power serial server communication protocol security protection system - Google Patents
One kind is used for electric power serial server communication protocol security protection system Download PDFInfo
- Publication number
- CN105245555B CN105245555B CN201510865759.0A CN201510865759A CN105245555B CN 105245555 B CN105245555 B CN 105245555B CN 201510865759 A CN201510865759 A CN 201510865759A CN 105245555 B CN105245555 B CN 105245555B
- Authority
- CN
- China
- Prior art keywords
- data
- rule
- protocol
- protocol data
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 53
- 238000001514 detection method Methods 0.000 claims abstract description 26
- 238000007405 data analysis Methods 0.000 claims abstract description 13
- 230000009467 reduction Effects 0.000 claims abstract description 13
- 238000012545 processing Methods 0.000 claims abstract description 9
- 238000004458 analytical method Methods 0.000 claims description 23
- 238000000354 decomposition reaction Methods 0.000 claims description 21
- 238000000034 method Methods 0.000 claims description 7
- 239000000203 mixture Substances 0.000 claims description 5
- 230000003068 static effect Effects 0.000 claims description 5
- 241001269238 Data Species 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 4
- 230000000750 progressive effect Effects 0.000 claims description 3
- 238000000151 deposition Methods 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 claims 1
- 239000010410 layer Substances 0.000 abstract description 45
- 239000011241 protective layer Substances 0.000 abstract description 7
- 238000006243 chemical reaction Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 7
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 4
- 230000006872 improvement Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000009776 industrial production Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000036299 sexual function Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses one kind to be used for electric power serial server communication protocol security protection system, turn serial port protocol in network interface agreement and serial port protocol turns to provide the security protection system of a protocol data in network interface agreement, any protocol data for being sent to network interface and serial ports and access request all can be Jing Guo this security protection system safety certification and detection, it is characterised in that:The security protection system is made up of following three parts:The parsing reduction of communication protocol data and formatting processing module, protocol data analysis detecting system, communication protocol data business model security strategy define system, the present invention efficiently solves existing electric power serial server and does not possess the drawbacks of function of safety protection of communications protocol layers to all kinds of electric power industrial control equipments of access, in the protocol conversion layer in serial server software control system(Network interface agreement turns serial ports, and serial port protocol turns network interface)One layer of protective layer to energy communication service agreement is provided, for preventing attacker using illegal operation and attack of the illegal instruction and data to all kinds of electric control appliances in access electric power serial server.
Description
Technical field
The present invention relates to intelligent grid communication protocol security technology area, and in particular to makes extensively in power automatic system
The detection of electric power serial server data communication protocol security and security protection system.
Background technology
With the development of Internet Internet technologies, ICP/IP protocol has become actual network standard, and base
In ICP/IP protocol be the indispensable procotol of network interconnection.Ethernet technology is incorporated into industrial field control in recent years
Field and caused industrial Ethernet technology so that electric power terminal device, all kinds of collections and control device in industrial production are walked
It is possibly realized to networking.And the appearance of serial server is so that these device networks have been likely to become reality.
In power automatic system common at present(See Fig. 1), electric power serial server has largely been used, RS- will be used
422nd, the serial link such as RS-232, RS-485 observes certain power communication agreement(ModBus、DNP3、IEC-101/102/103
Deng)Multiple equipment composition power automation control network of network, realize serial link communication equipment and TCP/IP networks
Interconnection so that electricity grid substation prison system be possibly realized with remote control center data interaction.
The all kinds of of electric power serial server connection use serial communication electric control appliance, and the industry control that these equipment use is led to
Letter agreement does not all account for the security and privacy of agreement at the beginning of design, the characteristics of these industry control agreements be towards order,
Towards function, poll response formula, attacker only needs to be grasped agreement make, and is integrated into industry control network, can be with
The arbitrary data of target device is distorted by agreement.These safety problems show in the industry control network environment closed in the past
Obtain and do not protrude, and in two tides for changing fusion (information-based and industrialization), the safety problem of these electric control appliances is just
Surface very much.
And electric power serial server does not have the industry control communication protocol security protection to the industrial control equipment of access in itself
Function, once attacker directly connects access serial server around fire wall, it is possible to serial port service is controlled by illegal command
The connected all kinds of electric control appliances of device.Meanwhile current fire wall does not possess power business security fence sexual function, attacks
The equipment attack instruction of correlation can be also hidden in application layer protocol packet by the person of hitting, and avoid the related power network of protecting wall attack
Equipment.
The content of the invention
The technical problem to be solved in the present invention is to provide one kind to be used for electric power serial server communication protocol security protection system
System, the present invention efficiently solve existing electric power serial server and do not possess communications protocol layers to all kinds of electric power industrial control equipments of access
Function of safety protection the drawbacks of, in the protocol conversion layer in serial server software control system(Network interface agreement turns serial ports,
Serial port protocol turns network interface)One layer of protective layer to energy communication service agreement is provided, for preventing attacker using illegal instruction
The illegal operation and attack of all kinds of electric control appliances in electric power serial server are docked with data.
The present invention is achieved through the following technical solutions:
One kind is used for electric power serial server communication protocol security protection system, turns serial port protocol and serial ports in network interface agreement
Agreement turns to provide the security protection system of a protocol data in network interface agreement, any agreement number for being sent to network interface and serial ports
According to and access request all can be Jing Guo this security protection system safety certification and detection, it is characterised in that:The security protection
System is made up of following three parts:The parsing reduction of communication protocol data and formatting processing module, protocol data analysis inspection
Examining system, communication protocol data business model security strategy define system;
The parsing reduction of the communication protocol data and formatting processing module, including protocol data parsing reduction and agreement
Data format, the data into protocol data security protection system are TCP/IP network datas, and processing module is completed first
The reduction of network packet physical interface layer, Internet and transport layer data;On this basis, according to the communication protocol of PORT mouths
Type definition, the decomposition of the fine particulate of data is done in service application aspect;The protocol data bag data restored is according to network
The hierarchical relationship form of agreement dissolves the formatted packet of four part compositions, is divided into:Network physical interface data, net
Network layers data, transport layer data and application layer data;
The protocol data analysis detecting system includes the foundation of analysis detected rule and the analysis of protocol data, first
The safety detection rule base of protocol data is established according to the Security Policy Model of communication protocol data business model, according to the net of detection
The level of network agreement is different, and detected rule storehouse is divided into four major classes, both network physical interface rule base, Internet rule base,
Transport layer rule base and service application layer rule base;Protocol data analysis is made up of four parts, including datamation area, execution
Regular queue region, static rule queue region and regular enforcement engine;
The communication protocol data business model security strategy defines system, all kinds of logical to flowing through the electric power serial server
Believe the definition of the safety detection model of protocol data, system is according to the network characteristic of electric power industrial control equipment communication protocol, by industry control
Communication protocol type is up built the security policies rule of four hierarchical network agreements, network physical interface rule, network the bottom of by
Layer rule base, transport layer rule and service application layer rule, each layer of rule are made up of a series of rule base example, passed through again
The protocol data that four layers of rule are examined is the packet of safety, the protocol safety detected rule storehouse driving agreement that the system defines
Safety analysis detecting system completes related safety detection work.
Further Technological improvement plan is the present invention:
The fine particulate of the business layer data decomposes the data comprising six aspects and decomposed:1)Protocol data bag accesses master
The decomposition of machine information;2)The service of protocol data bag and the decomposition of port data;3)Point of protocol data packet communication speed data
Solution;4)The decomposition of protocol data bag data form;5)The decomposition of protocol data packet protocol model;6)The decomposition of business datum.
Further Technological improvement plan is the present invention:
The datamation area is used for the good protocol data bag data of Store formization;The executing rule queue region, use
Activated to deposit, the analysis rule being carrying out;The static rule queue region, un-activation is deposited, wait point to be loaded
Analysis rule;The regular enforcement engine, the priority executing rule example in regular queue;Described protocol data point
Analysis is used as initial point from network physical interface rule, is introduced Internet rule in order, passed using the analytical model deducted
Defeated layer rule and service application layer rule, this process are the protocol packet data analysis for flowing into datamation area to be continually introduced point
Analysis rule, constantly draws a conclusion, successively progressive, filters invalid data and device command.
The present invention compared with prior art, has following obvious advantage:
The present invention widely uses the security that industry control agreement is added in serial server in current EPA network
Detection function, it can be ensured that all types of industries control device security being connected with serial server, pass through the association in serial server
Safety detection function is discussed, the outside malicious attack to electric power and industry control network can be prevented to greatest extent, it is ensured that power system
With the safe and stable operation of all kinds of industrial control systems, specifically, the present invention has following specific effect:
First, the present invention provides the logical association of built-in industry control for widely used electric power serial server in power automation net
Discuss safety detecting method;
2nd, the method applied in the present invention is to increase layer protocol guarantor after electric power serial server procotol conversion layer
Sheath, for filtering all kinds of protocol datas flowed through between detection network interface and serial ports;
3rd, the detection method of protocol safety of the invention, according to electric power and industry control protocol service feature procotol number
According to the composition of bag, four layers of strobe utility are set, thoroughly prevent the network attack to automatic equipment.
4th, protocol safety detection method of the invention, can be based on specific electric power industry control agreement, set the business of correlation
Safety detection rule, avoids the Data attack based on agreement application layer.
Brief description of the drawings
The application of Fig. 1, electric power serial server in power automatic system;
Fig. 2, serial server structure chart;
The application of Fig. 3, this method in serial server;.
Embodiment
Fig. 1 is that the work of current electric power serial server forms Organization Chart, and the network termination of serial server receives ether
After network data, into protocol conversion layer, the unpacking conversion of agreement is completed, unpacking process includes extraction serial data and target strings
The information such as mouth sequence number, it is reassembled into the serial equipment that serial port protocol data are sent to correlation;Similarly, after serial data is received
Serial data and subject string mouth sequence number are then packaged into network data format and are sent to corresponding host computer system;Electric power serial server
During this two-way communication, any safety verification, any illegal equipment operation life are not done to communication protocol data
The device status data of order and falseness can all jeopardize associate power control device or system.
Fig. 2 is the electric power serial server provided by the invention with communication protocol data function of safety protection, the solution
Scheme turns serial port protocol in network interface agreement and serial port protocol turns to provide the protective layer of a protocol data in network interface agreement, any
Safety certification and the detection of this protective layer, this association can all be passed through by being sent to the protocol data of network interface and serial ports and access request
View data protection layer be made up of three system modules, 1) parsing of communication protocol data reduction and formatting processing module;2)Association
Discuss data analysis detecting system;3)Communication protocol data business model security strategy defines system.
The parsing reduction of communication protocol data and formatting processing modules implement following functions:
The definition of protocol type:Power communication agreement used by each PORT mouths of serial server can be specifically defined,
Such as protocol types such as Modbus, DNP3,
Protocol data reduces:Data into protocol data protective layer are TCP/IP network datas, and this module is complete first
Into the reduction of network packet physical interface layer, Internet and transport layer data;On this basis, according to the communication protocols of PORT mouths
Type definition is discussed, the decomposition of the fine particulate of data is done in service application aspect;The fine particulate of business layer data is decomposed and included
The data of six aspects are decomposed:
1st, protocol data bag accesses the decomposition of host information;
2nd, the service of protocol data bag and the decomposition of port data;
3rd, the decomposition of protocol data packet communication speed data;
4th, the decomposition of protocol data bag data form;
5th, the decomposition of protocol data packet protocol model;
6th, the decomposition of business datum.
The formatting of protocol data:The protocol data bag data restored dissolves according to the hierarchical relationship form of procotol
The formatted packet of four part compositions, is divided into:Network physical interface data, network layer data, transport layer data and
Application layer data.
The data of formatting submit to security analysis of protocols detecting system.
Security analysis of protocols detecting system realizes following functions;
Analyze the foundation of detected rule:Protocol data is established according to the Security Policy Model of communication protocol data business model
Safety detection rule base, this solution is different according to the level of the procotol of detection, and detected rule storehouse is divided into four
Major class, both network physical interface rule base, Internet rule base, transport layer rule base and service application layer rule base.
The analysis of protocol data:Protocol data analysis is made up of four parts,
1st, datamation area, for the good protocol data bag data of Store formization;
2nd, executing rule queue region, activated for depositing, the analysis rule being carrying out;
3rd, static rule queue region, un-activation is deposited, waits analysis rule to be loaded;
4th, regular enforcement engine, the priority executing rule example in regular queue.
The protocol data analysis of this case is using deduction(Forward-Chainning)Analytical model, from network thing
Interface rules are managed as initial point, introduce Internet rule, transport layer rule and service application layer rule in order.This process
It is that analysis rule is continually introduced to the protocol packet data analysis for flowing into datamation area, constantly draws a conclusion, successively progressive, filtering
Invalid data and device command.
Communication protocol data business model security strategy defines system and realizes following functions:
The system realized to the definition for the safety detection model for flowing through the electric power serial server various types of communication protocol data,
The system is up built four levels the bottom of by according to the network characteristic of electric power industrial control equipment communication protocol by industry control communication protocol type
The security policies rule of procotol, network physical interface rule, Internet rule base, transport layer rule and service application layer
Rule;Each layer of rule is made up of a series of rule base example again, and the protocol data examined by four layers of rule is safe
Packet.
The protocol safety detected rule storehouse driving security analysis of protocols detecting system that the system defines is completed related
Safety detection works.
With reference to the course of work of Fig. 3 summary present invention;
The first step:As shown in Figure 3, there is provided there is the serial server of industry control communication protocol safety detection function;
Second step:When the electric power that external system is crossed in serial server access power automatic system network with ether Netcom
During control device, the Internet protocol data of access enters protocol data protective layer after being resolvable to ICP/IP protocol data first.
3rd step:Protocol packet data into protocol data protective layer can be entered again in service application layer by application protocol type
One step does fine particulate decomposition, and application protocol type can obtain according to the PORT ports that TCP/IP packets to be accessed.Fine grained
The protocol data bag of change does formatting normalization, there is provided supply rule analysis engine carries out safety analysis detection.
4th step:Rule analysis engine is receiving the protocol data bag with business conduct data of normalized
Afterwards, activation four layers of security strategy rule corresponding with the agreement can be loaded, the rule of protocol data bag is completed from bottom to top layer
Flow is matched, after the failure of the Internet protocol data bag rule match, is considered as non-and closes rule data, prevent to pass through.
The above described is only a preferred embodiment of the present invention, any formal limitation not is made to the present invention, though
So the present invention is disclosed above with preferred embodiment, but is not limited to the present invention, any to be familiar with this professional technology people
Member, without departing from the scope of the present invention, when the technology contents using the disclosure above make a little change or modification
For the equivalent embodiment of equivalent variations, as long as be without departing from technical solution of the present invention content, according to the technical spirit of the present invention,
Within the spirit and principles in the present invention, any simple modification, equivalent substitution and improvement for being made to above example etc., still
Belong within the protection domain of technical solution of the present invention.
Claims (3)
1. one kind is used for electric power serial server communication protocol security protection system, turn serial port protocol and serial ports association in network interface agreement
View turns to provide the security protection system of a protocol data in network interface agreement, any protocol data for being sent to network interface and serial ports
With access request all can be Jing Guo this security protection system safety certification and detection, it is characterised in that:The security protection system
System is made up of following three parts:The parsing reduction of communication protocol data and formatting processing module, protocol data analysis detection
System, communication protocol data business model security strategy define system;
The parsing reduction of the communication protocol data and formatting processing module, including protocol data parsing reduction and protocol data
Format, the data into protocol data security protection system are TCP/IP network datas, and the parsing of communication protocol data is also
Former and formatting processing module completes the reduction of network packet physical interface layer, Internet and transport layer data first;Herein
On the basis of, defined according to the communication protocol type of PORT mouths, the decomposition of the fine particulate of data is done in service application aspect;Reduction
The protocol data bag data gone out dissolves the formatted data of four part compositions according to the hierarchical relationship form of procotol
Bag, is divided into:Network physical interface data, network layer data, transport layer data and application layer data;
The protocol data analysis detecting system includes the foundation of analysis detected rule and the analysis of protocol data, first according to logical
The Security Policy Model of letter protocol data service model establishes the safety detection rule base of protocol data, is assisted according to the network of detection
The level of view is different, and detected rule storehouse is divided into four major classes, i.e. network physical interface rule base, Internet rule base, transmission
Layer rule base and service application layer rule base;Protocol data analysis is made up of four parts, including datamation area, executing rule
Queue region, static rule queue region and regular enforcement engine;
The communication protocol data business model security strategy defines system, to flowing through electric power serial server various types of communication association
The safety detection model of view data is defined, and system is led to according to the network characteristic of electric power industrial control equipment communication protocol by industry control
Letter protocol type is up built the security policies rule, network physical interface rule, Internet of four hierarchical network agreements the bottom of by
Rule base, transport layer rule and service application layer rule, each layer of rule are made up of a series of rule base example again, pass through four
The protocol data that layer rule is examined is the packet of safety, the protocol safety detected rule storehouse driving agreement number that the system defines
Related safety detection is completed according to analysis detecting system to work.
2. one kind according to claim 1 is used for electric power serial server communication protocol security protection system, its feature exists
In:The fine particulate of the business layer data decomposes the data comprising six aspects and decomposed:1)Protocol data bag accesses main frame letter
The decomposition of breath;2)The service of protocol data bag and the decomposition of port data;3)The decomposition of protocol data packet communication speed data;4)
The decomposition of protocol data bag data form;5)The decomposition of protocol data packet protocol model;6)The decomposition of business datum.
3. one kind according to claim 1 or 2 is used for electric power serial server communication protocol security protection system, its feature
It is:The datamation area is used for the good protocol data bag data of Store formization;The executing rule queue region, for depositing
Put and activated, the analysis rule being carrying out;The static rule queue region, un-activation is deposited, waits analysis to be loaded to advise
Then;The regular enforcement engine, the priority executing rule example in regular queue;Described protocol data analysis is adopted
With the analytical model of deduction, initial point is used as from network physical interface rule, introduces Internet rule, transport layer in order
Rule and service application layer rule, this process are to continually introduce analysis rule to the protocol packet data for flowing into datamation area,
Constantly draw a conclusion, it is successively progressive, filter invalid data and device command.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510865759.0A CN105245555B (en) | 2015-12-02 | 2015-12-02 | One kind is used for electric power serial server communication protocol security protection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510865759.0A CN105245555B (en) | 2015-12-02 | 2015-12-02 | One kind is used for electric power serial server communication protocol security protection system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105245555A CN105245555A (en) | 2016-01-13 |
CN105245555B true CN105245555B (en) | 2018-04-03 |
Family
ID=55043055
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510865759.0A Active CN105245555B (en) | 2015-12-02 | 2015-12-02 | One kind is used for electric power serial server communication protocol security protection system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105245555B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105847237B (en) * | 2016-03-15 | 2019-01-15 | 中国联合网络通信集团有限公司 | A kind of method for managing security and device based on NFV |
CN107465667B (en) * | 2017-07-17 | 2019-10-18 | 全球能源互联网研究院有限公司 | The safe synergic monitoring method and device of power grid industry control based on specification deep analysis |
CN108055167B (en) * | 2017-12-29 | 2020-08-14 | 长春长光精密仪器集团有限公司 | Application-oriented interface communication protocol modeling method and device |
CN108737367A (en) * | 2018-04-02 | 2018-11-02 | 中国科学院信息工程研究所 | A kind of method for detecting abnormality and system of video surveillance network |
CN110187661A (en) * | 2019-06-27 | 2019-08-30 | 山东和信智能科技有限公司 | Serial data isolation protecting device is used safely in a kind of industry control |
CN110401670B (en) * | 2019-08-02 | 2021-09-24 | 杭州远流科技有限公司 | Optimized Ethernet transparent transmission method of industrial serial port protocol |
CN112511558B (en) * | 2020-12-01 | 2023-04-07 | 东方世纪科技股份有限公司 | Electromechanical device measurement and control system based on Internet of things |
CN112737907B (en) * | 2020-12-28 | 2022-07-01 | 常州中海电力科技有限公司 | Modbus communication implementation system and method based on LabVIEW |
CN113094110B (en) * | 2021-04-07 | 2022-11-22 | 山东省计算中心(国家超级计算济南中心) | Method and system for filtering serial port data |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011148372A1 (en) * | 2010-05-24 | 2011-12-01 | White Cyber Knight Ltd. | Apparatus and methods for assessing and maintaining security of a computerized system under development |
CN103701824A (en) * | 2013-12-31 | 2014-04-02 | 大连环宇移动科技有限公司 | Security isolation management and control system |
CN104426950A (en) * | 2013-08-28 | 2015-03-18 | 国家电网公司 | Electric power Internet of things intelligent communication method, system and gateway |
-
2015
- 2015-12-02 CN CN201510865759.0A patent/CN105245555B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011148372A1 (en) * | 2010-05-24 | 2011-12-01 | White Cyber Knight Ltd. | Apparatus and methods for assessing and maintaining security of a computerized system under development |
CN104426950A (en) * | 2013-08-28 | 2015-03-18 | 国家电网公司 | Electric power Internet of things intelligent communication method, system and gateway |
CN103701824A (en) * | 2013-12-31 | 2014-04-02 | 大连环宇移动科技有限公司 | Security isolation management and control system |
Also Published As
Publication number | Publication date |
---|---|
CN105245555A (en) | 2016-01-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105245555B (en) | One kind is used for electric power serial server communication protocol security protection system | |
US8737398B2 (en) | Communication module with network isolation and communication filter | |
CN102255903B (en) | Safety isolation method for virtual network and physical network of cloud computing | |
CN104539600B (en) | A kind of industry control method of realizing fireproof wall for supporting to filter IEC104 agreements | |
CN105791047B (en) | A kind of control method of security video private network Network Management System | |
CN109962903A (en) | A kind of home gateway method for safety monitoring, device, system and medium | |
CN105488396B (en) | A kind of intelligent grid service security gateway system based on data stream association analytical technology | |
CN104734903B (en) | The safety protecting method of OPC agreements based on Dynamic Tracing Technology | |
CN104519065B (en) | A kind of industry control method of realizing fireproof wall for supporting filtering Modbus Transmission Control Protocol | |
CN104486336A (en) | Device for safely isolating and exchanging industrial control networks | |
CN104767748A (en) | OPC server safety defending system | |
CN102904730A (en) | Intelligent acceleration network card capable of filtering and picking traffic according to protocol, port and IP address | |
CN105791269B (en) | A kind of information security gateway based on data white list | |
CN105471907A (en) | Openflow based virtual firewall transmission control method and system | |
CN111797371A (en) | Switch encryption system | |
CN104618377A (en) | NetFlow based botnet network detection system and detection method | |
CN101483649A (en) | Network safe content processing card based on FPGA | |
CN106506527A (en) | A kind of method of the defence connectionless flood attacks of UDP | |
CN101964804A (en) | Attack defense system under IPv6 protocol and implementation method thereof | |
Luo et al. | Security analysis of the TSN backbone architecture and anomaly detection system design based on IEEE 802.1 Qci | |
CN104735071A (en) | Network access control implementation method between virtual machines | |
CN102891855A (en) | Method and device for securely processing network data streams | |
CN108768841A (en) | AFDX security gateway systems and its transmission method | |
CN104468497B (en) | The data isolation method and device of monitoring system | |
CN101510878A (en) | Method, device and equipment for monitoring peer-to-peer network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |