CN105446322A - Control code anomaly detection method and device - Google Patents
Control code anomaly detection method and device Download PDFInfo
- Publication number
- CN105446322A CN105446322A CN201510974292.3A CN201510974292A CN105446322A CN 105446322 A CN105446322 A CN 105446322A CN 201510974292 A CN201510974292 A CN 201510974292A CN 105446322 A CN105446322 A CN 105446322A
- Authority
- CN
- China
- Prior art keywords
- control routine
- real
- time
- control computer
- prestore
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0218—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults
- G05B23/0224—Process history based detection method, e.g. whereby history implies the availability of large amounts of data
- G05B23/0227—Qualitative history assessment, whereby the type of data acted upon, e.g. waveforms, images or patterns, is not relevant, e.g. rule based assessment; if-then decisions
- G05B23/0235—Qualitative history assessment, whereby the type of data acted upon, e.g. waveforms, images or patterns, is not relevant, e.g. rule based assessment; if-then decisions based on a comparison with predetermined threshold or range, e.g. "classical methods", carried out during normal operation; threshold adaptation or choice; when or how to compare with the threshold
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/23—Pc programming
- G05B2219/23189—Information is code
Abstract
The embodiment of the invention discloses a control code anomaly detection method and device. The method includes the following steps that: a real-time control code extraction request is transmitted to an industrial control computer; real-time control codes transmitted by the industrial control computer are received, and the real-time control codes are compared with pre-stored control codes, if the real-time control codes are mismatched with the pre-stored control codes, the pre-stored control codes are transmitted to the industrial control computer, so that the industrial control computer replaces the real-time control codes with the pre-stored control codes. With the control code anomaly detection method and device of the invention adopted, attacks can be disabled when attack modes cannot be identified or attacks exist in a system, and therefore, the safety of the industrial control computer can be improved.
Description
Technical field
The present invention relates to industrial control field, particularly relate to a kind of control routine method for detecting abnormality and device.
Background technology
Under industrialization and informationalized background, modern industrial enterprises for the production of control system be more and more connected among internet, play the integrated benefit of infosystem.But thing followed network security problem is also day by day obvious.And because industrial control system network is design or deployment initial stage paying little attention to for network security, also exacerbate the network security problem of industrial control system, once safety problem occurs to occur the loss larger than information network security event.The network attack that such as famous " shake net stuxnet " virus is carried out for Siemens control system exactly.
Industrial control computer (abbreviation industrial computer) a kind of adopts bus structure, production run and electromechanical equipment thereof, technological equipment carried out to the instrument general name of Detection & Controling.It has important computing machine attribute and feature, as: there is computer CPU, hard disk, internal memory, peripheral hardware and interface, and have real-time operating system, net control and agreement, computing power, friendly man-machine interface etc.Industrial computer is mainly divided into following a few class: IPC (PC bus industrial computer), PLC (programmable control system), DCS (distributed control system), FCS (field bus system) and CNC (digital control system) etc.
In the industrial system security protection of present stage, the method for detecting abnormality such as usual employing fire wall, intruding detection system carry out abnormality detection to the control routine in industrial control computer, so-called control routine occur abnormal refer to control routine exist be tampered, delete, the abnormal conditions such as increase.But this abnormality detection mode can only detect known attack pattern, that those the unknowns cannot be detected, novel network attack mode.And, because existing threat detection method is detected by network, and the attack (such as utilizing USB flash disk to implant) occurring in robot control system(RCS) inside can be walked around network and attacks, so the threat detection mode of present stage can not detect the attack occurring in robot control system(RCS) inside.
Summary of the invention
In order to solve that prior art exists due to can't detect the attack of internal system or None-identified the unknown, novel method of network attack and cause affecting the technological deficiency of the security of industrial control computer, the invention provides a kind of control routine method for detecting abnormality and device, also attack can be made in the case of an attack to lose efficacy can not identifying attack pattern or deposit in internal system, improve the security of industrial control computer.
Embodiments provide a kind of control routine method for detecting abnormality, described method comprises:
Send real-time control routine to industrial control computer and extract request;
Receive the real-time control routine that industrial control computer sends, and described real-time control routine and the control routine that prestores are compared, if do not mate, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer described real-time control routine replaced with described in prestore control routine.
Preferably, described described real-time control routine and the control routine that prestores to be compared, if do not mate, then prestore described in sending to described industrial control computer control routine, with make described industrial control computer described real-time control routine replaced with described in the control routine that prestores comprise:
Logic run time version in described real-time control routine and the described logic run time version prestored in control routine are compared, if inconsistent, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer the logic run time version in described real-time control routine replaced with described in the logic run time version that prestores in control routine.
Preferably, described described real-time control routine and the control routine that prestores to be compared, if do not mate, then prestore described in sending to described industrial control computer control routine, with make described industrial control computer described real-time control routine replaced with described in the control routine that prestores comprise:
The form of service data in the form of service data in described real-time control routine and the described control routine that prestores is compared, if inconsistent, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer the form of the service data in described real-time control routine replaced with described in prestore the form of service data in control routine.
Preferably, described described real-time control routine and the control routine that prestores to be compared, if do not mate, then prestore described in sending to described industrial control computer control routine, with make described industrial control computer described real-time control routine replaced with described in the control routine that prestores comprise:
By the corresponding relation of the data symbol in described real-time control routine and address, compare with the described corresponding relation prestoring data symbol in control routine and address, if inconsistent, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer the corresponding relation of the data symbol in described real-time control routine and address replaced with described in prestore the corresponding relation of data symbol and address in control routine.
Preferably, described industrial control computer comprises terminal device and/or controller.
Embodiments provide a kind of control routine abnormal detector, described device comprises: request transmitting unit, receiving element, comparing unit and code transmitting element;
Wherein, described request transmitting element is connected with described receiving element, and described receiving element is connected with described comparing unit, and described comparing unit is connected with described code transmitting element;
Described request transmitting element, extracts request for sending real-time control routine to industrial control computer;
Described receiving element, for receiving the real-time control routine that industrial control computer sends;
Described comparing unit, for described real-time control routine and the control routine that prestores being compared, if do not mate, then activates described code transmitting element;
Described code transmitting element, for the control routine that prestores described in sending to described industrial control computer, with make described industrial control computer described real-time control routine replaced with described in prestore control routine.
Preferably, described comparing unit specifically for:
Logic run time version in described real-time control routine and the described logic run time version prestored in control routine are compared, if inconsistent, then activates described code transmitting element;
Described code transmitting element, specifically for:
Prestore described in sending to described industrial control computer control routine, with make described industrial control computer the logic run time version in described real-time control routine replaced with described in the logic run time version that prestores in control routine.
Preferably, described comparing unit specifically for:
The form of service data in the form of service data in described real-time control routine and the described control routine that prestores is compared, if inconsistent, then activates described code transmitting element;
Described code transmitting element, specifically for:
Prestore described in sending to described industrial control computer control routine, with make described industrial control computer the form of the service data in described real-time control routine replaced with described in prestore the form of service data in control routine.
Preferably, described comparing unit specifically for:
Data symbol in described real-time control routine and the corresponding relation of address, compare with the described corresponding relation prestoring data symbol in control routine and address, if inconsistent, then activate described code transmitting element;
Described code transmitting element, specifically for:
Prestore described in sending to described industrial control computer control routine, with make described industrial control computer the corresponding relation of the data symbol in described real-time control routine and address replaced with described in prestore the corresponding relation of data symbol and address in control routine.
Preferably, described industrial control computer comprises terminal device and/or controller.
What industrial control computer sent by control routine method for detecting abnormality provided by the invention compares described real-time control routine and the control routine that prestores, if do not mate, prestore described in then sending to described industrial control computer control routine, therefore the attack of automatic network no matter is carried out, or from the attack of non-network, also can identify regardless of attack pattern, or identify not out, as long as there occurs attack, described real-time control routine is just bound to change, as long as control routine is detected and there occurs change in real time, just go to replace real-time control routine by the control routine prestored in advance, lost efficacy to make attack, ensure the safety of industrial control computer.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the process flow diagram of a kind of control routine method for detecting abnormality embodiment provided by the invention;
Fig. 2 is the structured flowchart of a kind of control routine abnormal detector embodiment provided by the invention.
Embodiment
The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Embodiment of the method:
See Fig. 1, this figure is the process flow diagram of a kind of control routine method for detecting abnormality embodiment provided by the invention.
The control routine method for detecting abnormality that the present embodiment provides comprises the steps:
Step S101: send real-time control routine to industrial control computer and extract request.
In industrial control computer operational process, some parameters in control routine may change, and therefore we claim the control routine in industrial control computer operational process to be real-time control routine.Because described real-time control routine is likely tampered, therefore in the present embodiment, send real-time control routine to industrial control computer and extract request, its objective is in order to described real-time control routine and the control routine prestored are compared, if coupling, then think that described real-time control routine is not tampered; If do not mate, then think that described real-time control routine is tampered.
In actual applications, the main body performing described control routine method for detecting abnormality can be server, and can be also terminal device etc., the present invention be not specifically limited, and in the present embodiment, this executive agent is called safety shield server.Described safety shield server can be connected by specific industrial control system network interface with described industrial control computer.
Step S102: receive the real-time control routine that industrial control computer sends, and described real-time control routine and the control routine that prestores are compared, if do not mate, then perform step S103.
Described real-time control routine, after the described real-time control routine receiving the transmission of safety shield server extracts request, is sent to described safety shield server by industrial control computer.Described real-time control routine and the control routine that prestores, after receiving described real-time control routine, are compared by described safety shield server.The described control routine that prestores is the control routine of recent renewal or original control routine.Concrete, in actual applications, if the real-time control routine run in described industrial control computer is original control routine, the control routine that prestores is so original control routine; If the real-time control routine run in described industrial control computer is the control routine of carrying out upgrading on the basis of original control routine, the control routine that prestores is so just up-to-date control routine of once upgrading.
In the present embodiment, described real-time control routine and the described control routine that prestores can be divided into three kinds and compare respectively, they respectively: the corresponding relation of logic run time version, service data and data symbol and address.Wherein, described logic run time version be real-time control routine or described in prestore the main body of control routine, have expressed the actuating logic and step that perform object.In actual applications, described logic run time version generally represents with 16 systems, when the logic run time version of the logic run time version of control routine real-time described in comparison and the described control routine that prestores, want byte-by-bytely to compare, only have and identically just think that described logic run time version is not tampered.
Is commercial unit faced by industrial control computer, in commercial unit operational process, described industrial control computer can detect the service data of commercial unit in real time, because these data detect in real time, therefore there is the characteristic of real-time change, the rotating speed of such as engine.Thus, when service data and the described service data prestored in control routine of control routine real-time described in comparison, the form being actually service data of comparison, as long as the form of service data is identical, so just thinks that described service data is not tampered.
In addition, be cited due in the process that data symbol performs at logic run time version, and data symbol is generally stored in corresponding address, therefore needs being mapped data symbol and address, to find the data symbol of correspondence according to address, in table 1.If the address that data symbol same in the address that in real time each data symbol of control routine is corresponding and the described control routine that prestores is corresponding is identical, so just think that the described data symbol of real-time control routine is consistent with the corresponding relation of address with the described data symbol prestored in control routine with the corresponding relation of address, be not tampered.
Table 1
Step S103: prestore described in sending to described industrial control computer control routine, with make described industrial control computer described real-time control routine replaced with described in prestore control routine.
In the present embodiment, if described real-time control routine is not mated with the described control routine that prestores, then think that described real-time control routine is tampered, in this case, safety shield server to prestore control routine described in sending to industrial control computer, with make described industrial control computer described real-time control routine replaced with described in prestore control routine.
The control routine method for detecting abnormality that the present embodiment provides, no matter carry out the attack of automatic network, or from the attack of non-network, also no matter attack pattern can identify, or identify not out, as long as there occurs attack, described real-time control routine is just bound to change, as long as real-time control routine is detected there occurs change, just goes to replace real-time control routine by the control routine prestored in advance, to make attack lose efficacy, ensure the safety of industrial control computer.
Based on a kind of control routine method for detecting abnormality that above embodiment provides, the embodiment of the present invention additionally provides a kind of control routine abnormal detector, describes its principle of work in detail below in conjunction with accompanying drawing.
Device embodiment:
See Fig. 2, this figure is the structured flowchart of a kind of control routine abnormal detector embodiment provided by the invention.
The control routine abnormal detector that the present embodiment provides comprises: request transmitting unit 101, receiving element 102, comparing unit 103 and code transmitting element 104;
Wherein, described request transmitting element 101 is connected with described receiving element 102, and described receiving element 102 is connected with described comparing unit 103, and described comparing unit 103 is connected with described code transmitting element 104;
Described request transmitting element 101, extracts request for sending real-time control routine to industrial control computer;
Described receiving element 102, for receiving the real-time control routine that industrial control computer sends;
Described comparing unit 103, for described real-time control routine and the control routine that prestores being compared, if do not mate, then activates described code transmitting element 104;
Described code transmitting element 104, for the control routine that prestores described in sending to described industrial control computer, with make described industrial control computer described real-time control routine replaced with described in prestore control routine.
The control routine method for detecting abnormality that the present embodiment provides, no matter carry out the attack of automatic network, or from the attack of non-network, also no matter attack pattern can identify, or identify not out, as long as there occurs attack, described real-time control routine is just bound to change, as long as real-time control routine is detected there occurs change, just goes to replace real-time control routine by the control routine prestored in advance, to make attack lose efficacy, ensure the safety of industrial control computer.
Further, described real-time control routine and the described control routine that prestores can be divided into three kinds and compare respectively, they respectively: the corresponding relation of logic run time version, service data and data symbol and address.
About first kind: logic appointment codes, described comparing unit 103 specifically for:
Logic run time version in described real-time control routine and the described logic run time version prestored in control routine are compared, if inconsistent, then activates described code transmitting element 104;
Described code transmitting element 104, specifically for:
Prestore described in sending to described industrial control computer control routine, with make described industrial control computer the logic run time version in described real-time control routine replaced with described in the logic run time version that prestores in control routine.
About second kind: service data, described comparing unit 103 specifically for:
The form of service data in the form of service data in described real-time control routine and the described control routine that prestores is compared, if inconsistent, then activates described code transmitting element 104;
Described code transmitting element 104, specifically for:
Prestore described in sending to described industrial control computer control routine, with make described industrial control computer the form of the service data in described real-time control routine replaced with described in prestore the form of service data in control routine.
About the 3rd kind: the corresponding relation of data symbol and address, described comparing unit 103 specifically for:
Data symbol in described real-time control routine and the corresponding relation of address, compare with the described corresponding relation prestoring data symbol in control routine and address, if inconsistent, then activate described code transmitting element 104;
Described code transmitting element 104, specifically for:
Prestore described in sending to described industrial control computer control routine, with make described industrial control computer the corresponding relation of the data symbol in described real-time control routine and address replaced with described in prestore the corresponding relation of data symbol and address in control routine.
When introducing elements of various embodiments of the present invention, article " ", " one ", " this " and " described " are all intended to indicate one or more element.Word " comprises ", " comprising " and " having " be all comprising property and mean except the element listed to have other element.
It should be noted that, one of ordinary skill in the art will appreciate that all or part of flow process realized in said method embodiment, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process as above-mentioned each side method embodiment.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-OnlyMemory, ROM) or random store-memory body (RandomAccessMemory, RAM) etc.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for device embodiment, because it is substantially similar to embodiment of the method, so describe fairly simple, relevant part illustrates see the part of embodiment of the method.Device embodiment described above is only schematic, and the wherein said unit that illustrates as separating component and module can or may not be physically separates.In addition, some or all of unit wherein and module can also be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
The above is only the specific embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. a control routine method for detecting abnormality, is characterized in that, described method comprises:
Send real-time control routine to industrial control computer and extract request;
Receive the real-time control routine that industrial control computer sends, and described real-time control routine and the control routine that prestores are compared, if do not mate, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer described real-time control routine replaced with described in prestore control routine.
2. method according to claim 1, it is characterized in that, described described real-time control routine and the control routine that prestores to be compared, if do not mate, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer described real-time control routine replaced with described in the control routine that prestores comprise:
Logic run time version in described real-time control routine and the described logic run time version prestored in control routine are compared, if inconsistent, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer the logic run time version in described real-time control routine replaced with described in the logic run time version that prestores in control routine.
3. method according to claim 1, it is characterized in that, described described real-time control routine and the control routine that prestores to be compared, if do not mate, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer described real-time control routine replaced with described in the control routine that prestores comprise:
The form of service data in the form of service data in described real-time control routine and the described control routine that prestores is compared, if inconsistent, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer the form of the service data in described real-time control routine replaced with described in prestore the form of service data in control routine.
4. method according to claim 1, it is characterized in that, described described real-time control routine and the control routine that prestores to be compared, if do not mate, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer described real-time control routine replaced with described in the control routine that prestores comprise:
By the corresponding relation of the data symbol in described real-time control routine and address, compare with the described corresponding relation prestoring data symbol in control routine and address, if inconsistent, prestore described in then sending to described industrial control computer control routine, with make described industrial control computer the corresponding relation of the data symbol in described real-time control routine and address replaced with described in prestore the corresponding relation of data symbol and address in control routine.
5. method according to claim 1, is characterized in that, described industrial control computer comprises terminal device and/or controller.
6. a control routine abnormal detector, is characterized in that, described device comprises: request transmitting unit, receiving element, comparing unit and code transmitting element;
Wherein, described request transmitting element is connected with described receiving element, and described receiving element is connected with described comparing unit, and described comparing unit is connected with described code transmitting element;
Described request transmitting element, extracts request for sending real-time control routine to industrial control computer;
Described receiving element, for receiving the real-time control routine that industrial control computer sends;
Described comparing unit, for described real-time control routine and the control routine that prestores being compared, if do not mate, then activates described code transmitting element;
Described code transmitting element, for the control routine that prestores described in sending to described industrial control computer, with make described industrial control computer described real-time control routine replaced with described in prestore control routine.
7. device according to claim 6, is characterized in that, described comparing unit specifically for:
Logic run time version in described real-time control routine and the described logic run time version prestored in control routine are compared, if inconsistent, then activates described code transmitting element;
Described code transmitting element, specifically for:
Prestore described in sending to described industrial control computer control routine, with make described industrial control computer the logic run time version in described real-time control routine replaced with described in the logic run time version that prestores in control routine.
8. device according to claim 6, is characterized in that, described comparing unit specifically for:
The form of service data in the form of service data in described real-time control routine and the described control routine that prestores is compared, if inconsistent, then activates described code transmitting element;
Described code transmitting element, specifically for:
Prestore described in sending to described industrial control computer control routine, with make described industrial control computer the form of the service data in described real-time control routine replaced with described in prestore the form of service data in control routine.
9. device according to claim 6, is characterized in that, described comparing unit specifically for:
Data symbol in described real-time control routine and the corresponding relation of address, compare with the described corresponding relation prestoring data symbol in control routine and address, if inconsistent, then activate described code transmitting element;
Described code transmitting element, specifically for:
Prestore described in sending to described industrial control computer control routine, with make described industrial control computer the corresponding relation of the data symbol in described real-time control routine and address replaced with described in prestore the corresponding relation of data symbol and address in control routine.
10. device according to claim 6, is characterized in that, described industrial control computer comprises terminal device and/or controller.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510974292.3A CN105446322B (en) | 2015-12-21 | 2015-12-21 | A kind of control routine method for detecting abnormality and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510974292.3A CN105446322B (en) | 2015-12-21 | 2015-12-21 | A kind of control routine method for detecting abnormality and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105446322A true CN105446322A (en) | 2016-03-30 |
| CN105446322B CN105446322B (en) | 2019-03-01 |
Family
ID=55556642
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510974292.3A Active CN105446322B (en) | 2015-12-21 | 2015-12-21 | A kind of control routine method for detecting abnormality and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105446322B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060230289A1 (en) * | 2005-03-29 | 2006-10-12 | International Business Machines | Source code management method for malicious code detection |
| CN101162992A (en) * | 2007-09-29 | 2008-04-16 | 中国人民解放军信息工程大学 | Cipher protocol safety operation protecting method and system of tolerant intrusion |
| EP2140344A2 (en) * | 2007-03-21 | 2010-01-06 | Site Protege Information Security Technologies Ltd | System and method for identification, prevention and management of web-sites defacement attacks |
| CN102436560A (en) * | 2011-08-22 | 2012-05-02 | 高振宇 | Computer self-defending system and method |
| CN102831050A (en) * | 2011-06-14 | 2012-12-19 | 湘潭大学 | Abnormal behavior detection and guide safety method for control software of wind generation set |
| CN103944915A (en) * | 2014-04-29 | 2014-07-23 | 浙江大学 | Threat detection and defense device, system and method for industrial control system |
| WO2014144961A1 (en) * | 2013-03-15 | 2014-09-18 | Oracle International Corporation | Establishing trust between applications on a computer |
| CN105122261A (en) * | 2013-04-23 | 2015-12-02 | 惠普发展公司,有限责任合伙企业 | Recovering from compromised system boot code |
-
2015
- 2015-12-21 CN CN201510974292.3A patent/CN105446322B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060230289A1 (en) * | 2005-03-29 | 2006-10-12 | International Business Machines | Source code management method for malicious code detection |
| EP2140344A2 (en) * | 2007-03-21 | 2010-01-06 | Site Protege Information Security Technologies Ltd | System and method for identification, prevention and management of web-sites defacement attacks |
| CN101162992A (en) * | 2007-09-29 | 2008-04-16 | 中国人民解放军信息工程大学 | Cipher protocol safety operation protecting method and system of tolerant intrusion |
| CN102831050A (en) * | 2011-06-14 | 2012-12-19 | 湘潭大学 | Abnormal behavior detection and guide safety method for control software of wind generation set |
| CN102436560A (en) * | 2011-08-22 | 2012-05-02 | 高振宇 | Computer self-defending system and method |
| WO2014144961A1 (en) * | 2013-03-15 | 2014-09-18 | Oracle International Corporation | Establishing trust between applications on a computer |
| CN105122261A (en) * | 2013-04-23 | 2015-12-02 | 惠普发展公司,有限责任合伙企业 | Recovering from compromised system boot code |
| CN103944915A (en) * | 2014-04-29 | 2014-07-23 | 浙江大学 | Threat detection and defense device, system and method for industrial control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105446322B (en) | 2019-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9874869B2 (en) | Information controller, information control system, and information control method | |
| Caselli et al. | Sequence-aware intrusion detection in industrial control systems | |
| US10819721B1 (en) | Systems and methods for monitoring traffic on industrial control and building automation system networks | |
| KR102251600B1 (en) | A system and method for securing an industrial control system | |
| Eden et al. | A forensic taxonomy of SCADA systems and approach to incident response | |
| JP5926491B2 (en) | Method for security maintenance in a network and computer readable medium having computer readable instructions of a computer program causing a processor to perform the method for security maintenance | |
| US20180063191A1 (en) | System and method for using a virtual honeypot in an industrial automation system and cloud connector | |
| Robles-Durazno et al. | PLC memory attack detection and response in a clean water supply system | |
| US9245147B1 (en) | State machine reference monitor for information system security | |
| CN103077345B (en) | Based on software authorization method and the system of virtual machine | |
| WO2013117148A1 (en) | Method and system for detecting behaviour of remotely intruding into computer | |
| CN105635079A (en) | Network isolation gap data exchange system | |
| EP3427175A1 (en) | System and method for performing in-cloud security operations on connected devices | |
| CN112242991B (en) | System and method for associating events to detect information security incidents | |
| GB2532630A (en) | Network intrusion alarm method and system for nuclear power station | |
| CN102868699A (en) | Method and tool for vulnerability detection of server providing data interaction services | |
| CN112202704A (en) | Block chain intelligent contract safety protection system | |
| US20210021613A1 (en) | Systems and methods for correlating events to detect an information security incident | |
| US10423151B2 (en) | Controller architecture and systems and methods for implementing the same in a networked control system | |
| Johnson | Barriers to the use of intrusion detection systems in safety-critical applications | |
| CN111935085A (en) | Method and system for detecting and protecting abnormal network behaviors of industrial control network | |
| CN111159718B (en) | Method and device for bug repair and household appliance | |
| US10051004B2 (en) | Evaluation system | |
| CN105446322A (en) | Control code anomaly detection method and device | |
| Szabó | Cybersecurity issues in industrial control systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |