CN107493265B - A kind of network security monitoring method towards industrial control system - Google Patents

A kind of network security monitoring method towards industrial control system Download PDF

Info

Publication number
CN107493265B
CN107493265B CN201710605143.9A CN201710605143A CN107493265B CN 107493265 B CN107493265 B CN 107493265B CN 201710605143 A CN201710605143 A CN 201710605143A CN 107493265 B CN107493265 B CN 107493265B
Authority
CN
China
Prior art keywords
information
control system
network
industrial control
analysis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710605143.9A
Other languages
Chinese (zh)
Other versions
CN107493265A (en
Inventor
许洪强
黄益彬
郭建成
陶洪铸
周劼英
韩勇
程长春
朱世顺
杨维永
陈功胜
李牧野
杨雨轩
景娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Nari Information and Communication Technology Co
Nanjing NARI Group Corp
Original Assignee
State Grid Corp of China SGCC
Nari Information and Communication Technology Co
Nanjing NARI Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Nari Information and Communication Technology Co, Nanjing NARI Group Corp filed Critical State Grid Corp of China SGCC
Priority to CN201710605143.9A priority Critical patent/CN107493265B/en
Publication of CN107493265A publication Critical patent/CN107493265A/en
Application granted granted Critical
Publication of CN107493265B publication Critical patent/CN107493265B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The network security monitoring method towards industrial control system that the invention discloses a kind of, includes the following steps:Acquire the relevant information of industrial control system internal monitoring object;Safety analysis is carried out to collected relevant information;When analysis has found potential abnormal behaviour, associated safety management and control order is generated, and be issued to related monitoring object and executed, blocks abnormal behaviour.The present invention carries out abundant data by the core networked devices to industrial control system and acquires, realize the real-time monitoring to industrial control systems major security risk behaviors such as peripheral hardware access, personnel's operation, network external connections, simultaneously, by carrying out analyzing processing to various actions, abnormal behaviour is found and blocked in time, is truly realized the Initiative Defense of industrial control system.For being difficult to effectively for conventional security safeguard procedures to be applied to the present situation of industrial control system, solves the major security threat that current industrial control system faces well from the angle of monitoring and early warning.

Description

A kind of network security monitoring method towards industrial control system
Technical field
The present invention relates to field of information security technology more particularly to a kind of network security monitorings towards industrial control system Method.
Background technology
It is each that industrial control system based on acquisition, monitoring, control is widely used in electric power, petrochemical industry, traffic, metallurgy etc. Industry realizes the automation of Industry Control.Typical industrial control system includes SCADA (Supervisory Control And Data Acquisition, monitoring control with data acquire), DCS (Distributed Control System, distribution Formula control system), PLC (Programmable Logic Controller, programmable logic controller (PLC)) etc..With China's work Industry, information-based increasingly fusion, computer technology and network communication technology are in the extensive use of industrial control system, traditional work Industry control system has gradually broken previous closure and monopoly, standard, general communication protocol and software and hardware system application More extensively.Industrial control system is also faced with increasing safe prestige while promoting automation, the level of IT application The side of body.The industry control security incident frequently occurred in recent years is that people have beaten alarm bell.
Compared with conventional systems, industrial control system is due to real-time, reliability, work continuity etc. Particular/special requirement seldom considers safety at the beginning of design, when in use often seldom installation anti-virus Trojan software, seldom progress The upgrading of system vulnerability patch leads to the infection of industrial control system pole susceptible viral wooden horse.And in the day of industrial control system In normal operation and maintenance, the use of the mobile memory mediums such as USB flash disk, CD, the use of producer's O&M notebook, which often becomes, to be introduced The window of viral wooden horse.
For such case, part industry in management from strengthening to mobile memory medium in industrial control system and O&M The use of notebook, as remove industrial control system in unnecessary USB interface, CD-ROM drive, using special O&M notebook into Safe O&M of row etc..The application of these management measures plays good effect, but day-to-day operation and maintenance work also occurs Inconvenience, the unreachable position of management measure, the problems such as artificial malice violation operation can not be limited.
For this reason, it is necessary to technically prevent the day-to-day operation of industrial control system and the supervision for safeguarding progress overall process Only because Misuse mobile memory medium, using band malicious O&M notebook due to introduce viral wooden horse, while being also required to be subsequent Audit backtracking proposes data supporting.
Invention content
In view of the drawbacks described above of the prior art, technical problem to be solved by the invention is to provide one kind to control towards industry The network security monitoring method of system processed, so as to solve the deficiencies in the prior art.
A kind of network security monitoring method towards industrial control system of the present invention, including following steps:
Step 1 acquires the relevant information of industrial control system internal monitoring object;
Step 2 carries out safety analysis to collected relevant information;
Step 3 generates associated safety management and control order, is issued to related monitoring when analysis has found potential abnormal behaviour Object is executed, and abnormal behaviour is blocked.
In step 1, the monitoring object includes the network equipment, safety equipment, host equipment three classes, the network equipment Including industry control interchanger, the safety equipment includes fire wall, gateway isolating device, VPN encryption devices, the host equipment packet Include monitoring host computer, communication network shutdown, server, work station.
In step 1, the relevant information is divided into urgent, important, common, general from high to low from information severity Four classes.
In step 1, the relevant information is divided into access information, log-on message, operation information, shape from information type State information, network connection information, six class of security event information;The access information includes the access and notes of movable storage device This computer passes through network insertion;The log-on message includes the local and Telnet information to all monitoring objects, including is stepped on Record successful information, login failure information and information of logging off;The operation information refers to logging on to host by remote terminal The operational order carried out after equipment and the network equipment and operational order result echo message;The status information includes that CPU is utilized Rate, memory usage, disk space utilization rate, network interface flow;The network connection information refer to present on host equipment with External TCP/UDP link informations;The security event information refers to the security event information that safety equipment detects.
Above-mentioned movable storage device includes USB flash disk, mobile hard disk, USB CD-ROM drives, USB network card, mobile phone and CD.
In step 1, the monitoring object support is adopted by SNMP, SYSLOG, self-defined specialized protocol mode into row information Collection.
In step 2, the safety analysis includes statistical analysis, abnormality detection and association analysis;The statistical analysis refers to Acquisition information is counted from information source, information type, information importance level, same day information content, of that month information content; The abnormality detection refer to analysis detect that access is abnormal, log in exception, operation exception, abnormal state, network external connection exception and Exception safety event;The abnormal access for including the movable storage device, notebook not within the scope of white list of access;It is described It refers to login of the continuous login failure number more than defined threshold to log in abnormal;The operation exception refers to performing the danger of definition Dangerous operational order is modified the controlled catalogue of definition, the content of controlled file, permission;The abnormal state refers to CPU Utilization rate, memory usage, disk space utilization rate, network interface flow have been more than defined threshold value;The network external connection is extremely Point out to have showed the network connection not in security strategy allowable range;The exception safety event refers to not meeting access control plan Access Events slightly, assault;The association analysis refers to that being associated property is analyzed between discrete acquisition information, Find out the incidence relation between the acquisition information of various discrete.
The specific method is as follows for above-mentioned safety analysis:
(2-1) carries out duplicate removal, cleaning, classification, formatting processing to the information of acquisition;
(2-2) is from information source, information type, information importance level, same day information content, of that month information content to acquisition Information carries out comprehensive statistics;
(2-3) is carried out abnormality detection, and according to the type of acquisition information, detects the information with the presence or absence of abnormal;If do not deposited , and the significance level of the information is general, then return to step (2-1) otherwise turns to step (2-4);
(2-4) is associated analysis, from cluster, when things for having collected and surveyed with other of the current individual event information of ordered pair Part information is associated analysis, identifies the behavior sequence belonging to current event information, and belonging to the event information is added to Behavior sequence in;
(2-5) searches knowledge base, impends analysis to the behavior sequence;If analysis result does not threaten and the row For the sequence ends, then behavior sequence and return to step (2-1) are deleted;If not yet recognizing threat, and behavior sequence is still It is not finished, then return to step (2-1) continues;If identifying that behavior sequence exists abnormal or threatens, step (2- is turned to 6);
(2-6) carries out security alarm, and starts Subsequent secure management and control order.
In step 3, security management and control order issues support various ways, including is issued by SNMP, by self-defined special Agreement issues.
In step 3, the method for blocking abnormal behaviour includes following several:The connect USB of suspicious movable storage device is disabled to connect Mouth, the port for closing the interchanger that O&M notebook is connect prevent risky operation instruction execution, disconnect suspect login connection, add Access control policy is added to prevent unauthorized access.
The beneficial effects of the invention are as follows:
The present invention carries out abundant data by the core networked devices to industrial control system and acquires, and realizes to peripheral hardware The real-time monitoring of the industrial control systems major security risk behaviors such as access, personnel's operation, network external connection, meanwhile, by each Kind behavior carries out analyzing processing, finds and blocks abnormal behaviour in time, be truly realized the Initiative Defense of industrial control system.It is right In being difficult to effectively for conventional security safeguard procedures to be applied to the present situation of industrial control system, the method for the present invention is from the angle of monitoring and early warning Degree solves the major security threat that current industrial control system faces well.
The technique effect of the design of the present invention, concrete structure and generation is described further below with reference to attached drawing, with It is fully understood from the purpose of the present invention, feature and effect.
Description of the drawings
Fig. 1 is the structure chart of the present invention.
Fig. 2 is the safety analysis process chart of the present invention.
Specific implementation mode
As shown in Figure 1, a kind of network security monitoring method towards industrial control system, includes the following steps:
Step 1 acquires the relevant information of industrial control system internal monitoring object;
Step 2 carries out safety analysis to collected relevant information;
Step 3 generates associated safety management and control order, and be issued to related prison when analysis has found potential abnormal behaviour It surveys object to be executed, blocks abnormal behaviour.
In the present embodiment, the monitoring object includes the network equipment, safety equipment, host equipment three classes, and the network is set Standby refers to industry control interchanger, passes through snmp such as network interface status information by snmp mode active obtaining interchanger relevant informations Trap modes obtain the security incident of interchanger generation, such as network interface up, network interface down access events, illegal MAC access events, User logs in interchanger event etc..It needs to carry out Safe Transformation to industry control interchanger to support the acquisition of above- mentioned information.
Safety equipment includes fire wall, gateway isolating device, VPN encryption devices, and peace is acquired by standard SYSLOG modes Full device-dependent message, including user log in security device information, violate access control policy information, attack information, match Set modification information etc..It needs to carry out Safe Transformation to safety equipment to support the acquisition of above- mentioned information.
Host equipment includes monitoring host computer, communication network shutdown, work station.By installing agent agent ways in host Realize that the acquisition of host information, agent report information by self-defined specialized protocol.The information of agent acquisitions includes mainly using Family logs in host information, illegal external connection information, user operation commands and echo message, movable storage device or mobile phone etc. and passes through USB interface hot plug event information, risky operation information etc..Agent supports the industrial control systems such as Linux, Unix, Windows The interior common operating system of host equipment.
In the present embodiment, the relevant information includes access information, log-on message, operation information, status information, network company Connect information, security event information;Access information includes that the computer equipments such as access and the laptop of movable storage device pass through Network insertion;Log-on message includes the local and Telnet information to all monitoring objects, including logins successfully information, logs in Failure information and information of logging off;Operation information refers to being carried out after logging on to host equipment and the network equipment by remote terminal Operational order and operational order result echo message;Status information, which includes cpu busy percentage, memory usage, disk space, to be made With rate, network interface flow;Network connection information refers to present on host equipment and the TCP/UDP link informations of outside;Safe thing Part information refers to the security event information that safety equipment detects, including violates the access of access control policy, attack alarm.
In the present embodiment, movable storage device includes USB flash disk, mobile hard disk, USB CD-ROM drives, USB network card, mobile phone, CD.
In the present embodiment, the monitoring object is supported to carry out by SNMP, SYSLOG, self-defined specialized protocol various ways Information collection.
In the present embodiment, step 2 safety analysis includes statistical analysis, abnormality detection and association analysis.Primary network is attacked The combination of many different single behaviors on an attack chain is often shown as, the error of any one link may all cause to attack Failure.By the collection of these single behaviors, analyze, it can be found that its potential incidence relation, and then analyze possible Attack prevents the generation of attack from providing basis for the follow-up attack chain of cut-out in time.
The method of the present invention by being accessed to peripheral hardware, personnel's operation, the collection of the various security related informations such as network external connection, tool For the data basis of further analysis.By believing access information, log-on message, operation information, status information, network connection Breath, security event information are associated analysis, draw a portrait to the behavior of user or malicious code, are carried out pair in conjunction with historical behavior Than reaching the identification to abnormal behaviour.
As shown in Fig. 2, the specific safety analysis flow of the method for the present invention is as follows:
1) pretreatments such as duplicate removal, cleaning, classification, formatting are carried out to the information of acquisition;
2) for statistical analysis, from information source, information type, information importance level, same day information content, work as month information The dimensions such as quantity carry out comprehensive statistics to acquisition information;
3) it carries out abnormality detection, according to the type of acquisition information, detects the information with the presence or absence of abnormal.If it does not, And the significance level of the information is general, then return to step 1), otherwise, turn to step 4);
4) be associated analysis, from cluster, sequential etc. to current individual event information and other collected and surveyed Event information be associated analysis, identify the behavior sequence belonging to current event information, and the event information is added to In affiliated behavior sequence;
5) knowledge base is searched, is impended analysis to the behavior sequence;If analysis result does not threaten and the behavior The sequence ends then delete behavior sequence and return to step 1);If not yet recognizing threat, and behavior sequence is not yet tied Beam, then return to step 1) continue;If identifying that behavior sequence exists abnormal or threatens, step 6) is turned to;
6) security alarm is carried out, and starts Subsequent secure management and control order.
In the present embodiment, step 3 generates security management and control order, and is issued to related monitoring object and is executed, wherein pacifying Full management and control order issues support various ways, including is issued by SNMP, issued by self-defined specialized protocol.
In the present embodiment, the method that step 3 blocks abnormal behaviour includes following several:Disable suspicious movable storage device Connect USB interface, the port for closing the interchanger that O&M notebook is connect prevent risky operation instruction execution, disconnect suspicious step on Record connection, addition access control policy prevent unauthorized access.
For different monitoring objects, different security management and control orders is issued in different ways, is such as set for network It is standby, the switch port that suspect device is connect is closed by SNMP mode transmitting order to lower levels;For safety equipment, by self-defined special There is agreement to issue access control policy and prevents unauthorized access;For host equipment, disconnection is issued by self-defined proprietary protocol and is stepped on Record connection is disabled temporarily in the instructions to host such as suspicious account number logs in, disables USB interface temporarily, prevention risky operation executes Agent is acted on behalf of, and is executed instruction by agent agencies.
The above method has carried out real-time monitoring and pipe to the major security threat faced inside current industrial control system Reason, in the case where not carrying out big Safe Transformation to industrial control system inside, can be obviously improved in industrial control system The safety protection level in portion effectively resists the attack of virus, wooden horse.In addition, this method is versatile, it is applicable to electric power, stone The industrial control system of multiple industries such as change, traffic, metallurgy.
The preferred embodiment of the present invention has been described in detail above.It should be appreciated that those skilled in the art without It needs creative work according to the present invention can conceive and makes many modifications and variations.Therefore, all technologies in the art Personnel are available by logical analysis, reasoning, or a limited experiment on the basis of existing technology under this invention's idea Technical solution, all should be in the protection domain being defined in the patent claims.

Claims (8)

1. a kind of network security monitoring method towards industrial control system, which is characterized in that including following steps:
Step 1 acquires the relevant information of industrial control system internal monitoring object;
Step 2 carries out safety analysis to collected relevant information;
Step 3 generates associated safety management and control order, is issued to related monitoring object when analysis has found potential abnormal behaviour It is executed, blocks abnormal behaviour;
In step 2, the safety analysis includes statistical analysis, abnormality detection and association analysis;The statistical analysis refers to from letter Breath source, information type, information importance level, same day information content, of that month information content count acquisition information;It is described Abnormality detection refers to that analysis detects that abnormal access, login exception, operation exception, abnormal state, network external connection are abnormal and abnormal Security incident;The abnormal access for including the movable storage device, notebook not within the scope of white list of access;The login Exception refers to the login that continuous login failure number is more than defined threshold;The operation exception refers to performing the dangerous behaviour of definition It instructs, the controlled catalogue of definition, the content of controlled file, permission is modified;The abnormal state refers to that CPU is utilized Rate, memory usage, disk space utilization rate, network interface flow have been more than defined threshold value;The network external connection is pointed out extremely The network connection not in security strategy allowable range is showed;The exception safety event refers to not meeting access control policy Access Events, assault;The association analysis refers to that being associated property is analyzed between discrete acquisition information, is found out Incidence relation between the acquisition information of various discrete;
The specific method is as follows for the safety analysis:
(2-1) carries out duplicate removal, cleaning, classification, formatting processing to the information of acquisition;
(2-2) is from information source, information type, information importance level, same day information content, of that month information content to acquiring information Carry out comprehensive statistics;
(2-3) is carried out abnormality detection, and according to the type of acquisition information, detects the information with the presence or absence of abnormal;If it does not, and The significance level of the information is general, then return to step (2-1) otherwise turns to step (2-4);
(2-4) is associated analysis, from cluster, when events for having collected and surveyed with other of the current individual event information of ordered pair believe Breath is associated analysis, identifies the behavior sequence belonging to current event information, and the event information is added to affiliated row For in sequence;
(2-5) searches knowledge base, impends analysis to the behavior sequence;If analysis result does not threaten and behavior sequence Row terminate, then delete behavior sequence and return to step (2-1);If not yet recognizing threat, and behavior sequence is not yet tied Beam, then return to step (2-1) continuation;If identifying that behavior sequence exists abnormal or threatens, step (2-6) is turned to;
(2-6) carries out security alarm, and starts Subsequent secure management and control order.
2. a kind of network security monitoring method towards industrial control system as described in claim 1, it is characterised in that:Step In one, the monitoring object includes the network equipment, safety equipment, host equipment three classes, and the network equipment includes that industry control exchanges Machine, the safety equipment include fire wall, gateway isolating device, VPN encryption devices, the host equipment include monitoring host computer, Communication network shutdown, server, work station.
3. a kind of network security monitoring method towards industrial control system as described in claim 1, it is characterised in that:Step In one, the relevant information is divided into urgent, important, common, general four classes from high to low from information severity.
4. a kind of network security monitoring method towards industrial control system as described in claim 1, it is characterised in that:Step In one, the relevant information is divided into access information, log-on message, operation information, status information, network from information type and connects Connect information, six class of security event information;The access information includes that the access of movable storage device and laptop pass through net Network accesses;The log-on message includes the local and Telnet information to all monitoring objects, including logins successfully information, steps on Record failure information and information of logging off;The operation information refers to logging on to host equipment and the network equipment by remote terminal The operational order carried out afterwards and operational order result echo message;The status information include cpu busy percentage, memory usage, Disk space utilization rate, network interface flow;The network connection information refers to connecting with external TCP/UDP present on host equipment Connect information;The security event information refers to the security event information that safety equipment detects.
5. a kind of network security monitoring method towards industrial control system as claimed in claim 4, it is characterised in that:It is described Movable storage device includes USB flash disk, mobile hard disk, USB CD-ROM drives, USB network card, mobile phone and CD.
6. a kind of network security monitoring method towards industrial control system as described in claim 1, it is characterised in that:Step In one, the monitoring object is supported to carry out information collection by SNMP, SYSLOG, self-defined specialized protocol mode.
7. a kind of network security monitoring method towards industrial control system as described in claim 1, it is characterised in that:Step In three, security management and control order issues support various ways, including is issued by SNMP, issued by self-defined specialized protocol.
8. a kind of network security monitoring method towards industrial control system as described in claim 1, it is characterised in that:Step In three, the method for blocking abnormal behaviour includes following several:It disables the connect USB interface of suspicious movable storage device, close O&M The port for the interchanger that notebook is connect prevents risky operation instruction execution, disconnects suspect login connection, addition access control plan Slightly prevent unauthorized access.
CN201710605143.9A 2017-07-24 2017-07-24 A kind of network security monitoring method towards industrial control system Active CN107493265B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710605143.9A CN107493265B (en) 2017-07-24 2017-07-24 A kind of network security monitoring method towards industrial control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710605143.9A CN107493265B (en) 2017-07-24 2017-07-24 A kind of network security monitoring method towards industrial control system

Publications (2)

Publication Number Publication Date
CN107493265A CN107493265A (en) 2017-12-19
CN107493265B true CN107493265B (en) 2018-11-02

Family

ID=60644738

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710605143.9A Active CN107493265B (en) 2017-07-24 2017-07-24 A kind of network security monitoring method towards industrial control system

Country Status (1)

Country Link
CN (1) CN107493265B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3933519A1 (en) * 2020-06-26 2022-01-05 Kabushiki Kaisha Yaskawa Denki Production system, production method, and program

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108183920B (en) * 2018-01-23 2020-08-11 北京网藤科技有限公司 Defense method of industrial control system malicious code defense system
CN110224970B (en) 2018-03-01 2021-11-23 西门子公司 Safety monitoring method and device for industrial control system
CN108696391A (en) * 2018-05-10 2018-10-23 浙江八方电信有限公司 One kind being applied to mobile network optimization and alerts Time Series Clustering algorithm
CN108712425A (en) * 2018-05-21 2018-10-26 南京南瑞集团公司 A kind of analysis monitoring and managing method towards industrial control system network security threats event
WO2020014181A1 (en) * 2018-07-09 2020-01-16 Siemens Aktiengesellschaft Knowledge graph for real time industrial control system security event monitoring and management
CN108931968B (en) * 2018-07-25 2021-07-20 安徽三实信息技术服务有限公司 Network security protection system applied to industrial control system and protection method thereof
CN109150869B (en) * 2018-08-14 2021-06-04 南瑞集团有限公司 Switch information acquisition and analysis system and method
CN109474620A (en) * 2018-12-17 2019-03-15 杭州安恒信息技术股份有限公司 The quickly method, apparatus and electronic equipment of protection internet security love scene
CN109462621A (en) * 2019-01-10 2019-03-12 国网浙江省电力有限公司杭州供电公司 Network safety protective method, device and electronic equipment
CN109922055A (en) * 2019-02-26 2019-06-21 深圳市信锐网科技术有限公司 A kind of detection method, system and the associated component of risk terminal
CN110011973B (en) * 2019-03-06 2021-08-03 浙江国利网安科技有限公司 Industrial control network access rule construction method and training system
CN110505215B (en) * 2019-07-29 2021-03-30 电子科技大学 Industrial control system network attack coping method based on virtual operation and state conversion
CN110661339A (en) * 2019-10-10 2020-01-07 四川洪辉电力科技有限公司 Method for monitoring running state of monitoring host of transformer substation
CN110933064B (en) * 2019-11-26 2023-10-03 云南电网有限责任公司信息中心 Method and system for determining user behavior track
CN110809009A (en) * 2019-12-12 2020-02-18 江苏亨通工控安全研究院有限公司 Two-stage intrusion detection system applied to industrial control network
CN111031062B (en) * 2019-12-24 2020-12-15 四川英得赛克科技有限公司 Industrial control system panoramic perception monitoring method, device and system with self-learning function
CN111786822A (en) * 2020-06-17 2020-10-16 许昌许继软件技术有限公司 Remote management method for internet protocol shutdown
CN111698267B (en) * 2020-07-02 2022-07-26 厦门力含信息技术服务有限公司 Information security testing system and method for industrial control system
CN112187914A (en) * 2020-09-24 2021-01-05 上海思寒环保科技有限公司 Remote control robot management method and system
CN112543289A (en) * 2020-10-29 2021-03-23 中国农业银行股份有限公司福建省分行 AI (artificial intelligence) video point counting method, device, equipment and medium for pig breeding
CN112419130B (en) * 2020-11-17 2024-02-27 北京京航计算通讯研究所 Emergency response system and method based on network security monitoring and data analysis
CN112799358B (en) * 2020-12-30 2022-11-25 上海磐御网络科技有限公司 Industrial control safety defense system
CN113191917B (en) * 2021-03-09 2023-04-07 中国大唐集团科学技术研究院有限公司 Power plant industrial control system network security threat classification method based on radial basis function algorithm
CN115001877B (en) * 2022-08-08 2022-12-09 北京宏数科技有限公司 Big data-based information security operation and maintenance management system and method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3145130B1 (en) * 2014-06-18 2019-02-27 Nippon Telegraph and Telephone Corporation Network system, communication control method, and communication control program
CN106209826A (en) * 2016-07-08 2016-12-07 瑞达信息安全产业股份有限公司 A kind of safety case investigation method of Network Security Device monitoring
CN106627102A (en) * 2017-02-10 2017-05-10 中国第汽车股份有限公司 Wheel hub motor driving device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3933519A1 (en) * 2020-06-26 2022-01-05 Kabushiki Kaisha Yaskawa Denki Production system, production method, and program
JP7147807B2 (en) 2020-06-26 2022-10-05 株式会社安川電機 Engineering device, host control device, engineering method, processing execution method, and program

Also Published As

Publication number Publication date
CN107493265A (en) 2017-12-19

Similar Documents

Publication Publication Date Title
CN107493265B (en) A kind of network security monitoring method towards industrial control system
CN106982235B (en) IEC 61850-based electric power industry control network intrusion detection method and system
CN108931968B (en) Network security protection system applied to industrial control system and protection method thereof
WO2020087781A1 (en) External connection type terminal protection device and protection system
EP3151152B1 (en) Non-intrusive software agent for monitoring and detection of cyber security events and cyber-attacks in an industrial control system
KR101375813B1 (en) Active security sensing device and method for intrusion detection and audit of digital substation
CN214306527U (en) Gas pipe network scheduling monitoring network safety system
KR101880162B1 (en) Method for Control Signals Verifying Integrity Using Control Signals Analysis in Automatic Control System
CN108712425A (en) A kind of analysis monitoring and managing method towards industrial control system network security threats event
CN106803037A (en) A kind of software security means of defence and device
CN111835680A (en) Safety protection system of industry automatic manufacturing
CN113438249B (en) Attack tracing method based on strategy
CN115314286A (en) Safety guarantee system
CN114666088A (en) Method, device, equipment and medium for detecting industrial network data behavior information
Feng et al. Snort improvement on profinet RT for industrial control system intrusion detection
CN114124450A (en) Network security system and method for remote storage battery capacity checking
Zhang et al. Investigating the impact of cyber attacks on power system reliability
CN106534110B (en) Trinity transformer substation secondary system safety protection system framework system
KR101871406B1 (en) Method for securiting control system using whitelist and system for the same
CN111885020A (en) Network attack behavior real-time capturing and monitoring system with distributed architecture
CN111898167A (en) External terminal protection equipment and protection system including identity information verification
CN111885179B (en) External terminal protection device and protection system based on file monitoring service
CN114398642A (en) Enterprise economic management information safety system
CN112565246A (en) Network anti-attack system and method based on artificial intelligence
CN210444303U (en) Network protection test system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant