CN107526349B - 用于分析异常事件的方法及工业自动化和控制系统 - Google Patents
用于分析异常事件的方法及工业自动化和控制系统 Download PDFInfo
- Publication number
- CN107526349B CN107526349B CN201710461420.3A CN201710461420A CN107526349B CN 107526349 B CN107526349 B CN 107526349B CN 201710461420 A CN201710461420 A CN 201710461420A CN 107526349 B CN107526349 B CN 107526349B
- Authority
- CN
- China
- Prior art keywords
- iacs
- event
- configuration
- evaluating
- caused
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 49
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000011156 evaluation Methods 0.000 claims abstract description 39
- 230000000694 effects Effects 0.000 claims abstract description 24
- 230000006399 behavior Effects 0.000 claims abstract description 23
- 230000008859 change Effects 0.000 claims description 34
- 238000001514 detection method Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 abstract description 4
- 238000004891 communication Methods 0.000 description 7
- 238000012423 maintenance Methods 0.000 description 7
- 230000000875 corresponding effect Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 3
- 230000002547 anomalous effect Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0208—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
- G05B23/0213—Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/18—Numerical control [NC], i.e. automatically operating machines, in particular machine tools, e.g. in a manufacturing environment, so as to execute positioning, movement or co-ordinated operations by means of programme data in numerical form
- G05B19/406—Numerical control [NC], i.e. automatically operating machines, in particular machine tools, e.g. in a manufacturing environment, so as to execute positioning, movement or co-ordinated operations by means of programme data in numerical form characterised by monitoring or safety
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24065—Real time diagnostics
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/34—Director, elements to supervisory
- G05B2219/34465—Safety, control of correct operation, abnormal states
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
Description
Claims (16)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP16174838.9 | 2016-06-16 | ||
EP16174838.9A EP3258661B1 (en) | 2016-06-16 | 2016-06-16 | Detection of abnormal configuration changes |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107526349A CN107526349A (zh) | 2017-12-29 |
CN107526349B true CN107526349B (zh) | 2022-03-01 |
Family
ID=56148174
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710461420.3A Active CN107526349B (zh) | 2016-06-16 | 2017-06-16 | 用于分析异常事件的方法及工业自动化和控制系统 |
Country Status (3)
Country | Link |
---|---|
US (1) | US11243508B2 (zh) |
EP (1) | EP3258661B1 (zh) |
CN (1) | CN107526349B (zh) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10516579B2 (en) * | 2016-12-14 | 2019-12-24 | Infinera Corporation | Techniques for reconciliation of planned network with deployed network |
US20180181762A1 (en) * | 2016-12-28 | 2018-06-28 | Intel Corporation | Techniques for persistent firmware transfer monitoring |
US11050780B2 (en) * | 2017-12-06 | 2021-06-29 | International Business Machines Corporation | Methods and systems for managing security in computing networks |
JP7103197B2 (ja) * | 2018-12-14 | 2022-07-20 | トヨタ自動車株式会社 | 通信システム |
CN109886833B (zh) * | 2019-01-21 | 2023-01-17 | 广东电网有限责任公司信息中心 | 一种面向智能电网服务器流量异常检测的深度学习方法 |
EP3745667B1 (en) * | 2019-05-31 | 2023-01-25 | ABB Schweiz AG | Detection of harmful process intent in an intent-based production process |
RU2755252C2 (ru) * | 2020-02-26 | 2021-09-14 | Акционерное общество "Лаборатория Касперского" | Способ и система для оценки влияния исследуемого ПО на доступность систем промышленной автоматизации |
DE102020111450A1 (de) * | 2020-04-27 | 2021-10-28 | Bayerische Motoren Werke Aktiengesellschaft | Erkennen von Fehlern in einem Computernetzwerk |
JP2022155174A (ja) * | 2021-03-30 | 2022-10-13 | 横河電機株式会社 | 診断装置、診断方法および診断プログラム |
US20230136570A1 (en) * | 2021-11-04 | 2023-05-04 | Bell Textron Inc. | Managing access for a manufacturing system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1420317A2 (en) * | 2002-10-21 | 2004-05-19 | Rockwell Automation Technologies, Inc. | System and methodology providing automation security analysis, validation, and learning in an industrial controller environment |
CN101035030A (zh) * | 2007-03-07 | 2007-09-12 | 中控科技集团有限公司 | 工业以太网数据监控的检测方法和装置 |
CN101159523A (zh) * | 2007-11-26 | 2008-04-09 | 中控科技集团有限公司 | 基于工业以太网的故障处理方法、系统及一种交换设备 |
EP3002648A2 (en) * | 2014-09-30 | 2016-04-06 | Schneider Electric USA, Inc. | Scada intrusion detection systems |
EP3024192A1 (en) * | 2014-11-24 | 2016-05-25 | ABB Technology AG | Analysing security risks of an industrial automation and control system |
Family Cites Families (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060034305A1 (en) * | 2004-08-13 | 2006-02-16 | Honeywell International Inc. | Anomaly-based intrusion detection |
US8578500B2 (en) * | 2005-05-31 | 2013-11-05 | Kurt James Long | System and method of fraud and misuse detection |
US8595831B2 (en) * | 2008-04-17 | 2013-11-26 | Siemens Industry, Inc. | Method and system for cyber security management of industrial control systems |
US9955352B2 (en) * | 2009-02-17 | 2018-04-24 | Lookout, Inc. | Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such |
US8510615B2 (en) * | 2009-10-22 | 2013-08-13 | Xerox Corporation | Virtual repair of digital media |
US8712596B2 (en) * | 2010-05-20 | 2014-04-29 | Accenture Global Services Limited | Malicious attack detection and analysis |
EP2608450B1 (en) | 2011-12-20 | 2016-11-30 | ABB Research Ltd. | Validation of a communication network of an industrial automation and control system |
US9225737B2 (en) * | 2013-03-15 | 2015-12-29 | Shape Security, Inc. | Detecting the introduction of alien content |
KR101977731B1 (ko) * | 2013-03-29 | 2019-05-14 | 한국전자통신연구원 | 제어 시스템의 이상 징후 탐지 장치 및 방법 |
US10223530B2 (en) * | 2013-11-13 | 2019-03-05 | Proofpoint, Inc. | System and method of protecting client computers |
US9930058B2 (en) * | 2014-08-13 | 2018-03-27 | Honeywell International Inc. | Analyzing cyber-security risks in an industrial control environment |
US10116488B2 (en) * | 2014-10-09 | 2018-10-30 | Rockwell Automation Technologies, Inc. | System for analyzing an industrial control network |
US10469523B2 (en) * | 2016-02-24 | 2019-11-05 | Imperva, Inc. | Techniques for detecting compromises of enterprise end stations utilizing noisy tokens |
US10498744B2 (en) * | 2016-03-08 | 2019-12-03 | Tanium Inc. | Integrity monitoring in a local network |
US20170289191A1 (en) * | 2016-03-31 | 2017-10-05 | Acalvio Technologies, Inc. | Infiltration Detection and Network Rerouting |
JP6683399B2 (ja) * | 2016-05-25 | 2020-04-22 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | データサービス制御方法および関連するデバイス |
US10805325B2 (en) * | 2016-08-09 | 2020-10-13 | Imperva, Inc. | Techniques for detecting enterprise intrusions utilizing active tokens |
US11270001B2 (en) * | 2016-10-03 | 2022-03-08 | Nippon Telegraph And Telephone Corporation | Classification apparatus, classification method, and classification program |
US10678907B2 (en) * | 2017-01-26 | 2020-06-09 | University Of South Florida | Detecting threats in big data platforms based on call trace and memory access patterns |
CN106993303A (zh) * | 2017-04-11 | 2017-07-28 | 百度在线网络技术(北京)有限公司 | 配置以及维保智能wifi设备的方法、装置、设备和计算机存储介质 |
US10505966B2 (en) * | 2017-06-06 | 2019-12-10 | Sap Se | Cross-site request forgery (CSRF) vulnerability detection |
CN111356964A (zh) * | 2017-09-30 | 2020-06-30 | 西门子股份公司 | 一种数控机床的故障诊断方法和装置 |
US11165802B2 (en) * | 2017-12-05 | 2021-11-02 | Schweitzer Engineering Laboratories, Inc. | Network security assessment using a network traffic parameter |
JP2019206133A (ja) * | 2018-05-30 | 2019-12-05 | キヤノン株式会社 | 画像印刷装置、画像印刷装置の制御方法、及びプログラム |
US11023582B2 (en) * | 2018-12-19 | 2021-06-01 | EMC IP Holding Company LLC | Identification and control of malicious users on a data storage system |
US10986121B2 (en) * | 2019-01-24 | 2021-04-20 | Darktrace Limited | Multivariate network structure anomaly detector |
-
2016
- 2016-06-16 EP EP16174838.9A patent/EP3258661B1/en active Active
-
2017
- 2017-06-16 US US15/625,405 patent/US11243508B2/en active Active
- 2017-06-16 CN CN201710461420.3A patent/CN107526349B/zh active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1420317A2 (en) * | 2002-10-21 | 2004-05-19 | Rockwell Automation Technologies, Inc. | System and methodology providing automation security analysis, validation, and learning in an industrial controller environment |
CN101035030A (zh) * | 2007-03-07 | 2007-09-12 | 中控科技集团有限公司 | 工业以太网数据监控的检测方法和装置 |
CN101159523A (zh) * | 2007-11-26 | 2008-04-09 | 中控科技集团有限公司 | 基于工业以太网的故障处理方法、系统及一种交换设备 |
EP3002648A2 (en) * | 2014-09-30 | 2016-04-06 | Schneider Electric USA, Inc. | Scada intrusion detection systems |
EP3024192A1 (en) * | 2014-11-24 | 2016-05-25 | ABB Technology AG | Analysing security risks of an industrial automation and control system |
Also Published As
Publication number | Publication date |
---|---|
EP3258661A1 (en) | 2017-12-20 |
US20170364053A1 (en) | 2017-12-21 |
US11243508B2 (en) | 2022-02-08 |
CN107526349A (zh) | 2017-12-29 |
EP3258661B1 (en) | 2020-11-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107526349B (zh) | 用于分析异常事件的方法及工业自动化和控制系统 | |
EP2040435B1 (en) | Intrusion detection method and system | |
EP2517437B1 (en) | Intrusion detection in communication networks | |
US8516586B1 (en) | Classification of unknown computer network traffic | |
CN104506351B (zh) | 在线全自动配置合规性安全审计方法及系统 | |
CN112799358B (zh) | 一种工业控制安全防御系统 | |
CN104570822A (zh) | 自动化流程控制系统的保护系统、方法及安全复合装置 | |
JP2016508353A (ja) | ネットワークメタデータを処理する改良されたストリーミング方法およびシステム | |
CN111355703A (zh) | 整合型设备故障和网络攻击检测布置 | |
Wurzenberger et al. | AECID: A Self-learning Anomaly Detection Approach based on Light-weight Log Parser Models. | |
Cruz et al. | Improving cyber-security awareness on industrial control systems: The cockpitci approach | |
Hansch et al. | Deriving impact-driven security requirements and monitoring measures for industrial IoT | |
KR102199177B1 (ko) | 시나리오 기반 상관분석을 통한 해킹 탐지 보안 정보 이벤트 운영 시스템 및 방법 | |
WO2019220427A1 (en) | An anomaly detection system and method | |
Ginter | Secure operations technology | |
Lima et al. | BP-IDS: Using business process specification to leverage intrusion detection in critical infrastructures | |
Zacharaki et al. | Complex Engineering Systems as an enabler for security in Internet of Vehicles: The nIoVe approach | |
US10701088B2 (en) | Method for transmitting data | |
KR101719698B1 (ko) | 스마트그리드 기기의 침해사고 탐지 장치 및 방법 | |
Yeshwanth et al. | Adoption and Assessment of Machine Learning Algorithms in Security Operations Centre for Critical Infrastructure | |
Tafazzoli et al. | Security operation center implementation on OpenStack | |
EP2911362B1 (en) | Method and system for detecting intrusion in networks and systems based on business-process specification | |
Yu et al. | Mining anomaly communication patterns for industrial control systems | |
Falk et al. | Enhancing integrity protection for industrial cyber physical systems | |
KR102540904B1 (ko) | 빅데이터 기반의 취약보안 관리를 위한 보안 토탈 관리 시스템 및 보안 토탈 관리 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200513 Address after: Baden, Switzerland Applicant after: ABB grid Switzerland AG Address before: Baden, Switzerland Applicant before: ABB Switzerland Co.,Ltd. |
|
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Swiss Baden Applicant after: Hitachi energy Switzerland AG Address before: Swiss Baden Applicant before: ABB grid Switzerland AG |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20231219 Address after: Zurich, SUI Patentee after: Hitachi Energy Co.,Ltd. Address before: Swiss Baden Patentee before: Hitachi energy Switzerland AG |