CN107563198B - Host virus prevention and control system and method for industrial control system - Google Patents
Host virus prevention and control system and method for industrial control system Download PDFInfo
- Publication number
- CN107563198B CN107563198B CN201710774935.9A CN201710774935A CN107563198B CN 107563198 B CN107563198 B CN 107563198B CN 201710774935 A CN201710774935 A CN 201710774935A CN 107563198 B CN107563198 B CN 107563198B
- Authority
- CN
- China
- Prior art keywords
- virus
- storage medium
- mobile storage
- library
- control system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a host virus prevention and control system and a host virus prevention and control method of an industrial control system, which are used for solving the technical problem that an industrial control system virus prevention and control strategy which can avoid virus library upgrading of an industrial control system host directly or indirectly through connection with the Internet and can cut off virus propagation through a propagation path of a mobile storage medium is urgently needed at present. The embodiment of the invention carries out formatted authentication on the mobile storage medium in the antivirus terminal management server; then the mobile storage medium is accessed into a mobile storage medium authentication and updating device connected with the virus upgrading server to perform automatic encryption writing updating of the latest virus library; and finally, the mobile storage medium written with the latest virus library is accessed into the industrial control system host provided with the virus prevention and control terminal, so that the virus prevention and control terminal can update the virus library and kill viruses of the industrial control system host according to the latest virus library in the mobile storage medium, thereby realizing virus prevention and control.
Description
Technical Field
The invention relates to the technical field of information security of industrial control systems, in particular to a host virus prevention and control system and a host virus prevention and control method of an industrial control system.
Background
In recent years, the situation of information security is becoming more urgent, the industrial control system is becoming a key target of hacking, and meanwhile, the industrial control system is seriously affected by hacking, so that the work of preventing and controlling viruses in the industrial control system should be highly emphasized.
Some important industrial control systems, such as a dispatching automation system and a transformer substation monitoring system in the power industry, all belong to national important information systems. Such information systems all need to be managed hierarchically according to their importance. For an important system, antivirus software needs to be installed, a virus library needs to be updated regularly, and virus checking and killing needs to be performed regularly, so that the threat of viruses to an industrial control system is prevented.
However, due to the particularity of the industrial control system, the existing virus prevention and control method cannot be effectively applied to the industrial control system, so that a considerable part of the hosts of the industrial control system is in an operation state of 'no protection', that is, no antivirus software is installed, or a virus library is not updated for a long time. Meanwhile, because the mobile storage medium cannot be effectively managed, viruses are spread in the industrial control system host along with the use of the mobile storage medium, so that the viruses generally exist in the industrial control system host, and cannot be effectively treated for a long time, and the viruses become stubborn diseases threatening the safety of the industrial control system.
The reason that the existing virus control method cannot be directly applied to an industrial control system is as follows: virus prevention and control are mainly realized by installing antivirus software in a host, an industrial control system is usually positioned in an enterprise internal network, and a virus library of the antivirus software cannot be updated in time, so that the antivirus effect is influenced.
In addition, although the industrial control system is isolated from the internet, the host always accesses the mobile storage medium due to the operation requirement, and therefore the mobile storage medium also becomes a main path for virus propagation.
The current virus prevention and control measures of the industrial control system mainly comprise the construction of an enterprise intranet virus prevention and control system and the adoption of a mobile storage virus prevention and control device virus prevention and control method.
The construction of an intranet virus prevention and control system generally requires that a virus library upgrading Server is erected in an intranet, the virus library upgrading Server is connected with all hosts to perform virus library upgrading, that is, a Client/Server structure (C/S structure) or Peer-to-Peer network (P2P) architecture is adopted, and the upgraded virus library is directly pushed or pushed to each Server terminal step by step. The disadvantage of constructing an intranet virus prevention and control system is that:
1) the virus library upgrading server needs to be directly or indirectly connected with the internet, and if the safety protection is not in place, the protection object can be connected with the internet through the virus library server and violates the protection rule based on the safety domain; if the virus library server is not connected with the Internet, the virus library can be manually updated only by downloading the offline upgrade package, so that the efficiency is low.
2) The virus library on the terminal needs to be updated regularly in an intranet pushing mode, network resources in the intranet are occupied, and when the data volume of the virus library is large, the network resources in the intranet are possibly excessively occupied, so that the operation stability of the intranet is influenced.
3) The terminal regularly checks and kills viruses, occupies CPU, memory and network resources of the terminal, and may influence the running stability of the terminal when the virus library is large.
4) The virus infection path of the mobile storage medium such as the U disk is not cut off, and the protected object can still spread the virus or cause data loss through the use of the mobile storage medium such as the U disk.
The anti-virus and antivirus method of the mobile storage antivirus device mainly comprises the following steps: installing antivirus software in a mobile storage medium, and dividing the mobile storage medium into: read-only area, encryption area, data area. The encryption area stores antivirus programs and virus libraries, and the data area stores common data. And in the antivirus process, the antivirus program and the virus library in the encryption area are decompressed into the computer, the computer updates the virus library on line and writes the virus library back to the mobile storage medium. The disadvantages are that:
1) the virus library is still updated in an online mode, the protected host needs to be connected with the Internet, otherwise, the virus library cannot be updated, and whether the virus library in the mobile storage medium is the latest or not cannot be judged.
2) The host computer does not authenticate the mobile storage medium, and the host computer still has the risk of being accessed by other storage media to cause data loss and virus propagation.
3) If the data area of the mobile storage medium stores the virus program and the self-starting script, the computer inserted into the mobile storage medium still has the risk of being spread by the virus.
Therefore, there is a need for a virus control strategy for an industrial control system, which can prevent the host of the industrial control system from directly or indirectly upgrading a virus library through connecting the internet and cut off the propagation of viruses through a propagation path of a mobile storage medium.
Disclosure of Invention
The invention provides a host virus prevention and control system and a host virus prevention and control method for an industrial control system, which solve the technical problem that an industrial control system virus prevention and control strategy which can avoid virus library upgrading of an industrial control system host directly or indirectly through connection with the Internet and can cut off virus propagation through a propagation path of a mobile storage medium is urgently needed at present.
The invention provides a host virus prevention and control system of an industrial control system, which comprises:
the system comprises a virus upgrading server, a mobile storage medium authentication and updating device, a mobile storage medium, a virus killing terminal management server and a virus prevention and control terminal;
the virus upgrading server is connected with the Internet and is used for receiving and upgrading the latest virus library;
the mobile storage medium authentication and updating device is connected with the virus upgrading server and is used for performing security authentication, virus library automatic updating and data encryption management operation on the inserted mobile storage medium;
the mobile storage medium is used for storing virus libraries and data;
the antivirus terminal management server is connected with the industrial control system host through an intranet and is used for carrying out formatting authentication on the mobile storage medium, setting a virus searching and killing strategy on the virus prevention and control terminal and managing a virus searching and killing operation log of the virus prevention and control terminal;
the virus prevention and control terminal is installed in the industrial control system host and is used for carrying out safety certification on a mobile storage medium inserted into the industrial control system host and carrying out virus library updating, virus killing and data storage management according to a virus library and data stored in the mobile storage medium.
Preferably, the mobile storage medium authentication and update apparatus specifically includes: the system comprises a mobile storage medium security control module, a virus library automatic updating module and a data encryption management module;
the mobile storage medium security control module is used for carrying out security authentication on the inserted mobile storage medium;
the virus library automatic updating module is used for updating the virus library of the mobile storage medium according to the date information of the virus library in the inserted mobile storage medium and the date information of the latest virus library in the virus upgrading server;
the data encryption management module is used for controlling encryption transmission and encryption storage of the virus library.
Preferably, the mobile storage medium authentication and update apparatus further includes: the USB interface concurrency control module comprises a USB interface concurrency control module, a USB female port interface and at least two USB male port interfaces;
the USB female port interface is used for connecting a virus upgrading server, and the USB male port interface is used for connecting a mobile storage medium;
the USB interface concurrent control module is used for simultaneously carrying out equipment identification and concurrent read-write control on all the mobile storage media connected with the USB public interface.
Preferably, the mobile storage medium authentication and update apparatus further includes: an interface status indicator light;
the interface state indicator lamps correspond to the USB public interface one by one and are used for indicating the state of a mobile storage medium accessed into the USB public interface, and the state specifically comprises an unauthenticated state, an authenticated and data updating state, an authenticated normal state and an interface fault state.
Preferably, the removable storage medium specifically includes: a common data area, a virus bank encryption area and a self-checking program area;
the common data area is used for storing common data;
the virus library encryption area is used for storing the virus library and encrypting the virus library to prevent tampering;
and the self-checking program area is used for storing a self-checking program so as to perform data self-checking and self-starting script deletion.
Preferably, the antivirus terminal management server specifically includes: the system comprises an authentication management module, a virus strategy module and a log management module;
the authentication management module is used for carrying out formatting authentication on the unauthenticated mobile storage medium and pushing corresponding authentication information to the virus prevention and control terminal;
the virus strategy module is used for setting a virus searching and killing strategy and pushing the strategy to a virus prevention and control terminal;
the log management module is used for recording the operation information of the mobile storage medium of the virus prevention and control terminal, the virus library updating information and the virus killing information and forming a management log.
The invention provides a host virus prevention and control method of an industrial control system, which comprises the following steps:
inserting the mobile storage medium into a mobile storage medium authentication and updating device, completing the security authentication of the mobile storage medium by the mobile storage medium authentication and updating device, and performing automatic encryption updating of a virus library on the mobile storage medium after the security authentication according to the virus library of the virus upgrade server;
inserting the mobile storage medium subjected to virus library updating into a host of an industrial control system, performing security authentication on the mobile storage medium by a virus prevention and control terminal, and performing virus library updating, virus killing and data storage management according to a virus library and data stored in the mobile storage medium;
the virus prevention and control terminal records and uploads virus library updating information, virus searching and killing information and data operation information of the mobile storage medium to the antivirus terminal management server, and receives a virus searching and killing strategy set by the antivirus terminal management server.
Preferably, the inserting the removable storage medium into the removable storage medium authenticating and updating device further comprises, before the completing the security authentication of the removable storage medium by the removable storage medium authenticating and updating device:
connecting the unauthenticated mobile storage medium to the antivirus terminal management server, and formatting the unauthenticated mobile storage medium and writing the security label into the antivirus terminal management server to complete the security authentication of the mobile storage medium.
Preferably, the automatically encrypting and updating the virus library of the mobile storage medium after the security authentication according to the virus library of the virus upgrade server specifically includes:
and updating the virus library of the mobile storage medium according to the date information of the virus library in the mobile storage medium after the security authentication and the date information of the latest virus library in the virus upgrading server, and controlling the encrypted transmission and encrypted storage of the virus library in the updating process of the virus library.
Preferably, after the mobile storage medium after the virus library update is inserted into the host of the industrial control system, before the virus prevention and control terminal performs security authentication on the mobile storage medium, the method further includes:
and the virus prevention and control terminal performs start self-check on the mobile storage medium, prohibits the automatic operation of all programs in the mobile storage medium and deletes the self-start script in the mobile storage medium.
According to the technical scheme, the invention has the following advantages:
the host virus prevention and treatment system of the industrial control system, which is formed by a virus upgrade server, a mobile storage medium authentication and update device, a mobile storage medium, an antivirus terminal management server and a virus prevention and treatment terminal, is deployed, the mobile storage medium is firstly subjected to formatting authentication on the antivirus terminal management server, and the safety property of the mobile storage medium is ensured; then the mobile storage medium is accessed into the mobile storage medium authentication and updating device, the mobile storage medium authentication and updating device connected with the virus upgrading server automatically writes and updates the latest virus library into the mobile storage medium, and encryption processing is carried out in the transmission and writing processes of the virus library, so that the safety of the transmission and storage processes of the virus library is ensured; and finally, the mobile storage medium written with the latest virus library is accessed into the industrial control system host provided with the virus prevention and control terminal, so that the virus prevention and control terminal can update the virus library and kill viruses of the industrial control system host according to the latest virus library in the mobile storage medium, thereby realizing virus prevention and control. The virus library is updated and data is managed by using the mobile storage medium, and security authentication is required in the process of accessing the mobile storage medium into any equipment, so that not only is the industrial control system host prevented from being infected through the Internet, but also the virus propagation of the industrial control system is cut off from the infection path, and the timely update of the industrial control system host virus library is ensured, so that the industrial control system host virus library is prevented from being threatened by viruses, meanwhile, the consumption of intranet network bandwidth caused by updating the virus library at regular time is broken through, a solution is provided for the mobile storage medium of the industrial control system and the host virus prevention and control, and the technical problem that the virus prevention and control strategy of the industrial control system, which can avoid virus library upgrading of the host of the industrial control system directly or indirectly through connecting the Internet and can cut off the propagation of viruses through the propagation path of the mobile storage medium, is urgently needed at present, is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a schematic structural diagram of a host virus prevention and treatment system of an industrial control system according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a mobile storage medium authentication and update apparatus according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a dedicated removable storage medium according to an embodiment of the present invention.
Fig. 4 is a schematic flow chart of a host virus prevention and treatment method of an industrial control system according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of an operation of the authentication and update apparatus for a removable storage medium according to an embodiment of the present invention.
Fig. 6 is a schematic flow chart illustrating virus killing and prevention of a host of an industrial control system according to an embodiment of the present invention.
Fig. 7 is an overall implementation flow of host virus control of the industrial control system according to the embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a host virus prevention and control system and a host virus prevention and control method for an industrial control system, which are used for solving the technical problem that an industrial control system virus prevention and control strategy which can avoid virus library upgrading of an industrial control system host directly or indirectly through connection with the Internet and can cut off virus propagation through a propagation path of a mobile storage medium is urgently needed at present.
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of a host virus prevention and treatment system of an industrial control system according to an embodiment of the present invention.
The embodiment of the invention provides a host virus prevention and control system of an industrial control system, which comprises:
the system comprises a virus upgrade server 101, a mobile storage medium authentication and updating device 102, a mobile storage medium 103, a virus killing terminal management server 104 and a virus prevention and control terminal 105;
the virus upgrading server 101 is connected with the internet and is used for receiving and upgrading the latest virus library from the internet;
the mobile storage medium authentication and updating device 102 is connected with the virus upgrade server 101 and is used in cooperation with the mobile storage medium 103, and is used for performing security authentication, virus library automatic updating and data encryption management operations on the inserted mobile storage medium 103;
the mobile storage medium 103 is used for storing virus libraries and data;
the antivirus terminal management server 104 is connected with the industrial control system host through an intranet, and is used for performing formatting authentication on the mobile storage medium 103, setting a virus checking and killing strategy for the virus prevention and control terminal 105, and managing a virus checking and killing operation log of the virus prevention and control terminal 105;
the virus prevention and control terminal 105 is installed in the industrial control system host, and is used for performing security authentication on the mobile storage medium 103 inserted into the industrial control system host, and performing virus library updating, virus killing and data storage management according to the virus library and data stored in the mobile storage medium 103.
For ease of understanding, the following will describe each part of the devices in the host virus prevention system of the industrial control system in detail.
Please refer to fig. 2, which is a schematic structural diagram of a mobile storage medium authentication and update apparatus 102 according to an embodiment of the present invention.
The mobile storage medium authentication and update apparatus 102 specifically includes: the system comprises an interface state indicator lamp 1020, a USB interface concurrency control module 1022, a USB female port interface 10211, at least two USB male port interfaces 10212, a mobile storage medium security control module 1023, a virus library automatic updating module 1024 and a data encryption management module 1025;
the interface status indicator lamps 1020 correspond to the USB male interface 10212 one to one, and are configured to indicate the status of the removable storage medium 103 accessed to the USB male interface 10212, where the status specifically includes an unauthenticated status, an authenticated and data-updating status, an authenticated normal status, and an interface fault status. The states of the interface status indicator 1020 and the corresponding device states are as follows:
green light on-authenticated device, mobile storage medium 103 can be pulled out for use normally;
green light flashing-authenticated device, during data update of the removable storage medium 103, the removable storage medium 103 is prohibited from being pulled out;
red light on — unauthenticated device;
lamp not on-interface failure.
The USB female interface 10211 is used for connecting the virus upgrade server 101, and the USB male interface 10212 is used for connecting the mobile storage medium 103; the USB interface concurrency control module 1022 is configured to perform device identification and concurrent read/write control on all the mobile storage media 103 connected to the USB male interface 10212, that is, perform read/write operations on the mobile storage media 103 inserted into the USB male interface 10212 at the same time, such as writing a new virus library at the same time, thereby improving the read/write efficiency of the USB male interface 10212.
The mobile storage medium security control module 1023 is used for performing security authentication on the inserted mobile storage medium 103, namely, automatically completing the device security authentication function of the mobile storage medium 103 for the accessed mobile storage medium 103; the virus library automatic updating module 1024 is configured to update the virus library of the mobile storage medium 103 according to the date information of the virus library inserted into the mobile storage medium 103 and the date information of the latest virus library in the virus upgrade server 101, and if the latest virus library in the virus upgrade server 101 is newer than the virus library in the mobile storage medium 103, actively write the latest virus library into the mobile storage medium 103, and complete automatic updating of the virus library; the data encryption management module 1025 is used for controlling encryption transmission and encryption storage of the virus library, so that the virus library is encrypted, transmitted and stored among various media, and normal system software is prevented from being mistaken as a virus program due to malicious software modifying the content of the virus library.
It should be noted that, compared with the implementation of the related functions in the software application layer, the mobile storage medium authentication and update apparatus 102 in the embodiment of the present invention implements the related functions of performing security authentication, automatic virus library update, and data encryption management operation on the inserted mobile storage medium 103 in the hardware driver layer, and has the following advantages:
(1) the virus library upgrading server is transparent, and the compatibility is better.
(2) Malicious software can be prevented from bypassing the application software layer to perform read-write operation on the mobile storage medium 103, and the method is safer and more reliable.
(3) The hardware is added with support for a plurality of USB interfaces, a plurality of mobile storage media 103 can be managed simultaneously, and the practicability is better.
Please refer to fig. 3, which is a schematic structural diagram of a dedicated removable storage medium 103 according to an embodiment of the present invention.
The special mobile storage medium 103 provided by the embodiment of the present invention specifically includes: a common data area 1031, a virus bank encryption area 1032, a self-test program area 1033, a USB interface 1034 and a control chip 1035;
the general data area 1031 is used for storing general data; the virus library encryption region 1032 is used for storing virus libraries and encrypting the virus libraries to prevent tampering; the self-test program area 1033 is used for storing a self-test program to perform data self-test and deletion of a self-startup script, and to prevent virus from being transmitted to the host computer during insertion of the removable storage medium 103.
Further, the antivirus terminal management server 104 specifically includes: an authentication management module 1041, a virus policy module 1042 and a log management module 1043; the authentication management module 1041 is configured to perform formatting authentication on the unauthenticated mobile storage medium 103, and push corresponding authentication information to the virus prevention and treatment terminal 105; the virus policy module 1042 is configured to set a virus searching and killing policy and push the policy to the virus prevention and control terminal 105; the log management module 1043 is configured to record operation information of the mobile storage medium 103 of the virus prevention and control terminal 105, virus library update information, and virus killing information, and form a management log.
The above is a detailed description of the structure of the host virus prevention and control system of the industrial control system provided in the embodiment of the present invention, so as to describe in detail the host virus prevention and control method of the industrial control system provided in the embodiment of the present invention.
Fig. 4 is a schematic flow chart of a host virus prevention method for an industrial control system according to an embodiment of the present invention.
The embodiment of the invention provides a host virus prevention and control method for an industrial control system, which comprises the following steps:
s1, connecting the unauthorized removable storage medium 103 to the antivirus terminal management server 104, and the antivirus terminal management server 104 formatting and writing the security label to the unauthorized removable storage medium 103 to complete the security authentication of the removable storage medium 103.
The authentication of the removable storage medium 103 is completed by the authentication management module 1041 in the antivirus terminal management server 104, and after the non-authenticated removable storage medium 103 is inserted into the antivirus terminal management server 104, the antivirus terminal management server 104 may authenticate the removable storage medium 103 according to the instruction of the user. After the mobile storage medium 103 completes authentication, when the mobile storage medium 103 is inserted into the mobile storage medium authentication and update apparatus 102 or the industrial control system host installed with the virus prevention and treatment terminal 105, the mobile storage medium authentication and update apparatus 102 or the virus prevention and treatment terminal 105 determines whether the inserted mobile storage medium 103 is an authenticated device according to the security tag in the mobile storage medium 103, thereby implementing the authentication function of the mobile storage medium 103.
S2, inserting the removable storage medium 103 into the removable storage medium authentication and update device 102, completing the security authentication of the removable storage medium 103 by the removable storage medium authentication and update device 102, updating the removable storage medium 103 according to the date information of the virus library in the removable storage medium 103 after the security authentication and the date information of the latest virus library in the virus upgrade server 101, and controlling the encryption transmission and the encryption storage of the virus library in the virus library updating process.
The virus library upgrade in the mobile storage medium 103 is mainly completed by the cooperation of the virus upgrade server 101, the mobile storage medium authentication and update device 102 and the mobile storage medium 103. The storage medium security tag and the user identity information are stored in the removable storage medium 103, and when the removable storage medium is accessed to the USB public interface 10212, the removable storage medium security control module 1023 reads the security tag in the removable storage medium 103, and determines whether the accessed device is an authenticated device: if the device is not authenticated, the corresponding interface status indicator lamp 1020 appears as a red light; if the accessed device is an authenticated device, the virus library automatic update module 1024 automatically updates the control module to further judge: the virus library automatic updating module 1024 reads the virus library date d1 in the mobile storage medium 103, compares the read date d1 with the virus library date d2 in the virus upgrade server 101, and if d1 is less than d2 (i.e. d1 is earlier than d2), the latest virus library in the virus upgrade server 101 is written into the mobile storage medium 103 by the virus library automatic updating module 1024, the data encryption management module 1025 needs to be called during writing to encrypt and store the virus library, and the corresponding interface status indicator lamp 1020 shows a green flash in the writing process until the writing is finished, and the green flash is on; otherwise, the green light is on for a long time. Fig. 5 is a schematic diagram of the operation of the removable storage medium authentication and update apparatus 102 according to an embodiment of the present invention.
It can be understood that the removable storage media 103 may be inserted into the USB public interface 10212 of the removable storage media authentication and update apparatus 102 all the time, and when the virus upgrade server 101 receives and upgrades the latest virus library from the internet, the removable storage media authentication and update apparatus 102 will automatically upgrade the virus library of the removable storage media 103 without manually upgrading the virus library of the removable storage media 103, which greatly simplifies the operation process and saves time. The virus database updating method has the advantages that when the industrial control system host needs to be subjected to virus killing operation, the mobile storage medium 103 with the updated latest virus database on the mobile storage medium authentication and updating device 102 can be pulled out immediately, and therefore the virus database accepted by the industrial control system host is indirectly guaranteed to be the latest virus database.
S3, inserting the removable storage medium 103 after the virus library update into the host of the industrial control system, performing a startup self-check on the removable storage medium 103 by the virus prevention and control terminal 105, prohibiting the automatic operation of all programs in the removable storage medium 103, and deleting the self-startup script in the removable storage medium 103.
The virus control terminal 105 performs self-test on the mobile storage medium 103, so that the virus can be effectively prevented from being transmitted to the host of the industrial control system by the mobile storage medium 103 in the process of inserting the mobile storage medium 103, and the virus transmission of the industrial control system can be cut off from the infection path.
S4, the virus prevention and control terminal 105 performs security authentication on the mobile storage medium 103, and performs virus library update, virus killing, and data storage management according to the virus library and data stored in the mobile storage medium 103.
For the authenticated and secure removable storage media 103, it may be checked whether the virus library in the removable storage media 103 is within a "validity period" or not, and if the "validity period" is exceeded, the virus library is rejected for use, it is understood that the validity period is a period set to ensure timeliness of the virus library in the removable storage media 103, such as half a year (i.e., a virus library exceeding half a year is considered to be invalid); otherwise, comparing the update dates of the virus libraries of the mobile storage medium 103 and the virus prevention terminal 105, if the version of the virus library in the mobile storage medium 103 is newer, updating the virus library in the mobile storage medium 103 into the protected industrial control system host, and starting virus checking and killing; otherwise, it is checked whether the time since the last antivirus operation exceeds the "longest antivirus limit" (set by the user in the virus policy module 1042 of the antivirus terminal management server 104), and if so, the antivirus is started. After the disinfection is finished, the user can normally use the data area of the removable storage medium 103 to read and write data. Fig. 6 is a schematic flow chart illustrating virus killing and prevention of a host of an industrial control system according to an embodiment of the present invention.
S5, the virus prevention and control terminal 105 records and uploads the virus library update information, the virus searching and killing information, and the data operation information of the mobile storage medium 103 to the virus killing terminal management server 104, and receives the virus searching and killing policy set by the virus killing terminal management server 104.
The virus prevention and control terminal 105 records information of all the mobile storage media 103 accessed to the industrial control system host where the virus prevention and control terminal 105 is located and read-write operation of the mobile storage media 103, sends the information to the antivirus terminal management server 104 for collection, and the antivirus terminal management server 104 manages all log information, thereby completing management and control of the mobile storage media 103.
In addition, the virus prevention and control terminal 105 records all virus killing time and processing results, and sends the virus killing time and the processing results to the antivirus terminal management server 104 for collection, and the antivirus terminal management server 104 manages all log information, thereby completing management and control of the virus log.
For convenience of understanding, a detailed description will be given below of a specific implementation of the host virus control method of the industrial control system according to the embodiment of the present invention.
1. Deploying
And 1.1, erecting a virus library upgrading server and connecting with the Internet. And setting a regular updating strategy in the virus library upgrading server so as to regularly update the virus library in the virus library upgrading server.
1.2, connecting the mobile storage medium authentication and updating device 102 with the virus library upgrading server.
1.3, installing and deploying the virus prevention and control terminal 105 in an industrial control system host needing protection.
And 1.4, connecting the antivirus terminal management server 104 with the protected industrial control system host, setting an antivirus strategy in the antivirus terminal management server 104, and pushing the antivirus strategy to all the protected hosts.
The removable storage medium 103 is stored in the removable storage medium authentication and update apparatus 102.
2 practice of
The first complete implementation includes the steps of authenticating the mobile storage medium 103, upgrading a virus library in the mobile storage medium 103, performing virus control using the mobile storage medium 103, performing data storage and log management on the use of the mobile storage medium 103, and the like, and the specific implementation process is as follows, and the overall implementation flow of host virus control of the industrial control system provided by the embodiment of the present invention is as shown in fig. 7:
authentication of the removable storage medium 103:
connecting the mobile storage medium 103 into the antivirus terminal management server 104 through a USB interface;
the antivirus terminal management server 104 completes the formatting and security tag writing of the mobile storage medium 103, and completes the authentication.
Upgrading the virus library of the mobile storage medium 103:
connecting a mobile storage medium 103 into the mobile storage medium authentication and update device 102 through a USB interface;
the upgrading of the virus library is completed by the mobile storage medium authentication and updating device 102 according to the date of the virus library in the mobile storage medium 103.
Virus prevention, data access, and log management using the removable storage media 103:
1) the removable storage medium 103 is inserted into the industrial control system host where the virus prevention terminal 105 is located.
2) The virus prevention terminal 105 starts a self-test for the removable storage medium 103.
3) Checking the device state of the mobile storage medium 103, if the mobile storage medium 103 is not authenticated, refusing to use, and executing the authentication process of the mobile storage medium 103 to the mobile storage medium 103 by a user; if the removable storage medium 103 is an authenticated device, step 4) is performed.
4) Comparing the virus library version in the host with the virus library version in the mobile storage medium 103 by the virus prevention and control terminal 105, if the virus library version in the mobile storage medium 103 is newer, updating the virus library in the mobile storage medium 103 into the protected host, and starting virus killing; otherwise, checking whether the time for last disinfection exceeds the specified time limit, and if so, starting disinfection.
5) After the antivirus is finished, the virus prevention and control terminal 105 records the antivirus log and uploads the antivirus log to the antivirus terminal management server 104.
6) The user uses the mobile storage medium 103 to store data, and the virus prevention and control terminal 105 sends the control log of the mobile storage medium 103 to the antivirus terminal management server 104.
In the embodiment of the invention, by deploying the host virus prevention and treatment system of the industrial control system which is formed by the virus upgrade server 101, the mobile storage medium authentication and update device 102, the mobile storage medium 103, the antivirus terminal management server 104 and the virus prevention and treatment terminal 105, the mobile storage medium 103 is firstly subjected to formatting authentication on the antivirus terminal management server 104, so that the safety property of the mobile storage medium 103 is ensured; then the mobile storage medium 103 is accessed into the mobile storage medium authentication and updating device 102, the mobile storage medium authentication and updating device 102 connected with the virus upgrade server 101 performs the latest automatic writing and updating of the virus library on the mobile storage medium 103, and the transmission and writing processes of the virus library are encrypted, so that the security of the transmission and storage processes of the virus library is ensured; finally, the mobile storage medium 103 written with the latest virus library is accessed into the industrial control system host provided with the virus prevention terminal 105, so that the virus prevention terminal 105 can update the virus library and kill viruses for the industrial control system host according to the latest virus library in the mobile storage medium 103, thereby realizing virus prevention and control. The virus library updating and data management are carried out by using the mobile storage medium 103, and the security authentication is required in the process of accessing the mobile storage medium 103 into any equipment, thereby not only preventing the industrial control system host from being infected and controlled through the Internet, but also cutting off the virus propagation of the industrial control system in the infection way, and also forcibly updating the virus library before the mobile storage medium 103 is used by setting the validity period, thereby ensuring that the virus library in the host is updated timely and effectively to avoid the virus threat, breaking through the intranet network bandwidth consumption brought by updating the virus library regularly, providing a solution for the virus prevention and control of the mobile storage medium 103 and the host of the industrial control system, and solving the urgent need of the industrial control system virus which can avoid the virus library upgrading of the industrial control system host directly or indirectly by connecting the Internet and can cut off the virus propagation through the propagation way of the mobile storage medium at present The technical problem of prevention strategy.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (7)
1. A host virus prevention system for an industrial control system, comprising:
the system comprises a virus upgrading server, a mobile storage medium authentication and updating device, a mobile storage medium, a virus killing terminal management server and a virus prevention and control terminal;
the virus upgrading server is connected with the Internet and is used for receiving and upgrading the latest virus library;
the mobile storage medium authentication and updating device is connected with the virus upgrading server and is used for performing security authentication, virus library automatic updating and data encryption management operation on the inserted mobile storage medium;
the mobile storage medium is used for storing a virus library and data;
the antivirus terminal management server is connected with the industrial control system host through an intranet and is used for carrying out formatting authentication on a mobile storage medium, setting a virus searching and killing strategy on the virus prevention and control terminal and managing a virus searching and killing operation log of the virus prevention and control terminal;
the virus prevention and control terminal is installed in the industrial control system host and is used for carrying out safety certification on the mobile storage medium inserted into the industrial control system host and carrying out virus library updating, virus killing and data storage management according to the virus library and data stored in the mobile storage medium;
the mobile storage medium authentication and update device specifically comprises: the system comprises a mobile storage medium security control module, a virus library automatic updating module and a data encryption management module;
the mobile storage medium security control module is used for performing security authentication on the inserted mobile storage medium;
the virus library automatic updating module is used for updating the virus library of the mobile storage medium according to the date information of the virus library inserted into the mobile storage medium and the date information of the latest virus library in the virus upgrading server;
the data encryption management module is used for controlling encryption transmission and encryption storage of the virus library.
2. The host virus prevention and control system of claim 1, wherein the removable storage medium authentication and update apparatus further comprises: the USB interface concurrency control module comprises a USB interface concurrency control module, a USB female port interface and at least two USB male port interfaces;
the USB female port interface is used for connecting the virus upgrading server, and the USB male port interface is used for connecting the mobile storage medium;
the USB interface concurrent control module is used for simultaneously carrying out equipment identification and concurrent read-write control on all the mobile storage media connected to the USB public interface.
3. The host virus prevention and control system of claim 2, wherein the removable storage medium authentication and update apparatus further comprises: an interface status indicator light;
the interface state indicator lamps correspond to the USB public interface one by one and are used for indicating the state of a mobile storage medium accessed into the USB public interface, and the state specifically comprises an unauthenticated state, an authenticated and data updating state, an authenticated normal state and an interface fault state.
4. The host virus prevention system of an industrial control system according to claim 1, wherein the removable storage medium specifically includes: a common data area, a virus bank encryption area and a self-checking program area;
the common data area is used for storing common data;
the virus library encryption area is used for storing a virus library and encrypting the virus library to prevent tampering;
and the self-checking program area is used for storing a self-checking program so as to perform data self-checking and self-starting script deletion.
5. The host virus prevention and control system of an industrial control system according to claim 1, wherein the antivirus terminal management server specifically includes: the system comprises an authentication management module, a virus strategy module and a log management module;
the authentication management module is used for carrying out formatting authentication on the unauthenticated mobile storage medium and pushing corresponding authentication information to the virus prevention and control terminal;
the virus strategy module is used for setting a virus searching and killing strategy and pushing the strategy to the virus control terminal;
the log management module is used for recording the operation information, virus library updating information and virus searching and killing information of the mobile storage medium of the virus prevention and control terminal and forming a management log.
6. A host virus prevention and control method of an industrial control system is characterized by comprising the following steps:
inserting the mobile storage medium into a mobile storage medium authentication and updating device, completing the security authentication of the mobile storage medium by the mobile storage medium authentication and updating device, and performing automatic encryption updating of a virus library on the mobile storage medium after the security authentication according to the virus library of the virus upgrade server;
inserting the mobile storage medium subjected to virus library updating into an industrial control system host, performing security authentication on the mobile storage medium by a virus prevention and control terminal, and performing virus library updating, virus killing and data storage management according to a virus library and data stored in the mobile storage medium;
the virus prevention and control terminal records and uploads virus library updating information, virus searching and killing information and data operation information of the mobile storage medium to the antivirus terminal management server, and receives a virus searching and killing strategy set by the antivirus terminal management server;
before the mobile storage medium is inserted into the mobile storage medium authentication and update device, the method further includes, before the mobile storage medium authentication and update device completes the security authentication of the mobile storage medium:
connecting an unauthenticated mobile storage medium to the antivirus terminal management server, and formatting the unauthenticated mobile storage medium and writing a security label into the antivirus terminal management server to complete the security authentication of the mobile storage medium;
the automatically encrypting and updating the virus library of the mobile storage medium after the security certification according to the virus library of the virus upgrade server specifically comprises:
and updating the virus library of the mobile storage medium according to the date information of the virus library in the mobile storage medium after the security authentication and the date information of the latest virus library in the virus upgrading server, and controlling the encryption transmission and the encryption storage of the virus library in the updating process of the virus library.
7. The host computer virus prevention and control method of industrial control system according to claim 6, wherein after the mobile storage medium with the updated virus library is inserted into the host computer of the industrial control system, before the virus prevention and control terminal performs security authentication on the mobile storage medium, the method further comprises: and the virus prevention and control terminal performs startup self-check on the mobile storage medium, prohibits the automatic operation of all programs in the mobile storage medium, and deletes the self-startup script in the mobile storage medium.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710774935.9A CN107563198B (en) | 2017-08-31 | 2017-08-31 | Host virus prevention and control system and method for industrial control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710774935.9A CN107563198B (en) | 2017-08-31 | 2017-08-31 | Host virus prevention and control system and method for industrial control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107563198A CN107563198A (en) | 2018-01-09 |
| CN107563198B true CN107563198B (en) | 2020-06-02 |
Family
ID=60977629
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710774935.9A Active CN107563198B (en) | 2017-08-31 | 2017-08-31 | Host virus prevention and control system and method for industrial control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107563198B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110392081B (en) * | 2018-04-20 | 2022-08-30 | 武汉安天信息技术有限责任公司 | Virus library pushing method and device, computer equipment and computer storage medium |
| CN110990831B (en) * | 2019-01-14 | 2021-01-01 | 航天云网数据研究院(广东)有限公司 | Network data instant updating mechanism |
| CN111191232B (en) * | 2019-06-28 | 2023-09-29 | 腾讯科技(深圳)有限公司 | Method, device and storage medium for virus killing |
| CN111967004B (en) * | 2020-07-31 | 2021-06-04 | 深圳比特微电子科技有限公司 | Virus scanning method and device of digital currency mining machine and digital currency mining machine |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201311635Y (en) * | 2008-12-12 | 2009-09-16 | 成都立鑫新技术科技有限公司 | Encryption antivirus mobile storage device |
| CN102567656A (en) * | 2010-12-14 | 2012-07-11 | 上海三旗通信科技股份有限公司 | Ad Hoc based mobile terminal virus searching and removing method |
| CN103268444A (en) * | 2012-12-28 | 2013-08-28 | 武汉安天信息技术有限责任公司 | Android malicious code detection system and method based on plugin loading |
| CN103593616A (en) * | 2013-11-29 | 2014-02-19 | 国网安徽省电力公司淮南供电公司 | System and method for preventing and controlling USB flash disk viruses in enterprise information network |
| CN103632080A (en) * | 2013-11-06 | 2014-03-12 | 国家电网公司 | Mobile data application safety protection system and mobile data application safety protection method based on USBKey |
| CN104460657A (en) * | 2014-11-14 | 2015-03-25 | 北京网御星云信息技术有限公司 | Method, device and system for achieving protection of mobile operation and maintenance of industrial control system |
| US9589129B2 (en) * | 2012-06-05 | 2017-03-07 | Lookout, Inc. | Determining source of side-loaded software |
-
2017
- 2017-08-31 CN CN201710774935.9A patent/CN107563198B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201311635Y (en) * | 2008-12-12 | 2009-09-16 | 成都立鑫新技术科技有限公司 | Encryption antivirus mobile storage device |
| CN102567656A (en) * | 2010-12-14 | 2012-07-11 | 上海三旗通信科技股份有限公司 | Ad Hoc based mobile terminal virus searching and removing method |
| US9589129B2 (en) * | 2012-06-05 | 2017-03-07 | Lookout, Inc. | Determining source of side-loaded software |
| CN103268444A (en) * | 2012-12-28 | 2013-08-28 | 武汉安天信息技术有限责任公司 | Android malicious code detection system and method based on plugin loading |
| CN103632080A (en) * | 2013-11-06 | 2014-03-12 | 国家电网公司 | Mobile data application safety protection system and mobile data application safety protection method based on USBKey |
| CN103593616A (en) * | 2013-11-29 | 2014-02-19 | 国网安徽省电力公司淮南供电公司 | System and method for preventing and controlling USB flash disk viruses in enterprise information network |
| CN104460657A (en) * | 2014-11-14 | 2015-03-25 | 北京网御星云信息技术有限公司 | Method, device and system for achieving protection of mobile operation and maintenance of industrial control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107563198A (en) | 2018-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107563198B (en) | Host virus prevention and control system and method for industrial control system | |
| WO2020063001A1 (en) | Method and device for managing basic input and output system firmware, and server | |
| CN111414612B (en) | Security protection method and device for operating system mirror image and electronic equipment | |
| DE112005002985T5 (en) | A method for setting up a trusted runtime environment in a computer | |
| US20070250547A1 (en) | Log Preservation Method, and Program and System Thereof | |
| CN105122260A (en) | Context based switching to a secure operating system environment | |
| US9262631B2 (en) | Embedded device and control method thereof | |
| CN108170495A (en) | A kind of BIOS upgrade methods, system, equipment and computer readable storage medium | |
| US11249677B2 (en) | Method and apparatus for erasing or writing flash data | |
| CN114676419A (en) | Method, system, equipment and medium for real-time early warning of tampering of application program file | |
| CN111131221A (en) | Interface checking device, method and storage medium | |
| CN105335197A (en) | Starting control method and device for application program in terminal | |
| KR20190080591A (en) | Behavior based real- time access control system and control method | |
| CN113505363B (en) | Method and system for realizing memory space replay prevention through software mode | |
| CN108229162B (en) | Method for realizing integrity check of cloud platform virtual machine | |
| CN108171041B (en) | Method and apparatus for authenticating an application accessing memory | |
| US20150074820A1 (en) | Security enhancement apparatus | |
| CN112613011B (en) | USB flash disk system authentication method and device, electronic equipment and storage medium | |
| CN109902490B (en) | Linux kernel level file system tamper-proof application method | |
| CN104361298A (en) | Method and device for information safety and confidentiality | |
| CN109583206B (en) | Method, device, equipment and storage medium for monitoring access process of application program | |
| CN111865915B (en) | IP control method and system for accessing server | |
| CN113297628A (en) | Modification behavior auditing method, device, equipment and readable storage medium | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
| JP6950304B2 (en) | How to match secure elements, computer programs, devices, servers and file information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |