CN107733905A - A kind of detection method of industry control network unit exception flow - Google Patents
A kind of detection method of industry control network unit exception flow Download PDFInfo
- Publication number
- CN107733905A CN107733905A CN201711001338.9A CN201711001338A CN107733905A CN 107733905 A CN107733905 A CN 107733905A CN 201711001338 A CN201711001338 A CN 201711001338A CN 107733905 A CN107733905 A CN 107733905A
- Authority
- CN
- China
- Prior art keywords
- flow
- monitoring
- abnormal
- abnormal flow
- monitoring terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of detection method of industry control network unit exception flow, comprise the following steps:1. intelligent monitoring terminal connects with management platform;2. intelligent monitoring terminal deployment way is set;3. opening mode of learning, auxiliary establishes security baseline:4. going to operational mode, start abnormal flow monitoring;5. collection flow in real time, abnormal flow monitoring is carried out according to abnormal flow algorithm;6. produce abnormal flow alarm and log;7. restart to monitor;The beneficial effects of the invention are as follows:The most basic flow of each equipment of industrial control network is established by advanced self-learning algorithm and walks potential model, all-weather is carried out based on this to monitor in real time, once there is abnormal flow triggering, real-time reminding is carried out i.e. in the form of sound, light, and produces corresponding abnormal flow daily record so that follow-up history log is inquired about.Strong technical support is provided for safe and stable, the reliability service of user's industrial network.
Description
Technical field
The present invention relates to a kind of detection method of industry control network unit exception flow, belong to automatic control technology field.
Background technology
At present, with the development of information technology, originally physically-isolated industry control production and control network have to break every
From even directly being connected with Business Administration Network with internet, so stable, controllable, reliable industry control network originally
Just face increasing risk.Also find out that the number of times of attack that industry control network is subjected to is got over from the industry control security incident occurred in recent years
Come more, injured caused by attack also increasing.Script stable operation, only provide service for industry control network local area network client
Real-time server, the request that receives of history server be it is controllable, it is mensurable.Originally only to industry control network LAN services
The work station of device request data send request and it is controllable, it is mensurable.And what those were received in the controller of key-course
Instruction and data be also it is controllable, it is mensurable.But under present two nets convergence, these are controllable, also whether mensurable flow
It is normal then worth thinking.At present, a kind of existing technical scheme is only suitable for the detection of intelligent substation exception flow of network, side
The interchanger that case also needs to be capable of mirror image flow is coordinated, and the flow of mirror image is captured, so as to obtain original report
Literary information, then it is whether abnormal so as to obtain flow by carrying out simple statistics to these original messages, it can be sent when exception different
Reason condition gives remote dispatching system, and these messages are stored.
Publication No. CN106611348A patent application discloses the detection method and device of a kind of abnormal flow.Its
In, this method includes:Visitor's data of guest access advertisement are extracted from the Monitoring Data of advertisement;Carried from multiple visitor's data
First visitor's data are taken, wherein, first visitor's data are visit of the temporal information in the first preset time in multiple visitor's data
Objective data, and the quantity of first visitor's data is multiple;Judge guest identification for any the two of same first guest identification
Whether the time difference of individual first visitor data is in the second preset time;If it is judged that guest identification is same first visitor
Mark adjacent any two the first visitor data time difference in the second preset time, from first visitor's extracting data
Go out second visitor's data, and determine that the second visitor is the visitor for causing Traffic Anomaly.Solve in the prior art due to some visits
The technical problem that advertiser's benefit damage caused by the volume of the flow of passengers is practised fraud does harm to.
Publication No. CN106357622A patent application discloses the exception flow of network inspection based on software defined network
System of defense is surveyed, software defined network has greatly difference with legacy network to the detection method of abnormal flow so that traditional detection
Method is no longer applicable, and by the thought with network control planes and data planar separation, software defined network is research and development network
New opplication and processing network security problem provide new solution.The present invention utilizes the concentration control of software defined network framework
The characteristics of processed, realize that flow monitors in real time in the source of attack, Access Layer abnormality detection false proof using source IP, link flow is different
Often detection forms multiple defense system, gradual Exception Filter flow, realizes detection and defence of the Internet ddos attack in source.
In summary, at present, prior art has the following disadvantages:
1. it is only applicable to a kind of intelligent substation this industry control network.
Coordinated 2. needing and being capable of the interchanger of mirror image flow, if abnormal flow inspection can not be carried out without if
Survey.
3. simply going measurement whether abnormal from the angle of single network session, entirety is not gone from the angle of equipment
Whether abnormal measure flow.
4. the standard of anomalous discrimination is difficult to determine, and is not suitable for industrial production environment.
The content of the invention
It is an object of the invention to provide a kind of industry control network unit exception flow that can overcome above-mentioned technical problem
Detection method, due to the stabilization of industry control network, it is reliable be made up of with controllability the index of each side, wherein each equipment is external
Number of requests, the number of requests received and the service that externally provides all are mensurable, controllable.The method of the invention passes through one
Kind can either bypass deployment and can and enough seal in flow progress in real time collection and monitoring of the equipment of industry control network to industry control network simultaneously
Security baseline is formed using intelligence learning engine self study industry control network normal discharge and as baseline in industry control network
Each equipment is monitored in real time, is carried out Real-time Alarm to the flow of exception and be recorded in alarm log.Side of the present invention
Method be solve to collect how in all directions each equipment sends and received in each industrial control system flow, how to establish security baseline,
The problem of how judging how to handle after Traffic Anomaly and Traffic Anomaly.
The method of the invention specifically includes following steps:
Step 1. intelligent monitoring terminal connects with management platform:
The intelligent monitoring terminal is used for collection site flow, and the management platform is used to manage monitoring terminal.
Step 2. sets intelligent monitoring terminal deployment way:
The intelligent monitoring terminal of setting, which can either bypass, to be deployed on the interchanger for supporting mirror image, can also be sealed in network
Specified location carry out data acquisition, according to the actual conditions of industrial network select set intelligent monitoring terminal deployment way.
Step 3. opens mode of learning, and auxiliary establishes Network Traffic Monitoring baseline:
By opening self-studying mode, Network Traffic Monitoring baseline is established, using an intelligence learning engine, will be collected
Live flow carry out intelligent learning, auxiliary generation flow operation baseline.Only need intelligent monitoring terminal being switched to study
Pattern.
Step 4. goes to operational mode, starts abnormal flow monitoring:
After the Network Traffic Monitoring baseline that step 3 is formed, intelligent monitoring terminal is switched to by work by management platform
Operational mode under, the collection of formal turn-on flow rate and abnormal flow differentiate.
Step 5. gathers flow in real time, and abnormal flow monitoring is carried out according to abnormal flow algorithm:
According to Network Traffic Monitoring baseline, the differentiation of abnormal flow, including outflow flow, inflow are carried out for each equipment
Several dimensions of flow and bulk flow and accessed port carry out comprehensive distinguishing, once there is the operation not in security baseline
Occur, will carry out in next step.
Step 6. produces abnormal flow alarm and log:
When there is abnormal flow, then it will become alarm condition in equipment corresponding to the monitoring page, while produce an energy
For the alarm log of subsequent query, and once occurred when equipment does not have currently in abnormal flow but history in the page is monitored
It is also not processed to cross abnormal but corresponding abnormal log, then has corresponding prompting and appears in the monitoring page.
Step 7. restarts to monitor:
After a monitoring cycle, corresponding normal discharge and abnormal flow can be reset, and restart next week
The monitoring of phase.
The beneficial effects of the invention are as follows:By analyzing the actual flow of industrial control network in conglomerate, typical case is taken out
Discharge model, the most basic flow of each equipment of industrial control network is established by advanced self-learning algorithm and walks potential model,
All-weather is carried out based on this to monitor in real time, once there is abnormal flow triggering, i.e., real-time reminding is carried out in the form of sound, light,
And corresponding abnormal flow daily record is produced so that follow-up history log is inquired about, it is safe and stable, the reliable fortune of user's industrial network
Row provides strong technical support.
Brief description of the drawings
Fig. 1 is the schematic diagram of flow rate calculation formula under normal circumstances;
Fig. 2 is the schematic diagram for establishing flow rate calculation formula after different cycles conversation aging again;
Fig. 3 is the schematic diagram for establishing flow rate calculation formula after same period conversation aging again;
Fig. 4 is the schematic diagram of equipment Traffic Anomaly graphic software platform in the cycle;
Fig. 5 is the schematic diagram of the normal graphic software platform of equipment flow in the cycle;
Fig. 6 is that equipment flow is normal in the cycle but has the schematic diagram of the untreated graphic software platform of abnormal flow alarm.
Embodiment
Embodiments of the present invention are described in detail with reference to Figure of description 1-6.The method of the invention has
Body comprises the following steps:
Step 1. intelligent monitoring terminal connects with management platform:
The intelligent monitoring terminal is used for collection site flow, and the management platform is used to manage monitoring terminal.
Step 2. sets intelligent monitoring terminal deployment way:
The interchanger of many industry spots does not support mirror image pattern or industrial switch not to support mirror image pattern yet, this
Intelligent monitoring terminal in invention methods described, which can either bypass, to be deployed on the interchanger for supporting mirror image, can also seal in network
In specified location carry out data acquisition, according to the actual conditions of industrial network select set intelligent monitoring terminal deployment side
Formula.
Step 3. opens mode of learning, and auxiliary establishes Network Traffic Monitoring baseline:
By opening self-studying mode, auxiliary is established Network Traffic Monitoring baseline, using an intelligence learning engine, will adopted
The live flow collected carries out intelligent learning, auxiliary generation flow operation baseline, it is only necessary to be switched to intelligent monitoring terminal
Mode of learning.
Step 4. goes to operational mode, starts abnormal flow monitoring:
After step 3 forms Network Traffic Monitoring baseline, intelligent monitoring terminal is switched to by work by management platform
Under operational mode, formal turn-on flow rate collection and abnormal flow differentiate.
Step 5. gathers flow in real time, and abnormal flow monitoring is carried out according to abnormal flow algorithm:
According to flow baseline, the differentiation of abnormal flow is carried out for each equipment, including outflow flow, flow into flow and total
Several dimensions of body flow and accessed port carry out comprehensive distinguishing, once there is the operation not in security baseline to occur, will
Carry out in next step.
Step 6. produces abnormal flow alarm and log:
When there is abnormal flow, then it will become alarm condition in equipment corresponding to the monitoring page, while produce an energy
For the alarm log of subsequent query, and once occurred when equipment does not have currently in abnormal flow but history in the page is monitored
It is also not processed to cross abnormal but corresponding abnormal log, then has corresponding prompting and appears in the monitoring page.
Step 7. restarts to monitor;
After a monitoring cycle, corresponding normal discharge and abnormal flow can be reset, and restart next week
The monitoring of phase.
Industry control network is entirely supervised by enterprise management level, process monitoring layer, field control layer and scene equipment level is logically divided into
Survey and support scattered deployment, the mode of centralized management;More intelligent monitoring terminals distribution in the method for the invention embodiment
Formula is deployed in the mirror port of each industrial switch, and unified centralized management is carried out by the management platform.Intelligent monitoring terminal was both
Support bypass deployment, can also seal in industry control network, no matter which kind of deployment way, intelligent monitoring terminal do not affect the industry at scene
Business production.
In the EPA of station level, the industrial switch position of image feature is supported to bypass one intelligence prison of deployment
Terminal is surveyed, intelligent monitoring terminal replicates a all-network flow for passing through the interchanger by interchanger mirror port.Because it is
Bypass deployment, and intelligent monitoring terminal only receives network traffics, any interference message will not occur to industry control network, so to life
Production. art process will not have any impact.
The interchanger between mechanical floor and key-course does not support image feature at the scene, and intelligent monitoring terminal string is disposed,
Because intelligent monitoring terminal does not intercept any message, produced on-site is not interfered with yet.
The method that the auxiliary of intelligence learning engine establishes Network Traffic Monitoring baseline, study engine generate according to following key element
Discharge model:
A. type of service;
B. monitoring object;
C. the time is monitored;
D. uplink traffic;
E. downlink traffic;
F. special crest;
G. special trough.
In the above key element, according to the difference of type of service, the flow grounding data set of use is also different, and
Monitoring object is all equipment that can send or receive data in industrial network, including:Supervisor, interface message processor (IMP), engineer station,
Operator station, real time data server, historic data server, each RTU, PLC.
Rationally differentiate the whether abnormal unique algorithm of flow:
Embodiment 1:
As shown in Figure 1:
When starting monitoring, a upper cycle (5 minutes) newest flow value had been found from database;
Monitor (the T of the cycle 10~T1) in, all it is renewal flow.
Process description:From T0At the moment, data base querying (being inquired about according to 5 tuples+time started) is removed by upper one week
Phase (T-1~T0) newest flow value Qc, this value is just used as initial value, and the flow value received in the cycle 1 afterwards subtracts initial value, makees
For the flow of the period.
To sum up:Monitor (the T of the cycle 10~T1) flow=Q1–Qc。
Embodiment 2:
As shown in Figure 2:
When starting monitoring, a upper cycle (5 minutes) newest flow value was can not find out from database;
Monitor (the T of the cycle 10~T1) in, all it is renewal flow.
Process description:From T0Moment, at the Tm moment, go data base querying (being inquired about according to 5 tuples+time started) from
T0Moment (this moment is not in a upper periodic regime) nearest flow value Qc;To ensure T0Flow is accurate in the~Tm periods
Property, this section of flow value is calculated using below equation:
Δ=(Qm-Qc)/Tm-Tc* (Tm-T0)。
Tm~T1The value Qm of the flow of period=newly.
The new value:That is Tm~T1In the flow value that receives again.
To sum up:Monitor (the T of the cycle 10~T1) flow=Δ+Q1–Qm。
Embodiment 3:
As shown in Figure 3:
Monitor (the T of the cycle 10~T1) in, the same existing aging stream of five-tuple also has newly-built stream;Storage and monitoring time segment T0~Td's
Flow rate calculation, judge whether to have found a upper cycle (5 minutes) newest flow value from database, accordingly according to situation 1 or
Person's situation 2 is handled, and finally obtains the period (T0~Td) flow Δ.
Process description:From T0Moment, in Ts2At the moment, judge that discharge pattern for 1, then illustrates Qs2Newly-built stream is represented, that
(the T of cycle 10~T1) flow=Δ+Q1。
Equipment flows out flow:
Using equipment as in the session information that source IP inquires, all up byte numbers+inquired using equipment as purpose IP
In session information, all descending byte numbers.
Equipment flows into flow:
Using equipment as in the session information that source IP inquires, all descending byte numbers+inquired using equipment as purpose IP
In session information, all up byte numbers.
Presentation mode after abnormal flow appearance:
(1) there is exception in the flow in the currently monitored cycle when equipment, will be warned in monitored picture with Fig. 4, and continues
Flicker:
(2) flow in the currently monitored cycle when equipment is without exception, and this device-dependent all abnormal flow daily record
It is processed, then as shown in Figure 5:
(3) flow in the currently monitored cycle when equipment is without exception, but this device-dependent abnormal flow daily record is present not
Processed situation, then it is as shown in Figure 6 in monitored picture.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art is in scope disclosed by the invention, and the change or replacement that can readily occur in should all be contained
Lid is within the scope of the invention as claimed.
Claims (4)
1. a kind of detection method of industry control network unit exception flow, it is characterised in that comprise the following steps:
Step 1. intelligent monitoring terminal connects with management platform;
The intelligent monitoring terminal is used for collection site flow, and the management platform is used to manage monitoring terminal;
Step 2. sets intelligent monitoring terminal deployment way;
The intelligent monitoring terminal of setting, which can either bypass, to be deployed on the interchanger for supporting mirror image, the finger that can also seal in network
Carry out data acquisition is put in positioning;
Step 3. opens mode of learning, and auxiliary establishes Network Traffic Monitoring baseline;
By opening self-studying mode, Network Traffic Monitoring baseline is established, using an intelligence learning engine, is showed what is collected
Field flow amount carries out intelligent learning, auxiliary generation flow operation baseline;
Step 4. goes to operational mode, starts abnormal flow monitoring;
After step 3 forms Network Traffic Monitoring baseline, intelligent monitoring terminal is switched to the operation of work by management platform
Under pattern, formal turn-on flow rate collection and abnormal flow differentiate;
Step 5. gathers flow in real time, and abnormal flow monitoring is carried out according to abnormal flow algorithm;
Step 6. produces abnormal flow alarm and log;
It when there is abnormal flow, then will become alarm condition in equipment corresponding to the monitoring page, while produce after an energy supplies
The alarm log of continuous inquiry, and in the page is monitored when equipment do not have currently in abnormal flow but history once occurred it is different
Normal but corresponding abnormal log is also not processed, then has corresponding prompting and appear in the monitoring page;
Step 7. restarts to monitor;
After a monitoring cycle, corresponding normal discharge and abnormal flow can be reset, and restart next cycle
Monitoring.
A kind of 2. detection method of industry control network unit exception flow according to claim 1, it is characterised in that the step
In rapid 2, selected to set the deployment way of intelligent monitoring terminal according to the actual conditions of industrial network.
A kind of 3. detection method of industry control network unit exception flow according to claim 1, it is characterised in that the step
In rapid 3, intelligent monitoring terminal is switched to mode of learning.
A kind of 4. detection method of industry control network unit exception flow according to claim 1, it is characterised in that the step
In rapid 5, according to Network Traffic Monitoring baseline, the differentiation of abnormal flow, including outflow flow, inflow stream are carried out for each equipment
Several dimensions of amount and bulk flow and accessed port carry out comprehensive distinguishing, once there is the operation not in security baseline to go out
It is existing, it will carry out in next step.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711001338.9A CN107733905A (en) | 2017-10-24 | 2017-10-24 | A kind of detection method of industry control network unit exception flow |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711001338.9A CN107733905A (en) | 2017-10-24 | 2017-10-24 | A kind of detection method of industry control network unit exception flow |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107733905A true CN107733905A (en) | 2018-02-23 |
Family
ID=61213285
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711001338.9A Pending CN107733905A (en) | 2017-10-24 | 2017-10-24 | A kind of detection method of industry control network unit exception flow |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107733905A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108777679A (en) * | 2018-05-22 | 2018-11-09 | 深信服科技股份有限公司 | Flow access relation generation method, device and the readable storage medium storing program for executing of terminal |
CN109164786A (en) * | 2018-08-24 | 2019-01-08 | 杭州安恒信息技术股份有限公司 | A kind of anomaly detection method based on time correlation baseline, device and equipment |
CN109462617A (en) * | 2018-12-29 | 2019-03-12 | 北京威努特技术有限公司 | Device talk behavioral value method and device in a kind of local area network |
CN109743187A (en) * | 2018-11-23 | 2019-05-10 | 北京奇安信科技有限公司 | Industry control network method for detecting abnormality and device |
CN110224970A (en) * | 2018-03-01 | 2019-09-10 | 西门子公司 | A kind of security monitoring method and apparatus of industrial control system |
CN111159715A (en) * | 2019-12-24 | 2020-05-15 | 贵州航天计量测试技术研究所 | Industrial control safety audit system and method based on artificial intelligence |
CN112187528A (en) * | 2020-09-15 | 2021-01-05 | 浙江大学 | Industrial control system communication flow online monitoring method based on SARIMA |
CN112333045A (en) * | 2020-11-03 | 2021-02-05 | 国家工业信息安全发展研究中心 | Intelligent flow baseline learning method, equipment and computer readable storage medium |
CN112436968A (en) * | 2020-11-23 | 2021-03-02 | 恒安嘉新(北京)科技股份公司 | Network flow monitoring method, device, equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101060444A (en) * | 2007-05-23 | 2007-10-24 | 西安交大捷普网络科技有限公司 | Bayesian statistical model based network anomaly detection method |
CN101616129A (en) * | 2008-06-27 | 2009-12-30 | 成都市华为赛门铁克科技有限公司 | The methods, devices and systems of anti-network attack flow overload protection |
CN102122374A (en) * | 2011-03-03 | 2011-07-13 | 江苏方天电力技术有限公司 | Intelligent analysis system for flow abnormity of power automation system |
CN104954192A (en) * | 2014-03-27 | 2015-09-30 | 东华软件股份公司 | Network flow monitoring method and device |
CN106899601A (en) * | 2017-03-10 | 2017-06-27 | 北京华清信安科技有限公司 | Network attack defence installation and method based on cloud and local platform |
CN107248938A (en) * | 2017-03-10 | 2017-10-13 | 北京华清信安科技有限公司 | Safe big data analysis method based on risk quantification |
-
2017
- 2017-10-24 CN CN201711001338.9A patent/CN107733905A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101060444A (en) * | 2007-05-23 | 2007-10-24 | 西安交大捷普网络科技有限公司 | Bayesian statistical model based network anomaly detection method |
CN101616129A (en) * | 2008-06-27 | 2009-12-30 | 成都市华为赛门铁克科技有限公司 | The methods, devices and systems of anti-network attack flow overload protection |
CN102122374A (en) * | 2011-03-03 | 2011-07-13 | 江苏方天电力技术有限公司 | Intelligent analysis system for flow abnormity of power automation system |
CN104954192A (en) * | 2014-03-27 | 2015-09-30 | 东华软件股份公司 | Network flow monitoring method and device |
CN106899601A (en) * | 2017-03-10 | 2017-06-27 | 北京华清信安科技有限公司 | Network attack defence installation and method based on cloud and local platform |
CN107248938A (en) * | 2017-03-10 | 2017-10-13 | 北京华清信安科技有限公司 | Safe big data analysis method based on risk quantification |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11029676B2 (en) | 2018-03-01 | 2021-06-08 | Siemens Aktiengesellschaft | Safety monitoring method and apparatus for an industrial control system |
CN110224970B (en) * | 2018-03-01 | 2021-11-23 | 西门子公司 | Safety monitoring method and device for industrial control system |
CN110224970A (en) * | 2018-03-01 | 2019-09-10 | 西门子公司 | A kind of security monitoring method and apparatus of industrial control system |
CN108777679A (en) * | 2018-05-22 | 2018-11-09 | 深信服科技股份有限公司 | Flow access relation generation method, device and the readable storage medium storing program for executing of terminal |
CN108777679B (en) * | 2018-05-22 | 2021-09-17 | 深信服科技股份有限公司 | Method and device for generating traffic access relation of terminal and readable storage medium |
CN109164786A (en) * | 2018-08-24 | 2019-01-08 | 杭州安恒信息技术股份有限公司 | A kind of anomaly detection method based on time correlation baseline, device and equipment |
CN109743187B (en) * | 2018-11-23 | 2021-11-16 | 奇安信科技集团股份有限公司 | Industrial control network anomaly detection method and device |
CN109743187A (en) * | 2018-11-23 | 2019-05-10 | 北京奇安信科技有限公司 | Industry control network method for detecting abnormality and device |
CN109462617A (en) * | 2018-12-29 | 2019-03-12 | 北京威努特技术有限公司 | Device talk behavioral value method and device in a kind of local area network |
CN109462617B (en) * | 2018-12-29 | 2022-04-15 | 北京威努特技术有限公司 | Method and device for detecting communication behavior of equipment in local area network |
CN111159715A (en) * | 2019-12-24 | 2020-05-15 | 贵州航天计量测试技术研究所 | Industrial control safety audit system and method based on artificial intelligence |
CN111159715B (en) * | 2019-12-24 | 2023-11-14 | 贵州航天计量测试技术研究所 | Industrial control safety audit system and method based on artificial intelligence |
CN112187528A (en) * | 2020-09-15 | 2021-01-05 | 浙江大学 | Industrial control system communication flow online monitoring method based on SARIMA |
CN112187528B (en) * | 2020-09-15 | 2021-10-08 | 浙江大学 | Industrial control system communication flow online monitoring method based on SARIMA |
CN112333045A (en) * | 2020-11-03 | 2021-02-05 | 国家工业信息安全发展研究中心 | Intelligent flow baseline learning method, equipment and computer readable storage medium |
CN112436968A (en) * | 2020-11-23 | 2021-03-02 | 恒安嘉新(北京)科技股份公司 | Network flow monitoring method, device, equipment and storage medium |
CN112436968B (en) * | 2020-11-23 | 2023-10-17 | 恒安嘉新(北京)科技股份公司 | Network traffic monitoring method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107733905A (en) | A kind of detection method of industry control network unit exception flow | |
CN105959144B (en) | Secure data acquisition and method for detecting abnormality and system towards industrial control network | |
CN103108159B (en) | Electric power intelligent video analyzing and monitoring system and method | |
CN104079874B (en) | A kind of security protection integral system and method based on technology of Internet of things | |
CN105163091B (en) | Pump station engineering management integrated linkage system | |
CN110517429A (en) | A kind of Intelligent electronic fence system and processing method | |
CN109600363A (en) | A kind of internet-of-things terminal network portrait and abnormal network access behavioral value method | |
CN102930702B (en) | Zero false alarm networking video security method and system thereof | |
CN107145959A (en) | A kind of electric power data processing method based on big data platform | |
CN202282837U (en) | Video quality diagnosis system | |
CN105515180A (en) | Intelligent substation communication network dynamic monitoring system and monitoring method thereof | |
CN102447570A (en) | Monitoring device and method based on health degree analysis | |
CN103391425B (en) | Monitoring intelligent remodeling method based on time division multiplex video analysis | |
CN109104438A (en) | Botnet method for early warning and device in a kind of narrowband Internet of Things | |
CN114881808B (en) | Big data-based accurate identification method for electric power larceny and electric power larceny prevention system | |
CN104375485A (en) | Auxiliary monitoring system for electricity transformation and distribution safety production and monitoring method of auxiliary monitoring system for electricity transformation and distribution safety production | |
CN102882701A (en) | Intelligent monitoring and warning system and method for power grid core service data | |
CN106707940A (en) | Production well device integration management system | |
CN110531656A (en) | A kind of monitoring system and method for Hydropower Unit performance | |
CN110472749A (en) | The long-distance monitoring method and monitoring device of equipment | |
CN112969054A (en) | Intelligent community police office system based on Internet of things security | |
CN113566883A (en) | Power cable monitoring method and system based on Internet of things and storage medium | |
CN112558562A (en) | Pump station management system | |
CN112543123B (en) | Safety protection and early warning system of industrial automatic control system | |
CN109639587A (en) | A kind of flow monitoring system based on electric automatization |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180223 |