CN108366041A - Industry control Environmental security defence method and system based on service order model - Google Patents
Industry control Environmental security defence method and system based on service order model Download PDFInfo
- Publication number
- CN108366041A CN108366041A CN201710205235.8A CN201710205235A CN108366041A CN 108366041 A CN108366041 A CN 108366041A CN 201710205235 A CN201710205235 A CN 201710205235A CN 108366041 A CN108366041 A CN 108366041A
- Authority
- CN
- China
- Prior art keywords
- instruction
- industry control
- service order
- intercepted
- order model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The present invention proposes industry control Environmental security defence method and system based on service order model, acquire passing daily record in industry control environment, obtain industry control environment global information, the information of executable instruction in industry control environment is obtained according to industry control environment global information, and service order model is established according to the information of the executable instruction;When having terminal in industry control environment to when sending instructions under industrial control equipment, first instruction is intercepted, the safety of intercepted instruction is judged according to service order model, is let pass to instruction if safety, instruction is otherwise reported to server is confirmed by administrator;The safety judging result of intercepted instruction and processing behavior are formed into daily record and report to server.The present invention can effectively prevent the execution of exceptional instructions, and often instruction is judged quick aligning, does not influence industry control business by service order model realization industry control environment global command management and control.
Description
Technical field
The present invention relates to industry control security technology areas, more particularly to the defence of the industry control Environmental security based on service order model
Method and system.
Background technology
Industrial control system is widely used in China's electric power, water conservancy, sewage disposal, petrochemical industry, metallurgy, automobile, aviation
Many modern industries such as space flight, since the importance of industrial control system has become many targets of attack for not sending out molecule.Such as
Ukraine's power events, hacker obtain operating personnel's account access right, power supply system are remotely closed by legal means,
Cause heavy losses.
The defence difficult point that industrial control computer terminal security faces at present is as follows:
1. equipment is numerous, model is complicated, it is difficult to which unified install anti-malicious code software;
2. traditional anti-virus mode is not appropriate for industrial control equipment, it be easy to cause and manslaughters, influences business stabilization;
3. equipment mostly uses greatly isolation network, system vulnerability quantity is more;
4. hacker in order to attack industrial control system, can use protracted war mode, leaky can may be hacked if even if taking precautions against tight again
Visitor utilizes;
5. internal control is not stringent, huge security risk can be become because operating personnel's misoperation or malice use etc..
In general, hacker can obtain the control ability of industry control host computer with this by being implanted into malicious file to net, then to
Execution machine issues malicious instructions(Such as it closes, heavy-duty service etc.)Industry control network environment is destroyed with this.And it is issued for hacker
Instruction, although malicious instructions, system, which will be considered that, to be normal instructions and is executed, therefore for industry control safety, is needed
A set of method analyzed and judged that can send instructions under, prevents issuing for malicious instructions.
Invention content
For the above-mentioned prior art the problem of, the present invention propose the peace of the industry control environment based on service order model
Full defence method and system, by computer autonomous learning and analytical technology, being established in industry control environment can only judge and prevent
The method and system of malicious instructions.
Specifically invention content includes:
Industry control Environmental security defence method based on service order model, including:
Passing daily record in industry control environment is acquired, industry control environment global information is obtained, industry control is obtained according to industry control environment global information
The information of executable instruction in environment, and service order model is established according to the information of the executable instruction;
When having terminal in industry control environment to when sending instructions under industrial control equipment, first instruction is intercepted, according to service order model
The safety for judging intercepted instruction, lets pass to instruction if safety, instruction is otherwise reported to server by administrator
Confirmed;
The safety judging result of intercepted instruction and processing behavior are formed into daily record and report to server.
Further, the industry control environment global information includes:It can initiate the account of instruction, each time for each instruction, each
When instructing acting device, each instruction action time, each command content, each instruction execution in industry control environment equipment state.
Further, the information of executable instruction includes in the industry control environment:What each account can be issued instructs, can respectively send out
Cloth instruct corresponding trigger condition, can respectively issue equipment range that instruction can act on, can respectively issue instruction issue the time;
In addition, according to concrete scene and business demand, can be added by administrator for the information of some special instructions.
Further, the safety that intercepted instruction is judged according to service order model, Rule of judgment include:Quilt
Intercept whether the publication account instructed has corresponding whether complete, the intercepted instruction of trigger condition of abnormal, intercepted instruction to act on
Equipment whether within the scope of respective specified.
Further, further include:Data in dynamic monitoring industry control environment, and accordingly to the letter in service order model
Breath carries out increasing, modifying or deleting operation.
Industry control Environmental security system of defense based on service order model, including:Server, the terminal that can be sent instructions down;
Further include:It is deployed in management module, the service order model building module of server, is deployed in the finger for the terminal that can be sent instructions down
Enable determination module, daily record uploading module;
Wherein,
Service order model building module is used to acquire the passing daily record in industry control environment, obtains industry control environment global information, root
The information of executable instruction in industry control environment is obtained according to industry control environment global information, and is built according to the information of the executable instruction
Set up one's own business business demand model;
Instruction determination module is used for when having the terminal that can be sent instructions down in industry control environment to when sending instructions under industrial control equipment, first to referring to
Order is intercepted, and is communicated with server, the safety of intercepted instruction is judged according to service order model, if safety
It lets pass to instruction, otherwise confirms the management module that instruction reports in server by administrator;
Daily record uploading module is used to that the processing behavior of determination module will to be instructed to form the management module that daily record reports to server.
Further, the industry control environment global information includes:It can initiate the account of instruction, each time for each instruction, each
When instructing acting device, each instruction action time, each command content, each instruction execution in industry control environment equipment state.
Further, the information of executable instruction includes in the industry control environment:What each account can be issued instructs, can respectively send out
Cloth instruct corresponding trigger condition, can respectively issue equipment range that instruction can act on, can respectively issue instruction issue the time;
In addition, according to concrete scene and business demand, can be added by administrator for the information of some special instructions.
Further, the safety that intercepted instruction is judged according to service order model, Rule of judgment include:Quilt
Intercept whether the publication account instructed has corresponding whether complete, the intercepted instruction of trigger condition of abnormal, intercepted instruction to act on
Equipment whether within the scope of respective specified.
Further, the management module is additionally operable to the data in dynamic monitoring industry control environment, and refers to accordingly to business
The information in model is enabled to carry out increasing, modifying or deleting operation.
The beneficial effects of the invention are as follows:
The present invention can effectively prevent holding for exceptional instructions by service order model realization industry control environment global command management and control
Row, and often instruction is judged quick aligning, does not influence industry control business;
The service order model of the present invention is that have and fully sentence according to obtained from carrying out the acquisition of enough completions to passing daily record
The disconnected foundation for threatening instruction is only included in regular traffic instruction, and model, Neng Gouyou are not included in for exceptional instructions and uncertain instruction
Effect avoids judging by accident.
Description of the drawings
It, below will be to embodiment or the prior art in order to illustrate more clearly of the present invention or technical solution in the prior art
Attached drawing needed in description is briefly described, it should be apparent that, the accompanying drawings in the following description is only in the present invention
Some embodiments recorded for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is that the present invention is based on the method flow diagrams that the industry control Environmental security of service order model is defendd;
Fig. 2 is that the present invention is based on the system construction drawings that the industry control Environmental security of service order model is defendd.
Specific implementation mode
In order to make those skilled in the art more fully understand the technical solution in the embodiment of the present invention, and make the present invention's
Above objects, features, and advantages can be more obvious and easy to understand, makees below in conjunction with the accompanying drawings to technical solution in the present invention further detailed
Thin explanation.
The present invention gives the embodiments of the method for the industry control Environmental security defence based on service order model, as shown in Figure 1,
Including:
S101:Passing daily record in industry control environment is acquired, industry control environment global information is obtained, is obtained according to industry control environment global information
The information of executable instruction in industry control environment, and service order model is established according to the information of the executable instruction;
S102:When having terminal in industry control environment to when sending instructions under industrial control equipment, first instruction is intercepted, according to service order
Model judges the safety of intercepted instruction, lets pass to instruction if safety, instruction is otherwise reported to server by pipe
Reason person is confirmed;
S103:The safety judging result of intercepted instruction and processing behavior are formed into daily record and report to server.
Preferably, the industry control environment global information includes:It can initiate the account of instruction, each time for each instruction, respectively refer to
When enabling acting device, each instruction action time, each command content, each instruction execution in industry control environment equipment state.
Preferably, the information of executable instruction includes in the industry control environment:What each account can be issued instructs, can respectively issue
Instruct corresponding trigger condition, can respectively issue equipment range that instruction can act on, can respectively issue instruction issue the time;In addition,
According to concrete scene and business demand, can be added by administrator for the information of some special instructions.
Preferably, the safety that intercepted instruction is judged according to service order model, Rule of judgment include:It is blocked
Whether the publication account for cutting instruction has whether complete, the intercepted instruction effect of the corresponding trigger condition of abnormal, intercepted instruction
Whether equipment is within the scope of respective specified.
Preferably, further include:Data in dynamic monitoring industry control environment, and accordingly to the information in service order model
It carries out increasing, modifying or deleting operation.
The present invention gives the system embodiment of the defence of the industry control Environmental security based on service order model, such as Fig. 2 institutes
Show, including:
Server 201, the terminal 202 that can be sent instructions down;
Further include:It is deployed in management module 201-1, the service order model building module 201-2 of server 201, being deployed in can
Under instruction determination module 202-1, the daily record uploading module 202-2 of the terminal 202 that send instructions;
Wherein,
Service order model building module 201-2 is used to acquire the passing daily record in industry control environment, obtains industry control environment overall situation letter
Breath, obtains the information of executable instruction in industry control environment, and according to the executable instruction according to industry control environment global information
Information establishes service order model;
Instruction determination module 202-1 is used in industry control environment having the terminal 202 that can be sent instructions down to sending instructions under industrial control equipment
When, first instruction is intercepted, and is communicated with server 201, the peace of intercepted instruction is judged according to service order model
Quan Xing lets pass to instruction if safety, and instruction is otherwise reported to the management module 201-1 in server 201 by managing
Member is confirmed;
Daily record uploading module 202-2 is used to instruct the processing behavior of determination module 202-1 to form daily record and reports to server 201
Management module 201-1.
Preferably, the industry control environment global information includes:It can initiate the account of instruction, each time for each instruction, respectively refer to
When enabling acting device, each instruction action time, each command content, each instruction execution in industry control environment equipment state.
Preferably, the information of executable instruction includes in the industry control environment:What each account can be issued instructs, can respectively issue
Instruct corresponding trigger condition, can respectively issue industrial control equipment range that instruction can act on, can respectively issue instruction issue the time;
In addition, according to concrete scene and business demand, can be added by administrator for the information of some special instructions.
Preferably, the safety that intercepted instruction is judged according to service order model, Rule of judgment include:It is blocked
Whether the publication account for cutting instruction has whether complete, the intercepted instruction effect of the corresponding trigger condition of abnormal, intercepted instruction
Whether industrial control equipment is within the scope of respective specified.
Preferably, the management module 201-1 is additionally operable to the data in dynamic monitoring industry control environment, and accordingly to business
Information in demand model carries out increasing, modifying or deleting operation.
According to the demand of specific industry control environment and setting, general server 201 can be arranged one, the terminal that can be sent instructions down
202 can be arranged one or more, while industrial control equipment can exist multiple, only be arranged one to server 201 in this specification, can
Under the terminal 202 that sends instructions be arranged one in case of embodiment is illustrated, and above equipment is set in practical applications
It is identical as the present embodiment to set multiple situations its principle.
The embodiment of method is described by the way of progressive in this specification, for the embodiment of system, due to it
It is substantially similar to embodiment of the method, so description is fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
For the malicious instructions industrial control system that hacker in the prior art issues will be considered that be normal instructions and the technical issues of executed,
The present invention proposes industry control Environmental security defence method and system based on service order model, acquires in industry control environment after in the past
Will obtains industry control environment global information, the information of executable instruction in industry control environment is obtained according to industry control environment global information, and
Service order model is established according to the information of the executable instruction;When having terminal in industry control environment to sending instructions under industrial control equipment
When, first instruction is intercepted, the safety of intercepted instruction is judged according to service order model, instruction is carried out if safety
It lets pass, instruction is otherwise reported into server and is confirmed by administrator;By the safety judging result of intercepted instruction and place
Reason behavior forms daily record and reports to server.The present invention passes through service order model realization industry control environment global command management and control, energy
Enough execution for effectively preventing exceptional instructions, and often instruction is judged quick aligning, does not influence industry control business;The business of the present invention
Demand model be according to obtained from carrying out the acquisition of enough completions to passing daily record, have fully judge to threaten instruction according to
According to being only included in regular traffic instruction, be not included in model for exceptional instructions and uncertain instruction, can effectively avoid judging by accident.
Although depicting the present invention by embodiment, it will be appreciated by the skilled addressee that the present invention there are many deformation and
Change the spirit without departing from the present invention, it is desirable to which the attached claims include these deformations and change without departing from the present invention's
Spirit.
Claims (10)
1. the industry control Environmental security defence method based on service order model, which is characterized in that including:
Passing daily record in industry control environment is acquired, industry control environment global information is obtained, industry control is obtained according to industry control environment global information
The information of executable instruction in environment, and service order model is established according to the information of the executable instruction;
When having terminal in industry control environment to when sending instructions under industrial control equipment, first instruction is intercepted, according to service order model
The safety for judging intercepted instruction, lets pass to instruction if safety, instruction is otherwise reported to server by administrator
Confirmed;
The safety judging result of intercepted instruction and processing behavior are formed into daily record and report to server.
2. the method as described in claim 1, which is characterized in that the industry control environment global information includes:It can initiate instruction
Account, each time for each instruction, industry control when respectively instructing acting device, each instruction action time, each command content, each instruction execution
The state of equipment in environment.
3. method as claimed in claim 2, which is characterized in that the information of executable instruction includes in the industry control environment:Respectively
What account can be issued instruct, can respectively issue and instructs corresponding trigger condition, can respectively issue equipment range that instruction can act on, respectively may be used
Publication instruction issues the time.
4. method as claimed in claim 3, which is characterized in that the peace for judging intercepted instruction according to service order model
Quan Xing, Rule of judgment include:Whether the publication account of intercepted instruction has the corresponding trigger condition of abnormal, intercepted instruction to be
Whether the equipment of no complete, intercepted instruction effect is within the scope of respective specified.
5. the method as described in Claims 1-4 is any, which is characterized in that further include:Number in dynamic monitoring industry control environment
According to, and the information in service order model is carried out increasing, modifying or deleting operation accordingly.
6. the industry control Environmental security system of defense based on service order model, including:Server, the terminal that can be sent instructions down;Its
It is characterized in that, further includes:It is deployed in management module, the service order model building module of server, being deployed in send instructions down
The instruction determination module of terminal, daily record uploading module;
Wherein,
Service order model building module is used to acquire the passing daily record in industry control environment, obtains industry control environment global information, root
The information of executable instruction in industry control environment is obtained according to industry control environment global information, and is built according to the information of the executable instruction
Set up one's own business business demand model;
Instruction determination module is used for when having the terminal that can be sent instructions down in industry control environment to when sending instructions under industrial control equipment, first to referring to
Order is intercepted, and is communicated with server, the safety of intercepted instruction is judged according to service order model, if safety
It lets pass to instruction, otherwise confirms the management module that instruction reports in server by administrator;
Daily record uploading module is used to that the processing behavior of determination module will to be instructed to form the management module that daily record reports to server.
7. system as claimed in claim 6, which is characterized in that the industry control environment global information includes:It can initiate instruction
Account, each time for each instruction, industry control when respectively instructing acting device, each instruction action time, each command content, each instruction execution
The state of equipment in environment.
8. system as claimed in claim 7, which is characterized in that the information of executable instruction includes in the industry control environment:Respectively
What account can be issued instruct, can respectively issue and instructs corresponding trigger condition, can respectively issue equipment range that instruction can act on, respectively may be used
Publication instruction issues the time.
9. system as claimed in claim 8, which is characterized in that the peace for judging intercepted instruction according to service order model
Quan Xing, Rule of judgment include:Whether the publication account of intercepted instruction has the corresponding trigger condition of abnormal, intercepted instruction to be
Whether the equipment of no complete, intercepted instruction effect is within the scope of respective specified.
10. the system as described in claim 6 to 9 is any, which is characterized in that the management module is additionally operable to dynamic and monitors industry control
Data in environment, and the information in service order model is carried out increasing, modifying or deleting operation accordingly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710205235.8A CN108366041A (en) | 2017-03-31 | 2017-03-31 | Industry control Environmental security defence method and system based on service order model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710205235.8A CN108366041A (en) | 2017-03-31 | 2017-03-31 | Industry control Environmental security defence method and system based on service order model |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108366041A true CN108366041A (en) | 2018-08-03 |
Family
ID=63009835
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710205235.8A Pending CN108366041A (en) | 2017-03-31 | 2017-03-31 | Industry control Environmental security defence method and system based on service order model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108366041A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111083134A (en) * | 2019-12-11 | 2020-04-28 | 哈尔滨安天科技集团股份有限公司 | Industrial control system communication encryption method and device, electronic equipment and storage medium |
| CN113778042A (en) * | 2021-11-12 | 2021-12-10 | 江苏中科云控智能工业装备有限公司 | Industrial control equipment instruction simulation operation communication system based on informatization modeling |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944915A (en) * | 2014-04-29 | 2014-07-23 | 浙江大学 | Threat detection and defense device, system and method for industrial control system |
| CN106209870A (en) * | 2016-07-18 | 2016-12-07 | 北京科技大学 | A kind of Network Intrusion Detection System for distributed industrial control system |
| CN106341396A (en) * | 2016-08-24 | 2017-01-18 | 北京匡恩网络科技有限责任公司 | Industrial control system with intrusion tolerance and security protection method |
-
2017
- 2017-03-31 CN CN201710205235.8A patent/CN108366041A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944915A (en) * | 2014-04-29 | 2014-07-23 | 浙江大学 | Threat detection and defense device, system and method for industrial control system |
| CN106209870A (en) * | 2016-07-18 | 2016-12-07 | 北京科技大学 | A kind of Network Intrusion Detection System for distributed industrial control system |
| CN106341396A (en) * | 2016-08-24 | 2017-01-18 | 北京匡恩网络科技有限责任公司 | Industrial control system with intrusion tolerance and security protection method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111083134A (en) * | 2019-12-11 | 2020-04-28 | 哈尔滨安天科技集团股份有限公司 | Industrial control system communication encryption method and device, electronic equipment and storage medium |
| CN113778042A (en) * | 2021-11-12 | 2021-12-10 | 江苏中科云控智能工业装备有限公司 | Industrial control equipment instruction simulation operation communication system based on informatization modeling |
| CN113778042B (en) * | 2021-11-12 | 2022-02-11 | 江苏中科云控智能工业装备有限公司 | Industrial control equipment instruction simulation operation communication system based on informatization modeling |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Henrie | Cyber security risk management in the SCADA critical infrastructure environment | |
| JP2017216018A (en) | Kernel-level security agent | |
| US9245147B1 (en) | State machine reference monitor for information system security | |
| CN102436566A (en) | Dynamic trusted measurement method and safe embedded system | |
| Uemura et al. | Availability analysis of an intrusion tolerant distributed server system with preventive maintenance | |
| CN105224867A (en) | A kind of based on the Host Security reinforcement means under virtualized environment | |
| CN106603551A (en) | Industrial personal computer safety protection system and industrial personal computer safety protection method based on security baseline | |
| CN108366041A (en) | Industry control Environmental security defence method and system based on service order model | |
| Nicol | Hacking the lights out | |
| Myung et al. | ICS malware Triton attack and countermeasures | |
| KR101871406B1 (en) | Method for securiting control system using whitelist and system for the same | |
| Gollmann | Security for cyber-physical systems | |
| CN108322460B (en) | Business system flow monitoring system | |
| CN111262815A (en) | Virtual host management system | |
| Conklin et al. | Cyber resilience: An essential new paradigm for ensuring national survival | |
| CN114900333B (en) | Multi-region safety protection method, device, equipment and readable storage medium | |
| Johnson | Cybersafety: Cybersecurity and safety-critical software engineering | |
| CN103944896A (en) | Smart power grid safety protection system | |
| Robles et al. | Vulnerabilities in SCADA and critical infrastructure systems | |
| Bade | Russian hackers infiltrated utility control rooms, DHS says | |
| ASSENZA et al. | Operational technology cybersecurity: How vulnerable is our critical infrastructure? | |
| Lever et al. | Single Points of Failure Within Systems-of-Systems | |
| Chen et al. | Intrusion tolerant control for warship systems | |
| Harper | Defense Department Moving Slowly on ‘Internet of Things’ | |
| Stimmel | Emerging security and data privacy challenges for utilities: case studies and solutions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180803 |