CN108418807B - Industrial control system mainstream protocol implementation and monitoring analysis platform - Google Patents
Industrial control system mainstream protocol implementation and monitoring analysis platform Download PDFInfo
- Publication number
- CN108418807B CN108418807B CN201810114287.9A CN201810114287A CN108418807B CN 108418807 B CN108418807 B CN 108418807B CN 201810114287 A CN201810114287 A CN 201810114287A CN 108418807 B CN108418807 B CN 108418807B
- Authority
- CN
- China
- Prior art keywords
- plc
- protocol
- industrial control
- analysis
- control system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/05—Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
- G05B19/058—Safety, monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
Abstract
The invention discloses a mainstream protocol realization and monitoring analysis platform of an industrial control system, which comprises a simulation module for simulating a virtual controlled object, a PLC upper computer, a Programmable Logic Controller (PLC) and a PLC industrial control protocol deep packet analysis monitoring module; the simulation module is used for simulating a mathematical abstract industrial control system; the PLC receives and stores a simulation system variable signal sent by the simulation module into a specific register, sends the signal into an upper computer, and simultaneously receives a control signal sent by the upper computer and sends the control signal to a controlled object of the simulation module; the PLC industrial control protocol deep packet analysis monitoring module acquires a protocol data stream of an industrial control system generated by communication between an upper computer and the PLC in real time, carries out real-time full analysis and monitoring on the acquired protocol data stream, realizes storage and online display of an analysis result, and simultaneously realizes intrusion detection of the industrial control system.
Description
Technical Field
The invention relates to the field of industrial control system safety, in particular to intrusion detection and protocol monitoring of an industrial control system aiming at a special protocol and construction of an experimental platform.
Background
In recent years, safety events in the field of industrial control have frequently occurred, such as a seismic grid event in 2010, and a blackland "BlackEnergy" grid event in 2015. Industrial control systems are often used in chemical, water, power grid, communication, government, water treatment, nuclear reaction and other national critical infrastructures and key industrial facilities. As early as 2006, the safety of industrial control systems is regarded as an important field of scientific research in the United states, and the problem of industrial control safety is more and more emphasized. Communication among different devices in the industrial control field mostly adopts protocols specific to the industrial control field. Such as the Modbus protocol. Due to the fact that the protocols are designed earlier, convenience, instantaneity and effectiveness are considered more. The security of the protocol itself is less considered, and no secure authentication mechanism, encryption mechanism, etc. exist. Industrial control systems are more vulnerable to attacks, particularly from the network domain. Therefore, the analysis and research of these specific protocols are very important.
The protocol data flow in the industrial control system records the real-time running data and state of the industrial control system, and meanwhile, the industrial control system communicates with an upper computer and an external network through the data flow, so that the state of the data flow is known, and the monitoring and analysis of the data flow are very important. The industrial control system is complex and high in construction cost, and most application scenes are in the fields of key infrastructure and traditional industry. It is difficult to obtain the operation data and obtain the authorization permission. How to construct a mainstream protocol implementation and analysis platform of the industrial control system, which is convenient for research purposes and is relatively convenient, at low cost and conveniently is very important.
At present, according to the research scale, research purpose and different industry fields of an experiment platform, a typical industrial control system safety experiment platform can be typically divided into three types, namely a full-physical test platform constructed by adopting a copying mode, a full-virtual test platform mainly based on copying and simulation combined with a semi-physical test platform and simulation.
(1) Full physical test platform built by adopting copy mode
The platform needs to buy actual-size equipment to build a large-scale test system, often needs a large amount of capital and human input, and the platform construction time is long.
(2) Full virtual test platform with virtual simulation as main part
The test platform utilizes a simulation tool to simulate an industrial process, physical space and information space such as an industrial wireless protocol and the like, and utilizes an attack simulation tool to carry out typical attack simulation. The advantage of this type of platform is low cost, easy to study academically, but lack of realism.
(3) Copying and simulating based virtual-real combined semi-physical test platform
The platform is built in a virtual environment according to different general industrial objects of the physical objects, the control equipment is real physical equipment, or an actual physical control object controller is adopted to simulate the two types of physical objects through software, the characteristics of the platform are combined with the advantages of the two platforms, and the platform is considered for research purposes and the cost for building the platform. Is a comprehensive consideration of two main factors.
For protocol parsing techniques, the main measure is the depth of the parsing. The main categories are shallow analysis and deep analysis. Shallow parsing is mainly the parsing of the basic fields and the fields that are at the bottom layer in the OSI, such as the data link layer, the network layer, the transport layer; and the deep resolution is the complete resolution of the information of the data flow field, not only aiming at the data link layer, the network layer and the transmission layer, but also aiming at all the fields including the application layer field. As well as understanding of the protocol format itself and the interpretation and translation of important field information.
At present, the safety platform building research of the industrial control system is still in a primary stage, most people have less understanding on protocol formats and characteristics in the industrial control field, few platforms are realized and fully analyzed aiming at the main stream protocol of the industrial control system, the realization of the main stream protocol of the industrial control system and the fully analyzed platform are helpful for helping to know the structure, the operation process and the state of the industrial control system, the protocol formats and the characteristics, and more intuitive understanding and clear cognition are realized on a typical industrial control process. The platform is mainly used for copying and simulating, and is a virtual-real combined semi-physical test platform. This is more amenable to research purposes while having some realism. The cost is not limited to a large extent in the implementation mode, and the implementation is more convenient.
Disclosure of Invention
The invention aims to provide a platform for realizing and analyzing a mainstream protocol in the field of industrial control, aiming at the defect of the realization and analysis platform of the mainstream protocol of the existing industrial control system.
The purpose of the invention is realized by the following technical scheme: a mainstream protocol realization and monitoring analysis platform of an industrial control system comprises a simulation module for simulating a virtual controlled object, a PLC upper computer, a Programmable Logic Controller (PLC) and a PLC industrial control protocol deep packet analysis monitoring module;
the simulation module is used for simulating a mathematical abstraction industrial control system, can receive a control signal sent by a PLC host computer in real time, and sends a state variable and an output variable to a PLC in real time by utilizing OPC communication;
the PLC receives and stores simulation system variable signals sent by the simulation module into a specific register, sends the signals to a PLC upper computer, and simultaneously receives control signals sent by the PLC upper computer and sends the control signals to a controlled object of the simulation module;
the PLC deep packet analysis monitoring module acquires a protocol data stream of an industrial control system generated by communication between a PLC upper computer and a PLC in real time, and carries out real-time full analysis and monitoring on the acquired protocol data stream, so that the storage and online display of an analysis result are realized, and meanwhile, the intrusion detection of an industrial control system is realized; the real-time full analysis of the protocol data stream specifically comprises the following steps: marking the protocol type of each data packet by marking fields, determining a layered frame of each type of protocol based on an OSI seven-layer model, carrying out field segmentation and matching on each layer of frame by combining the protocol type, packaging each layer of operation flow except an application layer by a protocol analysis module, and carrying out field analysis and information output aiming at the application layer format of a specific protocol; the intrusion detection of the industrial control system is specifically as follows: and monitoring the behavior characteristics of the specific field by using the full analysis result according to the specific loophole of the known protocol, and judging whether the abnormality exists.
Furthermore, the simulation module is realized through simulink in MATLAB, and meanwhile, a corresponding M file is written to realize that the MATLAB simulation module is used as an OPC Client to realize communication with an OPC Server of the PLC.
Further, the PLC is a physical PLC, and realizes the upper computer communication or the lower computer communication of a specific protocol through a corresponding PLC hardware module.
Further, the PLC industrial control protocol is a typical industrial control system open protocol and comprises Modbus, EtherNet/IP, CCLink, IEC104 and the like.
Furthermore, the PLC deep packet analysis monitoring module realizes analysis monitoring expansion of more protocols through code multiplexing of protocol analysis modules of all layers except the application layer.
Furthermore, the PLC deep packet analysis monitoring module can match fixed fields and output an alarm to form a monitoring log in the intrusion detection process.
Further, the protocol type of each data packet marked by the mark field is specifically as follows: and matching specific format data fields of a specific application layer, and judging whether the port number of a transmission layer in the OSI seven-layer model is matched with the corresponding application layer information or not, so as to realize the distinguishing of data protocol types.
Further, according to the field information of the transmission layer, the field length of the application layer is judged, and error data packets and void data packets are eliminated.
Further, the protocol data stream full-analysis results are sorted and output, and fixed information is screened to serve as a data set to conduct machine learning training.
The invention has the beneficial effects that:
1. the platform adopts a semi-physical test platform which mainly adopts copying and simulation and combines virtuality and reality. The method realizes the variability of the control object and the process, effectively saves the platform cost, is more convenient and has higher realizability.
2. The platform is open and modularized, and other protocol implementation modules can be added; and the simulation object part is shared, so that OPC configuration is facilitated.
3. The platform is added with a deep packet analysis detection module code to realize encapsulation and module programming, and analysis monitoring of a new protocol can be realized by adding a corresponding application layer code analysis field.
4. The platform can realize the intrusion detection function, can match specific fields, and utilizes a specific mode to detect and alarm and output specific protocol vulnerabilities.
5. The platform can relatively economically complete the protocol implementation of a specific industrial control system. And carrying out full analysis output on the protocol. The student can conveniently and deeply know the specific protocol format of the industrial control system, and the safety of the protocol and the information carried by the protocol can be more completely and visually known.
Drawings
FIG. 1 is an abstract architecture of the present platform.
Detailed Description
The invention is described in further detail below with reference to the figures and specific examples.
The invention provides an implementation protocol of a mainstream protocol implementation and monitoring analysis platform of an industrial control system, which comprises the following steps: Modbus/TCP, CCLink, EtherNet/IP and other protocols. The platform is composed of four parts: the system comprises a simulation module of a virtual controlled object, a PLC upper computer, a PLC and a PLC industrial control protocol deep packet analysis monitoring module. The MATLAB simulation program is mainly used as a PLC virtual control object and is connected by utilizing an OPC technology. The main process of the platform is that a specific PLC is connected with a specified upper computer and communicates by using a specified protocol. And the PLC and the simulation object communicate by utilizing an OPC technology. The main process is that the PLC monitors specific variable data in the running process of a simulation object and transmits the data to software of an upper computer at the same time, so that the communication of complete industrial process data between the upper computer and the PLC is realized. The abstract process is shown in figure 1. The platform architecture is shared by the virtual object parts, and variables corresponding to the running process of the virtual object are transmitted to the corresponding PLC through an MATLAB simulation program.
And the simulation module of the virtual controlled object adopts an MATLAB program. Its advantages are: different industrial control scenes can be conveniently simulated. The platform builds the virtual controlled object in the MATLAB, which considers the superiority of MATLAB simulation software in the aspect of simulating the object, and can conveniently modify the controlled object by modifying the code. Process variables and output variables can be output from the MATLAB to the PLC, and input variables of the process can be read from PLC specific registers and input to the MATLAB simulator. The MATLAB simulation program is used as a lower computer controlled by a PLC. The specific implementation process is as follows: a specific MATALB simulator is included, such as a four-tank process written using simulink. And simultaneously writing an M file to realize OPC communication of MATLAB. And calling OPC communication by the M file to read the input variable value of the specific register of the PLC, transmitting the input variable value to the MATALB simulation program, and starting to run the process of the four-tank water tank. And storing the process variable and the output variable in the running process by using the MATALB. And simultaneously, the output variable is transferred to a PLC specific register by using an M file.
Controller PLC host computer: upper computer software STEP 7 of siemens corporation; the AB PLC upper computer software is RSLogix5000 and RSView; mitsubishi Q series PLC host computer software is GXDeveloper, GXWorkers.
Programmable logic controller PLC: the controller adopts an entity PLC (programmable Logic controller) and needs to configure a corresponding protocol communication module. Input values for MATLAB simulation object processes need to be entered in the PLC registers. And in a PC or a virtual machine where the Matlab simulation object is located, a corresponding OPC Server needs to be configured to communicate with an OPC Client of the MATLAB simulation object. Aiming at the Modbus/TCP protocol, the Modbus/TCP protocol is specifically realized as Siemens 300 PLC, and a specific Modbus/TCP communication module is a BCNet-S7 communication module. Its OPC Server is SIMATIC NET. Aiming at the EtherNet/IP protocol, the specific implementation is an allen-broadley PLC of a Rockwell company, the specific model is 1576-PA72, the OPC Server is RSLinx, and a corresponding EtherNet/IP module communicates with an upper computer by using a network cable. For the CCLink protocol, a Mitsubishi Q series PLC is adopted, and a protocol conversion module is QJ61BT11N.
The PLC industrial control protocol deep packet analysis monitoring module: the method mainly considers protocol analysis and monitoring by utilizing a Python language writing program. The finally completed program language can realize on-line analysis and monitoring.
When the platform runs (the PLC monitors specific variable data in the running process of the simulation object and transmits the data to the software of the upper computer at the same time, so that the communication of the complete industrial process data between the upper computer and the PLC is realized), the Python program runs, and the important information field of the specific protocol can be output and displayed. And storing most of information fields of the analysis result and the content represented by the information fields into the txt file.
The method and process for program analysis are performed in a data link layer, a network layer, a transport layer, and an application layer. The main process is as follows: decoding the protocol layer by layer; specific protocol identification and filtering; application layer field analysis and program output. In the aspect of code structure design, for the encapsulation of different modules of different protocol application layer code format analysis programs, the codes are partitioned. When a new protocol is added for analysis, only a specific class of package is needed to be added, and the specific class of package contains the protocol application layer code analysis field. Meanwhile, the application layer specific field and the port number identification code are added, so that the application layer protocol can be filtered, and real-time analysis of more protocols can be realized.
And (3) a filtering mechanism: the invariance of specific fields of application layers is mainly considered, each protocol application layer is provided with a section of fixed characteristic field, and specific protocols are judged and filtered by identifying the fixed value of the section of the corresponding data packet and judging the double confirmation of port numbers of a transmission layer, so that protocol judgment and analysis are realized. And meanwhile, according to the field size and the application layer field, the error data packet and the void data packet are removed.
The Python program is divided into a main program, a specific protocol application layer format package, a specific protocol judgment method (if statement package), a data link layer, a network layer, a transmission layer format package, and a large packet head and a small packet head of a pcap packet, which are needed to be analyzed for realizing the analysis of the pcap packet. This is the general framework for program execution. For the implementation of a specific program, the specific implementation of each protocol format needs to be arranged, and the characters and corresponding information of corresponding fields are output by using field analysis. It is a very important process to know the protocol implementation process, the encapsulation format. The rest is to use code translation and implementation analysis. And meanwhile, outputting and storing the translation information of the important fields. Taking Modbus/TCP protocol as an example: the important information is the important information of the data link layer, such as the starting MAC address, the destination MAC address, the starting IP address, the destination IP address, the source port number, the destination port number, the function code, the host number, the register address, the register value and the like. Regarding the layer-by-layer analysis of the program, the specific protocol type of the next layer protocol needs to be determined through fixed field judgment. The Ethernet type II field and the IP layer version field are used at the data link layer to determine whether the network layer is the IP layer. And judging whether the lower layer is TCP or UDP or other transport layer protocols or not through the IP layer protocol field. And judging whether the lower layer is the corresponding application layer protocol or not through the port number of the transmission layer and the fixed mark field of the corresponding application layer. Different application layer protocols correspond to different port numbers.
Aiming at the intrusion detection implementation mode, specific codes and information are identified and judged to be intruding, an alarm can be output, IP and MAC addresses of the data packets are output and recorded into an intrusion detection alarm, and the intrusion detection alarm is stored into a txt file. For example by matching specific fields: 08 function code 01 function word of Modbus protocol function code, its function is to force PLC to enter listen-only mode. If the function code is continuously detected for a certain number of times, an alarm is triggered, and corresponding display and alarm are carried out on the display screen.
For the function of the PLC deep packet analysis monitoring module, except for segmenting and analyzing the protocol field, analysis result information is sorted and output, and fixed information is screened to serve as a data set to be used in the next step, such as machine learning training.
The integral operation process of the platform comprises the following steps: and writing the input variable value of the MATLAB simulation process in a specific register by utilizing a PLC upper computer. The PC is provided with an OPC Server of the PLC. And realizing OPC communication with the PLC through an M file written by the MATLAB. And reading the value of the PLC specific register, inputting the value into the MATLAB simulation process, and running the MATLAB simulation process. And meanwhile, transmitting specific process variables and output variables in the simulation process to a PLC register by utilizing an M file written by the MATLAB. And realizing interactive data simulation of the PLC and the lower computer. In the process, a deep packet analysis and monitoring program is operated, data streams generated in the second process are monitored, online analysis is carried out, analysis results are output to a display column, and important data are visually stored in a txt file. And meanwhile, matching abnormal data, finding abnormal data streams, outputting an alarm, and establishing a local log.
Claims (8)
1. A mainstream protocol realization and monitoring analysis platform of an industrial control system is characterized in that: the system comprises a simulation module for simulating a virtual controlled object, a PLC upper computer, a programmable logic controller PLC and a PLC industrial control protocol deep packet analysis monitoring module;
the simulation module is used for simulating a mathematical abstraction industrial control system, can receive a control signal sent by a PLC host computer in real time, and sends a state variable and an output variable to a PLC in real time by utilizing OPC communication;
the PLC receives and stores simulation system variable signals sent by the simulation module into a specific register, sends the signals to a PLC upper computer, and simultaneously receives control signals sent by the PLC upper computer and sends the control signals to a controlled object of the simulation module;
the PLC deep packet analysis monitoring module acquires a protocol data stream of an industrial control system generated by communication between a PLC upper computer and a PLC in real time, and carries out real-time full analysis and monitoring on the acquired protocol data stream, so that the storage and online display of an analysis result are realized, and meanwhile, the intrusion detection of an industrial control system is realized; the real-time full analysis of the protocol data stream specifically comprises the following steps: marking the protocol type of each data packet through a marking field, specifically: matching specific format data fields of a specific application layer, judging whether port numbers of a transmission layer in an OSI seven-layer model are matched with corresponding application layer information or not, distinguishing data protocol types, determining a layered frame of each type of protocol based on the OSI seven-layer model, carrying out field segmentation and matching on each layer of frame in combination with the protocol types, packaging each layer of operation flows except the application layer by a protocol analysis module, and carrying out field analysis and information output aiming at the application layer format of the specific protocol; the intrusion detection of the industrial control system is specifically as follows: and monitoring the behavior characteristics of the specific field by using the full analysis result according to the specific loophole of the known protocol, and judging whether the abnormality exists.
2. The platform for realizing, monitoring and analyzing the mainstream protocol of the industrial control system according to claim 1, wherein the simulation module is realized by a simulink module in MATLAB, and meanwhile, a corresponding M file is written to realize that the MATLAB simulation module is used as an OPC Client to realize communication with an OPC Server of a PLC.
3. The platform of claim 1, wherein the PLC is a physical PLC, and the PLC implements upper computer communication or lower computer communication of a specific protocol through a corresponding PLC hardware module.
4. The platform of claim 1, wherein the PLC is a typical industrial control system open protocol including Modbus, EtherNet/IP, CCLink, IEC104, and the like.
5. The platform of claim 1, wherein the PLC deep packet parsing monitoring module implements parsing monitoring expansion of more protocols by code multiplexing of protocol parsing modules of layers except for an application layer.
6. The platform of claim 1, wherein the PLC deep packet parsing and monitoring module is configured to match a fixed field and output an alarm to form a monitoring log during intrusion detection.
7. The platform of claim 1, wherein the length of the application layer field is determined according to the transport layer field information, and erroneous packets and hole packets are removed.
8. The platform of claim 1, wherein full protocol data stream analysis results are sorted and output, and fixed information is selected as a data set for machine learning training.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810114287.9A CN108418807B (en) | 2018-02-05 | 2018-02-05 | Industrial control system mainstream protocol implementation and monitoring analysis platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810114287.9A CN108418807B (en) | 2018-02-05 | 2018-02-05 | Industrial control system mainstream protocol implementation and monitoring analysis platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108418807A CN108418807A (en) | 2018-08-17 |
| CN108418807B true CN108418807B (en) | 2020-04-24 |
Family
ID=63126891
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810114287.9A Active CN108418807B (en) | 2018-02-05 | 2018-02-05 | Industrial control system mainstream protocol implementation and monitoring analysis platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108418807B (en) |
Families Citing this family (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109167796B (en) * | 2018-09-30 | 2020-05-19 | 浙江大学 | Deep packet inspection platform based on industrial SCADA system |
| CN111277545A (en) * | 2018-12-05 | 2020-06-12 | 陕西思科锐迪网络安全技术有限责任公司 | Method for monitoring start and stop of Siemens S7-PLC controller |
| CN109600258B (en) * | 2018-12-10 | 2022-02-22 | 英赛克科技(北京)有限公司 | Industrial protocol message recording device and method |
| CN110351235B (en) * | 2019-01-30 | 2021-04-30 | 清华大学 | Monitoring method and device, industrial control system and computer readable medium |
| CN110011973B (en) * | 2019-03-06 | 2021-08-03 | 浙江国利网安科技有限公司 | Industrial control network access rule construction method and training system |
| CN112558505A (en) * | 2019-09-10 | 2021-03-26 | 阿里巴巴集团控股有限公司 | Control processing method and device for industrial control system, industrial control system and electronic equipment |
| CN110445815A (en) * | 2019-09-20 | 2019-11-12 | 北京天地和兴科技有限公司 | A kind of industry control protocol depth analytic method |
| CN110730137B (en) * | 2019-10-17 | 2022-10-25 | 杭州立思辰安科科技有限公司 | Method and device for accurately and controllably analyzing and displaying protocol field |
| CN110769067B (en) * | 2019-10-30 | 2020-08-04 | 任子行网络技术股份有限公司 | SD-WAN-based industrial internet security supervision system and method |
| CN111103811A (en) * | 2020-01-20 | 2020-05-05 | 清华大学 | Control system semi-physical simulation platform |
| CN111404917B (en) * | 2020-03-11 | 2022-10-04 | 江苏亨通工控安全研究院有限公司 | Industrial control simulation equipment-based threat information analysis and detection method and system |
| CN111371651A (en) * | 2020-03-12 | 2020-07-03 | 杭州木链物联网科技有限公司 | Industrial communication protocol reverse analysis method |
| CN111738543A (en) * | 2020-05-13 | 2020-10-02 | 浙江口碑网络技术有限公司 | Object making system and information processing method for object making |
| CN111669389A (en) * | 2020-06-03 | 2020-09-15 | 浙江中控技术股份有限公司 | Data transmission method and device of industrial control system and related equipment |
| CN112436978B (en) * | 2020-10-28 | 2022-08-30 | 格力电器(南京)有限公司 | Communication interface monitoring system |
| CN112788015B (en) * | 2020-12-31 | 2022-08-09 | 天津大学 | Industrial control protocol identification and analysis method based on industrial gateway |
| CN113114675B (en) * | 2021-04-13 | 2021-12-10 | 珠海市鸿瑞信息技术股份有限公司 | Safety audit system and method based on industrial control |
| CN114253205A (en) * | 2021-11-12 | 2022-03-29 | 浙江省北大信息技术高等研究院 | PLC data reading method, device and system |
| CN115050243A (en) * | 2021-11-16 | 2022-09-13 | 长沙理工大学 | Method for establishing PLC cloud experiment platform based on S7 protocol |
| CN114205427B (en) * | 2021-11-17 | 2023-06-02 | 武汉慧联无限科技有限公司 | Method, apparatus and storage medium for protocol docking debugging |
| CN115190191B (en) * | 2022-09-13 | 2022-11-29 | 中电运行(北京)信息技术有限公司 | Power grid industrial control system and control method based on protocol analysis |
| CN115378825B (en) * | 2022-10-24 | 2023-01-24 | 北京安帝科技有限公司 | Interactive simulation system and method based on application layer industrial control protocol analysis |
| CN115576265B (en) * | 2022-11-21 | 2023-07-11 | 博智安全科技股份有限公司 | PLC equipment simulation method, device, equipment and storage medium |
| CN117278423A (en) * | 2023-11-07 | 2023-12-22 | 国家工业信息安全发展研究中心 | Model construction method, test platform, computer device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103684910A (en) * | 2013-12-02 | 2014-03-26 | 北京工业大学 | Abnormality detecting method based on industrial control system network traffic |
| CN104991528A (en) * | 2015-05-14 | 2015-10-21 | 福州福大自动化科技有限公司 | DCS information safety control method and control station |
| CN105607509A (en) * | 2016-01-21 | 2016-05-25 | 浙江大学 | Industrial radio control system semi-physical security experiment platform |
-
2018
- 2018-02-05 CN CN201810114287.9A patent/CN108418807B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103684910A (en) * | 2013-12-02 | 2014-03-26 | 北京工业大学 | Abnormality detecting method based on industrial control system network traffic |
| CN104991528A (en) * | 2015-05-14 | 2015-10-21 | 福州福大自动化科技有限公司 | DCS information safety control method and control station |
| CN105607509A (en) * | 2016-01-21 | 2016-05-25 | 浙江大学 | Industrial radio control system semi-physical security experiment platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108418807A (en) | 2018-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108418807B (en) | Industrial control system mainstream protocol implementation and monitoring analysis platform | |
| Hadžiosmanović et al. | Through the eye of the PLC: semantic security monitoring for industrial processes | |
| Eckhart et al. | Towards security-aware virtual environments for digital twins | |
| Alves et al. | Virtualization of SCADA testbeds for cybersecurity research: A modular approach | |
| de Brito et al. | Development of an open-source testbed based on the modbus protocol for cybersecurity analysis of nuclear power plants | |
| Masi et al. | Securing critical infrastructures with a cybersecurity digital twin | |
| Dehlaghi-Ghadim et al. | ICSSIM—a framework for building industrial control systems security testbeds | |
| Ayodeji et al. | Cyber security in the nuclear industry: A closer look at digital control systems, networks and human factors | |
| CN112685738A (en) | Malicious confusion script static detection method based on multi-stage voting mechanism | |
| Vaughn Jr et al. | Addressing critical industrial control system cyber security concerns via high fidelity simulation | |
| Wu et al. | Development of testbed for cyber-manufacturing security issues | |
| Williams | Distinguishing Internet-facing ICS devices using PLC programming information | |
| CN116662184A (en) | Industrial control protocol fuzzy test case screening method and system based on Bert | |
| Redwood | Cyber physical system vulnerability research | |
| CN115134127A (en) | Electric power monitoring network safety test system | |
| Patel et al. | Real-time, simulation-based identification of cyber-security attacks of industrial plants | |
| Amrein et al. | Security intelligence for industrial control systems | |
| Fluchs et al. | Evaluation of visual notations as a basis for ics security design decisions | |
| Nazir et al. | A high-level domain-specific language for SIEM (design, development and formal verification) | |
| Jaromin et al. | Design and implementation of industrial control system emulators | |
| Francia et al. | Portable SCADA security toolkits | |
| Plumley et al. | Categorization of cyber training environments for industrial control systems | |
| Warnier et al. | Web based monitoring and control of industrial processes | |
| Francia III | Critical infrastructure security curriculum modules | |
| Borcherding et al. | Towards a Better Understanding of Machine Learning based Network Intrusion Detection Systems in Industrial Networks. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |