CN108600232B - Industrial control safety audit system and audit method thereof - Google Patents
Industrial control safety audit system and audit method thereof Download PDFInfo
- Publication number
- CN108600232B CN108600232B CN201810389730.3A CN201810389730A CN108600232B CN 108600232 B CN108600232 B CN 108600232B CN 201810389730 A CN201810389730 A CN 201810389730A CN 108600232 B CN108600232 B CN 108600232B
- Authority
- CN
- China
- Prior art keywords
- network terminal
- control
- monitoring
- data
- industrial control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Factory Administration (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an industrial control safety audit system, which comprises a control network terminal, a safety audit server and a safety audit server, wherein the control network terminal is used for directly realizing control operation on the industrial control system; the monitoring network terminal is used for monitoring the control instruction and the control result of the control network terminal; the production management network terminal is used for carrying out overall management and allocation on the production process; and the enterprise information network is used for managing enterprise information. The invention can improve the defects of the prior art and improve the level of industrial control safety protection.
Description
Technical Field
The invention relates to the technical field of industrial control system security defense, in particular to an industrial control security audit system and an audit method thereof.
Background
The industrial control system environment belongs to a specific informatization application scene, and due to the particularity of the system, the safety protection level is relatively weak. Although various protection systems for industrial control systems are disclosed in the prior art, the problems of untimely update of security data, more security holes and the like generally exist.
Disclosure of Invention
The invention aims to provide an industrial control safety audit system and an audit method thereof, which can solve the defects of the prior art and improve the level of industrial control safety protection.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows.
An industrial control safety audit system comprises a data processing system,
the control network terminal is used for directly realizing control operation on the industrial control system;
the monitoring network terminal is used for monitoring the control instruction and the control result of the control network terminal;
the production management network terminal is used for carrying out overall management and allocation on the production process;
and the enterprise information network is used for managing enterprise information.
Preferably, the control network terminal comprises a control station and an operation station.
Preferably, the monitoring network terminal comprises an engineer station and a database.
Preferably, the production management network terminal comprises an antivirus server and a production management server.
Preferably, the enterprise information network includes a Web server, an application server, and an input-output device.
Preferably, the control network terminal, the monitoring network terminal, the production management network terminal and the enterprise information network adopt switches to realize serial communication.
An auditing method of the industrial control safety auditing system comprises the following steps:
A. the control network terminal directly realizes control operation on the industrial control system, and the monitoring network terminal monitors the control instruction and the control result of the control network terminal;
B. the monitoring network terminal synchronously transmits the monitoring result to the production management network terminal and the enterprise information network;
C. the production management network terminal establishes a white list data set, performs white list filtering on the monitoring result, and intercepts non-white list data;
D. the enterprise information network establishes a blacklist data set, and performs blacklist filtering on the monitoring result to intercept blacklist data;
E. and D, the monitoring network terminal compares and analyzes the two groups of data intercepted in the step C and the step D, determines abnormal data, classifies the abnormal data and gives corresponding warning according to the grade of the abnormal data.
Preferably, the monitoring network terminal monitors the total flow of the control network terminal in real time.
Adopt the beneficial effect that above-mentioned technical scheme brought to lie in: the invention establishes a complete auditing system to carry out all-round monitoring on the data flow in the system. The monitoring process adopts a bidirectional filtering mode, can quickly analyze abnormal data flow in the network, and can be widely applied to industries such as electric power, petrochemical industry, nuclear energy, aviation, railways and the like.
Drawings
FIG. 1 is a system schematic of one embodiment of the present invention.
Detailed Description
Referring to fig. 1, one embodiment of the present invention includes,
the control network terminal 1 is used for directly realizing control operation on the industrial control system;
the monitoring network terminal 2 is used for monitoring the control instruction and the control result of the control network terminal 1;
the production management network terminal 3 is used for carrying out overall management and allocation on the production process;
and the enterprise information network 4 is used for managing enterprise information.
The control network terminal 1 comprises a control station 11 and an operation station 12.
The monitoring network terminal 2 includes an engineer station 21 and a database 22.
The production management network terminal 3 includes an antivirus server 31 and a production management server 32.
The enterprise information network 4 includes a Web server 41, an application server 42, and an input-output device 43.
The control network terminal 1, the monitoring network terminal 2, the production management network terminal 3 and the enterprise information network 4 realize serial communication by adopting an exchanger 5.
An auditing method of the industrial control safety auditing system comprises the following steps:
A. the control network terminal 1 directly realizes control operation on the industrial control system, and the monitoring network terminal (2) monitors the control instruction and the control result of the control network terminal 1;
B. the monitoring network terminal 2 synchronously transmits the monitoring result to the production management network terminal 3 and the enterprise information network 4;
C. the production management network terminal 3 establishes a white list data set, performs white list filtering on the monitoring result, and intercepts non-white list data;
D. the enterprise information network 4 establishes a blacklist data set, performs blacklist filtering on the monitoring result, and intercepts blacklist data;
E. and D, the monitoring network terminal 2 compares and analyzes the two groups of data intercepted in the step C and the step D, determines abnormal data, classifies the abnormal data and gives corresponding warning according to the grade of the abnormal data.
The monitoring network terminal 2 monitors the total flow of the control network terminal 1 in real time.
And step E, establishing digital fingerprints of the non-white list data and the black list data, and storing the digital fingerprints in an identification database. The identification database classifies the digital fingerprints according to their correlation. And if the times of the data with the digital fingerprint correlation larger than the first threshold in the non-white list data and the black list data exceed a second threshold, determining that abnormal data occur. And then grading according to the correlation height and the occurrence frequency, wherein the grade is in direct proportion to the normalized result of the correlation and the occurrence frequency of the digital fingerprint.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (5)
1. An auditing method of an industrial control safety auditing system comprises,
the control network terminal (1) is used for directly realizing control operation on the industrial control system;
the monitoring network terminal (2) is used for monitoring the control instruction and the control result of the control network terminal (1);
the production management network terminal (3) is used for carrying out overall management and allocation on the production process;
an enterprise information network (4) for managing enterprise information;
the control network terminal (1) comprises a control station (11) and an operation station (12);
the monitoring network terminal (2) comprises an engineer station (21) and a database (22);
the method is characterized by comprising the following steps:
A. the control network terminal (1) directly realizes control operation on the industrial control system, and the monitoring network terminal (2) monitors the control instruction and the control result of the control network terminal (1);
B. the monitoring network terminal (2) synchronously transmits the monitoring result to the production management network terminal (3) and the enterprise information network (4);
C. the production management network terminal (3) establishes a white list data set, performs white list filtering on the monitoring result, and intercepts non-white list data;
D. the enterprise information network (4) establishes a blacklist data set, and performs blacklist filtering on the monitoring result to intercept blacklist data;
E. the monitoring network terminal (2) performs comparative analysis on the two groups of data intercepted in the step C and the step D, determines abnormal data, classifies the abnormal data, and gives corresponding warning according to the grade of the abnormal data;
establishing digital fingerprints of non-white list data and black list data, and storing the digital fingerprints in an identification database; the identification database classifies the digital fingerprints according to the relevance of the digital fingerprints; if the number of times of data with the digital fingerprint correlation larger than the first threshold value in the non-white list data and the black list data exceeds a second threshold value, determining that abnormal data occur; and then grading according to the correlation height and the occurrence frequency, wherein the grade is in direct proportion to the normalized result of the correlation and the occurrence frequency of the digital fingerprint.
2. The auditing method of the industrial control security auditing system of claim 1, characterized in that: the production management network terminal (3) comprises an anti-virus server (31) and a production management server (32).
3. The auditing method of the industrial control security auditing system of claim 1, characterized in that: the enterprise information network (4) comprises a Web server (41), an application server (42) and an input and output device (43).
4. The auditing method of the industrial control security auditing system of claim 1, characterized in that: the control network terminal (1), the monitoring network terminal (2), the production management network terminal (3) and the enterprise information network (4) adopt the switch (5) to realize serial communication.
5. The auditing method of the industrial control security auditing system of claim 1, characterized in that: and the monitoring network terminal (2) monitors the total flow of the control network terminal (1) in real time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810389730.3A CN108600232B (en) | 2018-04-27 | 2018-04-27 | Industrial control safety audit system and audit method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810389730.3A CN108600232B (en) | 2018-04-27 | 2018-04-27 | Industrial control safety audit system and audit method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108600232A CN108600232A (en) | 2018-09-28 |
CN108600232B true CN108600232B (en) | 2021-11-16 |
Family
ID=63609996
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810389730.3A Active CN108600232B (en) | 2018-04-27 | 2018-04-27 | Industrial control safety audit system and audit method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108600232B (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320332A (en) * | 2014-11-13 | 2015-01-28 | 济南华汉电气科技有限公司 | Multi-protocol industrial communication safety gateway and communication method with gateway applied |
CN104460657A (en) * | 2014-11-14 | 2015-03-25 | 北京网御星云信息技术有限公司 | Method, device and system for achieving protection of mobile operation and maintenance of industrial control system |
CN104753936A (en) * | 2015-03-24 | 2015-07-01 | 西北工业大学 | Opc security gateway system |
CN104767748A (en) * | 2015-03-30 | 2015-07-08 | 西北工业大学 | OPC server safety defending system |
CN105897711A (en) * | 2016-04-07 | 2016-08-24 | 周文奇 | System for isolating industrial control system and management network |
CN106789982A (en) * | 2016-12-08 | 2017-05-31 | 北京立思辰新技术有限公司 | A kind of safety protecting method being applied in industrial control system and system |
CN106899553A (en) * | 2015-12-19 | 2017-06-27 | 北京中船信息科技有限公司 | A kind of industrial control system safety protecting method based on private clound |
US9807092B1 (en) * | 2013-07-05 | 2017-10-31 | Dcs7, Llc | Systems and methods for classification of internet devices as hostile or benign |
CN107544470A (en) * | 2017-09-29 | 2018-01-05 | 杭州安恒信息技术有限公司 | A kind of controller guard technology based on white list |
-
2018
- 2018-04-27 CN CN201810389730.3A patent/CN108600232B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9807092B1 (en) * | 2013-07-05 | 2017-10-31 | Dcs7, Llc | Systems and methods for classification of internet devices as hostile or benign |
CN104320332A (en) * | 2014-11-13 | 2015-01-28 | 济南华汉电气科技有限公司 | Multi-protocol industrial communication safety gateway and communication method with gateway applied |
CN104460657A (en) * | 2014-11-14 | 2015-03-25 | 北京网御星云信息技术有限公司 | Method, device and system for achieving protection of mobile operation and maintenance of industrial control system |
CN104753936A (en) * | 2015-03-24 | 2015-07-01 | 西北工业大学 | Opc security gateway system |
CN104767748A (en) * | 2015-03-30 | 2015-07-08 | 西北工业大学 | OPC server safety defending system |
CN106899553A (en) * | 2015-12-19 | 2017-06-27 | 北京中船信息科技有限公司 | A kind of industrial control system safety protecting method based on private clound |
CN105897711A (en) * | 2016-04-07 | 2016-08-24 | 周文奇 | System for isolating industrial control system and management network |
CN106789982A (en) * | 2016-12-08 | 2017-05-31 | 北京立思辰新技术有限公司 | A kind of safety protecting method being applied in industrial control system and system |
CN107544470A (en) * | 2017-09-29 | 2018-01-05 | 杭州安恒信息技术有限公司 | A kind of controller guard technology based on white list |
Also Published As
Publication number | Publication date |
---|---|
CN108600232A (en) | 2018-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN116488939B (en) | Computer information security monitoring method, system and storage medium | |
CN108512841B (en) | Intelligent defense system and method based on machine learning | |
CN110505206B (en) | Internet threat monitoring and defense method based on dynamic joint defense | |
CN110324323B (en) | New energy plant station network-related end real-time interaction process anomaly detection method and system | |
CN112600805B (en) | Network security supervision platform | |
CN110896386B (en) | Method, device, storage medium, processor and terminal for identifying security threat | |
CN111885060A (en) | Internet of vehicles-oriented nondestructive information security vulnerability detection system and method | |
CN112149120A (en) | Transparent transmission type double-channel electric power Internet of things safety detection system | |
CN116032629A (en) | Classification treatment method, system electronic equipment and storage medium for alarm traffic | |
CN114513342B (en) | Intelligent substation communication data safety monitoring method and system | |
CN103761879B (en) | A kind of counterfeit vehicle registration plate identification method and system | |
CN108600232B (en) | Industrial control safety audit system and audit method thereof | |
CN117879961A (en) | Threat early warning analysis model of situation awareness system | |
CN110520806B (en) | Identification of deviation engineering modifications to programmable logic controllers | |
CN109753009A (en) | A kind of level monitoring online data management system | |
CN109981594A (en) | Network security situational awareness method based on big data | |
CN111541653B (en) | Data communication monitoring system and method | |
CN114979268B (en) | Data transmission method, device, server and system for industrial gas enterprise | |
US20200296119A1 (en) | Apparatus and method for security control | |
Lai et al. | An active security defense strategy for wind farm based on automated decision | |
CN113645241A (en) | Intrusion detection method, device and equipment of industrial control proprietary protocol | |
CN112565246A (en) | Network anti-attack system and method based on artificial intelligence | |
CN112953694A (en) | Method for uploading big data to block chain system | |
CN112637118A (en) | Flow analysis implementation method based on internal and external network drainage abnormity | |
CN112787863A (en) | Remote operation and maintenance secure communication method and device and computer readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |