CN108600232B - Industrial control safety audit system and audit method thereof - Google Patents

Industrial control safety audit system and audit method thereof Download PDF

Info

Publication number
CN108600232B
CN108600232B CN201810389730.3A CN201810389730A CN108600232B CN 108600232 B CN108600232 B CN 108600232B CN 201810389730 A CN201810389730 A CN 201810389730A CN 108600232 B CN108600232 B CN 108600232B
Authority
CN
China
Prior art keywords
network terminal
control
monitoring
data
industrial control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810389730.3A
Other languages
Chinese (zh)
Other versions
CN108600232A (en
Inventor
赵西玉
李佐民
赵越峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wangteng Technology Co ltd
Original Assignee
Beijing Wangteng Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wangteng Technology Co ltd filed Critical Beijing Wangteng Technology Co ltd
Priority to CN201810389730.3A priority Critical patent/CN108600232B/en
Publication of CN108600232A publication Critical patent/CN108600232A/en
Application granted granted Critical
Publication of CN108600232B publication Critical patent/CN108600232B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Factory Administration (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an industrial control safety audit system, which comprises a control network terminal, a safety audit server and a safety audit server, wherein the control network terminal is used for directly realizing control operation on the industrial control system; the monitoring network terminal is used for monitoring the control instruction and the control result of the control network terminal; the production management network terminal is used for carrying out overall management and allocation on the production process; and the enterprise information network is used for managing enterprise information. The invention can improve the defects of the prior art and improve the level of industrial control safety protection.

Description

Industrial control safety audit system and audit method thereof
Technical Field
The invention relates to the technical field of industrial control system security defense, in particular to an industrial control security audit system and an audit method thereof.
Background
The industrial control system environment belongs to a specific informatization application scene, and due to the particularity of the system, the safety protection level is relatively weak. Although various protection systems for industrial control systems are disclosed in the prior art, the problems of untimely update of security data, more security holes and the like generally exist.
Disclosure of Invention
The invention aims to provide an industrial control safety audit system and an audit method thereof, which can solve the defects of the prior art and improve the level of industrial control safety protection.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows.
An industrial control safety audit system comprises a data processing system,
the control network terminal is used for directly realizing control operation on the industrial control system;
the monitoring network terminal is used for monitoring the control instruction and the control result of the control network terminal;
the production management network terminal is used for carrying out overall management and allocation on the production process;
and the enterprise information network is used for managing enterprise information.
Preferably, the control network terminal comprises a control station and an operation station.
Preferably, the monitoring network terminal comprises an engineer station and a database.
Preferably, the production management network terminal comprises an antivirus server and a production management server.
Preferably, the enterprise information network includes a Web server, an application server, and an input-output device.
Preferably, the control network terminal, the monitoring network terminal, the production management network terminal and the enterprise information network adopt switches to realize serial communication.
An auditing method of the industrial control safety auditing system comprises the following steps:
A. the control network terminal directly realizes control operation on the industrial control system, and the monitoring network terminal monitors the control instruction and the control result of the control network terminal;
B. the monitoring network terminal synchronously transmits the monitoring result to the production management network terminal and the enterprise information network;
C. the production management network terminal establishes a white list data set, performs white list filtering on the monitoring result, and intercepts non-white list data;
D. the enterprise information network establishes a blacklist data set, and performs blacklist filtering on the monitoring result to intercept blacklist data;
E. and D, the monitoring network terminal compares and analyzes the two groups of data intercepted in the step C and the step D, determines abnormal data, classifies the abnormal data and gives corresponding warning according to the grade of the abnormal data.
Preferably, the monitoring network terminal monitors the total flow of the control network terminal in real time.
Adopt the beneficial effect that above-mentioned technical scheme brought to lie in: the invention establishes a complete auditing system to carry out all-round monitoring on the data flow in the system. The monitoring process adopts a bidirectional filtering mode, can quickly analyze abnormal data flow in the network, and can be widely applied to industries such as electric power, petrochemical industry, nuclear energy, aviation, railways and the like.
Drawings
FIG. 1 is a system schematic of one embodiment of the present invention.
Detailed Description
Referring to fig. 1, one embodiment of the present invention includes,
the control network terminal 1 is used for directly realizing control operation on the industrial control system;
the monitoring network terminal 2 is used for monitoring the control instruction and the control result of the control network terminal 1;
the production management network terminal 3 is used for carrying out overall management and allocation on the production process;
and the enterprise information network 4 is used for managing enterprise information.
The control network terminal 1 comprises a control station 11 and an operation station 12.
The monitoring network terminal 2 includes an engineer station 21 and a database 22.
The production management network terminal 3 includes an antivirus server 31 and a production management server 32.
The enterprise information network 4 includes a Web server 41, an application server 42, and an input-output device 43.
The control network terminal 1, the monitoring network terminal 2, the production management network terminal 3 and the enterprise information network 4 realize serial communication by adopting an exchanger 5.
An auditing method of the industrial control safety auditing system comprises the following steps:
A. the control network terminal 1 directly realizes control operation on the industrial control system, and the monitoring network terminal (2) monitors the control instruction and the control result of the control network terminal 1;
B. the monitoring network terminal 2 synchronously transmits the monitoring result to the production management network terminal 3 and the enterprise information network 4;
C. the production management network terminal 3 establishes a white list data set, performs white list filtering on the monitoring result, and intercepts non-white list data;
D. the enterprise information network 4 establishes a blacklist data set, performs blacklist filtering on the monitoring result, and intercepts blacklist data;
E. and D, the monitoring network terminal 2 compares and analyzes the two groups of data intercepted in the step C and the step D, determines abnormal data, classifies the abnormal data and gives corresponding warning according to the grade of the abnormal data.
The monitoring network terminal 2 monitors the total flow of the control network terminal 1 in real time.
And step E, establishing digital fingerprints of the non-white list data and the black list data, and storing the digital fingerprints in an identification database. The identification database classifies the digital fingerprints according to their correlation. And if the times of the data with the digital fingerprint correlation larger than the first threshold in the non-white list data and the black list data exceed a second threshold, determining that abnormal data occur. And then grading according to the correlation height and the occurrence frequency, wherein the grade is in direct proportion to the normalized result of the correlation and the occurrence frequency of the digital fingerprint.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (5)

1. An auditing method of an industrial control safety auditing system comprises,
the control network terminal (1) is used for directly realizing control operation on the industrial control system;
the monitoring network terminal (2) is used for monitoring the control instruction and the control result of the control network terminal (1);
the production management network terminal (3) is used for carrying out overall management and allocation on the production process;
an enterprise information network (4) for managing enterprise information;
the control network terminal (1) comprises a control station (11) and an operation station (12);
the monitoring network terminal (2) comprises an engineer station (21) and a database (22);
the method is characterized by comprising the following steps:
A. the control network terminal (1) directly realizes control operation on the industrial control system, and the monitoring network terminal (2) monitors the control instruction and the control result of the control network terminal (1);
B. the monitoring network terminal (2) synchronously transmits the monitoring result to the production management network terminal (3) and the enterprise information network (4);
C. the production management network terminal (3) establishes a white list data set, performs white list filtering on the monitoring result, and intercepts non-white list data;
D. the enterprise information network (4) establishes a blacklist data set, and performs blacklist filtering on the monitoring result to intercept blacklist data;
E. the monitoring network terminal (2) performs comparative analysis on the two groups of data intercepted in the step C and the step D, determines abnormal data, classifies the abnormal data, and gives corresponding warning according to the grade of the abnormal data;
establishing digital fingerprints of non-white list data and black list data, and storing the digital fingerprints in an identification database; the identification database classifies the digital fingerprints according to the relevance of the digital fingerprints; if the number of times of data with the digital fingerprint correlation larger than the first threshold value in the non-white list data and the black list data exceeds a second threshold value, determining that abnormal data occur; and then grading according to the correlation height and the occurrence frequency, wherein the grade is in direct proportion to the normalized result of the correlation and the occurrence frequency of the digital fingerprint.
2. The auditing method of the industrial control security auditing system of claim 1, characterized in that: the production management network terminal (3) comprises an anti-virus server (31) and a production management server (32).
3. The auditing method of the industrial control security auditing system of claim 1, characterized in that: the enterprise information network (4) comprises a Web server (41), an application server (42) and an input and output device (43).
4. The auditing method of the industrial control security auditing system of claim 1, characterized in that: the control network terminal (1), the monitoring network terminal (2), the production management network terminal (3) and the enterprise information network (4) adopt the switch (5) to realize serial communication.
5. The auditing method of the industrial control security auditing system of claim 1, characterized in that: and the monitoring network terminal (2) monitors the total flow of the control network terminal (1) in real time.
CN201810389730.3A 2018-04-27 2018-04-27 Industrial control safety audit system and audit method thereof Active CN108600232B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810389730.3A CN108600232B (en) 2018-04-27 2018-04-27 Industrial control safety audit system and audit method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810389730.3A CN108600232B (en) 2018-04-27 2018-04-27 Industrial control safety audit system and audit method thereof

Publications (2)

Publication Number Publication Date
CN108600232A CN108600232A (en) 2018-09-28
CN108600232B true CN108600232B (en) 2021-11-16

Family

ID=63609996

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810389730.3A Active CN108600232B (en) 2018-04-27 2018-04-27 Industrial control safety audit system and audit method thereof

Country Status (1)

Country Link
CN (1) CN108600232B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320332A (en) * 2014-11-13 2015-01-28 济南华汉电气科技有限公司 Multi-protocol industrial communication safety gateway and communication method with gateway applied
CN104460657A (en) * 2014-11-14 2015-03-25 北京网御星云信息技术有限公司 Method, device and system for achieving protection of mobile operation and maintenance of industrial control system
CN104753936A (en) * 2015-03-24 2015-07-01 西北工业大学 Opc security gateway system
CN104767748A (en) * 2015-03-30 2015-07-08 西北工业大学 OPC server safety defending system
CN105897711A (en) * 2016-04-07 2016-08-24 周文奇 System for isolating industrial control system and management network
CN106789982A (en) * 2016-12-08 2017-05-31 北京立思辰新技术有限公司 A kind of safety protecting method being applied in industrial control system and system
CN106899553A (en) * 2015-12-19 2017-06-27 北京中船信息科技有限公司 A kind of industrial control system safety protecting method based on private clound
US9807092B1 (en) * 2013-07-05 2017-10-31 Dcs7, Llc Systems and methods for classification of internet devices as hostile or benign
CN107544470A (en) * 2017-09-29 2018-01-05 杭州安恒信息技术有限公司 A kind of controller guard technology based on white list

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9807092B1 (en) * 2013-07-05 2017-10-31 Dcs7, Llc Systems and methods for classification of internet devices as hostile or benign
CN104320332A (en) * 2014-11-13 2015-01-28 济南华汉电气科技有限公司 Multi-protocol industrial communication safety gateway and communication method with gateway applied
CN104460657A (en) * 2014-11-14 2015-03-25 北京网御星云信息技术有限公司 Method, device and system for achieving protection of mobile operation and maintenance of industrial control system
CN104753936A (en) * 2015-03-24 2015-07-01 西北工业大学 Opc security gateway system
CN104767748A (en) * 2015-03-30 2015-07-08 西北工业大学 OPC server safety defending system
CN106899553A (en) * 2015-12-19 2017-06-27 北京中船信息科技有限公司 A kind of industrial control system safety protecting method based on private clound
CN105897711A (en) * 2016-04-07 2016-08-24 周文奇 System for isolating industrial control system and management network
CN106789982A (en) * 2016-12-08 2017-05-31 北京立思辰新技术有限公司 A kind of safety protecting method being applied in industrial control system and system
CN107544470A (en) * 2017-09-29 2018-01-05 杭州安恒信息技术有限公司 A kind of controller guard technology based on white list

Also Published As

Publication number Publication date
CN108600232A (en) 2018-09-28

Similar Documents

Publication Publication Date Title
CN116488939B (en) Computer information security monitoring method, system and storage medium
CN108512841B (en) Intelligent defense system and method based on machine learning
CN110505206B (en) Internet threat monitoring and defense method based on dynamic joint defense
CN110324323B (en) New energy plant station network-related end real-time interaction process anomaly detection method and system
CN112600805B (en) Network security supervision platform
CN110896386B (en) Method, device, storage medium, processor and terminal for identifying security threat
CN111885060A (en) Internet of vehicles-oriented nondestructive information security vulnerability detection system and method
CN112149120A (en) Transparent transmission type double-channel electric power Internet of things safety detection system
CN116032629A (en) Classification treatment method, system electronic equipment and storage medium for alarm traffic
CN114513342B (en) Intelligent substation communication data safety monitoring method and system
CN103761879B (en) A kind of counterfeit vehicle registration plate identification method and system
CN108600232B (en) Industrial control safety audit system and audit method thereof
CN117879961A (en) Threat early warning analysis model of situation awareness system
CN110520806B (en) Identification of deviation engineering modifications to programmable logic controllers
CN109753009A (en) A kind of level monitoring online data management system
CN109981594A (en) Network security situational awareness method based on big data
CN111541653B (en) Data communication monitoring system and method
CN114979268B (en) Data transmission method, device, server and system for industrial gas enterprise
US20200296119A1 (en) Apparatus and method for security control
Lai et al. An active security defense strategy for wind farm based on automated decision
CN113645241A (en) Intrusion detection method, device and equipment of industrial control proprietary protocol
CN112565246A (en) Network anti-attack system and method based on artificial intelligence
CN112953694A (en) Method for uploading big data to block chain system
CN112637118A (en) Flow analysis implementation method based on internal and external network drainage abnormity
CN112787863A (en) Remote operation and maintenance secure communication method and device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant