CN109005162A - Industrial control system method for auditing safely and device - Google Patents
Industrial control system method for auditing safely and device Download PDFInfo
- Publication number
- CN109005162A CN109005162A CN201810792245.0A CN201810792245A CN109005162A CN 109005162 A CN109005162 A CN 109005162A CN 201810792245 A CN201810792245 A CN 201810792245A CN 109005162 A CN109005162 A CN 109005162A
- Authority
- CN
- China
- Prior art keywords
- service logic
- control system
- section
- industrial control
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
Abstract
The present invention provides the method for auditing safely and device of a kind of industrial control system, belongs to field of communication technology.The method for auditing safely of industrial control system of the invention, comprising: according to the logical relation configured in advance by each service logic section, configuration standard XML rule file;Data under business scenario locating for industrial control system are acquired, and obtain the acquisition time section of each service logic interval censored data;According to the acquisition time section of the service logic interval censored data and the data in the collected business section, contrast standard XML rule file generates the audit log in service logic section;According to the audit log of the risk model and service logic section generated that pre-establish, the security risk audit log of the business scenario is obtained, and the security risk audit log is stored.
Description
Technical field
The invention belongs to fields of communication technology, and in particular to a kind of industrial control system method for auditing safely and device.
Background technique
Industrial control system is at the beginning of design, due to resource-constrained, the reasons such as not face internet, for guarantee real-time and
Availability, for each layer of industrial control system general lack of safety Design, the security audit for industrial control system is to ensure work
The effective means of control system safety.
Industry control security audit is by being acquired to practical communication flow in industrial control system network, to communication message
Deep analysis is carried out, by technologies such as in-situ analysis, data stream monitoring, network behavior audits, quickly identifies Industry Control
Abnormal behaviour present in network realizes that real-time detection goes out to be directed to network attack, user misoperation, the User Violations of industrial control system
Operation, illegality equipment access and the behavior of the propagation of Malwares such as worm, virus simultaneously Realtime Alerts, while well-documented history one
Network communication behavior is cut, provides solid foundation for the safety accident investigation of industrial control system.
Summary of the invention
The present invention is directed at least solve one of the technical problems existing in the prior art, a kind of industrial control system safety is provided
Industrial control system method for auditing safely and device.
Solve the method for auditing safely that technical solution used by present invention problem is a kind of industrial control system, comprising:
According to the logical relation configured in advance by each service logic section, configuration standard XML rule file;
Data under business scenario locating for industrial control system are acquired, and obtain adopting for each service logic interval censored data
Collect the period;
It is right according to the acquisition time section of the service logic interval censored data and the data in the collected business section
Than standard x ML rule file, the audit log in service logic section is generated;
According to the audit log of the risk model and service logic section generated that pre-establish, the industry is obtained
The security risk audit log for scene of being engaged in, and the security risk audit log is stored.
Preferably, the logical relation configured in advance by each service logic section in the basis generates standard x ML
Before the step of rule file, further includes:
Logical relation is configured for service logic section;Wherein, the logical relation include service logic section its used
Service logic relationship, instruction and its logical relation, the industrial system object that is related to and its logical relation, input/output ginseng
Several and its voting logic relationship.
It may further be preferable that the audit log in the service logic section include: comprising the audit target, auditing result,
The audit log in the service logic section of audit analysis.
It may further be preferable that before described the step of configuring logical relation for service logic section, further includes:
Business scenario is divided into multiple service logic sections according to different audit granularities.
Preferably, the data under business scenario locating for industrial control system are acquired, and are obtained each business and patrolled
The step of acquisition time section of volume interval censored data includes:
It is acquired using the data under business scenario locating for DPI technology industrial control system;
It reads under business scenario locating for industrial control system, the acquisition time of first data, and is patrolled according to the time, each business
The beginning and service logic section execution duration that section executes are collected, each service logic interval censored data is successively obtained
Acquisition time section.
Preferably, the step of acquisition time section for obtaining each service logic interval censored data includes:
It reads under business scenario locating for industrial control system, the acquisition time of first data, and is patrolled according to the time, each business
The beginning and service logic section execution duration that section executes are collected, each service logic interval censored data is successively obtained
Acquisition time section.
Preferably, it is described to the security risk audit log carry out storage include:
The security risk audit log is uploaded to cloud block chain to store.
Solve the security audit device that technical solution used by present invention problem is a kind of industrial control system, comprising:
First configuration module, for according to the logical relation configured in advance by each service logic section, configuration standard
XML rule file;
Acquisition module for being acquired to the data under business scenario locating for industrial control system, and obtains each business and patrols
Collect the acquisition time section of interval censored data;
Audit Module, for the acquisition time section and the collected business according to the service logic interval censored data
The data in section, contrast standard XML rule file generate the audit log in service logic section;
Risk analysis module, for examining according to the risk model and service logic section generated pre-established
Log is counted, obtains the security risk audit log of the business scenario, and store to the security risk audit log.
Preferably, the security audit device of the industrial control system, further includes:
Second configuration module, for configuring logical relation for service logic section;Wherein, the logical relation includes business
Logic section its used service logic relationship, instruction and its logical relation, the industrial system object being related to and its logic
Relationship, input/output parameters and its voting logic relationship.
Preferably, the security audit device of the industrial control system, further includes:
Third configuration module, for business scenario to be divided into multiple service logics according to different audit granularities
Section.
The invention has the following beneficial effects:
In the method for auditing safely of industrial control system of the invention, pass through the business that is related to of audit operations logic section that is delayed
Logical relation, instruction and its logical relation are related to patrolling for industrial object and its logical relation, input/output parameters and its threshold value
The relationship of collecting, and be the modeling of service logic section security risk based on auditing result, it generates risk model and analyzes log, pass through cloud
Block chain node saves all audits and analysis log.The method achieve under specific industry special scenes service logic it is complete
Face audit and risk analysis, avoid the deficiency to the audit of single behavior safety, ensure that the comprehensive of industrial control system security audit
Property and auditing result it is traceable.
Detailed description of the invention
Fig. 1 is the flow chart of the method for auditing safely of the industrial control system of the embodiment of the present invention 1;
Fig. 2 is the flow chart of the method for auditing safely of the industrial control system of the embodiment of the present invention 2;
Fig. 3 is the schematic diagram of the security audit device of the industrial control system of the embodiment of the present invention 3.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, with reference to the accompanying drawing and specific embodiment party
Present invention is further described in detail for formula.
Embodiment 1:
As shown in Figure 1, this method is according to industrial control system institute the present embodiment provides a kind of method for auditing safely of industrial control system
The business scenario at place carries out security audit, wherein business scenario is divided into multiple service logic sections, and this method includes following step
It is rapid:
Step 1: according to the logical relation configured in advance by each service logic section, configuration standard XML rule text
Part.
Wherein, in order to each service logic section configuration use service logic relationship, instruction and its logical relation, be related to
Industrial system object and its logical relation, input/output parameters and its voting logic relationship arrived, each service logic section pair
The XML rule file comprising the above logical relation should be generated.
Step 2: being acquired to the data under business scenario locating for industrial control system, and obtain each service logic section
The acquisition time section of data.
Wherein, for the step specifically can using the data locating for DPI technology acquisition industrial control system under business scenario into
Row acquisition, reads the acquisition time t0 of the first data of the business scenario, executes time started S1, S2 according to t0, section
Sn and section execute duration D1, D2Dn, successively obtain service logic interval censored data acquisition time section (t0+S1,
t0+S1+D1)、(t0+S2,t0+S2+D2)、···、(t0+Sn,t0+Sn+Dn)。
Step 3: according to the acquisition time section of the service logic interval censored data and the collected business section
Data, contrast standard XML rule file generate the audit log in service logic section.
Specifically, when with arrival time t0+Si+Di, according to acquisition time section (t0+Si, t0+Si+Di) collected i-th
For a service logic interval censored data, by comparing configured standard x ML rule file, the logical relation of audit operations refers to
Order and its logical relation are related to the logical relation of industrial object and its logical relation, input/output parameters and its threshold value, generate
Logic section audit log comprising information such as the audit target, auditing result, audit analyses.
Step 4: being obtained according to the audit log of the risk model and service logic section generated that pre-establish
The security risk audit log of the business scenario, and the security risk audit log is stored.
Specifically, logically being closed respectively to the risk that service logic section all under audit operations scene is audited out
The dimensions such as system, object, instruction, parameter establish risk model, give all security risks under risk model analysis business scenario,
Security risk is subjected to clustering, obtains the security risk audit log of the business scenario, and logic section is audited day
Will, security risk audit log be committed to cloud block chain node storage, guarantee industrial control system security audit information it is anti-tamper, can
Retrospect.
In the method for auditing safely of the industrial control system of the present embodiment, pass through the industry that is related to of audit operations logic section that is delayed
Business logical relation, is related to industrial object and its logical relation, input/output parameters and its threshold value at instruction and its logical relation
Logical relation, and be the modeling of service logic section security risk based on auditing result, it generates risk model and analyzes log, pass through cloud
Petiolarea block chain node saves all audits and analysis log.The method achieve to service logic under specific industry special scenes
Complete audit and risk analysis avoid the deficiency to the audit of single behavior safety, ensure that the complete of industrial control system security audit
Face property and auditing result it is traceable.
Embodiment 2:
As shown in Fig. 2, this method comprises the following steps the present embodiment provides a kind of method for auditing safely of industrial control system:
Step 1: audit device configuration, the extraction in service logic section, the configuration of audit regulation, below to step 1 into
Row illustrates.
(1) audit device configures: configuration needs to carry out the industrial control system of security audit;
(2) business scenario configuration and service logic section are extracted: configuration service scene, business scenario are split as multiple only
Vertical motor unit and/or multiple service logic interval Bs L1, BL2BLn, self contained function unit and service logic section root
Occur at random according to scene characteristic, service logic section is extracted according to different audit granularities, and same operation can be divided into multiple business
Logic section;
(3) service logic section audit regulation configures: service logic relationship that configuration service logic section uses, instruction and
Its logical relation, the industrial system object being related to and its logical relation, input/output parameters and its voting logic relationship, often
A service logic section is corresponding to generate the XML rule file comprising the above logical relation;Judge that section executes the time started
S1, S2Sn (the section time started of relative business scene start time), section execute duration D1, D2
Dn。
Step 2: being acquired to the data under business scenario locating for industrial control system, and obtain each service logic section
The acquisition time section of data.
Wherein, for the step specifically can using the data locating for DPI technology acquisition industrial control system under business scenario into
Row acquisition, reads the acquisition time t0 of the first data of the business scenario, executes time started S1, S2 according to t0, section
Sn and section execute duration D1, D2Dn, successively obtain service logic interval censored data acquisition time section (t0+S1,
t0+S1+D1)、(t0+S2,t0+S2+D2)、···、(t0+Sn,t0+Sn+Dn)。
Step 3: according to the acquisition time section of the service logic interval censored data and the collected business section
Data, contrast standard XML rule file generate the audit log in service logic section.
Specifically, when with arrival time t0+Si+Di, according to acquisition time section (t0+Si, t0+Si+Di) collected i-th
For a service logic interval censored data, by comparing configured standard x ML rule file, the logical relation of audit operations refers to
Order and its logical relation are related to the logical relation of industrial object and its logical relation, input/output parameters and its threshold value, generate
Logic section audit log comprising information such as the audit target, auditing result, audit analyses.
Step 4: being obtained according to the audit log of the risk model and service logic section generated that pre-establish
The security risk audit log of the business scenario, and the security risk audit log is stored.
Specifically, logically being closed respectively to the risk that service logic section all under audit operations scene is audited out
The dimensions such as system, object, instruction, parameter establish risk model, give all security risks under risk model analysis business scenario,
Security risk is subjected to clustering, obtains the security risk audit log of the business scenario, and logic section is audited day
Will, security risk audit log be committed to cloud block chain node storage, guarantee industrial control system security audit information it is anti-tamper, can
Retrospect.
In the method for auditing safely of the industrial control system of the present embodiment, pass through the industry that is related to of audit operations logic section that is delayed
Business logical relation, is related to industrial object and its logical relation, input/output parameters and its threshold value at instruction and its logical relation
Logical relation, and be the modeling of service logic section security risk based on auditing result, it generates risk model and analyzes log, pass through cloud
Petiolarea block chain node saves all audits and analysis log.The method achieve to service logic under specific industry special scenes
Complete audit and risk analysis avoid the deficiency to the audit of single behavior safety, ensure that the complete of industrial control system security audit
Face property and auditing result it is traceable.
It should be noted that above step is the method for realizing delay audit, if being configured with implementation in step 1
Protocol library, instruction database, library of object, parameter library needed for audit, can be using the number of DPI technology acquisition industrial control system later
According to collected data message and acquisition time being uploaded in real time in real-time auditing module, by being read in real time using DPI skill
Art acquisition industrial control system data compare respectively configured protocol library, instruction database, library of object, parameter library to logic section and/
Or motor unit carries out real-time auditing, the agreement of Audit data, the instruction being related to, the safety of parameter threshold, generation includes
The real-time auditing log of the information such as the audit target, auditing result, audit analysis can equally carry out later according to above-mentioned steps four
The storage of risk analysis and data.
Embodiment 3:
As shown in figure 3, present embodiments providing a kind of security audit device of industrial control system, which can be using implementation
1 or 2 method carries out security audit to industrial control system.The security audit device of the industrial control system of the present embodiment includes: first to match
Set module, acquisition module, Audit Module, risk analysis module.
Wherein, the first configuration module is used for according to the logical relation configured in advance by each service logic section, configuration
Standard x ML rule file.
Acquisition module obtains each service logic for being acquired to the data under business scenario locating for industrial control system
The acquisition time section of interval censored data.
Audit Module is used for acquisition time section and the collected service area according to the service logic interval censored data
Between data, contrast standard XML rule file, generate service logic section audit log.
Risk analysis module is used for the audit according to the risk model and service logic section generated pre-established
Log obtains the security risk audit log of the business scenario, and stores to the security risk audit log.
Further, the security audit device in the present embodiment further include: the second configuration module is used for as service logic
Section configures logical relation;Wherein, the logical relation includes its used service logic relationship of service logic section, instruction
And its logical relation, the industrial system object that is related to and its logical relation, input/output parameters and its voting logic relationship.
Certainly, the security audit device in the present embodiment further include: third configuration module is used for according to different audits
Business scenario is divided into multiple service logic sections by granularity.
In the security audit device of the industrial control system of the present embodiment, pass through Audit Module delay audit operations logic section
The service logic relationship, instruction and its logical relation that are related to, be related to industrial object and its logical relation, input/output parameters and
The logical relation of its threshold value, and be the modeling of service logic section security risk based on auditing result, it generates risk model and analyzes day
Will saves all audits and analysis log by cloud block chain node.The method achieve under specific industry special scenes
The complete audit of service logic and risk analysis avoid the deficiency to the audit of single behavior safety, ensure that industrial control system is pacified
That audits entirely is comprehensive and auditing result traceable.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.For those skilled in the art, essence of the invention is not being departed from
In the case where mind and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (10)
1. a kind of method for auditing safely of industrial control system characterized by comprising
According to the logical relation configured in advance by each service logic section, configuration standard XML rule file;
When being acquired to the data under business scenario locating for industrial control system, and obtaining the acquisition of each service logic interval censored data
Between section;
According to the acquisition time section of the service logic interval censored data and the data in the collected business section, comparison mark
Quasi- XML rule file generates the audit log in service logic section;
According to the audit log of the risk model and service logic section generated that pre-establish, the business field is obtained
The security risk audit log of scape, and the security risk audit log is stored.
2. the method for auditing safely of industrial control system according to claim 1, which is characterized in that in the basis be in advance every
Before the step of logical relation that a service logic section is configured, generation standard x ML rule file, further includes:
Logical relation is configured for service logic section;Wherein, the logical relation includes its used industry of service logic section
Business logical relation, instruction and its logical relation, the industrial system object being related to and its logical relation, input/output parameters and
Its voting logic relationship.
3. the method for auditing safely of industrial control system according to claim 2, which is characterized in that the service logic section
Audit log include: comprising the audit target, auditing result, audit analysis service logic section audit log.
4. the method for auditing safely of industrial control system according to claim 2, which is characterized in that described is service logic section
Before the step of configuring logical relation, further includes:
Business scenario is divided into multiple service logic sections according to different audit granularities.
5. the method for auditing safely of industrial control system according to claim 1, which is characterized in that described to locating for industrial control system
Data under business scenario are acquired, and the step of obtaining the acquisition time section of each service logic interval censored data includes:
It is acquired using the data under business scenario locating for DPI technology industrial control system;
It reads under business scenario locating for industrial control system, the acquisition time of first data, and according to the time, each service logic area
Between the beginning that executes and service logic section execute the duration, successively obtain the acquisition of each service logic interval censored data
Period.
6. the method for auditing safely of industrial control system according to claim 1, which is characterized in that each business of acquisition is patrolled
The step of acquisition time section of volume interval censored data includes:
It reads under business scenario locating for industrial control system, the acquisition time of first data, and according to the time, each service logic area
Between the beginning that executes and service logic section execute the duration, successively obtain the acquisition of each service logic interval censored data
Period.
7. the method for auditing safely of industrial control system according to claim 1, which is characterized in that described to the security risk
Audit log carries out storage
The security risk audit log is uploaded to cloud block chain to store.
8. a kind of security audit device of industrial control system characterized by comprising
First configuration module, for according to the logical relation configured in advance by each service logic section, configuration standard XML rule
Then file;
Acquisition module for being acquired to the data under business scenario locating for industrial control system, and obtains each service logic area
Between data acquisition time section;
Audit Module, for according to the service logic interval censored data acquisition time section and the collected business section
Data, contrast standard XML rule file, generate service logic section audit log;
Risk analysis module, for the audit day according to the risk model and service logic section generated pre-established
Will obtains the security risk audit log of the business scenario, and stores to the security risk audit log.
9. the security audit device of industrial control system according to claim 8, which is characterized in that further include:
Second configuration module, for configuring logical relation for service logic section;Wherein, the logical relation includes service logic
Section its used service logic relationship, instruction and its logical relation, the industrial system object being related to and its logical relation,
Input/output parameters and its voting logic relationship.
10. the security audit device of industrial control system according to claim 8, which is characterized in that further include:
Third configuration module, for business scenario to be divided into multiple service logic areas according to different audit granularities
Between.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810792245.0A CN109005162B (en) | 2018-07-18 | 2018-07-18 | Industrial control system security audit method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810792245.0A CN109005162B (en) | 2018-07-18 | 2018-07-18 | Industrial control system security audit method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109005162A true CN109005162A (en) | 2018-12-14 |
CN109005162B CN109005162B (en) | 2021-04-02 |
Family
ID=64600516
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810792245.0A Active CN109005162B (en) | 2018-07-18 | 2018-07-18 | Industrial control system security audit method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109005162B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110719334A (en) * | 2019-10-18 | 2020-01-21 | 上海华讯网络系统有限公司 | Auditing system and method suitable for cloud desktop behaviors |
CN111007783A (en) * | 2019-12-28 | 2020-04-14 | 广东电科院能源技术有限责任公司 | Safety management and control system and method |
CN111541643A (en) * | 2020-03-18 | 2020-08-14 | 成都中科合迅科技有限公司 | Method for realizing safety audit of service system without intrusion |
CN114327716A (en) * | 2021-12-27 | 2022-04-12 | 凌云光技术股份有限公司 | Method and system for generating local language operation log based on XML language |
CN114363169A (en) * | 2021-12-27 | 2022-04-15 | 紫光云(南京)数字技术有限公司 | Device auditing method based on SPI |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105160038A (en) * | 2015-10-10 | 2015-12-16 | 广东卓维网络有限公司 | Data analysis method and system based on audit database |
CN107274324A (en) * | 2017-06-06 | 2017-10-20 | 张黎明 | A kind of method that accident risk assessment is carried out based on cloud service |
US20180063196A1 (en) * | 2012-12-08 | 2018-03-01 | International Business Machines Corporation | Directing Audited Data Traffic to Specific Repositories |
-
2018
- 2018-07-18 CN CN201810792245.0A patent/CN109005162B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180063196A1 (en) * | 2012-12-08 | 2018-03-01 | International Business Machines Corporation | Directing Audited Data Traffic to Specific Repositories |
CN105160038A (en) * | 2015-10-10 | 2015-12-16 | 广东卓维网络有限公司 | Data analysis method and system based on audit database |
CN107274324A (en) * | 2017-06-06 | 2017-10-20 | 张黎明 | A kind of method that accident risk assessment is carried out based on cloud service |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110719334A (en) * | 2019-10-18 | 2020-01-21 | 上海华讯网络系统有限公司 | Auditing system and method suitable for cloud desktop behaviors |
CN110719334B (en) * | 2019-10-18 | 2021-10-26 | 上海华讯网络系统有限公司 | Auditing system and method suitable for cloud desktop behaviors |
CN111007783A (en) * | 2019-12-28 | 2020-04-14 | 广东电科院能源技术有限责任公司 | Safety management and control system and method |
CN111541643A (en) * | 2020-03-18 | 2020-08-14 | 成都中科合迅科技有限公司 | Method for realizing safety audit of service system without intrusion |
CN111541643B (en) * | 2020-03-18 | 2022-02-01 | 成都中科合迅科技有限公司 | Method for realizing safety audit of service system without intrusion |
CN114327716A (en) * | 2021-12-27 | 2022-04-12 | 凌云光技术股份有限公司 | Method and system for generating local language operation log based on XML language |
CN114363169A (en) * | 2021-12-27 | 2022-04-15 | 紫光云(南京)数字技术有限公司 | Device auditing method based on SPI |
CN114363169B (en) * | 2021-12-27 | 2023-10-27 | 紫光云(南京)数字技术有限公司 | SPI-based equipment auditing method |
Also Published As
Publication number | Publication date |
---|---|
CN109005162B (en) | 2021-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109005162A (en) | Industrial control system method for auditing safely and device | |
Radoglou-Grammatikis et al. | Spear siem: A security information and event management system for the smart grid | |
CN105139139B (en) | Data processing method and device and system for O&M audit | |
Mirheidari et al. | Alert correlation algorithms: A survey and taxonomy | |
CN111654489B (en) | Network security situation sensing method, device, equipment and storage medium | |
CN109587125B (en) | Network security big data analysis method, system and related device | |
US10540662B2 (en) | File system compliance checking | |
CN104506507A (en) | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) | |
EP2479698A1 (en) | Systems and methods for detecting fraud associated with systems application processing | |
CN103870751A (en) | Method and system for intrusion detection | |
CN108270716A (en) | A kind of audit of information security method based on cloud computing | |
CN103618652A (en) | Audit and depth analysis system and audit and depth analysis method of business data | |
JP6165224B2 (en) | Information security management system and method based on application layer log analysis | |
Lin et al. | Timing patterns and correlations in spontaneous {SCADA} traffic for anomaly detection | |
CN111046000B (en) | Government data exchange sharing oriented security supervision metadata organization method | |
CN109144023A (en) | A kind of safety detection method and equipment of industrial control system | |
CN111858251A (en) | Big data computing technology-based data security audit method and system | |
CN111651170B (en) | Instance dynamic adjustment method and device and related equipment | |
KR102199177B1 (en) | Security information and event management system and method for detecting hacking by scenario based correlation analysis | |
CN114095032B (en) | Data stream compression method based on Flink and RVR, edge computing system and storage medium | |
CN113645215B (en) | Abnormal network traffic data detection method, device, equipment and storage medium | |
Zhao et al. | On-board artificial intelligence based on edge computing in optical transport networks | |
CN114205816B (en) | Electric power mobile internet of things information security architecture and application method thereof | |
CN113988690A (en) | Risk behavior monitoring method, device and equipment | |
CN107566187B (en) | SLA violation monitoring method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |