CN109005162A - Industrial control system method for auditing safely and device - Google Patents

Industrial control system method for auditing safely and device Download PDF

Info

Publication number
CN109005162A
CN109005162A CN201810792245.0A CN201810792245A CN109005162A CN 109005162 A CN109005162 A CN 109005162A CN 201810792245 A CN201810792245 A CN 201810792245A CN 109005162 A CN109005162 A CN 109005162A
Authority
CN
China
Prior art keywords
service logic
control system
section
industrial control
audit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810792245.0A
Other languages
Chinese (zh)
Other versions
CN109005162B (en
Inventor
李文杰
周桂英
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201810792245.0A priority Critical patent/CN109005162B/en
Publication of CN109005162A publication Critical patent/CN109005162A/en
Application granted granted Critical
Publication of CN109005162B publication Critical patent/CN109005162B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network

Abstract

The present invention provides the method for auditing safely and device of a kind of industrial control system, belongs to field of communication technology.The method for auditing safely of industrial control system of the invention, comprising: according to the logical relation configured in advance by each service logic section, configuration standard XML rule file;Data under business scenario locating for industrial control system are acquired, and obtain the acquisition time section of each service logic interval censored data;According to the acquisition time section of the service logic interval censored data and the data in the collected business section, contrast standard XML rule file generates the audit log in service logic section;According to the audit log of the risk model and service logic section generated that pre-establish, the security risk audit log of the business scenario is obtained, and the security risk audit log is stored.

Description

Industrial control system method for auditing safely and device
Technical field
The invention belongs to fields of communication technology, and in particular to a kind of industrial control system method for auditing safely and device.
Background technique
Industrial control system is at the beginning of design, due to resource-constrained, the reasons such as not face internet, for guarantee real-time and Availability, for each layer of industrial control system general lack of safety Design, the security audit for industrial control system is to ensure work The effective means of control system safety.
Industry control security audit is by being acquired to practical communication flow in industrial control system network, to communication message Deep analysis is carried out, by technologies such as in-situ analysis, data stream monitoring, network behavior audits, quickly identifies Industry Control Abnormal behaviour present in network realizes that real-time detection goes out to be directed to network attack, user misoperation, the User Violations of industrial control system Operation, illegality equipment access and the behavior of the propagation of Malwares such as worm, virus simultaneously Realtime Alerts, while well-documented history one Network communication behavior is cut, provides solid foundation for the safety accident investigation of industrial control system.
Summary of the invention
The present invention is directed at least solve one of the technical problems existing in the prior art, a kind of industrial control system safety is provided Industrial control system method for auditing safely and device.
Solve the method for auditing safely that technical solution used by present invention problem is a kind of industrial control system, comprising:
According to the logical relation configured in advance by each service logic section, configuration standard XML rule file;
Data under business scenario locating for industrial control system are acquired, and obtain adopting for each service logic interval censored data Collect the period;
It is right according to the acquisition time section of the service logic interval censored data and the data in the collected business section Than standard x ML rule file, the audit log in service logic section is generated;
According to the audit log of the risk model and service logic section generated that pre-establish, the industry is obtained The security risk audit log for scene of being engaged in, and the security risk audit log is stored.
Preferably, the logical relation configured in advance by each service logic section in the basis generates standard x ML Before the step of rule file, further includes:
Logical relation is configured for service logic section;Wherein, the logical relation include service logic section its used Service logic relationship, instruction and its logical relation, the industrial system object that is related to and its logical relation, input/output ginseng Several and its voting logic relationship.
It may further be preferable that the audit log in the service logic section include: comprising the audit target, auditing result, The audit log in the service logic section of audit analysis.
It may further be preferable that before described the step of configuring logical relation for service logic section, further includes:
Business scenario is divided into multiple service logic sections according to different audit granularities.
Preferably, the data under business scenario locating for industrial control system are acquired, and are obtained each business and patrolled The step of acquisition time section of volume interval censored data includes:
It is acquired using the data under business scenario locating for DPI technology industrial control system;
It reads under business scenario locating for industrial control system, the acquisition time of first data, and is patrolled according to the time, each business The beginning and service logic section execution duration that section executes are collected, each service logic interval censored data is successively obtained Acquisition time section.
Preferably, the step of acquisition time section for obtaining each service logic interval censored data includes:
It reads under business scenario locating for industrial control system, the acquisition time of first data, and is patrolled according to the time, each business The beginning and service logic section execution duration that section executes are collected, each service logic interval censored data is successively obtained Acquisition time section.
Preferably, it is described to the security risk audit log carry out storage include:
The security risk audit log is uploaded to cloud block chain to store.
Solve the security audit device that technical solution used by present invention problem is a kind of industrial control system, comprising:
First configuration module, for according to the logical relation configured in advance by each service logic section, configuration standard XML rule file;
Acquisition module for being acquired to the data under business scenario locating for industrial control system, and obtains each business and patrols Collect the acquisition time section of interval censored data;
Audit Module, for the acquisition time section and the collected business according to the service logic interval censored data The data in section, contrast standard XML rule file generate the audit log in service logic section;
Risk analysis module, for examining according to the risk model and service logic section generated pre-established Log is counted, obtains the security risk audit log of the business scenario, and store to the security risk audit log.
Preferably, the security audit device of the industrial control system, further includes:
Second configuration module, for configuring logical relation for service logic section;Wherein, the logical relation includes business Logic section its used service logic relationship, instruction and its logical relation, the industrial system object being related to and its logic Relationship, input/output parameters and its voting logic relationship.
Preferably, the security audit device of the industrial control system, further includes:
Third configuration module, for business scenario to be divided into multiple service logics according to different audit granularities Section.
The invention has the following beneficial effects:
In the method for auditing safely of industrial control system of the invention, pass through the business that is related to of audit operations logic section that is delayed Logical relation, instruction and its logical relation are related to patrolling for industrial object and its logical relation, input/output parameters and its threshold value The relationship of collecting, and be the modeling of service logic section security risk based on auditing result, it generates risk model and analyzes log, pass through cloud Block chain node saves all audits and analysis log.The method achieve under specific industry special scenes service logic it is complete Face audit and risk analysis, avoid the deficiency to the audit of single behavior safety, ensure that the comprehensive of industrial control system security audit Property and auditing result it is traceable.
Detailed description of the invention
Fig. 1 is the flow chart of the method for auditing safely of the industrial control system of the embodiment of the present invention 1;
Fig. 2 is the flow chart of the method for auditing safely of the industrial control system of the embodiment of the present invention 2;
Fig. 3 is the schematic diagram of the security audit device of the industrial control system of the embodiment of the present invention 3.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, with reference to the accompanying drawing and specific embodiment party Present invention is further described in detail for formula.
Embodiment 1:
As shown in Figure 1, this method is according to industrial control system institute the present embodiment provides a kind of method for auditing safely of industrial control system The business scenario at place carries out security audit, wherein business scenario is divided into multiple service logic sections, and this method includes following step It is rapid:
Step 1: according to the logical relation configured in advance by each service logic section, configuration standard XML rule text Part.
Wherein, in order to each service logic section configuration use service logic relationship, instruction and its logical relation, be related to Industrial system object and its logical relation, input/output parameters and its voting logic relationship arrived, each service logic section pair The XML rule file comprising the above logical relation should be generated.
Step 2: being acquired to the data under business scenario locating for industrial control system, and obtain each service logic section The acquisition time section of data.
Wherein, for the step specifically can using the data locating for DPI technology acquisition industrial control system under business scenario into Row acquisition, reads the acquisition time t0 of the first data of the business scenario, executes time started S1, S2 according to t0, section Sn and section execute duration D1, D2Dn, successively obtain service logic interval censored data acquisition time section (t0+S1, t0+S1+D1)、(t0+S2,t0+S2+D2)、···、(t0+Sn,t0+Sn+Dn)。
Step 3: according to the acquisition time section of the service logic interval censored data and the collected business section Data, contrast standard XML rule file generate the audit log in service logic section.
Specifically, when with arrival time t0+Si+Di, according to acquisition time section (t0+Si, t0+Si+Di) collected i-th For a service logic interval censored data, by comparing configured standard x ML rule file, the logical relation of audit operations refers to Order and its logical relation are related to the logical relation of industrial object and its logical relation, input/output parameters and its threshold value, generate Logic section audit log comprising information such as the audit target, auditing result, audit analyses.
Step 4: being obtained according to the audit log of the risk model and service logic section generated that pre-establish The security risk audit log of the business scenario, and the security risk audit log is stored.
Specifically, logically being closed respectively to the risk that service logic section all under audit operations scene is audited out The dimensions such as system, object, instruction, parameter establish risk model, give all security risks under risk model analysis business scenario, Security risk is subjected to clustering, obtains the security risk audit log of the business scenario, and logic section is audited day Will, security risk audit log be committed to cloud block chain node storage, guarantee industrial control system security audit information it is anti-tamper, can Retrospect.
In the method for auditing safely of the industrial control system of the present embodiment, pass through the industry that is related to of audit operations logic section that is delayed Business logical relation, is related to industrial object and its logical relation, input/output parameters and its threshold value at instruction and its logical relation Logical relation, and be the modeling of service logic section security risk based on auditing result, it generates risk model and analyzes log, pass through cloud Petiolarea block chain node saves all audits and analysis log.The method achieve to service logic under specific industry special scenes Complete audit and risk analysis avoid the deficiency to the audit of single behavior safety, ensure that the complete of industrial control system security audit Face property and auditing result it is traceable.
Embodiment 2:
As shown in Fig. 2, this method comprises the following steps the present embodiment provides a kind of method for auditing safely of industrial control system:
Step 1: audit device configuration, the extraction in service logic section, the configuration of audit regulation, below to step 1 into Row illustrates.
(1) audit device configures: configuration needs to carry out the industrial control system of security audit;
(2) business scenario configuration and service logic section are extracted: configuration service scene, business scenario are split as multiple only Vertical motor unit and/or multiple service logic interval Bs L1, BL2BLn, self contained function unit and service logic section root Occur at random according to scene characteristic, service logic section is extracted according to different audit granularities, and same operation can be divided into multiple business Logic section;
(3) service logic section audit regulation configures: service logic relationship that configuration service logic section uses, instruction and Its logical relation, the industrial system object being related to and its logical relation, input/output parameters and its voting logic relationship, often A service logic section is corresponding to generate the XML rule file comprising the above logical relation;Judge that section executes the time started S1, S2Sn (the section time started of relative business scene start time), section execute duration D1, D2 Dn。
Step 2: being acquired to the data under business scenario locating for industrial control system, and obtain each service logic section The acquisition time section of data.
Wherein, for the step specifically can using the data locating for DPI technology acquisition industrial control system under business scenario into Row acquisition, reads the acquisition time t0 of the first data of the business scenario, executes time started S1, S2 according to t0, section Sn and section execute duration D1, D2Dn, successively obtain service logic interval censored data acquisition time section (t0+S1, t0+S1+D1)、(t0+S2,t0+S2+D2)、···、(t0+Sn,t0+Sn+Dn)。
Step 3: according to the acquisition time section of the service logic interval censored data and the collected business section Data, contrast standard XML rule file generate the audit log in service logic section.
Specifically, when with arrival time t0+Si+Di, according to acquisition time section (t0+Si, t0+Si+Di) collected i-th For a service logic interval censored data, by comparing configured standard x ML rule file, the logical relation of audit operations refers to Order and its logical relation are related to the logical relation of industrial object and its logical relation, input/output parameters and its threshold value, generate Logic section audit log comprising information such as the audit target, auditing result, audit analyses.
Step 4: being obtained according to the audit log of the risk model and service logic section generated that pre-establish The security risk audit log of the business scenario, and the security risk audit log is stored.
Specifically, logically being closed respectively to the risk that service logic section all under audit operations scene is audited out The dimensions such as system, object, instruction, parameter establish risk model, give all security risks under risk model analysis business scenario, Security risk is subjected to clustering, obtains the security risk audit log of the business scenario, and logic section is audited day Will, security risk audit log be committed to cloud block chain node storage, guarantee industrial control system security audit information it is anti-tamper, can Retrospect.
In the method for auditing safely of the industrial control system of the present embodiment, pass through the industry that is related to of audit operations logic section that is delayed Business logical relation, is related to industrial object and its logical relation, input/output parameters and its threshold value at instruction and its logical relation Logical relation, and be the modeling of service logic section security risk based on auditing result, it generates risk model and analyzes log, pass through cloud Petiolarea block chain node saves all audits and analysis log.The method achieve to service logic under specific industry special scenes Complete audit and risk analysis avoid the deficiency to the audit of single behavior safety, ensure that the complete of industrial control system security audit Face property and auditing result it is traceable.
It should be noted that above step is the method for realizing delay audit, if being configured with implementation in step 1 Protocol library, instruction database, library of object, parameter library needed for audit, can be using the number of DPI technology acquisition industrial control system later According to collected data message and acquisition time being uploaded in real time in real-time auditing module, by being read in real time using DPI skill Art acquisition industrial control system data compare respectively configured protocol library, instruction database, library of object, parameter library to logic section and/ Or motor unit carries out real-time auditing, the agreement of Audit data, the instruction being related to, the safety of parameter threshold, generation includes The real-time auditing log of the information such as the audit target, auditing result, audit analysis can equally carry out later according to above-mentioned steps four The storage of risk analysis and data.
Embodiment 3:
As shown in figure 3, present embodiments providing a kind of security audit device of industrial control system, which can be using implementation 1 or 2 method carries out security audit to industrial control system.The security audit device of the industrial control system of the present embodiment includes: first to match Set module, acquisition module, Audit Module, risk analysis module.
Wherein, the first configuration module is used for according to the logical relation configured in advance by each service logic section, configuration Standard x ML rule file.
Acquisition module obtains each service logic for being acquired to the data under business scenario locating for industrial control system The acquisition time section of interval censored data.
Audit Module is used for acquisition time section and the collected service area according to the service logic interval censored data Between data, contrast standard XML rule file, generate service logic section audit log.
Risk analysis module is used for the audit according to the risk model and service logic section generated pre-established Log obtains the security risk audit log of the business scenario, and stores to the security risk audit log.
Further, the security audit device in the present embodiment further include: the second configuration module is used for as service logic Section configures logical relation;Wherein, the logical relation includes its used service logic relationship of service logic section, instruction And its logical relation, the industrial system object that is related to and its logical relation, input/output parameters and its voting logic relationship.
Certainly, the security audit device in the present embodiment further include: third configuration module is used for according to different audits Business scenario is divided into multiple service logic sections by granularity.
In the security audit device of the industrial control system of the present embodiment, pass through Audit Module delay audit operations logic section The service logic relationship, instruction and its logical relation that are related to, be related to industrial object and its logical relation, input/output parameters and The logical relation of its threshold value, and be the modeling of service logic section security risk based on auditing result, it generates risk model and analyzes day Will saves all audits and analysis log by cloud block chain node.The method achieve under specific industry special scenes The complete audit of service logic and risk analysis avoid the deficiency to the audit of single behavior safety, ensure that industrial control system is pacified That audits entirely is comprehensive and auditing result traceable.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses Mode, however the present invention is not limited thereto.For those skilled in the art, essence of the invention is not being departed from In the case where mind and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.

Claims (10)

1. a kind of method for auditing safely of industrial control system characterized by comprising
According to the logical relation configured in advance by each service logic section, configuration standard XML rule file;
When being acquired to the data under business scenario locating for industrial control system, and obtaining the acquisition of each service logic interval censored data Between section;
According to the acquisition time section of the service logic interval censored data and the data in the collected business section, comparison mark Quasi- XML rule file generates the audit log in service logic section;
According to the audit log of the risk model and service logic section generated that pre-establish, the business field is obtained The security risk audit log of scape, and the security risk audit log is stored.
2. the method for auditing safely of industrial control system according to claim 1, which is characterized in that in the basis be in advance every Before the step of logical relation that a service logic section is configured, generation standard x ML rule file, further includes:
Logical relation is configured for service logic section;Wherein, the logical relation includes its used industry of service logic section Business logical relation, instruction and its logical relation, the industrial system object being related to and its logical relation, input/output parameters and Its voting logic relationship.
3. the method for auditing safely of industrial control system according to claim 2, which is characterized in that the service logic section Audit log include: comprising the audit target, auditing result, audit analysis service logic section audit log.
4. the method for auditing safely of industrial control system according to claim 2, which is characterized in that described is service logic section Before the step of configuring logical relation, further includes:
Business scenario is divided into multiple service logic sections according to different audit granularities.
5. the method for auditing safely of industrial control system according to claim 1, which is characterized in that described to locating for industrial control system Data under business scenario are acquired, and the step of obtaining the acquisition time section of each service logic interval censored data includes:
It is acquired using the data under business scenario locating for DPI technology industrial control system;
It reads under business scenario locating for industrial control system, the acquisition time of first data, and according to the time, each service logic area Between the beginning that executes and service logic section execute the duration, successively obtain the acquisition of each service logic interval censored data Period.
6. the method for auditing safely of industrial control system according to claim 1, which is characterized in that each business of acquisition is patrolled The step of acquisition time section of volume interval censored data includes:
It reads under business scenario locating for industrial control system, the acquisition time of first data, and according to the time, each service logic area Between the beginning that executes and service logic section execute the duration, successively obtain the acquisition of each service logic interval censored data Period.
7. the method for auditing safely of industrial control system according to claim 1, which is characterized in that described to the security risk Audit log carries out storage
The security risk audit log is uploaded to cloud block chain to store.
8. a kind of security audit device of industrial control system characterized by comprising
First configuration module, for according to the logical relation configured in advance by each service logic section, configuration standard XML rule Then file;
Acquisition module for being acquired to the data under business scenario locating for industrial control system, and obtains each service logic area Between data acquisition time section;
Audit Module, for according to the service logic interval censored data acquisition time section and the collected business section Data, contrast standard XML rule file, generate service logic section audit log;
Risk analysis module, for the audit day according to the risk model and service logic section generated pre-established Will obtains the security risk audit log of the business scenario, and stores to the security risk audit log.
9. the security audit device of industrial control system according to claim 8, which is characterized in that further include:
Second configuration module, for configuring logical relation for service logic section;Wherein, the logical relation includes service logic Section its used service logic relationship, instruction and its logical relation, the industrial system object being related to and its logical relation, Input/output parameters and its voting logic relationship.
10. the security audit device of industrial control system according to claim 8, which is characterized in that further include:
Third configuration module, for business scenario to be divided into multiple service logic areas according to different audit granularities Between.
CN201810792245.0A 2018-07-18 2018-07-18 Industrial control system security audit method and device Active CN109005162B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810792245.0A CN109005162B (en) 2018-07-18 2018-07-18 Industrial control system security audit method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810792245.0A CN109005162B (en) 2018-07-18 2018-07-18 Industrial control system security audit method and device

Publications (2)

Publication Number Publication Date
CN109005162A true CN109005162A (en) 2018-12-14
CN109005162B CN109005162B (en) 2021-04-02

Family

ID=64600516

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810792245.0A Active CN109005162B (en) 2018-07-18 2018-07-18 Industrial control system security audit method and device

Country Status (1)

Country Link
CN (1) CN109005162B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719334A (en) * 2019-10-18 2020-01-21 上海华讯网络系统有限公司 Auditing system and method suitable for cloud desktop behaviors
CN111007783A (en) * 2019-12-28 2020-04-14 广东电科院能源技术有限责任公司 Safety management and control system and method
CN111541643A (en) * 2020-03-18 2020-08-14 成都中科合迅科技有限公司 Method for realizing safety audit of service system without intrusion
CN114327716A (en) * 2021-12-27 2022-04-12 凌云光技术股份有限公司 Method and system for generating local language operation log based on XML language
CN114363169A (en) * 2021-12-27 2022-04-15 紫光云(南京)数字技术有限公司 Device auditing method based on SPI

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105160038A (en) * 2015-10-10 2015-12-16 广东卓维网络有限公司 Data analysis method and system based on audit database
CN107274324A (en) * 2017-06-06 2017-10-20 张黎明 A kind of method that accident risk assessment is carried out based on cloud service
US20180063196A1 (en) * 2012-12-08 2018-03-01 International Business Machines Corporation Directing Audited Data Traffic to Specific Repositories

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180063196A1 (en) * 2012-12-08 2018-03-01 International Business Machines Corporation Directing Audited Data Traffic to Specific Repositories
CN105160038A (en) * 2015-10-10 2015-12-16 广东卓维网络有限公司 Data analysis method and system based on audit database
CN107274324A (en) * 2017-06-06 2017-10-20 张黎明 A kind of method that accident risk assessment is carried out based on cloud service

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719334A (en) * 2019-10-18 2020-01-21 上海华讯网络系统有限公司 Auditing system and method suitable for cloud desktop behaviors
CN110719334B (en) * 2019-10-18 2021-10-26 上海华讯网络系统有限公司 Auditing system and method suitable for cloud desktop behaviors
CN111007783A (en) * 2019-12-28 2020-04-14 广东电科院能源技术有限责任公司 Safety management and control system and method
CN111541643A (en) * 2020-03-18 2020-08-14 成都中科合迅科技有限公司 Method for realizing safety audit of service system without intrusion
CN111541643B (en) * 2020-03-18 2022-02-01 成都中科合迅科技有限公司 Method for realizing safety audit of service system without intrusion
CN114327716A (en) * 2021-12-27 2022-04-12 凌云光技术股份有限公司 Method and system for generating local language operation log based on XML language
CN114363169A (en) * 2021-12-27 2022-04-15 紫光云(南京)数字技术有限公司 Device auditing method based on SPI
CN114363169B (en) * 2021-12-27 2023-10-27 紫光云(南京)数字技术有限公司 SPI-based equipment auditing method

Also Published As

Publication number Publication date
CN109005162B (en) 2021-04-02

Similar Documents

Publication Publication Date Title
CN109005162A (en) Industrial control system method for auditing safely and device
Radoglou-Grammatikis et al. Spear siem: A security information and event management system for the smart grid
CN105139139B (en) Data processing method and device and system for O&M audit
Mirheidari et al. Alert correlation algorithms: A survey and taxonomy
CN111654489B (en) Network security situation sensing method, device, equipment and storage medium
CN109587125B (en) Network security big data analysis method, system and related device
US10540662B2 (en) File system compliance checking
CN104506507A (en) Honey net safeguard system and honey net safeguard method for SDN (self-defending network)
EP2479698A1 (en) Systems and methods for detecting fraud associated with systems application processing
CN103870751A (en) Method and system for intrusion detection
CN108270716A (en) A kind of audit of information security method based on cloud computing
CN103618652A (en) Audit and depth analysis system and audit and depth analysis method of business data
JP6165224B2 (en) Information security management system and method based on application layer log analysis
Lin et al. Timing patterns and correlations in spontaneous {SCADA} traffic for anomaly detection
CN111046000B (en) Government data exchange sharing oriented security supervision metadata organization method
CN109144023A (en) A kind of safety detection method and equipment of industrial control system
CN111858251A (en) Big data computing technology-based data security audit method and system
CN111651170B (en) Instance dynamic adjustment method and device and related equipment
KR102199177B1 (en) Security information and event management system and method for detecting hacking by scenario based correlation analysis
CN114095032B (en) Data stream compression method based on Flink and RVR, edge computing system and storage medium
CN113645215B (en) Abnormal network traffic data detection method, device, equipment and storage medium
Zhao et al. On-board artificial intelligence based on edge computing in optical transport networks
CN114205816B (en) Electric power mobile internet of things information security architecture and application method thereof
CN113988690A (en) Risk behavior monitoring method, device and equipment
CN107566187B (en) SLA violation monitoring method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant