CN109005162B - Industrial control system security audit method and device - Google Patents
Industrial control system security audit method and device Download PDFInfo
- Publication number
- CN109005162B CN109005162B CN201810792245.0A CN201810792245A CN109005162B CN 109005162 B CN109005162 B CN 109005162B CN 201810792245 A CN201810792245 A CN 201810792245A CN 109005162 B CN109005162 B CN 109005162B
- Authority
- CN
- China
- Prior art keywords
- service
- data
- interval
- industrial control
- control system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012550 audit Methods 0.000 title claims abstract description 123
- 238000000034 method Methods 0.000 title claims abstract description 111
- 238000004458 analytical method Methods 0.000 claims description 16
- 238000012502 risk assessment Methods 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 claims description 7
- 235000019580 granularity Nutrition 0.000 claims description 6
- 238000004891 communication Methods 0.000 abstract description 5
- 230000007547 defect Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Entrepreneurship & Innovation (AREA)
- Strategic Management (AREA)
- Computer Security & Cryptography (AREA)
- Economics (AREA)
- Quality & Reliability (AREA)
- Marketing (AREA)
- Educational Administration (AREA)
- Computing Systems (AREA)
- Development Economics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Operations Research (AREA)
- Game Theory and Decision Science (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides a safety audit method and a safety audit device of an industrial control system, and belongs to the technical field of communication. The safety audit method of the industrial control system comprises the following steps: configuring a standard XML rule file according to the service logic configured for each service flow interval in advance; acquiring data in a service scene where an industrial control system is located, and acquiring an acquisition time period of the data in each service flow interval; comparing the standard XML rule file according to the acquisition time period of the data of the business process interval and the acquired data of the business process interval to generate an audit log of the business process interval; and acquiring a safety risk audit log of the service scene according to a pre-established risk model and the generated audit log of the service process interval, and storing the safety risk audit log.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a safety audit method and device for an industrial control system.
Background
At the beginning of design of the industrial control system, due to the reasons of resource limitation, non-internet-oriented and the like, in order to ensure real-time performance and availability, all layers of the industrial control system generally lack of safety design, and safety audit aiming at the industrial control system is an effective means for ensuring the safety of the industrial control system.
The industrial control security audit is to collect the actual communication flow in the industrial control system network, deeply analyze the communication message, rapidly identify the abnormal behavior existing in the industrial control network through the technologies of real-time dynamic analysis, data flow monitoring, network behavior audit and the like, realize the real-time detection of the behaviors of network attack, user misoperation, user illegal operation, illegal equipment access and the propagation of malicious software such as worms, viruses and the like aiming at the industrial control system, and give an alarm in real time, record all network communication behaviors in detail, and provide a solid foundation for the security accident investigation of the industrial control system.
Disclosure of Invention
The invention aims to at least solve one of the technical problems in the prior art and provides an industrial control system security audit method and device for the safety of an industrial control system.
The technical scheme adopted for solving the technical problem of the invention is a safety audit method of an industrial control system, which comprises the following steps:
configuring a standard XML rule file according to the service logic configured for each service flow interval in advance;
acquiring data in a service scene where an industrial control system is located, and acquiring an acquisition time period of the data in each service flow interval;
comparing the standard XML rule file according to the acquisition time period of the data of the business process interval and the acquired data of the business process interval to generate an audit log of the business process interval;
and acquiring a safety risk audit log of the service scene according to a pre-established risk model and the generated audit log of the service process interval, and storing the safety risk audit log.
Preferably, before the step of generating the standard XML rule file according to the service logic configured for each service flow interval in advance, the method further includes:
configuring service logic for a service process interval; the business logic comprises business logic relations, instructions and logic relations thereof, related industrial system objects and logic relations thereof, and input/output parameters and threshold value logic relations thereof, wherein the business logic comprises the business logic relations, the instructions and the logic relations thereof, which are used by the business process intervals.
Further preferably, the audit log of the business process section includes: the audit log comprises an audit object, an audit result and an audit analysis service flow interval.
Further preferably, before the step of configuring the logical relationship for the business process interval, the method further includes:
and dividing the service scene into a plurality of service process intervals according to different auditing granularities.
Preferably, the step of acquiring data in a service scene where the industrial control system is located and acquiring an acquisition time period of the data in each service flow interval includes:
collecting data under a service scene where an industrial control system is located by adopting a DPI technology;
and reading the acquisition time of the first data in the service scene of the industrial control system, and sequentially acquiring the acquisition time period of the data of each service flow interval according to the acquisition time, the execution starting time of each service flow interval and the execution duration of each service flow interval.
Preferably, the step of acquiring the collection time period of the data of each business process interval includes:
and reading the acquisition time of the first data in the service scene of the industrial control system, and sequentially acquiring the acquisition time period of the data of each service flow interval according to the acquisition time, the execution starting time of each service flow interval and the execution duration of each service flow interval.
Preferably, the storing the security risk audit log comprises:
and uploading the security risk audit log to a cloud terminal block chain for storage.
The technical scheme adopted for solving the technical problem of the invention is a safety audit device of an industrial control system, which comprises the following steps:
the first configuration module is used for configuring a standard XML rule file according to the service logic configured for each service flow interval in advance;
the acquisition module is used for acquiring data in a service scene where the industrial control system is located and acquiring an acquisition time period of the data of each service flow interval;
the auditing module is used for comparing a standard XML rule file according to the acquisition time period of the data of the business process interval and the acquired data of the business process interval to generate an auditing log of the business process interval;
and the risk analysis module is used for acquiring the safety risk audit log of the service scene according to the pre-established risk model and the generated audit log of the service flow interval, and storing the safety risk audit log.
Preferably, the safety audit device of the industrial control system further includes:
the second configuration module is used for configuring service logic for the service process interval; the business logic comprises business logic relations, instructions and logic relations thereof, related industrial system objects and logic relations thereof, and input/output parameters and threshold value logic relations thereof, wherein the business logic comprises the business logic relations, the instructions and the logic relations thereof, which are used by the business process intervals.
Preferably, the safety audit device of the industrial control system further includes:
and the third configuration module is used for dividing the service scene into a plurality of service process intervals according to different auditing granularities.
The invention has the following beneficial effects:
in the safety auditing method of the industrial control system, the safety risk modeling of the business process section is carried out by delaying the business logic relationship, the instruction and the logic relationship thereof, the industrial object and the logic relationship thereof, the input/output parameter and the logic relationship of the threshold thereof, which are related to the business process section, and based on the auditing result, a risk model analysis log is generated, and all auditing and analysis logs are saved by a cloud terminal block chain node. The method realizes the comprehensive audit and risk analysis of the business logic under the specific scene of the specific industry, avoids the defect of the safety audit of single action, and ensures the comprehensiveness of the safety audit of the industrial control system and the traceability of the audit result.
Drawings
Fig. 1 is a flowchart of a security audit method of an industrial control system according to embodiment 1 of the present invention;
fig. 2 is a flowchart of a security audit method of an industrial control system according to embodiment 2 of the present invention;
fig. 3 is a schematic diagram of a security audit device of an industrial control system according to embodiment 3 of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Example 1:
as shown in fig. 1, this embodiment provides a security audit method for an industrial control system, where the method performs security audit according to a service scenario in which the industrial control system is located, where the service scenario is divided into a plurality of service process intervals, and the method includes the following steps:
step one, configuring a standard XML rule file according to the service logic configured for each service flow interval in advance.
The method comprises the steps that a business logic relation, an instruction and a logic relation thereof, related industrial system objects and a logic relation thereof, input/output parameters and a threshold value logic relation thereof are configured for each business process interval, and an XML rule file containing the business logic is correspondingly generated for each business process interval.
And step two, acquiring data in the service scene of the industrial control system, and acquiring the acquisition time period of the data of each service process interval.
Specifically, for this step, a DPI technology may be used to acquire data in a service scene where the industrial control system is located, read the acquisition time t0 of the first data of the service scene, and sequentially acquire acquisition time periods (t0+ S1, t0+ S1+ D1), (t0+ S2, t0+ S2+ D2), (t0+ Sn, t0+ Sn + Dn) of the data of the service flow interval according to t0, the interval execution start time S1, S2 · · Sn, and the interval execution duration D1, D2 · · Dn.
And step three, generating an audit log of the business process interval by comparing the standard XML rule file according to the acquisition time period of the data of the business process interval and the acquired data of the business process interval.
Specifically, taking the data of the ith business process interval collected according to the collection time period (t0+ Si, t0+ Si + Di) at the time t0+ Si + Di as an example, an audit log of the business process interval containing information such as an audit object, an audit result, and audit analysis is generated by comparing the configured standard XML rule file, the logic relationship of the audit business, the instruction and the logic relationship thereof, the logic relationship related to the industrial object and the logic relationship thereof, and the logic relationship of the input/output parameter and the threshold thereof.
And step four, acquiring a safety risk audit log of the service scene according to a pre-established risk model and the generated audit log of the service process interval, and storing the safety risk audit log.
Specifically, risk models are established for risks audited in all business process intervals under an audit business scene according to dimensions such as logical relations, objects, instructions and parameters, all safety risks under the business scene are analyzed through the risk models, clustering analysis is conducted on the safety risks, safety risk audit logs of the business scene are obtained, the logic interval audit logs and the safety risk audit logs are submitted to cloud block chain nodes for storage, and the fact that safety audit information of an industrial control system is prevented from being tampered and traceable is guaranteed.
In the safety auditing method of the industrial control system in the embodiment, the safety risk modeling of the business process section is performed based on the auditing result through delaying the business logic relationship, the instruction and the logic relationship thereof, the industrial object and the logic relationship thereof, and the input/output parameter and the logic relationship of the threshold thereof, which are related to the business process section, so as to generate a risk model analysis log, and all auditing and analysis logs are saved through the cloud terminal block chain node. The method realizes the comprehensive audit and risk analysis of the business logic under the specific scene of the specific industry, avoids the defect of the safety audit of single action, and ensures the comprehensiveness of the safety audit of the industrial control system and the traceability of the audit result.
Example 2:
as shown in fig. 2, this embodiment provides a security audit method for an industrial control system, where the method includes the following steps:
step one, configuration of audit equipment, extraction of a business process section and configuration of an audit rule, wherein the step one is specifically described below.
(1) And (3) configuration of audit equipment: configuring an industrial control system needing security audit;
(2) service scene configuration and service flow interval extraction: configuring a service scene, splitting the service scene into a plurality of independent action units and/or a plurality of service process intervals BL1, BL 2. cndot. BLn, wherein the independent action units and the service process intervals randomly appear according to scene characteristics, the service process intervals are extracted according to different auditing granularities, and the same operation can be divided into a plurality of service process intervals;
(3) configuring auditing rules of a business process interval: configuring a business logic relationship, an instruction and a logic relationship thereof used by a business process interval, a related industrial system object and a logic relationship thereof, an input/output parameter and a threshold value logic relationship thereof, and correspondingly generating an XML rule file containing more than one business logic for each business process interval; the execution start times S1, S2 · Sn (section start time relative to the traffic scene start time), and the execution durations D1, D2 · Dn are determined.
And step two, acquiring data in the service scene of the industrial control system, and acquiring the acquisition time period of the data of each service process interval.
Specifically, for this step, a DPI technology may be used to acquire data in a service scene where the industrial control system is located, read the acquisition time t0 of the first data of the service scene, and sequentially acquire acquisition time periods (t0+ S1, t0+ S1+ D1), (t0+ S2, t0+ S2+ D2), (t0+ Sn, t0+ Sn + Dn) of the data of the service flow interval according to t0, execution start times S1, S2 · · Sn, and execution duration D1, D2 · · Dn.
And step three, generating an audit log of the business process interval by comparing the standard XML rule file according to the acquisition time period of the data of the business process interval and the acquired data of the business process interval.
Specifically, taking the data of the ith business process interval collected according to the collection time period (t0+ Si, t0+ Si + Di) at the time t0+ Si + Di as an example, a logic interval audit log containing information such as an audit object, an audit result, and audit analysis is generated by comparing a configured standard XML rule file and auditing the logic relationship of business logic relationship, instructions and logic relationship thereof, the logic relationship related to an industrial object and logic relationship thereof, and the logic relationship of input/output parameters and threshold values thereof.
And step four, acquiring a safety risk audit log of the service scene according to a pre-established risk model and the generated audit log of the service process interval, and storing the safety risk audit log.
Specifically, risk models are established for risks audited in all business process intervals under an audit business scene according to dimensions such as logical relations, objects, instructions and parameters, all safety risks under the business scene are analyzed through the risk models, clustering analysis is conducted on the safety risks, safety risk audit logs of the business scene are obtained, the logic interval audit logs and the safety risk audit logs are submitted to cloud block chain nodes for storage, and the fact that safety audit information of an industrial control system is prevented from being tampered and traceable is guaranteed.
In the safety auditing method of the industrial control system in the embodiment, the safety risk modeling of the business process section is performed based on the auditing result through delaying the business logic relationship, the instruction and the logic relationship thereof, the industrial object and the logic relationship thereof, and the input/output parameter and the logic relationship of the threshold thereof, which are related to the business process section, so as to generate a risk model analysis log, and all auditing and analysis logs are saved through the cloud terminal block chain node. The method realizes the comprehensive audit and risk analysis of the business logic under the specific scene of the specific industry, avoids the defect of the safety audit of single action, and ensures the comprehensiveness of the safety audit of the industrial control system and the traceability of the audit result.
If a protocol library, an instruction library, an object library and a parameter library required for implementing audit are configured in the first step, then a DPI technology can be adopted to collect data of the industrial control system, the collected data messages and the collection time are uploaded to a real-time audit module in real time, the DPI technology is adopted to collect the data of the industrial control system, the real-time audit is respectively carried out on the logic interval and/or the action unit by comparing the configured protocol library, the instruction library, the object library and the parameter library through real-time reading, the protocol of the audit data, the related instructions and the safety of the parameter threshold value generate a real-time audit log containing information of an audit object, an audit result, audit analysis and the like, and then risk analysis and data storage can be carried out according to the fourth step.
Example 3:
as shown in fig. 3, this embodiment provides a security audit device for an industrial control system, which can perform security audit on the industrial control system by using the method of implementation 1 or 2. The safety audit device of the industrial control system of the embodiment comprises: the system comprises a first configuration module, an acquisition module, an audit module and a risk analysis module.
The first configuration module is used for configuring a standard XML rule file according to the service logic configured for each service flow interval in advance.
The acquisition module is used for acquiring data in a service scene where the industrial control system is located and acquiring an acquisition time period of the data in each service flow interval.
And the auditing module is used for comparing the standard XML rule file with the acquired data of the business process interval according to the acquisition time period of the data of the business process interval and the acquired data of the business process interval to generate an auditing log of the business process interval.
And the risk analysis module is used for acquiring the safety risk audit log of the service scene according to a pre-established risk model and the generated audit log of the service flow interval, and storing the safety risk audit log.
Further, the security audit device in this embodiment further includes: the second configuration module is used for configuring business logic for the business process interval; the business logic comprises business logic relations, instructions and logic relations thereof, related industrial system objects and logic relations thereof, and input/output parameters and threshold value logic relations thereof, wherein the business logic comprises the business logic relations, the instructions and the logic relations thereof, which are used by the business process intervals.
Certainly, the security audit device in this embodiment further includes: and the third configuration module is used for dividing the service scene into a plurality of service process intervals according to different auditing granularities.
In the safety auditing device of the industrial control system of the embodiment, the auditing module delays and audits the business logic relationship, the instruction and the logic relationship thereof, the industrial object and the logic relationship thereof, and the input/output parameter and the logic relationship of the threshold value thereof, which are related to the business process interval, and establishes a safety risk model for the business process interval based on the auditing result, generates a risk model analysis log, and stores all auditing and analysis logs through the cloud terminal block chain node. The method realizes the comprehensive audit and risk analysis of the business logic under the specific scene of the specific industry, avoids the defect of the safety audit of single action, and ensures the comprehensiveness of the safety audit of the industrial control system and the traceability of the audit result.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (10)
1. A safety audit method of an industrial control system is characterized by comprising the following steps:
configuring a standard XML rule file according to the service logic configured for each service flow interval in advance;
acquiring data in a service scene where an industrial control system is located, and acquiring an acquisition time period of the data in each service flow interval;
comparing the standard XML rule file according to the acquisition time period of the data of the business process interval and the acquired data of the business process interval to generate an audit log of the business process interval;
and acquiring a safety risk audit log of the service scene according to a pre-established risk model and the generated audit log of the service process interval, and storing the safety risk audit log.
2. The safety auditing method for industrial control systems according to claim 1, before the step of generating a standard XML rule file according to the business logic configured for each business process section in advance, further comprising:
configuring service logic for a service process interval; the business logic comprises business logic relations, instructions and logic relations thereof, related industrial system objects and logic relations thereof, and input/output parameters and threshold value logic relations thereof, wherein the business logic comprises the business logic relations, the instructions and the logic relations thereof, which are used by the business process intervals.
3. The safety auditing method of industrial control system according to claim 2, where the audit log of a business process interval includes: the audit log comprises an audit object, an audit result and an audit analysis service flow interval.
4. The safety auditing method for industrial control systems according to claim 2, before the step of configuring the business logic for the business process section, further comprising:
and dividing the service scene into a plurality of service process intervals according to different auditing granularities.
5. The safety audit method of the industrial control system according to claim 1, wherein the step of collecting data under the service scene where the industrial control system is located and acquiring the collection time period of the data of each service flow interval includes:
collecting data under a service scene where an industrial control system is located by adopting a DPI technology;
reading the acquisition time of the first data in the service scene of the industrial control system, and sequentially acquiring the acquisition time period of the data of each service flow interval according to the acquisition time, the execution starting time of each service flow interval and the execution duration of each service flow interval;
the method for reading the acquisition time of the first data in the service scene of the industrial control system and sequentially acquiring the acquisition time period of the data of each service flow interval according to the acquisition time, the execution starting time of each service flow interval and the execution duration of each service flow interval comprises the following steps:
reading the acquisition time t0 of the first data in the service scene, and sequentially acquiring the acquisition time periods (t0+ S1, t0+ S1+ D1), (t0+ S2, t0+ S2+ D2), (t0+ Sn, t0+ Sn + Dn) of the data of each service flow interval according to t0, the execution start time S1 and S2 & Sn of the service flow interval and the execution duration D1 and D2 & Dn of the service flow interval, wherein n is the number of the service flow intervals.
6. The safety auditing method of an industrial control system according to claim 1, where the step of obtaining the collection time period of data for each business process interval includes:
reading the acquisition time of the first data in the service scene of the industrial control system, and sequentially acquiring the acquisition time period of the data of each service flow interval according to the acquisition time, the execution starting time of each service flow interval and the execution duration of each service flow interval;
the method for reading the acquisition time of the first data in the service scene of the industrial control system and sequentially acquiring the acquisition time period of the data of each service flow interval according to the acquisition time, the execution starting time of each service flow interval and the execution duration of each service flow interval comprises the following steps:
reading the acquisition time t0 of the first data in the service scene, and sequentially acquiring the acquisition time periods (t0+ S1, t0+ S1+ D1), (t0+ S2, t0+ S2+ D2), (t0+ Sn, t0+ Sn + Dn) of the data of each service flow interval according to t0, the execution start time S1 and S2 & Sn of the service flow interval and the execution duration D1 and D2 & Dn of the service flow interval, wherein n is the number of the service flow intervals.
7. The industrial control system security audit method of claim 1, wherein the storing the security risk audit log comprises:
and uploading the security risk audit log to a cloud terminal block chain for storage.
8. The utility model provides a safety audit device of industrial control system which characterized in that includes:
the first configuration module is used for configuring a standard XML rule file according to the service logic configured for each service flow interval in advance;
the acquisition module is used for acquiring data in a service scene where the industrial control system is located and acquiring an acquisition time period of the data of each service flow interval;
the auditing module is used for comparing a standard XML rule file according to the acquisition time period of the data of the business process interval and the acquired data of the business process interval to generate an auditing log of the business process interval;
and the risk analysis module is used for acquiring the safety risk audit log of the service scene according to the pre-established risk model and the generated audit log of the service flow interval, and storing the safety risk audit log.
9. The safety audit device of industrial control system according to claim 8, further comprising:
the second configuration module is used for configuring service logic for the service process interval; the business logic comprises business logic relations, instructions and logic relations thereof, related industrial system objects and logic relations thereof, and input/output parameters and threshold value logic relations thereof, wherein the business logic comprises the business logic relations, the instructions and the logic relations thereof, which are used by the business process intervals.
10. The safety audit device of industrial control system according to claim 8, further comprising:
and the third configuration module is used for dividing a service scene into a plurality of service flow logics according to different auditing granularities.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810792245.0A CN109005162B (en) | 2018-07-18 | 2018-07-18 | Industrial control system security audit method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810792245.0A CN109005162B (en) | 2018-07-18 | 2018-07-18 | Industrial control system security audit method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109005162A CN109005162A (en) | 2018-12-14 |
| CN109005162B true CN109005162B (en) | 2021-04-02 |
Family
ID=64600516
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810792245.0A Active CN109005162B (en) | 2018-07-18 | 2018-07-18 | Industrial control system security audit method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109005162B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110719334B (en) * | 2019-10-18 | 2021-10-26 | 上海华讯网络系统有限公司 | Auditing system and method suitable for cloud desktop behaviors |
| CN111007783A (en) * | 2019-12-28 | 2020-04-14 | 广东电科院能源技术有限责任公司 | Safety management and control system and method |
| CN111541643B (en) * | 2020-03-18 | 2022-02-01 | 成都中科合迅科技有限公司 | Method for realizing safety audit of service system without intrusion |
| CN114363169B (en) * | 2021-12-27 | 2023-10-27 | 紫光云(南京)数字技术有限公司 | SPI-based equipment auditing method |
| CN114327716A (en) * | 2021-12-27 | 2022-04-12 | 凌云光技术股份有限公司 | Method and system for generating local language operation log based on XML language |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9124619B2 (en) * | 2012-12-08 | 2015-09-01 | International Business Machines Corporation | Directing audited data traffic to specific repositories |
| CN105160038B (en) * | 2015-10-10 | 2017-04-19 | 广东卓维网络有限公司 | Data analysis method and system based on audit database |
| CN107274324A (en) * | 2017-06-06 | 2017-10-20 | 张黎明 | A kind of method that accident risk assessment is carried out based on cloud service |
-
2018
- 2018-07-18 CN CN201810792245.0A patent/CN109005162B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109005162A (en) | 2018-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109005162B (en) | Industrial control system security audit method and device | |
| CN107566163B (en) | Alarm method and device for user behavior analysis association | |
| CN111262722B (en) | Safety monitoring method for industrial control system network | |
| CN109587125B (en) | Network security big data analysis method, system and related device | |
| CN111866016B (en) | Log analysis method and system | |
| CN110046073B (en) | Log collection method and device, equipment and storage medium | |
| EP2479698A1 (en) | Systems and methods for detecting fraud associated with systems application processing | |
| CN111935172A (en) | Network abnormal behavior detection method based on network topology, computer device and computer readable storage medium | |
| CN106452955B (en) | A kind of detection method and system of abnormal network connection | |
| CN110266670A (en) | A kind of processing method and processing device of terminal network external connection behavior | |
| CN105589791A (en) | Method for application system log monitoring management in cloud computing environment | |
| Lin et al. | Timing patterns and correlations in spontaneous {SCADA} traffic for anomaly detection | |
| CN109144023A (en) | A kind of safety detection method and equipment of industrial control system | |
| CN111046000A (en) | Government data exchange sharing oriented security supervision metadata organization method | |
| CN111858251A (en) | Big data computing technology-based data security audit method and system | |
| CN110941632A (en) | Database auditing method, device and equipment | |
| CN112565232B (en) | Log analysis method and system based on template and flow state | |
| CN106201887B (en) | A kind of verification method and device of off-line data task | |
| KR20160087187A (en) | Cyber blackbox system and method thereof | |
| CN114172921A (en) | Log auditing method and device for scheduling recording system | |
| CN114095032A (en) | Data stream compression method based on Flink and RVR, edge computing system and storage medium | |
| CN111885088A (en) | Log monitoring method and device based on block chain | |
| CN111209266A (en) | Auditing method and device based on Redis database and electronic equipment | |
| CN110990223A (en) | Monitoring alarm method and device based on system log | |
| CN109598525B (en) | Data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |