CN109459995A - A kind of condition monitoring system and monitoring method towards a variety of industrial ethernet protocols - Google Patents
A kind of condition monitoring system and monitoring method towards a variety of industrial ethernet protocols Download PDFInfo
- Publication number
- CN109459995A CN109459995A CN201811544041.1A CN201811544041A CN109459995A CN 109459995 A CN109459995 A CN 109459995A CN 201811544041 A CN201811544041 A CN 201811544041A CN 109459995 A CN109459995 A CN 109459995A
- Authority
- CN
- China
- Prior art keywords
- configuration information
- message
- information
- equipment
- security strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 108
- 238000012544 monitoring process Methods 0.000 title claims abstract description 38
- 238000012545 processing Methods 0.000 claims abstract description 68
- 230000008569 process Effects 0.000 claims description 32
- 230000005540 biological transmission Effects 0.000 claims description 21
- 235000013399 edible fruits Nutrition 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 17
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
- G05B19/4185—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
- G05B19/4186—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication by protocol, e.g. MAP, TOP
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Manufacturing & Machinery (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the invention provides a kind of condition monitoring system and monitoring method towards a variety of industrial ethernet protocols, wherein system includes: Industrial Ethernet security strategy configuration module, industrial ethernet protocol recognition processing module and Industrial Ethernet alarm generation module;Wherein, Industrial Ethernet security strategy configuration module is used for Saving Safe Strategy configuration information;Industrial ethernet protocol recognition processing module, according to the security strategy configuration information stored in Industrial Ethernet security strategy configuration module, is handled the configuration information in message for parsing to message;Industrial Ethernet alarms generation module for the processing result based on industrial ethernet protocol recognition processing module, alarms the message for not meeting security strategy configuration information.The embodiment of the present invention can monitor the operation conditions of a variety of industrial ethernet protocol equipment, improve the safety of industrial control system.
Description
Technical field
The present invention relates to technical field of automation in industry, more particularly to a kind of shape towards a variety of industrial ethernet protocols
State monitors system and monitoring method.
Background technique
Industrial control system field device communicates just gradually by closed fieldbus form, the Industrial Ethernet of Xiang Kaifang
Form transition, meanwhile, the high efficiency and standard of industrial control system are integrated also to become its important development direction.Industry Control system
System generallys use industrial communication protocol standard and carries out network communication.
Existing industrial communication protocol standard generally includes: a kind of Modbus TCP (industry released by MODICON company
Communication protocol standard);A kind of Profinet (automation based on industrial Ethernet technology released by PROFIBUS international organization
Bus standard);OPC UA (OPC Unified Architecture, OPC unified shader) etc..Wherein, Modbus TCP and
Profinet has been more and more widely used as typical Industrial Ethernet standard, and OPC UA is pushed away as OPC foundation
Integration standard framework out, will also play an increasingly important role in industrial control network.
However, with more and more industrial control system products using general communication protocol, general hardware and
General software building, and capable of being connect with communication with public networks such as internets, thus caused by virus, wooden horse
Equal threats are also being spread to industrial control system, if cannot effectively supervise to the communications status of industrial control system
It surveys, it will influence the safety of industrial control system.
Summary of the invention
The embodiment of the present invention be designed to provide a kind of condition monitoring system towards a variety of industrial ethernet protocols and
Monitoring method, to improve the safety of industrial control system.Specific technical solution is as follows:
In a first aspect, the embodiment of the invention provides a kind of condition monitoring system towards a variety of industrial ethernet protocols,
The system comprises Industrial Ethernet security strategy configuration module, industrial ethernet protocol recognition processing module, and industry with
Too net alarm generation module;
Wherein, the Industrial Ethernet security strategy configuration module is used for Saving Safe Strategy configuration information;The safety
It include: equipment physical message relevant configuration information, equipment correlation relevant configuration information and technique in tactful configuration information
Relevant configuration information;It include: device name, equipment media access control MAC in the equipment physical message relevant configuration information
Address, device network Protocol IP address, equipment end slogan;It include: MAC Address in the equipment correlation relevant configuration information
White list information, IP address white list information, IP address and MAC Address binding information, network load information;Wherein, the net
It include: access times restricted information and network bandwidth information per second in network load information;In the technique relevant configuration information
It include: the upper-limit information of equipment critical data, the lower limit information of equipment critical data, the correlation information between data;
The industrial ethernet protocol recognition processing module, for acquisition based on the message of industrial ethernet protocol into
Row parsing, and according to the security strategy configuration information stored in the Industrial Ethernet security strategy configuration module, to solution
The configuration information analysed in the obtained message is handled;
The Industrial Ethernet alarm generation module, for the place based on the industrial ethernet protocol recognition processing module
Reason is as a result, alarm to the message for not meeting the security strategy configuration information.
Optionally, the industrial ethernet protocol recognition processing module, comprising: equipment correlation identifying processing submodule
Block, Modbus Transmission Control Protocol identifying processing submodule, Profinet protocol identification handle submodule, the processing of OPC UA protocol identification
Submodule and additional networks protocol identification handle submodule;
Wherein, the equipment correlation identifying processing submodule, adds for the physical message based on message sending device
Carry the equipment physical message relevant configuration information, and the equipment correlation information in the message obtained to parsing into
Row processing;
The Modbus Transmission Control Protocol identifying processing submodule is parsed from Modbus Transmission Control Protocol message for judging
The process relation configuration information arrived, if be consistent with the technique relevant configuration information in the security strategy configuration information;
The Profinet protocol identification handles submodule, obtains for judge to parse from Profinet protocol massages
Process relation configuration information, if be consistent with the technique relevant configuration information in the security strategy configuration information;
The OPC UA protocol identification handles submodule, the technique for judging to parse from OPC UA protocol massages
Relationship configuration information, if be consistent with the technique relevant configuration information in the security strategy configuration information;
The additional networks protocol identification handles submodule, obtains for judging to parse from the message of additional networks agreement
Process relation configuration information, if be consistent with the technique relevant configuration information in the security strategy configuration information;The volume
Outer network agreement are as follows: the network association in addition to the Modbus Transmission Control Protocol, the Profinet agreement and the OPC UA agreement
View.
Optionally, the equipment correlation identifying processing submodule, is specifically used for:
According to the equipment physical message relevant configuration information in the security strategy configuration information, the message is identified
Sending device.
Optionally, the Industrial Ethernet alarm generation module, comprising: warning message generates submodule, remote alarms
Module, and alarm report generation submodule;
Wherein, the warning message generates submodule, for generating time of fire alarming, warning device title, alert levels, report
Alert content and alarm advisory information;
The remote alarms submodule, for sending warning message by User Datagram Protocol UDP network channel;
The report generation submodule, for generating report file, the format of the report file is Portable Document PDF
Format.
Optionally, the equipment correlation identifying processing submodule, is specifically used for:
Judge the physical message of the sending device parsed from the message, if with the Industrial Ethernet safety
The equipment physical message relevant configuration information stored in tactful configuration module is consistent.
Second aspect, the embodiment of the invention provides a kind of state monitoring method towards a variety of industrial ethernet protocols,
The described method includes:
Security strategy configuration information is stored in advance;It include: that equipment physical message is related in the security strategy configuration information
Configuration information, equipment correlation relevant configuration information and technique relevant configuration information;The equipment physical message correlation is matched
It include: device name, equipment MAC address, device network Protocol IP address, equipment end slogan in confidence breath;
It include: MAC Address white list information, IP address white list information, IP address in the equipment correlation relevant configuration information
With MAC Address binding information, network load information;It wherein, include: access times limitation letter per second in the network load information
Breath and network bandwidth information;It include: the upper-limit information of equipment critical data in the technique relevant configuration information, equipment is crucial
The lower limit information of data, the correlation information between data;
The message based on industrial ethernet protocol of acquisition is parsed, and security strategy according to the pre-stored data configures
Information, the configuration information in the message obtained to parsing are handled;
Based on the processing result to the configuration information in the message, to the report for not meeting the security strategy configuration information
Text is alarmed.
Optionally, the message based on industrial ethernet protocol of described pair of acquisition parses, and according to the pre-stored data
Security strategy configuration information, the configuration information in the message obtained to parsing are handled, comprising:
Judge the physical message of the sending device parsed from the message, if with pre-stored equipment physics
Information relevant configuration information is consistent;
Judge the process relation configuration information parsed from Modbus Transmission Control Protocol message, if with the safe plan
Technique relevant configuration information slightly in configuration information is consistent;
Judge the process relation configuration information parsed from Profinet protocol massages, if with the security strategy
Technique relevant configuration information in configuration information is consistent;
Judge the process relation configuration information parsed from OPC UA protocol massages, if match with the security strategy
Technique relevant configuration information in confidence breath is consistent;
Judge the process relation configuration information parsed from the message of additional networks agreement, if with the safe plan
Technique relevant configuration information slightly in configuration information is consistent;The additional networks agreement are as follows: remove the Modbus Transmission Control Protocol, institute
State the network protocol outside Profinet agreement and the OPC UA agreement.
Optionally, the physical message based on message sending device loads the equipment physical message relevant configuration letter
Breath, and the equipment correlation information parsed in the obtained message is handled, comprising:
According to the equipment physical message relevant configuration information in the security strategy configuration information, the message is identified
Sending device.
Optionally, the processing result based on to the configuration information in the message, to not meeting the security strategy
The message of configuration information is alarmed, comprising:
Generate time of fire alarming, warning device title, alert levels, alarm content and alarm advisory information;
Warning message is sent by User Datagram Protocol UDP network channel;
Report file is generated, the format of the report file is Portable Document PDF format.
A kind of condition monitoring system and monitoring method towards a variety of industrial ethernet protocols provided in an embodiment of the present invention,
The message based on industrial ethernet protocol of acquisition can be parsed, and according to Industrial Ethernet security strategy configuration module
The security strategy configuration information of middle storage handles the configuration information in the obtained message of parsing, and can be to not meeting
The message of security strategy configuration information is alarmed, and the condition monitoring system and monitoring method of the embodiment of the present invention can be realized
Critical data in industrial system is monitored, while can also find that illegality equipment accesses in time, thus effective protection key equipment
It operates normally, improves the safety of industrial control system.Certainly, it implements any of the products of the present invention or method must be not necessarily required to
Reach all the above advantage simultaneously.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of structure of the condition monitoring system provided in an embodiment of the present invention towards a variety of industrial ethernet protocols
Schematic diagram;
Fig. 2 is a kind of structural schematic diagram of Industrial Ethernet security strategy configuration module in the embodiment of the present invention;
Fig. 3 is that interchanger connects the schematic diagram based on different industrial ethernet protocol equipment in the embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of industrial ethernet protocol recognition processing module in the embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of Industrial Ethernet alarm generation module in the embodiment of the present invention;
Fig. 6 is a kind of process of the state monitoring method provided in an embodiment of the present invention towards a variety of industrial ethernet protocols
Schematic diagram;
Fig. 7 is a kind of flow diagram of step S202 in the embodiment of the present invention;
Fig. 8 is a kind of structural schematic diagram of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the embodiment of the invention provides a kind of condition monitoring systems towards a variety of industrial ethernet protocols
100, which includes:
Industrial Ethernet security strategy configuration module 101, industrial ethernet protocol recognition processing module 102, and industry
Ethernet alarm generation module 103.
Wherein, Industrial Ethernet security strategy configuration module 101 is used for Saving Safe Strategy configuration information.Such as Fig. 2 institute
To show, Industrial Ethernet security strategy configuration module 101 may include: equipment physical message relevant configuration information submodule 1011,
Equipment correlation relevant configuration information submodule 1012, technique relevant configuration information submodule 1013.That is, safe plan
Slightly it can store in configuration information: equipment physical message relevant configuration information, equipment correlation relevant configuration information, and
Technique relevant configuration information.
Above equipment physical message relevant configuration information can refer to configuration information relevant to industrial equipment physical attribute,
Such as: the title of equipment, MAC (Media Access Control Address, media access control) address of equipment, equipment
IP (Internet Protocol, internet protocol address) address, the port numbers etc. of equipment.It should be noted that technical staff
The physical message of industrial equipment can be configured, and configuration information is stored in Industrial Ethernet security strategy configuration module
In.
Above equipment correlation relevant configuration information, can refer to used when being communicated between industrial equipment with confidence
Breath, such as: MAC Address white list information, IP address white list information, IP address and MAC Address binding information, network load letter
Breath etc.;It wherein, include: access times restricted information and network bandwidth information per second in network load information.It needs to illustrate
It is that technical staff can configure the correlation of equipment room, and configuration information is stored in the safe plan of Industrial Ethernet
Slightly in configuration module.
Above-mentioned technique relevant configuration information can refer to the technological parameter information that the industrial equipment uses at runtime, such as:
The upper-limit information of equipment critical data, the lower limit information of equipment critical data, the correlation information etc. between data.Pass herein
Key data can refer to the technological parameter to play a key effect to equipment operation, such as operating voltage;It is mutual between data herein
Relation information can refer to the correlation between two or more data, for example, the difference between the first data and the second data
Value, alternatively, the logical relation between the first data and the second data.It should be noted that the first data and the second data can be with
For the data parsed from message, and technical staff can configure the technological parameter of equipment, and by configuration information
It is stored in Industrial Ethernet security strategy configuration module.
Wherein, industrial ethernet protocol recognition processing module, for the message based on industrial ethernet protocol to acquisition
It is parsed, and according to the security strategy configuration information stored in Industrial Ethernet security strategy configuration module, parsing is obtained
Message in configuration information handled.
In the embodiment of the present invention, assisted as shown in figure 3, each port of interchanger can connect based on different Industrial Ethernet
The equipment of view, for example, engineer station, Modbus main website, Modbus slave station, Profinet controller, Profinet equipment, OPC
UA server, OPC UA client or other equipment based on different industrial ethernet protocols.Industrial ethernet protocol identification
The mirror port that processing module can cross interchanger obtains the message data that above equipment generates.It should be noted that from exchange
The method that the mirror port of machine obtains message data is the prior art, and details are not described herein for the embodiment of the present invention.
As a kind of concrete implementation mode of the embodiment of the present invention, as shown in figure 4, industrial ethernet protocol identifying processing mould
Block 102, can specifically include:
Equipment correlation identifying processing submodule 1021, Modbus Transmission Control Protocol identifying processing submodule 1022,
Profinet protocol identification handles submodule 1023, and OPC UA protocol identification handles submodule 1024 and additional networks agreement
Identifying processing submodule 1025.
Wherein, equipment correlation identifying processing submodule is set for the physical message load based on message sending device
Standby physical message relevant configuration information, and the equipment correlation information parsed in obtained message is handled.
The physical message of the equipment is usually carried in the message that equipment is sent, can with for example, the equipment title, MAC
Address etc..The corresponding equipment physical message relevant configuration of the equipment can be stored in advance in Industrial Ethernet security strategy configuration module
Information, therefore, equipment correlation identifying processing submodule is after obtaining message, it can be determined that parsing obtained from message should
The physical message of equipment, if be consistent with the equipment physical message relevant configuration information of the pre-stored equipment, and export and sentence
Disconnected result.
Modbus Transmission Control Protocol identifying processing submodule, for judging that from Modbus Transmission Control Protocol message, parsing obtains
Process relation configuration information, if be consistent with the technique relevant configuration information in security strategy configuration information.
In the embodiment of the present invention, the corresponding equipment of the equipment can be stored in advance in Industrial Ethernet security strategy configuration module
Correlation relevant configuration information, therefore, Modbus Transmission Control Protocol identifying processing submodule is from Modbus Transmission Control Protocol message
It, can be based on the physical message loading equipemtn physical message correlation of message sending device after parsing obtains process relation configuration information
Configuration information, and the equipment correlation information parsed in obtained message is handled, export processing result.
Profinet protocol identification handles submodule, the technique for judging to parse from Profinet protocol massages
Relationship configuration information, if be consistent with the technique relevant configuration information in security strategy configuration information.
Similarly, Profinet protocol identification processing submodule is parsed from Profinet protocol massages obtains process relation
After configuration information, it can be determined that the process relation configuration information, if related to the equipment correlation of the equipment is stored in advance
Configuration information is consistent, and exports judging result.
OPC UA protocol identification handles submodule, the process relation for judging to parse from OPC UA protocol massages
Configuration information, if be consistent with the technique relevant configuration information in security strategy configuration information.
Similarly, OPC UA protocol identification processing submodule is parsed from OPC UA protocol massages obtains process relation configuration
After information, it can be determined that the process relation configuration information, if with the equipment correlation relevant configuration that the equipment is stored in advance
Information is consistent, and exports judging result.
Additional networks protocol identification handles submodule, the work for judging to parse from the message of additional networks agreement
Skill relationship configuration information, if be consistent with the technique relevant configuration information in security strategy configuration information.
Similarly, additional networks protocol identification processing submodule is parsed from additional networks protocol massages obtains process relation
After configuration information, it can be determined that the process relation configuration information, if related to the equipment correlation of the equipment is stored in advance
Configuration information is consistent, and exports judging result.Above-mentioned additional networks agreement can refer to: remove Modbus Transmission Control Protocol, Profinet
Network protocol outside agreement and OPC UA agreement, for example, the PowerLink industrial communication protocol based on standard ethernet.
It can be seen that condition monitoring system of the invention has the characteristics that versatility, that is, can for current mainstream industry with
Too net realizes security monitoring, and system configuration simple and clear, implementation is simple and convenient, can provide safety for industrial control system network
Protection.
As a kind of optional embodiment of the embodiment of the present invention, above equipment correlation identifying processing submodule can
To identify the sending device of message according to the equipment physical message relevant configuration information in security strategy configuration information.Specifically,
Equipment correlation identifying processing submodule may determine that the physical message of the sending device parsed from message, if with
The equipment physical message relevant configuration information stored in Industrial Ethernet security strategy configuration module is consistent, and exports judgement knot
Fruit, so that whether the sending device for identifying message is unauthorized device.
As a kind of optional embodiment of the embodiment of the present invention, as shown in figure 5, the alarm of above-mentioned Industrial Ethernet generates mould
Block 103, comprising:
Warning message generates submodule 1031, remote alarms submodule 1032, and alarm report generation submodule 1033.
Wherein, warning message generates submodule, for generating time of fire alarming, warning device title, and alert levels, in alarm
Appearance and alarm advisory information.
In the embodiment of the present invention, a variety of warning messages are can be generated in Industrial Ethernet alarm generation module, to make O&M
Personnel find the problem in time.
Remote alarms submodule, for passing through UDP (User Datagram Protocol, User Datagram Protocol) network
Channel sends warning message.
Warning message can be sent to remote server by remote alarms submodule, for example, being sent by UDP network channel
Warning message, so that the operation maintenance personnel in remote location be made to find the problem in time.
Report generation submodule, for generating report file for operation maintenance personnel archive, the format of report file is PDF
(Portable Document Format, Portable Document) format.Certainly, except for example shown in implementation with
Outside, realize that the mode of this feature belongs to the protection scope of the embodiment of the present invention.
In summary content it is found that the embodiment of the present invention condition monitoring system can to Modbus TCP, Profinet,
The data depth of the mainstream industries Ethernet protocol such as OPC UA is analyzed and monitoring, is realized according to security strategy to unauthorized device
Unauthorized access, the identification of network state, exception message can monitor key equipment in real time, and alarm when abnormal, to current work
Industry network security is of great significance.
A kind of condition monitoring system towards a variety of industrial ethernet protocols provided in an embodiment of the present invention, can be to acquisition
The message based on industrial ethernet protocol parsed, and according to the peace stored in Industrial Ethernet security strategy configuration module
Full strategy configuration information, the configuration information in message obtained to parsing is handled, and can be matched to security strategy is not met
The message of confidence breath is alarmed, and the condition monitoring system and monitoring method of the embodiment of the present invention can be realized to industrial system
Middle critical data monitoring, while can also find that illegality equipment accesses in time, so that effective protection key equipment operates normally, mention
The safety of high industrial control system.
As shown in fig. 6, the embodiment of the invention also provides a kind of status monitoring sides towards a variety of industrial ethernet protocols
Method can be applied to the condition monitoring system of embodiment illustrated in fig. 1, including following below scheme:
Security strategy configuration information is stored in advance in S201.
It may include: equipment physical message relevant configuration information in security strategy configuration information, equipment correlation is related
Configuration information and technique relevant configuration information;It include: device name, equipment matchmaker in equipment physical message relevant configuration information
Body access control MAC addresses, device network Protocol IP address, equipment end slogan;It is wrapped in equipment correlation relevant configuration information
It includes: MAC Address white list information, IP address white list information, IP address and MAC Address binding information, network load information;Its
In, it include: access times restricted information and network bandwidth information per second in network load information;In technique relevant configuration information
It include: the upper-limit information of equipment critical data, the lower limit information of equipment critical data, the correlation information between data.Safety
Tactful configuration information can store in Industrial Ethernet security strategy configuration module, which can be hard disk, flash disk etc.
Store equipment.
S202 parses the message based on industrial ethernet protocol of acquisition, and safe plan according to the pre-stored data
Slightly configuration information, the configuration information in message obtained to parsing are handled.
Industrial ethernet protocol recognition processing module can solve the message based on industrial ethernet protocol of acquisition
Analysis, and according to security strategy configuration information pre-stored in Industrial Ethernet security strategy configuration module, parsing is obtained
Configuration information in message is handled.
S203, based on the processing result to the configuration information in message, to the message for not meeting security strategy configuration information
It alarms.
Industrial Ethernet alarms generation module can be right based on the processing result of industrial ethernet protocol recognition processing module
The message for not meeting security strategy configuration information is alarmed.
As another optional embodiment of the embodiment of the present invention, as shown in fig. 7, above-mentioned steps S202, specifically includes:
S2021 judges the physical message of sending device parsed from message, if with the safe plan of Industrial Ethernet
The equipment physical message relevant configuration information slightly stored in configuration module is consistent.
Equipment correlation identifying processing submodule can be based on the physical message loading equipemtn physics of message sending device
Information relevant configuration information, and the equipment correlation information in the message obtained to parsing is handled.
When not being consistent, S2022 alarms.
When being consistent:
S2023 judges the process relation configuration information parsed from Modbus Transmission Control Protocol message, if with safety
Technique relevant configuration information in tactful configuration information is consistent.
Modbus Transmission Control Protocol identifying processing submodule may determine that from Modbus Transmission Control Protocol message, parsing obtains
Process relation configuration information, if with technique relevant configuration information pre-stored in Industrial Ethernet security strategy configuration module
It is consistent.
When not being consistent, S2024 alarms.
S2025 judges the process relation configuration information parsed from Profinet protocol massages, if with safe plan
Technique relevant configuration information slightly in configuration information is consistent.
Profinet protocol identification processing submodule may determine that the technique parsed from Profinet protocol massages
Relationship configuration information, if with technique relevant configuration information phase pre-stored in Industrial Ethernet security strategy configuration module
Symbol.
When not being consistent, S2026 alarms.
S2027 judges the process relation configuration information parsed from OPC UA protocol massages, if with security strategy
Technique relevant configuration information in configuration information is consistent.
OPC UA protocol identification processing submodule may determine that the process relation parsed from OPC UA protocol massages
Configuration information, if be consistent with technique relevant configuration information pre-stored in Industrial Ethernet security strategy configuration module.
When not being consistent, S2028 alarms.
S2029 judges the process relation configuration information parsed from the message of additional networks agreement, if with safety
Technique relevant configuration information in tactful configuration information is consistent.
When not being consistent, S20210 alarms.
Additional networks protocol identification processing submodule may determine that the work parsed from the message of additional networks agreement
Skill relationship configuration information, if with technique relevant configuration information phase pre-stored in Industrial Ethernet security strategy configuration module
Symbol.
As another optional embodiment of the embodiment of the present invention, above-mentioned steps S2021 be can specifically include: by setting
Standby correlation identifying processing submodule is known according to the equipment physical message relevant configuration information in security strategy configuration information
The sending device of other message.Equipment correlation identifying processing submodule can be used for identifying the sending device of message.
As another optional embodiment of the embodiment of the present invention, submodule can also be generated by alert information and generate report
Alert time, warning device title, alert levels, alarm content and alarm advisory information;It is sent by remote alarms submodule
Warning message;Report file is generated by report generation submodule.
A kind of state monitoring method towards a variety of industrial ethernet protocols provided in an embodiment of the present invention, can be to acquisition
The message based on industrial ethernet protocol parsed, and according to the peace stored in Industrial Ethernet security strategy configuration module
Full strategy configuration information, the configuration information in message obtained to parsing is handled, and can be matched to security strategy is not met
The message of confidence breath is alarmed, and the condition monitoring system and monitoring method of the embodiment of the present invention can be realized to industrial system
Middle critical data monitoring, while can also find that illegality equipment accesses in time, so that effective protection key equipment operates normally, mention
The safety of high industrial control system.
The embodiment of the invention also provides a kind of electronic equipment, as shown in figure 8, include processor 301, communication interface 302,
Memory 303 and communication bus 304, wherein processor 301, communication interface 302, memory 303 are complete by communication bus 304
At mutual communication,
Memory 303, for storing computer program;
Processor 301 when for executing the program stored on memory 303, realizes following steps:
Security strategy configuration information is stored in advance;
The message based on industrial ethernet protocol of acquisition is parsed, and security strategy according to the pre-stored data configures
Information, the configuration information in message obtained to parsing are handled;
Based on the processing result to the configuration information in message, the message for not meeting security strategy configuration information is reported
It is alert.
A kind of electronic equipment provided in an embodiment of the present invention, can to acquisition based on the message of industrial ethernet protocol into
Row parsing, and according to the security strategy configuration information stored in Industrial Ethernet security strategy configuration module, parsing is obtained
Configuration information in message is handled, and can be alarmed the message for not meeting security strategy configuration information, the present invention
The condition monitoring system and monitoring method of embodiment, can be realized and monitor to critical data in industrial system, at the same can also and
The access of Shi Faxian illegality equipment improves the safety of industrial control system so that effective protection key equipment operates normally.
The communication bus that above-mentioned electronic equipment is mentioned can be Peripheral Component Interconnect standard (Peripheral Component
Interconnect, abbreviation PCI) bus or expanding the industrial standard structure (Extended Industry Standard
Architecture, abbreviation EISA) bus etc..The communication bus can be divided into address bus, data/address bus, control bus etc..
Only to be indicated with a thick line in figure, it is not intended that an only bus or a type of bus convenient for indicating.
Communication interface is for the communication between above-mentioned electronic equipment and other equipment.
Memory may include random access memory (Random Access Memory, abbreviation RAM), also may include
Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.Optionally, memory may be used also
To be storage device that at least one is located remotely from aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
Abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor
(Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific
Integrated Circuit, abbreviation ASIC), field programmable gate array (Field-Programmable Gate Array,
Abbreviation FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.
The embodiment of the invention also provides a kind of computer readable storage medium, it is stored in computer readable storage medium
Computer program, to execute following steps:
Security strategy configuration information is stored in advance;
The message based on industrial ethernet protocol of acquisition is parsed, and security strategy according to the pre-stored data configures
Information, the configuration information in message obtained to parsing are handled;
Based on the processing result to the configuration information in message, the message for not meeting security strategy configuration information is reported
It is alert.
A kind of computer readable storage medium provided in an embodiment of the present invention, being capable of being assisted based on Industrial Ethernet to acquisition
The message of view is parsed, and according to the security strategy configuration information stored in Industrial Ethernet security strategy configuration module, right
The configuration information parsed in obtained message is handled, and can be reported to the message for not meeting security strategy configuration information
Alert, the condition monitoring system and monitoring method of the embodiment of the present invention can be realized and monitor to critical data in industrial system, simultaneously
It can also find that illegality equipment accesses in time, so that effective protection key equipment operates normally, improve the peace of industrial control system
Quan Xing.
For method/electronic equipment/storage medium embodiment, since it is substantially similar to system embodiment, so
It is described relatively simple, the relevent part can refer to the partial explaination of embodiments of method.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention
It is interior.
Claims (9)
1. a kind of condition monitoring system towards a variety of industrial ethernet protocols, which is characterized in that the system comprises: industry with
Too net security strategy configuration module, industrial ethernet protocol recognition processing module and Industrial Ethernet alarm generation module;
Wherein, the Industrial Ethernet security strategy configuration module is used for Saving Safe Strategy configuration information;The security strategy
It include: equipment physical message relevant configuration information in configuration information, equipment correlation relevant configuration information and technique are related
Configuration information;It include: device name in the equipment physical message relevant configuration information, equipment MAC address,
Device network Protocol IP address, equipment end slogan;It include: the white name of MAC Address in the equipment correlation relevant configuration information
Single information, IP address white list information, IP address and MAC Address binding information, network load information;Wherein, the network is negative
It include: access times restricted information and network bandwidth information per second in information carrying breath;Include: in the technique relevant configuration information
The upper-limit information of equipment critical data, the lower limit information of equipment critical data, the correlation information between data;
The industrial ethernet protocol recognition processing module, for being solved to the message based on industrial ethernet protocol of acquisition
Analysis, and according to the security strategy configuration information stored in the Industrial Ethernet security strategy configuration module, to parsing
To the message in configuration information handled;
The Industrial Ethernet alarm generation module, for the processing knot based on the industrial ethernet protocol recognition processing module
Fruit alarms to the message for not meeting the security strategy configuration information.
2. system according to claim 1, which is characterized in that the industrial ethernet protocol recognition processing module, comprising:
Equipment correlation identifying processing submodule, Modbus Transmission Control Protocol identifying processing submodule, the processing of Profinet protocol identification
Submodule, OPC UA protocol identification handles submodule and additional networks protocol identification handles submodule;
Wherein, the equipment correlation identifying processing submodule loads institute for the physical message based on message sending device
Equipment physical message relevant configuration information is stated, and at the equipment correlation information in the message obtained to parsing
Reason;
The Modbus Transmission Control Protocol identifying processing submodule, for judging that from Modbus Transmission Control Protocol message, parsing obtains
Process relation configuration information, if be consistent with the technique relevant configuration information in the security strategy configuration information;
The Profinet protocol identification handles submodule, the technique for judging to parse from Profinet protocol massages
Relationship configuration information, if be consistent with the technique relevant configuration information in the security strategy configuration information;
The OPC UA protocol identification handles submodule, the process relation for judging to parse from OPC UA protocol massages
Configuration information, if be consistent with the technique relevant configuration information in the security strategy configuration information;
The additional networks protocol identification handles submodule, the work for judging to parse from the message of additional networks agreement
Skill relationship configuration information, if be consistent with the technique relevant configuration information in the security strategy configuration information;The additional net
Network agreement are as follows: the network protocol in addition to the Modbus Transmission Control Protocol, the Profinet agreement and the OPC UA agreement.
3. system according to claim 2, which is characterized in that the equipment correlation identifying processing submodule, specifically
For:
According to the equipment physical message relevant configuration information in the security strategy configuration information, the hair of the message is identified
Send equipment.
4. system according to claim 1, which is characterized in that the Industrial Ethernet alarm generation module, comprising: alarm
Information generates submodule, remote alarms submodule, and alarm report generation submodule;
Wherein, the warning message generates submodule, for generating time of fire alarming, warning device title, and alert levels, in alarm
Appearance and alarm advisory information;
The remote alarms submodule, for sending warning message by User Datagram Protocol UDP network channel;
The report generation submodule, for generating report file, the format of the report file is Portable Document PDF lattice
Formula.
5. system according to claim 2, which is characterized in that the equipment correlation identifying processing submodule, specifically
For:
Judge the physical message of the sending device parsed from the message, if with the Industrial Ethernet security strategy
The equipment physical message relevant configuration information stored in configuration module is consistent.
6. a kind of state monitoring method towards a variety of industrial ethernet protocols, which is characterized in that the described method includes:
Security strategy configuration information is stored in advance;It include: equipment physical message relevant configuration in the security strategy configuration information
Information, equipment correlation relevant configuration information and technique relevant configuration information;The equipment physical message relevant configuration letter
It include: device name, equipment MAC address, device network Protocol IP address, equipment end slogan in breath;It is described
It include: MAC Address white list information, IP address white list information, IP address and MAC in equipment correlation relevant configuration information
Address binding information, network load information;Wherein, include: access times restricted information per second in the network load information with
And network bandwidth information;It include: the upper-limit information of equipment critical data, equipment critical data in the technique relevant configuration information
Lower limit information, the correlation information between data;
The message based on industrial ethernet protocol of acquisition is parsed, and security strategy according to the pre-stored data matches confidence
Breath, the configuration information in the message obtained to parsing are handled;
Based on the processing result to the configuration information in the message, to do not meet the message of the security strategy configuration information into
Row alarm.
7. according to the method described in claim 6, it is characterized in that, the message based on industrial ethernet protocol of described pair of acquisition
Parsed, and security strategy configuration information according to the pre-stored data, to the configuration information in the obtained message of parsing into
Row processing, comprising:
Judge the physical message of the sending device parsed from the message, if with pre-stored equipment physical message
Relevant configuration information is consistent;
Judge the process relation configuration information parsed from Modbus Transmission Control Protocol message, if match with the security strategy
Technique relevant configuration information in confidence breath is consistent;
Judge the process relation configuration information parsed from Profinet protocol massages, if configure with the security strategy
Technique relevant configuration information in information is consistent;
Judge the process relation configuration information parsed from OPC UA protocol massages, if match confidence with the security strategy
Technique relevant configuration information in breath is consistent;
Judge the process relation configuration information parsed from the message of additional networks agreement, if match with the security strategy
Technique relevant configuration information in confidence breath is consistent;The additional networks agreement are as follows: except the Modbus Transmission Control Protocol, described
Network protocol outside Profinet agreement and the OPC UA agreement.
8. the method according to the description of claim 7 is characterized in that the physical message based on message sending device loads institute
Equipment physical message relevant configuration information is stated, and at the equipment correlation information in the message obtained to parsing
Reason, comprising:
According to the equipment physical message relevant configuration information in the security strategy configuration information, the hair of the message is identified
Send equipment.
9. according to the method described in claim 6, it is characterized in that, the processing based on to the configuration information in the message
As a result, alarming the message for not meeting the security strategy configuration information, comprising:
Generate time of fire alarming, warning device title, alert levels, alarm content and alarm advisory information;
Warning message is sent by User Datagram Protocol UDP network channel;
Report file is generated, the format of the report file is Portable Document PDF format.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811544041.1A CN109459995B (en) | 2018-12-17 | 2018-12-17 | State monitoring system and monitoring method for multiple industrial Ethernet protocols |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811544041.1A CN109459995B (en) | 2018-12-17 | 2018-12-17 | State monitoring system and monitoring method for multiple industrial Ethernet protocols |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109459995A true CN109459995A (en) | 2019-03-12 |
CN109459995B CN109459995B (en) | 2020-11-13 |
Family
ID=65613560
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811544041.1A Active CN109459995B (en) | 2018-12-17 | 2018-12-17 | State monitoring system and monitoring method for multiple industrial Ethernet protocols |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109459995B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110262420A (en) * | 2019-06-18 | 2019-09-20 | 国家计算机网络与信息安全管理中心 | A kind of distributed industrial control network security detection system |
CN110597226A (en) * | 2019-09-17 | 2019-12-20 | 中车青岛四方机车车辆股份有限公司 | Abnormity early warning method and device for vehicle-mounted Ethernet |
CN112311808A (en) * | 2020-11-11 | 2021-02-02 | 上海电器科学研究所(集团)有限公司 | Method for automatically mapping Modbus protocol data to OPCUA address space |
CN114153182A (en) * | 2020-08-18 | 2022-03-08 | 中国航天系统工程有限公司 | Process self-adaptive industrial terminal safety protection system and method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030135653A1 (en) * | 2002-01-17 | 2003-07-17 | Marovich Scott B. | Method and system for communications network |
CN103997427A (en) * | 2014-03-03 | 2014-08-20 | 浙江大学 | Communication network detection and anti-attack protection method and device, communication equipment and communication system |
CN104579818A (en) * | 2014-12-01 | 2015-04-29 | 国家电网公司 | Detection method of network anomaly message of intelligent substation |
CN108055282A (en) * | 2017-12-28 | 2018-05-18 | 国网浙江省电力有限公司电力科学研究院 | Industry control abnormal behaviour analysis method and system based on self study white list |
CN108418794A (en) * | 2018-01-29 | 2018-08-17 | 全球能源互联网研究院有限公司 | A kind of intelligent substation communication network resists the method and system of ARP attacks |
-
2018
- 2018-12-17 CN CN201811544041.1A patent/CN109459995B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030135653A1 (en) * | 2002-01-17 | 2003-07-17 | Marovich Scott B. | Method and system for communications network |
CN103997427A (en) * | 2014-03-03 | 2014-08-20 | 浙江大学 | Communication network detection and anti-attack protection method and device, communication equipment and communication system |
CN104579818A (en) * | 2014-12-01 | 2015-04-29 | 国家电网公司 | Detection method of network anomaly message of intelligent substation |
CN108055282A (en) * | 2017-12-28 | 2018-05-18 | 国网浙江省电力有限公司电力科学研究院 | Industry control abnormal behaviour analysis method and system based on self study white list |
CN108418794A (en) * | 2018-01-29 | 2018-08-17 | 全球能源互联网研究院有限公司 | A kind of intelligent substation communication network resists the method and system of ARP attacks |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110262420A (en) * | 2019-06-18 | 2019-09-20 | 国家计算机网络与信息安全管理中心 | A kind of distributed industrial control network security detection system |
CN110597226A (en) * | 2019-09-17 | 2019-12-20 | 中车青岛四方机车车辆股份有限公司 | Abnormity early warning method and device for vehicle-mounted Ethernet |
CN114153182A (en) * | 2020-08-18 | 2022-03-08 | 中国航天系统工程有限公司 | Process self-adaptive industrial terminal safety protection system and method |
CN114153182B (en) * | 2020-08-18 | 2024-03-12 | 中国航天系统工程有限公司 | Industrial terminal safety protection system and method with self-adaptive process |
CN112311808A (en) * | 2020-11-11 | 2021-02-02 | 上海电器科学研究所(集团)有限公司 | Method for automatically mapping Modbus protocol data to OPCUA address space |
CN112311808B (en) * | 2020-11-11 | 2023-03-21 | 上海电器科学研究所(集团)有限公司 | Method for automatically mapping Modbus protocol data to OPCUA address space |
Also Published As
Publication number | Publication date |
---|---|
CN109459995B (en) | 2020-11-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109459995A (en) | A kind of condition monitoring system and monitoring method towards a variety of industrial ethernet protocols | |
KR102199054B1 (en) | Apparatus for serial port based cyber security vulnerability assessment and method for the same | |
CN108667807A (en) | A kind of protocol self-adapting method and system based on monitoring cloud platform and gateway | |
US20200336925A1 (en) | System, Method and Apparatus for Managing Disruption in a Sensor Network Application | |
CN109167796A (en) | A kind of deep-packet detection platform based on industrial SCADA system | |
CN110636075A (en) | Operation and maintenance management and control and operation and maintenance analysis method and device | |
Da'na et al. | Development of a monitoring and control platform for PLC-based applications | |
Faisal et al. | Modeling Modbus TCP for intrusion detection | |
Al-Dalky et al. | A Modbus traffic generator for evaluating the security of SCADA systems | |
CN106326736B (en) | Data processing method and system | |
Nicholson et al. | Position paper: Safety and security monitoring in ics/scada systems | |
Rajesh et al. | Detection and blocking of replay, false command, and false access injection commands in scada systems with modbus protocol | |
CN114205340B (en) | Fuzzy test method and device based on intelligent power equipment | |
Ovaz Akpinar et al. | Development of the ECAT preprocessor with the trust communication approach | |
CN116781347A (en) | Industrial Internet of things intrusion detection method and device based on deep learning | |
WO2020252635A1 (en) | Method and apparatus for constructing network behavior model, and computer readable medium | |
Sahani et al. | A GSM, WSN and embedded web server architecture for Internet based kitchen monitoring system | |
Raja et al. | Rule generation for TCP SYN flood attack in SIEM environment | |
Johansson | Profinet industrial internet of things gateway for the smart factory | |
TW201626324A (en) | Equipment and warning event process method for smart community and system thereof | |
Peddireddy et al. | Multiagent network security system using FIPA-OS | |
TW202335468A (en) | Method and apparatus for detecting anomalies of an infrastructure in a network | |
Cisco | Polling---The Event Generation Process | |
CN115222181A (en) | Robot operation state monitoring system and method | |
KR102196970B1 (en) | Apparatus for inspecting security vulnerability through console connection and method for the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |