CN109474607A - A kind of industrial control network safeguard protection monitoring system - Google Patents

A kind of industrial control network safeguard protection monitoring system Download PDF

Info

Publication number
CN109474607A
CN109474607A CN201811489268.0A CN201811489268A CN109474607A CN 109474607 A CN109474607 A CN 109474607A CN 201811489268 A CN201811489268 A CN 201811489268A CN 109474607 A CN109474607 A CN 109474607A
Authority
CN
China
Prior art keywords
network
data
industry control
protocol
industrial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811489268.0A
Other languages
Chinese (zh)
Inventor
吴茂传
朱军
王跃
吴鹏
卓杰
陈燕燕
咸云飞
牟家正
万静静
刘彩云
朱建培
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LIANYUNGANG JIERUI DEEPSOFT TECHNOLOGY Co Ltd
Original Assignee
LIANYUNGANG JIERUI DEEPSOFT TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LIANYUNGANG JIERUI DEEPSOFT TECHNOLOGY Co Ltd filed Critical LIANYUNGANG JIERUI DEEPSOFT TECHNOLOGY Co Ltd
Priority to CN201811489268.0A priority Critical patent/CN109474607A/en
Publication of CN109474607A publication Critical patent/CN109474607A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of industrial control network safeguard protection monitoring system, the system are prevented and are protected in real time to the industrial equipment of industry control network, and system is passed through acquisition, analysis layer, functional layer and presentation layer and realized network security protection monitoring based on Integration application platform;Security Trend, system topological and industry control panorama are mainly shown by presentation layer;Acquisition layer includes the acquisition to network traffic data and the record to industry control network operation;Analysis layer mainly includes data processing, data correlation, data aggregate, data modeling, the integrated interface with other function module;Functional layer mainly includes monitoring audit, intrusion prevention, bug excavation, data isolation.Present system is prevented and is protected in real time to industrial equipment by industrial network control system intelligent protection technology;The data information of entire industry control network is monitored and is audited by monitoring audit technique, prevents industry control network by external attack;Can also have the function of industry control network bug excavation, escort safely for entire industry control network.

Description

A kind of industrial control network safeguard protection monitoring system
Technical field
The present invention relates to a kind of monitoring system, especially industrial control network safeguard protections to monitor system.
Background technique
Critical infrastructure system is the basis of the large scale industries such as manufacturing industry, traffic and energy industry, " industry internet, The technologies such as Internet of Things " are widely applied, and industrial control system becomes increasingly complex, and are connected to more and more business and external network, industry Control network develops into from independent network state also to be increased therewith with corporate IT environment network interconnected, safety problem Add, numerous security risks will increase the possibility of attack in industrial control system, these attacks can be asynchronous execution, and can grow Phase using industrial control network safeguard protection monitoring system (hereinafter referred to as: industrial control system) in a variety of loopholes as target, industry control system System is faced with various security threats and fragile sexual obsession.
Current Communication Control agreement is in the computer environment based on Internet Protocol (TCP/IP), and the past is in correlation Fragility processing aspect, generally protects critical information component using safety regulation and operation scheme, from the angle for reducing risk From the point of view of degree, it may not be feasible solution that simply IT safe practice, which is configured in industrial control system,.Although modern industry Control system also uses communications protocol same with IT commerce NET, but the specific function of control system require (in combination with Operation is required and executable is required) safe practice of original qualification may be made to become no effect.Some departments for example can Source, traffic and flow manufacturing industry, it is extremely sensitive to the control of time, so the potential and problem of handling up being isolated by safety measure It may cause the unacceptable delay of system, so that it cannot work normally.
Modern network-based communication, it is necessary to solve safety problem in industrial control system field, industrial control field it is key Network security problem mainly has as follows: the backdoor programs in network boundary;The fragility of common communication agreement;Equipment lacks or does not have There is safeguard protection;Attack to field device;Database attack;Data communication intercepts in the air and intermediate link attack;Software and Firewall is inappropriate or the patch that is not present updates;Dangerous programming;The inside and outside incorrect network security of individual Operation;It is to establish peace that control system shortage, which is effectively reduced Applications In Risk Technique to understand system vulnerability and attack pattern to capture, The effective measures defendd entirely.
Summary of the invention
The technical problem to be solved by the present invention is in view of the deficiencies of the prior art, provide a kind of new industrial control network Safeguard protection monitors system, it can be achieved that carrying out effective prevention and protection in real time to industrial equipment;It is external to prevent industry control network Attack.
The technical problem to be solved by the present invention is to what is realized by technical solution below.The present invention is a kind of industry It controls network security protection and monitors system, its main feature is that: the system is prevented and is protected in real time to the industrial equipment of industry control network Shield, system realize network security protection prison based on Integration application platform, through acquisition, analysis layer, functional layer and presentation layer It surveys;
Security Trend, system topological and industry control panorama are mainly shown by presentation layer;Pass through industry control network safety comprehensive exhibition Show that module provides visual panorama sketch, Security Trend, system topological and process flow for industry control network monitoring for protection system Visualization interface;
Acquisition layer includes the acquisition to network traffic data and the record to industry control network operation;
Analysis layer mainly includes data processing, data correlation, data aggregate, data modeling, and integrated with other function module connects Mouthful, it is the infrastructure component library of more application and developments, provides data foundation, the message mechanism of various abnormal conditions early warning for administrative decision Content;
Functional layer mainly includes monitoring audit, intrusion prevention, bug excavation, data isolation, and functional layer main functional modules include Industry control network intelligent protection module and industry control network abnormality detection module;Industry control network abnormality detection module mainly includes that safety is pre- Alert, attack path and risk management;Industry control network intelligent protection module mainly includes protocol identification, rule verification and black and white name It is single.
A kind of industrial control network safeguard protection of the present invention monitors system, special further preferred technical solution Be: the industry control network intelligent protection module is directed to manufacturing Complicated Flow, by carrying out deep analysis to industrial protocol, Content and data for industrial network agreement carry out careful compliance inspection, for including for point in operational order Table, register abnormal operation alarm, enable Application intrusion detection and guard system in poisoning intrusion attacking system Before detect Network Intrusion, using alarm with guard system expel Network Intrusion, be collected simultaneously Network Intrusion relevant information, as The knowledge of crime prevention system is added to knowledge base.
Industry control network intelligent protection module carries out compliance inspection to various protocols by system intrusion detection and protection module It looks into, realizes intrusion prevention, intimidation defense, antivirus protection and flow control and application management function;Include:
Network engine: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, composition Network engine, support tradition IT network protocol, supporting industry network protocol, carry out ip fragmentation recombination, stream converge, TCP state with Track, data capture, exchange, IPv4/v6 protocol stack stacking;
Management module: user management, configuration management, tactical management, incident management, log management, system monitoring are substantially carried out;
Safety response module: being directed to configuration information, configuration strategy, carries out corresponding response to detecting event.
For the industry control network exception monitoring module by the acquisition, analysis, identification of network data, real-time dynamic monitoring is logical Believe content, network behavior and network flow, not only detect the exception of network security level, also incorporates the business peace of different industries Full alarm, based on to industrial control protocols include Modbus TCP, OPC, Siemens S7, DNP3, IEC 60870-5-104, The communication message progress deep analysis of IEC 61850-MMS, IEC 61850-GOOSE, IEC 61850-SV, real-time detection are directed to The network attack of industrial protocol, user misoperation, User Violations operation, illegality equipment accesses and worm, virus type malice are soft The propagation of part and Realtime Alerts, while well-documented history all network communication behaviors, the industrial control protocols communication including instruction-level Record, Realtime Alerts response record the various sessions and event in network system comprehensively, are the safety accident of industrial control system Investigation provides foundation;It realizes that the accurate all-the-way tracking of intelligent association analysis, assessment and security incident to the network information positions, is The formulation of overall network security strategy provides support.
The industry control network exception monitoring module is mainly excavated by the depth to agreement and unusual checking is real Existing abnormal alarm, traffic statistics, log query, report export function;Include:
Basic service layer: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, group At base platform, tradition IT network protocol, supporting industry network protocol are supported;
Data analysis layer: mainly data acquisition module and protocol-decoding module carry out deep analysis and analysis to industry control agreement, Extract key operation behavior;
Kernel business tier: the realization of systematic difference function is realized in this layer;Including the business conduct baseline based on industry control scene, Abnormal behaviour alarm based on black and white lists;
User interface layer: the man-machine interface with end user is realized in this layer, administration interface is entered by WEB interface and carries out system Configuration management.
After the network data of acquisition is analyzed and parsed by the industry control network safety comprehensive display module, by not Treated result will be analyzed with form and carries out comprehensive displaying, and management level is given to provide decision recommendation;Include:
Threat Management: it by access industry control intrusion detection and industry control auditing system, realizes to application attack, worm, obtain permission Class is attacked, the concentration of suspicious network activities behavior alerts, and safe operation maintenance personnel is completed by alarm filtering, alert analysis to threat Monitoring, analysis, diagnostic work;
Asset management: statistics and analysis is carried out to the existing threat inside enterprise network from assets dimension;Help operation maintenance personnel The case where knowing enterprises IT infrastructure clearly, comprising: assets IP address, title, the protocol port of opening and application;
Equipment management: unified centralized management is carried out to the equipment of access, enterprise security operation maintenance personnel is helped to carry out unification to equipment Maintenance and management;
Report management: industry control audit and industry control intruding detection system log are collected, report is periodically generated.
System by industry control network abnormal behaviour and attack detecting and intelligent protocol identification, by the way of passive detection from Acquire data packet in network, and carry out the parsing of data packet, intelligently with built in system protocol characteristic, device object carry out Match, generate can network interaction information list for reference, pass through the matching to agreement distribution and flow information, form " network flow Amount behavior baseline " and " industry control scene behavior baseline ", the formation of " network-flow characteristic baseline " help user with most efficiently square Formula understands and grasp the service communication state in network, and discovery network is potentially safe;Intelligentized flow self-learning-ruler, and Auxiliary system automatically generates relevant abnormality detection rule, tuning is carried out to existing rule, to carry out the different of industry control network Often monitoring;Industry control scene assets topology is combed by " industry control scene behavior baseline " self-learning function, establishes industry control network behavior Model realizes to industry control the alarms such as behavior different outside baseline such as configuration change, manipulation instruction change, load change, abnormal access The alarm and response of site safety event, ensure the safe and stable operation of industrial control system;Intelligent protocol identification is in face of not Know agreement, by capture communication data packets in business operation scene, from packet header, function code, data application part cooperates business Operations Analyst, it is main to consider starting, stop, lower dress, upload, modification configuration, from same movement, repeatedly packet compares, must set out and Motionless field then infers packet format information, therefrom extracts communication feature;Simulant-client is reset, and variation is reset, and is seen It examines as a result, the simultaneously final formation rule in industry control network detection system.
Industry control network safe and intelligent protective module is made between internal network and external network by the combination of hardware and software A security gateway is set up, to protect internal network from the threat from external network insecurity factor;Industry control network Safe and intelligent protective module is also by filtering industry control protocol depth, monitoring and protect data flow, as much as possible to external network Structure, operation conditions and the information for shielding network internal, the safety of industrial control system is realized with this;Industry control association is carried out using white list The depth-type filtration and intelligent protection of view;Basic access control is carried out to industrial network agreement, and to industrial network agreement Content and data carry out careful compliance inspection;Safety equipment supports a variety of industrial network communication protocols, is suitable for various nets Network environment can be interacted with various field devices and be docked;Using each industrial protocol as an independent depth-type filtration mould Block is loaded in a manner of plug-in unit.
Industry control network abnormality detection module carries out loophole digging to the data that industry control acquires by Fuzzing fuzz testing technology Pick carries out security attack to controller, to find industrial control unit (ICU) safety defect that may be present;Using fuzzing technology Come with the mode that dynamic analysis technology combines through structural anomaly message, in checking system in protocol conformance and correlation Potential safety is verified in operation flow;By being directed to the byte-by-byte inspection of data data, each field of data is confirmed Within the framework of the agreement whether content;According to the data of transmitting terminal, according to the regulation of agreement, calculates and correctly return to number According to content;According to the content for sending data, the data that tested host should return under normal circumstances are obtained;It will be practical received Data and the data comparison, it can judge whether the data received are consistent with expection;
Realize that whole envelope speed detects, security threat is assessed in real time, Unified Threat Management by soft or hard cooperative intelligent processing technique Function, formation are detected, are protected, responding complete closed loop management mode;It is accurate to know using the application identification technology based on data flow Attack in the application is hidden in Web2.0 application in other non-standard ports application and http protocol tunnel, discovery;It is based on The leaking of sensitive data, file identification, server illegal external connection unusual checking realize the Advanced threat protection function of Intranet Energy;Soft or hard cooperative intelligentization processing is completed the full packet filtering of gigabit wire speed, stream recombination, flow control and application by chip and is shunted, and Most of attack is completed in the chip to check and reject, and unknown suspicious message is then reported at upper layer integration detection defence Software is managed, is differentiated and is handled by the integrated threat for detecting defence processing software completion datagram, and is true according to the result of processing It is fixed whether to adjust rule base.
Structural anomaly message is combined using fuzzing technology and dynamic analysis technology and realizes that safety examination method is: According to selected protocol type, analyze whether currently transmitted data meet protocol specification;According to currently transmitted data, generate The expected content for receiving data;The data received are analyzed again and whether expected data are consistent, if there is inconsistent Situation records corresponding necessary error message for checking analysis;Finally, being analysed in depth to exception and generating presentation information; Be by the method that soft or hard cooperative intelligent processing technique protects industry control network: software aspects by intrusion detection, peace Full audit, abnormal flow function are integrated, and prevent violation mail from attacking;Network packet is examined by hardware processing module It surveys, will test result and be transferred to software processing module, data threat is identified and is handled, rule is adjusted according to processing result New rule is fed back to hardware processing module and completes soft or hard coprocessing mode, realizes duplicate protection and the defence of network by library.
Compared with prior art, the invention has the following advantages:
1, industrial control network safeguard protection monitoring system of the present invention is by industrial network control system intelligent protection technology to work Industry equipment is prevented and is protected in real time;The data information of entire industry control network is monitored and is examined by monitoring audit technique Meter prevents industry control network by external attack.
2, the present invention also has the function of industry control network bug excavation, escorts safely for entire industry control network, and construct Industry control network monitoring for protection system is that safety condition is created in the informatization security of manufacturing industry and automation fusion.
3, the present invention improves the safety management level of industrial control system, prevents and block virus sense in entire industry control network Dye, the virus diffusion from information network, rogue program illegally starts and the generation with the events such as the illegal connection of Ethernet, Towards the safe level of industrial control network, ensures the reliability of industry control network safety and the timeliness of data exchange, realize work The intelligent protection of industry network control system, monitoring audit, Hole Detection and data acquisition isolation, system protection comprehensively, it is reliable, can Row, and sufficiently blended with industrial control equipment, it solves the problems, such as network, equipment safety, finally realizes the safe mesh of comprehensive industry control network Mark.
4, present system introduces dynamic security and ongoing Security protects theory, establishes time-based safety theory base The implementation of network security is divided into protection, detection and response three phases by plinth.In addition to deployment under the guidance of general safety strategy Outside static safety prevention measure, the links such as monitoring response, disposition reply are also added, it is anti-to form dynamic, the safety of closed loop Shield measure deployment mechanisms.Taking static protection in such a way that dynamic protection measure combines, occur in real-time detection network Risk, security incident occur when can find and be disposed in time, and to the experience in disposal process summarize with Just safeguard procedures are adjusted and perfect.
5, present system is using the protection system in length and breadth being association of activity and inertia, in the entire industrial control system network planning, Active safety safeguard procedures, the Security mechanism that comprehensive utilization " black, white list " combines, for Web portal is employed many times And the place easily attacked in transmission process is realized using means such as intrusion detection technology, firewall and safety monitoring designs The risk occurred in real-time detection network, quick response burst accident reduce damage minimum.
Detailed description of the invention
A kind of overall architecture block diagram of Fig. 1 present system;
A kind of block architecture diagram of Fig. 2 intrusion detection and protection module;
Fig. 3 is a kind of block architecture diagram of industry control network abnormality detection module;
Fig. 4 is a kind of block architecture diagram of industry control network safety comprehensive display module.
Specific embodiment
The specific technical solution of the present invention described further below, in order to which those skilled in the art is further understood that The present invention, without constituting the limitation to its right.
A kind of industrial control network safeguard protection monitoring system, system integrated stand composition can refer to Fig. 1;The system is to work Control network industrial equipment prevented and protected in real time, system based on Integration application platform, by acquisition, analysis layer, Functional layer and presentation layer realize network security protection monitoring;
Security Trend, system topological and industry control panorama are mainly shown by presentation layer;Pass through industry control network safety comprehensive exhibition Show that module provides visual panorama sketch, Security Trend, system topological and process flow for industry control network monitoring for protection system Visualization interface;
Acquisition layer includes the acquisition to network traffic data and the record to industry control network operation;
Analysis layer mainly includes data processing, data correlation, data aggregate, data modeling, and integrated with other function module connects Mouthful, it is the infrastructure component library of more application and developments, provides data foundation, the message mechanism of various abnormal conditions early warning for administrative decision Content;
Functional layer mainly includes monitoring audit, intrusion prevention, bug excavation, data isolation, and functional layer main functional modules include Industry control network intelligent protection module and industry control network abnormality detection module;Industry control network abnormality detection module mainly includes that safety is pre- Alert, attack path and risk management;Industry control network intelligent protection module mainly includes protocol identification, rule verification and black and white name It is single.
Industry control network intelligent protection module is directed to manufacturing Complicated Flow, by carrying out deep analysis to industrial protocol, Content and data for industrial network agreement carry out careful compliance inspection, for including for point in operational order Table, register abnormal operation alarm, enable Application intrusion detection and guard system in poisoning intrusion attacking system Before detect Network Intrusion, using alarm with guard system expel Network Intrusion, be collected simultaneously Network Intrusion relevant information, as The knowledge of crime prevention system is added to knowledge base.
Industry control network intelligent protection module carries out compliance inspection to various protocols by system intrusion detection and protection module It looks into, realizes intrusion prevention, intimidation defense, antivirus protection and flow control and application management function;Intrusion detection and protection mould Its framework of block can refer to Fig. 2, comprising:
Network engine: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, composition Network engine, support tradition IT network protocol, supporting industry network protocol, carry out ip fragmentation recombination, stream converge, TCP state with Track, data capture, exchange, IPv4/v6 protocol stack stacking;
Management module: user management, configuration management, tactical management, incident management, log management, system monitoring are substantially carried out;
Safety response module: being directed to configuration information, configuration strategy, carries out corresponding response to detecting event.
For the industry control network exception monitoring module by the acquisition, analysis, identification of network data, real-time dynamic monitoring is logical Believe content, network behavior and network flow, not only detect the exception of network security level, also incorporates the business peace of different industries Full alarm, based on to industrial control protocols include Modbus TCP, OPC, Siemens S7, DNP3, IEC 60870-5-104, The communication message progress deep analysis of IEC 61850-MMS, IEC 61850-GOOSE, IEC 61850-SV, real-time detection are directed to The network attack of industrial protocol, user misoperation, User Violations operation, illegality equipment accesses and worm, virus type malice are soft The propagation of part and Realtime Alerts, while well-documented history all network communication behaviors, the industrial control protocols communication including instruction-level Record, Realtime Alerts response record the various sessions and event in network system comprehensively, are the safety accident of industrial control system Investigation provides foundation;It realizes that the accurate all-the-way tracking of intelligent association analysis, assessment and security incident to the network information positions, is The formulation of overall network security strategy provides support.
Referring to Fig. 3, the industry control network exception monitoring module is mainly excavated by the depth to agreement and abnormal row Abnormal alarm, traffic statistics, log query, report export function are realized for detection;Include:
Basic service layer: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, group At base platform, tradition IT network protocol, supporting industry network protocol are supported;
Data analysis layer: mainly data acquisition module and protocol-decoding module carry out deep analysis and analysis to industry control agreement, Extract key operation behavior;
Kernel business tier: the realization of systematic difference function is realized in this layer;Including the business conduct baseline based on industry control scene, Abnormal behaviour alarm based on black and white lists;
User interface layer: the man-machine interface with end user is realized in this layer, administration interface is entered by WEB interface and carries out system Configuration management.
Referring to Fig. 4, the network data of acquisition is analyzed and is parsed by the industry control network safety comprehensive display module Afterwards, treated result will be analyzed by different form and carries out comprehensive displaying, management level is given to provide decision recommendation;Include:
Threat Management: it by access industry control intrusion detection and industry control auditing system, realizes to application attack, worm, obtain permission Class is attacked, the concentration of suspicious network activities behavior alerts, and safe operation maintenance personnel is completed by alarm filtering, alert analysis to threat Monitoring, analysis, diagnostic work;
Asset management: statistics and analysis is carried out to the existing threat inside enterprise network from assets dimension;Help operation maintenance personnel The case where knowing enterprises IT infrastructure clearly, comprising: assets IP address, title, the protocol port of opening and application;
Equipment management: unified centralized management is carried out to the equipment of access, enterprise security operation maintenance personnel is helped to carry out unification to equipment Maintenance and management;
Report management: industry control audit and industry control intruding detection system log are collected, report is periodically generated.
System by industry control network abnormal behaviour and attack detecting and intelligent protocol identification, by the way of passive detection from Acquire data packet in network, and carry out the parsing of data packet, intelligently with built in system protocol characteristic, device object carry out Match, generate can network interaction information list for reference, pass through the matching to agreement distribution and flow information, form " network flow Amount behavior baseline " and " industry control scene behavior baseline ", the formation of " network-flow characteristic baseline " help user with most efficiently square Formula understands and grasp the service communication state in network, and discovery network is potentially safe;Intelligentized flow self-learning-ruler, and Auxiliary system automatically generates relevant abnormality detection rule, tuning is carried out to existing rule, to carry out the different of industry control network Often monitoring;Industry control scene assets topology is combed by " industry control scene behavior baseline " self-learning function, establishes industry control network behavior Model realizes to industry control the alarms such as behavior different outside baseline such as configuration change, manipulation instruction change, load change, abnormal access The alarm and response of site safety event, ensure the safe and stable operation of industrial control system;Intelligent protocol identification is in face of not Know agreement, by capture communication data packets in business operation scene, from packet header, function code, data application part cooperates business Operations Analyst, it is main to consider starting, stop, lower dress, upload, modification configuration, from same movement, repeatedly packet compares, must set out and Motionless field then infers packet format information, therefrom extracts communication feature;Simulant-client is reset, and variation is reset, and is seen It examines as a result, the simultaneously final formation rule in industry control network detection system.
Industry control network safe and intelligent protective module is made between internal network and external network by the combination of hardware and software A security gateway is set up, to protect internal network from the threat from external network insecurity factor;Industry control network Safe and intelligent protective module is also by filtering industry control protocol depth, monitoring and protect data flow, as much as possible to external network Structure, operation conditions and the information for shielding network internal, the safety of industrial control system is realized with this;Industry control association is carried out using white list The depth-type filtration and intelligent protection of view;Basic access control is carried out to industrial network agreement, and to industrial network agreement Content and data carry out careful compliance inspection;Safety equipment supports a variety of industrial network communication protocols, is suitable for various nets Network environment can be interacted with various field devices and be docked;Using each industrial protocol as an independent depth-type filtration mould Block is loaded in a manner of plug-in unit.
Industry control network abnormality detection module carries out loophole digging to the data that industry control acquires by Fuzzing fuzz testing technology Pick carries out security attack to controller, to find industrial control unit (ICU) safety defect that may be present;Using fuzzing technology Come with the mode that dynamic analysis technology combines through structural anomaly message, in checking system in protocol conformance and correlation Potential safety is verified in operation flow;By being directed to the byte-by-byte inspection of data data, each field of data is confirmed Within the framework of the agreement whether content;According to the data of transmitting terminal, according to the regulation of agreement, calculates and correctly return to number According to content;According to the content for sending data, the data that tested host should return under normal circumstances are obtained;It will be practical received Data and the data comparison, it can judge whether the data received are consistent with expection;
Realize that whole envelope speed detects, security threat is assessed in real time, Unified Threat Management by soft or hard cooperative intelligent processing technique Function, formation are detected, are protected, responding complete closed loop management mode;It is accurate to know using the application identification technology based on data flow Attack in the application is hidden in Web2.0 application in other non-standard ports application and http protocol tunnel, discovery;It is based on The leaking of sensitive data, file identification, server illegal external connection unusual checking realize the Advanced threat protection function of Intranet Energy;Soft or hard cooperative intelligentization processing is completed the full packet filtering of gigabit wire speed, stream recombination, flow control and application by chip and is shunted, and Most of attack is completed in the chip to check and reject, and unknown suspicious message is then reported at upper layer integration detection defence Software is managed, is differentiated and is handled by the integrated threat for detecting defence processing software completion datagram, and is true according to the result of processing It is fixed whether to adjust rule base.
Structural anomaly message is combined using fuzzing technology and dynamic analysis technology and realizes that safety examination method is: According to selected protocol type, analyze whether currently transmitted data meet protocol specification;According to currently transmitted data, generate The expected content for receiving data;The data received are analyzed again and whether expected data are consistent, if there is inconsistent Situation records corresponding necessary error message for checking analysis;Finally, being analysed in depth to exception and generating presentation information; Be by the method that soft or hard cooperative intelligent processing technique protects industry control network: software aspects by intrusion detection, peace Full audit, abnormal flow function are integrated, and prevent violation mail from attacking;Network packet is examined by hardware processing module It surveys, will test result and be transferred to software processing module, data threat is identified and is handled, rule is adjusted according to processing result New rule is fed back to hardware processing module and completes soft or hard coprocessing mode, realizes duplicate protection and the defence of network by library.

Claims (10)

1. a kind of industrial control network safeguard protection monitors system, it is characterised in that:
The system is prevented and is protected in real time to the industrial equipment of industry control network, and system is led to based on Integration application platform It crosses acquisition, analysis layer, functional layer and presentation layer and realizes network security protection monitoring;
Security Trend, system topological and industry control panorama are mainly shown by presentation layer;Pass through industry control network safety comprehensive exhibition Show that module provides visual panorama sketch, Security Trend, system topological and process flow for industry control network monitoring for protection system Visualization interface;
Acquisition layer includes the acquisition to network traffic data and the record to industry control network operation;
Analysis layer mainly includes data processing, data correlation, data aggregate, data modeling, and integrated with other function module connects Mouthful, it is the infrastructure component library of more application and developments, provides data foundation, the message mechanism of various abnormal conditions early warning for administrative decision Content;
Functional layer mainly includes monitoring audit, intrusion prevention, bug excavation, data isolation, and functional layer main functional modules include Industry control network intelligent protection module and industry control network abnormality detection module;Industry control network abnormality detection module mainly includes that safety is pre- Alert, attack path and risk management;Industry control network intelligent protection module mainly includes protocol identification, rule verification and black and white name It is single.
2. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: the work It controls network intelligence protective module and is directed to manufacturing Complicated Flow, by carrying out deep analysis to industrial protocol, for industrial network The content and data of network agreement carry out careful compliance inspection, for including for a table, register in operational order Abnormal operation is alarmed, and Application intrusion detection and guard system is enabled to detect invasion before poisoning intrusion attacking system Attack expels Network Intrusion using alarm and guard system, Network Intrusion relevant information is collected simultaneously, as knowing for crime prevention system Knowledge is added to knowledge base.
3. a kind of industrial control network safeguard protection according to claim 2 monitors system, it is characterised in that: industry control network Intelligent protection module carries out compliance inspection to various protocols by system intrusion detection and protection module, realize intrusion prevention, Intimidation defense, antivirus protection and flow control and application management function;Include:
Network engine: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, composition Network engine, support tradition IT network protocol, supporting industry network protocol, carry out ip fragmentation recombination, stream converge, TCP state with Track, data capture, exchange, IPv4/v6 protocol stack stacking;
Management module: user management, configuration management, tactical management, incident management, log management, system monitoring are substantially carried out;
Safety response module: being directed to configuration information, configuration strategy, carries out corresponding response to detecting event.
4. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: the work Control acquisition, analysis, identification of the Network Abnormal monitoring modular by network data, real-time dynamic monitoring Content of Communication, network behavior And network flow, the exception of network security level is not only detected, the service security alarm of different industries has also been incorporated, based on to work Industry control protocol include Modbus TCP, OPC, Siemens S7, DNP3, IEC 60870-5-104, IEC 61850-MMS, The communication message progress deep analysis of IEC 61850-GOOSE, IEC 61850-SV, real-time detection are directed to the network of industrial protocol Attack, user misoperation, User Violations operation, illegality equipment access and worm, the propagation of virus type malware and real-time Alarm, while well-documented history all network communication behaviors, the industrial control protocols communications records including instruction-level, Realtime Alerts are rung It answers, records the various sessions and event in network system comprehensively, provide foundation for the safety accident investigation of industrial control system;It is real Now the accurate all-the-way tracking of intelligent association analysis, assessment and the security incident of the network information is positioned, is the safe plan of overall network Formulation slightly provides support.
5. a kind of industrial control network safeguard protection according to claim 4 monitors system, it is characterised in that: the work Network Abnormal monitoring modular is controlled, is mainly excavated by the depth to agreement and unusual checking realizes abnormal alarm, flow Statistics, log query, report export function;Include:
Basic service layer: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, group At base platform, tradition IT network protocol, supporting industry network protocol are supported;
Data analysis layer: mainly data acquisition module and protocol-decoding module carry out deep analysis and analysis to industry control agreement, Extract key operation behavior;
Kernel business tier: the realization of systematic difference function is realized in this layer;Including the business conduct baseline based on industry control scene, Abnormal behaviour alarm based on black and white lists;
User interface layer: the man-machine interface with end user is realized in this layer, administration interface is entered by WEB interface and carries out system Configuration management.
6. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: the work After the network data of acquisition is analyzed and parsed by control network security comprehensive display module, analysis is handled by different form Result afterwards carries out comprehensive displaying, provides decision recommendation to management level;Include:
Threat Management: it by access industry control intrusion detection and industry control auditing system, realizes to application attack, worm, obtain permission Class is attacked, the concentration of suspicious network activities behavior alerts, and safe operation maintenance personnel is completed by alarm filtering, alert analysis to threat Monitoring, analysis, diagnostic work;
Asset management: statistics and analysis is carried out to the existing threat inside enterprise network from assets dimension;Help operation maintenance personnel The case where knowing enterprises IT infrastructure clearly, comprising: assets IP address, title, the protocol port of opening and application;
Equipment management: unified centralized management is carried out to the equipment of access, enterprise security operation maintenance personnel is helped to carry out unification to equipment Maintenance and management;
Report management: industry control audit and industry control intruding detection system log are collected, report is periodically generated.
7. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: system passes through Industry control network abnormal behaviour and attack detecting and intelligent protocol identification, acquire data by the way of passive detection from network Packet, and the parsing of data packet is carried out, it is intelligently matched, is generated for ginseng with protocol characteristic, the device object built in system The network interaction information list examined, by agreement distribution and flow information matching, formed " network-flow characteristic baseline " and The formation of " industry control scene behavior baseline ", " network-flow characteristic baseline " helps user to understand and grasp net with most quick way Service communication state in network, discovery network are potentially safe;Intelligentized flow self-learning-ruler, and auxiliary system is given birth to automatically At relevant abnormality detection rule, tuning is carried out to existing rule, to carry out the exception monitoring of industry control network;Pass through " work Control scene behavior baseline " self-learning function combing industry control scene assets topology, industry control network behavior model is established, to different outside baseline Behavior such as configuration change, manipulation instruction change, load change, abnormal access alarm, realize the announcement to industry control site safety event Alert and response, ensures the safe and stable operation of industrial control system;Intelligent protocol identification is in face of unknown protocol, in business operation By capture communication data packets in scene, from packet header, function code, data application part, cooperation business operation is analyzed, main to consider Starting stops, lower dress, uploads, and modification configuration, from same movement, repeatedly packet compares, must set out with motionless field, then push away Disconnected packet format information, therefrom extracts communication feature;Simulant-client is reset, and variation is reset, and is observed as a result, simultaneously finally in work Control formation rule in network detection system.
8. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: industry control network Safe and intelligent protective module makes to set up a safety net between internal network and external network by the combination of hardware and software It closes, to protect internal network from the threat from external network insecurity factor;Industry control network safe and intelligent protective module Also by the filtering of industry control protocol depth, monitoring and protection data flow, the as much as possible knot to external net mask network internal Structure, operation conditions and information realize the safety of industrial control system with this;The depth-type filtration and intelligence of industry control agreement are carried out using white list It can protection;Basic access control is carried out to industrial network agreement, and the content and data of industrial network agreement is carried out thin The compliance inspection of cause;Safety equipment support a variety of industrial network communication protocols, be suitable for various network environments, can with it is various Field device interacts docking;Using each industrial protocol as an independent depth filtration module, in a manner of plug-in unit It is loaded.
9. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: industry control network Abnormality detection module carries out bug excavation to the data that industry control acquires by Fuzzing fuzz testing technology, carries out to controller Security attack, to find industrial control unit (ICU) safety defect that may be present;Using fuzzing technology and dynamic analysis technology phase In conjunction with mode come through structural anomaly message, in checking system in protocol conformance and related business process it is potential Safety is verified;By being directed to the byte-by-byte inspection of data data, confirm whether each field contents of data advise in agreement In fixed range;The content of correct returned data is calculated according to the regulation of agreement according to the data of transmitting terminal;According to hair The content for sending data obtains the data that tested host should return under normal circumstances;It will practical received data and the data pair Than, it can judge whether the data received are consistent with expection;
Realize that whole envelope speed detects, security threat is assessed in real time, Unified Threat Management by soft or hard cooperative intelligent processing technique Function, formation are detected, are protected, responding complete closed loop management mode;It is accurate to know using the application identification technology based on data flow Attack in the application is hidden in Web2.0 application in other non-standard ports application and http protocol tunnel, discovery;It is based on The leaking of sensitive data, file identification, server illegal external connection unusual checking realize the Advanced threat protection function of Intranet Energy;Soft or hard cooperative intelligentization processing is completed the full packet filtering of gigabit wire speed, stream recombination, flow control and application by chip and is shunted, and Most of attack is completed in the chip to check and reject, and unknown suspicious message is then reported at upper layer integration detection defence Software is managed, is differentiated and is handled by the integrated threat for detecting defence processing software completion datagram, and is true according to the result of processing It is fixed whether to adjust rule base.
10. a kind of industrial control network safeguard protection according to claim 7 monitors system, it is characterised in that: use Fuzzing technology and dynamic analysis technology combine structural anomaly message and realize that safety examination method is: according to selected Protocol type, analyzes whether currently transmitted data meet protocol specification;According to currently transmitted data, expected reception number is generated According to content;The data received are analyzed again and whether expected data are consistent, and if there is inconsistent situation, record is corresponding Necessary error message for check analysis;Finally, being analysed in depth to exception and generating presentation information;Pass through soft or hard collaboration intelligence The method that processing technique protects industry control network, which can be changed, is: in software aspects by intrusion detection, security audit, abnormal flow Function is integrated, and prevents violation mail from attacking;Network packet is detected by hardware processing module, will test result biography It is defeated to arrive software processing module, data threat is identified and is handled, rule base is adjusted according to processing result, it will new rule feedback Soft or hard coprocessing mode is completed to hardware processing module, realizes duplicate protection and the defence of network.
CN201811489268.0A 2018-12-06 2018-12-06 A kind of industrial control network safeguard protection monitoring system Pending CN109474607A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811489268.0A CN109474607A (en) 2018-12-06 2018-12-06 A kind of industrial control network safeguard protection monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811489268.0A CN109474607A (en) 2018-12-06 2018-12-06 A kind of industrial control network safeguard protection monitoring system

Publications (1)

Publication Number Publication Date
CN109474607A true CN109474607A (en) 2019-03-15

Family

ID=65675824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811489268.0A Pending CN109474607A (en) 2018-12-06 2018-12-06 A kind of industrial control network safeguard protection monitoring system

Country Status (1)

Country Link
CN (1) CN109474607A (en)

Cited By (119)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109818985A (en) * 2019-04-11 2019-05-28 江苏亨通工控安全研究院有限公司 A kind of industrial control system loophole trend analysis and method for early warning and system
CN109862045A (en) * 2019-04-01 2019-06-07 中科天御(苏州)科技有限公司 A kind of industrial control system dynamic security method and device based on SDN
CN109982359A (en) * 2019-04-29 2019-07-05 四川英得赛克科技有限公司 A kind of hotspot monitoring device and its method using more hotspot monitoring technology
CN110033174A (en) * 2019-03-20 2019-07-19 烽台科技(北京)有限公司 A kind of industrial information efficient public security system building method
CN110059073A (en) * 2019-03-18 2019-07-26 浙江工业大学 Web data automatic visual method based on Subgraph Isomorphism
CN110083583A (en) * 2019-03-29 2019-08-02 北京奇安信科技有限公司 Streaming events processing method and processing device
CN110149303A (en) * 2019-03-27 2019-08-20 李登峻 A kind of network safety pre-warning method and early warning system of Party school
CN110221581A (en) * 2019-04-26 2019-09-10 工业互联网创新中心(上海)有限公司 Industrial control network monitoring device and method
CN110262420A (en) * 2019-06-18 2019-09-20 国家计算机网络与信息安全管理中心 A kind of distributed industrial control network security detection system
CN110311946A (en) * 2019-05-10 2019-10-08 国网浙江省电力有限公司宁波供电公司 Business datum security processing, the apparatus and system calculated based on cloud and mist
CN110401642A (en) * 2019-07-10 2019-11-01 浙江中烟工业有限责任公司 A kind of acquisition of industry control flow and protocol analysis method
CN110535731A (en) * 2019-09-26 2019-12-03 北京中水科水电科技开发有限公司 A kind of industrial control system ethernet communication on-line testing and resolve packet method
CN110597232A (en) * 2019-09-26 2019-12-20 杭州电子科技大学 Frequency converter cooling water pump fault alarm method based on dynamic confidence rule base
CN110825040A (en) * 2019-10-22 2020-02-21 中国科学院信息工程研究所 Process control attack detection method and device for industrial control system
CN110855711A (en) * 2019-11-27 2020-02-28 上海三零卫士信息安全有限公司 Industrial control network security monitoring method based on white list matrix of SCADA (supervisory control and data acquisition) system
CN110868425A (en) * 2019-11-27 2020-03-06 上海三零卫士信息安全有限公司 Industrial control information safety monitoring system adopting black and white list for analysis
CN110912943A (en) * 2019-12-30 2020-03-24 北京明朝万达科技股份有限公司 Cross-network traffic analysis system
CN110958231A (en) * 2019-11-21 2020-04-03 博智安全科技股份有限公司 Industrial control safety event monitoring platform and method based on Internet
CN110958262A (en) * 2019-12-15 2020-04-03 国网山东省电力公司电力科学研究院 Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry
CN110968072A (en) * 2019-11-19 2020-04-07 朱彤 Electrical automation equipment monitoring system and method based on artificial intelligence
CN111031062A (en) * 2019-12-24 2020-04-17 四川英得赛克科技有限公司 Industrial control system panoramic perception monitoring method, device and system with self-learning function
CN111131332A (en) * 2020-01-16 2020-05-08 沈阳铁道科学技术研究所有限公司 Network service interconnection and flow acquisition, analysis and recording system
CN111176202A (en) * 2019-12-31 2020-05-19 成都烽创科技有限公司 Safety management method, device, terminal equipment and medium for industrial control network
CN111193719A (en) * 2019-12-14 2020-05-22 贵州电网有限责任公司 Network intrusion protection system
CN111399463A (en) * 2019-12-24 2020-07-10 上海可鲁系统软件有限公司 Industrial network data one-way isolation method and device
CN111427307A (en) * 2020-04-22 2020-07-17 国网浙江省电力有限公司 Industrial control abnormity detection method, device and equipment
CN111538992A (en) * 2020-03-20 2020-08-14 贵州电网有限责任公司 Network security unified management platform in electric power information
CN111563270A (en) * 2020-03-30 2020-08-21 中广核工程有限公司 Nuclear power plant digital security threat studying and judging system and method
CN111628994A (en) * 2020-05-26 2020-09-04 杭州安恒信息技术股份有限公司 Industrial control environment anomaly detection method, system and related device
CN111711626A (en) * 2020-06-16 2020-09-25 广州市安鸿网络科技有限公司 Method and system for monitoring network intrusion
CN111756714A (en) * 2020-06-15 2020-10-09 国家计算机网络与信息安全管理中心 Flow replay type test method and test engine for industrial control protocol
CN111832027A (en) * 2020-06-29 2020-10-27 郑州云智信安安全技术有限公司 Network intrusion safety early warning system based on cloud computing
CN111835680A (en) * 2019-04-18 2020-10-27 四川卫鼎新科信息技术有限公司 Safety protection system of industry automatic manufacturing
CN111901138A (en) * 2019-12-26 2020-11-06 长扬科技(北京)有限公司 Visual auditing method for illegal access of industrial network
CN111913430A (en) * 2020-06-30 2020-11-10 物耀安全科技(杭州)有限公司 Detection and protection method and system for control behavior of industrial control system
CN111934913A (en) * 2020-07-15 2020-11-13 成都航空职业技术学院 Intelligent network management system
CN111970233A (en) * 2020-06-30 2020-11-20 浙江远望信息股份有限公司 Analysis and identification method for network violation external connection scene
CN112019590A (en) * 2020-07-09 2020-12-01 广东省建设工程质量安全检测总站有限公司 Remote monitoring system for static load test
CN112187823A (en) * 2020-10-13 2021-01-05 绍兴文理学院 Internet of things availability evaluation method for malicious program diffusion under fog computing architecture
CN112235280A (en) * 2020-10-10 2021-01-15 重庆科技学院 Ontology-based industrial internet IoT system security model
CN112291257A (en) * 2020-11-11 2021-01-29 福建奇点时空数字科技有限公司 Platform dynamic defense method based on event driving and timing migration
CN112333205A (en) * 2020-12-22 2021-02-05 河北鸿联九五信息产业有限公司 Network security monitoring system
CN112351035A (en) * 2020-11-06 2021-02-09 杭州安恒信息技术股份有限公司 Industrial control security situation sensing method, device and medium
CN112351024A (en) * 2020-11-03 2021-02-09 广东电网有限责任公司 Public network communication safety monitoring system and method
CN112347515A (en) * 2020-11-20 2021-02-09 福州大学 Data detection and safety isolation method for edge operating system
CN112367375A (en) * 2020-10-27 2021-02-12 国核自仪系统工程有限公司 Multi-terminal safety display system based on FPGA
CN112383417A (en) * 2020-11-02 2021-02-19 杭州安恒信息安全技术有限公司 Terminal security external connection detection method, system, equipment and readable storage medium
CN112417434A (en) * 2020-10-15 2021-02-26 北京八分量信息科技有限公司 Program white list protection method combined with UEBA mechanism
CN112437040A (en) * 2020-10-26 2021-03-02 北京珞安科技有限责任公司 Industrial network security firewall boundary protection system
CN112437041A (en) * 2020-10-27 2021-03-02 北京珞安科技有限责任公司 Industrial control safety audit system and method based on artificial intelligence
CN112558555A (en) * 2019-09-26 2021-03-26 罗克韦尔自动化技术公司 Maintenance and debugging
CN112578694A (en) * 2019-09-27 2021-03-30 西门子股份公司 Monitoring system, method, apparatus and computer readable medium for an industrial controller
CN112600867A (en) * 2020-09-30 2021-04-02 南京审计大学 Information processing integrated system for hidden engineering networking monitoring audit
CN112653678A (en) * 2020-12-14 2021-04-13 国家电网有限公司信息通信分公司 Network security situation perception analysis method and device
CN112653693A (en) * 2020-12-21 2021-04-13 哈尔滨工大天创电子有限公司 Industrial control protocol analysis method and device, terminal equipment and readable storage medium
CN112667203A (en) * 2020-12-14 2021-04-16 南方电网数字电网研究院有限公司 Information safety operation monitoring and early warning system beneficial to operation and maintenance flow management
CN112799358A (en) * 2020-12-30 2021-05-14 上海磐御网络科技有限公司 Industrial control safety defense system
CN112839031A (en) * 2020-12-24 2021-05-25 江苏天创科技有限公司 Industrial control network security protection system and method
CN112838948A (en) * 2020-12-30 2021-05-25 江苏亨通工控安全研究院有限公司 Integrated industrial safety supervision and analysis system
CN112887211A (en) * 2021-01-26 2021-06-01 北京树米网络科技有限公司 Internet protocol message data forwarding system
CN112926059A (en) * 2021-04-07 2021-06-08 恒安嘉新(北京)科技股份公司 Data processing method, device, equipment and storage medium
CN112995175A (en) * 2021-02-24 2021-06-18 西安热工研究院有限公司 Method for carrying out network safety protection based on power generation state of hydroelectric generating set
CN112995122A (en) * 2020-03-25 2021-06-18 长扬科技(北京)有限公司 Industrial control network security data visualization system and equipment
CN113055375A (en) * 2021-03-10 2021-06-29 华能国际电力股份有限公司 Power station industrial control system physical network oriented attack process visualization method
CN113079186A (en) * 2021-06-07 2021-07-06 北京网藤科技有限公司 Industrial network boundary protection method and system based on industrial control terminal feature recognition
CN113098892A (en) * 2021-04-19 2021-07-09 恒安嘉新(北京)科技股份公司 Data leakage prevention system and method based on industrial Internet
CN113110268A (en) * 2021-05-28 2021-07-13 国家计算机网络与信息安全管理中心 Monitoring system, data acquisition equipment and method for rail transit control network
CN113114534A (en) * 2021-04-08 2021-07-13 苏煜程 Hybrid network fuzzy test tool based on neural network
CN113194027A (en) * 2021-05-21 2021-07-30 上海振华重工(集团)股份有限公司 Safety communication gateway system for industrial internet of automatic wharf
CN113206818A (en) * 2020-09-22 2021-08-03 苏州市中拓互联信息科技有限公司 Cloud server safety protection method and system
CN113381980A (en) * 2021-05-13 2021-09-10 优刻得科技股份有限公司 Information security defense method and system, electronic device and storage medium
CN113518346A (en) * 2021-04-29 2021-10-19 国网上海市电力公司 System for protecting safety of 5G electric power slicing channel
CN113557482A (en) * 2019-03-29 2021-10-26 欧姆龙株式会社 Controller system
CN113608741A (en) * 2021-07-07 2021-11-05 中国电子科技集团公司第三十研究所 Network security service integration method and device
CN113824682A (en) * 2021-08-12 2021-12-21 浙江木链物联网科技有限公司 Modular SCADA security situation perception system architecture
CN113923051A (en) * 2021-11-12 2022-01-11 国网河南省电力公司漯河供电公司 Novel intranet abnormal IP (Internet protocol) discovery technology
CN113938303A (en) * 2021-10-14 2022-01-14 上海中研宏瓴信息科技有限公司 Network detection and network management platform based on multi-mode network
CN113949539A (en) * 2021-09-27 2022-01-18 广东核电合营有限公司 Protection method for network security of KNS system of nuclear power plant and KNS system
CN114006750A (en) * 2021-10-29 2022-02-01 北京顶象技术有限公司 Abnormal operation detection method and device and electronic equipment
CN114205123A (en) * 2021-11-20 2022-03-18 湖北天融信网络安全技术有限公司 Attack and defense confrontation-based threat hunting method, device, equipment and storage medium
CN114217591A (en) * 2021-12-16 2022-03-22 网御铁卫(北京)科技有限公司 Network behavior self-learning system for industrial control system
CN114374528A (en) * 2021-11-24 2022-04-19 河南中裕广恒科技股份有限公司 Data security detection method and device, electronic equipment and medium
CN114448654A (en) * 2021-09-02 2022-05-06 中国科学院信息工程研究所 Block chain-based distributed trusted audit security evidence storing method
CN114465799A (en) * 2022-02-10 2022-05-10 北京神州慧安科技有限公司 Industrial control network safety supervision and early warning platform of production control system of thermal power plant
CN114500056A (en) * 2022-01-28 2022-05-13 杭州立思辰安科科技有限公司 Attack detection method based on FF protocol
CN114500011A (en) * 2022-01-13 2022-05-13 中国电子科技网络信息安全有限公司 Auxiliary decision-making method based on behavior baseline anomaly analysis and event arrangement
CN114513536A (en) * 2022-01-18 2022-05-17 成都网域探行科技有限公司 Internet of things safety management analysis method
CN114553537A (en) * 2022-02-22 2022-05-27 上海帝焚思信息科技有限公司 Abnormal flow monitoring method and system for industrial Internet
CN114567463A (en) * 2022-02-15 2022-05-31 浙江腾珑网安科技有限公司 Industrial network information safety monitoring and protection system
CN114629674A (en) * 2021-11-11 2022-06-14 北京计算机技术及应用研究所 Attention mechanism-based industrial control network security risk assessment method
CN114647869A (en) * 2022-03-22 2022-06-21 安徽赛福贝特信息技术有限公司 Safety protection system based on database
CN114666109A (en) * 2022-03-12 2022-06-24 深圳市龙信信息技术有限公司 Novel general hardware platform for information security
CN114697098A (en) * 2022-03-22 2022-07-01 华能国际电力股份有限公司河北清洁能源分公司 Network security detection system and detection method
CN114745197A (en) * 2022-04-28 2022-07-12 东方电气中能工控网络安全技术(成都)有限责任公司 Method and system for monitoring industrial control network intrusion in real time
CN114760234A (en) * 2022-03-30 2022-07-15 中核武汉核电运行技术股份有限公司 Verification system and method for protocol analysis result of industrial control system
CN114839938A (en) * 2022-04-28 2022-08-02 东方电气中能工控网络安全技术(成都)有限责任公司 DCS industrial control network security audit analysis system and method
CN114938300A (en) * 2022-05-17 2022-08-23 浙江木链物联网科技有限公司 Industrial control system situation perception method and system based on equipment behavior analysis
CN115052056A (en) * 2022-04-26 2022-09-13 深圳市云伽智能技术有限公司 Industrial control communication method, device, equipment and storage medium
CN115065568A (en) * 2022-08-19 2022-09-16 北京珞安科技有限责任公司 Industrial control network intrusion detection method and system
CN115086007A (en) * 2022-06-13 2022-09-20 北京融讯智晖技术有限公司 Network safety monitoring system based on video cloud command system
CN115080357A (en) * 2022-07-22 2022-09-20 浙江中控技术股份有限公司 Method and system for monitoring data in each industrial control operation device in complex industrial control
CN115102793A (en) * 2022-08-24 2022-09-23 北京网藤科技有限公司 Industrial control network security policy matching method and system based on log information analysis
WO2022198580A1 (en) * 2021-03-25 2022-09-29 西门子股份公司 Industrial control network anomaly detection method and device
CN115174155A (en) * 2022-06-14 2022-10-11 中国南方电网有限责任公司超高压输电公司南宁监控中心 Industrial host terminal safety protection method, storage medium and computer device
CN115191107A (en) * 2020-02-28 2022-10-14 西门子股份公司 Method and system for detecting data traffic in a communication network
CN115185466A (en) * 2022-07-25 2022-10-14 北京珞安科技有限责任公司 Hierarchical management and control tool and method for mobile storage device
CN115190191A (en) * 2022-09-13 2022-10-14 中电运行(北京)信息技术有限公司 Power grid industrial control system and control method based on protocol analysis
CN115277220A (en) * 2022-07-29 2022-11-01 西安热工研究院有限公司 Industrial control network traffic safety classification method and system and readable storage device
CN115348339A (en) * 2022-08-12 2022-11-15 北京威努特技术有限公司 Industrial control abnormity detection method based on functional code and business data correlation
CN115396236A (en) * 2022-10-27 2022-11-25 天津沄讯网络科技有限公司 Remote operation safety verification method and system for industrial internet intelligent equipment
CN115643118A (en) * 2022-12-23 2023-01-24 北京市大数据中心 Method, electronic device and medium for defending TDA against threat attack
CN115695163A (en) * 2022-09-30 2023-02-03 郑州云智信安安全技术有限公司 Visualization method and system based on syslog log analysis process
CN115801634A (en) * 2022-12-01 2023-03-14 北京安帝科技有限公司 Network test system based on industrial internet safety
CN116170236A (en) * 2023-04-24 2023-05-26 成都星云智联科技有限公司 Industrial control system abnormal flow detection method and system
CN116170340A (en) * 2023-04-24 2023-05-26 图林科技(深圳)有限公司 Network security test evaluation method
CN116232770A (en) * 2023-05-08 2023-06-06 中国石油大学(华东) Enterprise network safety protection system and method based on SDN controller
CN116318783A (en) * 2022-12-05 2023-06-23 浙江大学 Network industrial control equipment safety monitoring method and device based on safety index
CN116633693A (en) * 2023-07-24 2023-08-22 深圳市永达电子信息股份有限公司 Trusted security gateway implementation method based on full-element network identification
CN116827698A (en) * 2023-08-31 2023-09-29 国能大渡河大数据服务有限公司 Network gateway flow security situation awareness system and method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108055282A (en) * 2017-12-28 2018-05-18 国网浙江省电力有限公司电力科学研究院 Industry control abnormal behaviour analysis method and system based on self study white list
CN108646722A (en) * 2018-07-18 2018-10-12 杭州安恒信息技术股份有限公司 A kind of industrial control system information security simulation model and terminal

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108055282A (en) * 2017-12-28 2018-05-18 国网浙江省电力有限公司电力科学研究院 Industry control abnormal behaviour analysis method and system based on self study white list
CN108646722A (en) * 2018-07-18 2018-10-12 杭州安恒信息技术股份有限公司 A kind of industrial control system information security simulation model and terminal

Non-Patent Citations (12)

* Cited by examiner, † Cited by third party
Title
丁德忠等: "浅谈流域梯级水电站电力监控系统安全的综合防护", 《四川省水力发电工程学会2018年学术交流会暨"川云贵湘粤青"六省(区)施工技术交流会论文集》 *
孙易安等: "工业控制系统安全网络防护研究", 《信息安全研究》 *
张学聪: "基于Fuzzing测试的电力工控系统漏洞挖掘技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
张红金等: "工业控制系统信息安全因素及防护策略的探索", 《电子产品可靠性与环境试验》 *
施宇: "某协会网络安全方案的设计与实施", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
杨伦: "基于Spark大数据分析框架的工业网络安全监测预警平台", 《自动化博览》 *
沈志刚: "某火力发电公司厂级信息监控系统安全防护改造综述", 《电子技术与软件工程》 *
沈晶等: "一种采用专用芯片的软硬协同安全防护技术", 《指挥控制与仿真》 *
绿盟科技: "绿盟科技发布国内首款下一代入侵防护系统", 《计算机安全》 *
蒲新宇: "安全审计:无法回避的安全新话题", 《计算机安全》 *
蔡湃: "医院智能化弱电系统的设计", 《中国优秀硕士学位论文全文数据库工程科技Ⅱ辑》 *
金波等: "入侵检测技术与智能化发展方向", 《信息网络安全》 *

Cited By (159)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110059073B (en) * 2019-03-18 2021-04-06 浙江工业大学 Web data automatic visualization method based on subgraph isomorphism
CN110059073A (en) * 2019-03-18 2019-07-26 浙江工业大学 Web data automatic visual method based on Subgraph Isomorphism
CN110033174A (en) * 2019-03-20 2019-07-19 烽台科技(北京)有限公司 A kind of industrial information efficient public security system building method
CN110149303A (en) * 2019-03-27 2019-08-20 李登峻 A kind of network safety pre-warning method and early warning system of Party school
CN110083583A (en) * 2019-03-29 2019-08-02 北京奇安信科技有限公司 Streaming events processing method and processing device
CN113557482A (en) * 2019-03-29 2021-10-26 欧姆龙株式会社 Controller system
CN109862045B (en) * 2019-04-01 2021-06-01 中科天御(苏州)科技有限公司 SDN-based industrial control system dynamic defense method and device
CN109862045A (en) * 2019-04-01 2019-06-07 中科天御(苏州)科技有限公司 A kind of industrial control system dynamic security method and device based on SDN
CN109818985B (en) * 2019-04-11 2021-06-22 江苏亨通工控安全研究院有限公司 Industrial control system vulnerability trend analysis and early warning method and system
CN109818985A (en) * 2019-04-11 2019-05-28 江苏亨通工控安全研究院有限公司 A kind of industrial control system loophole trend analysis and method for early warning and system
CN111835680A (en) * 2019-04-18 2020-10-27 四川卫鼎新科信息技术有限公司 Safety protection system of industry automatic manufacturing
CN110221581A (en) * 2019-04-26 2019-09-10 工业互联网创新中心(上海)有限公司 Industrial control network monitoring device and method
CN109982359A (en) * 2019-04-29 2019-07-05 四川英得赛克科技有限公司 A kind of hotspot monitoring device and its method using more hotspot monitoring technology
CN109982359B (en) * 2019-04-29 2023-10-17 四川英得赛克科技有限公司 Wireless hot spot monitoring device and method adopting multi-wireless hot spot monitoring technology
CN110311946A (en) * 2019-05-10 2019-10-08 国网浙江省电力有限公司宁波供电公司 Business datum security processing, the apparatus and system calculated based on cloud and mist
CN110262420A (en) * 2019-06-18 2019-09-20 国家计算机网络与信息安全管理中心 A kind of distributed industrial control network security detection system
CN110401642A (en) * 2019-07-10 2019-11-01 浙江中烟工业有限责任公司 A kind of acquisition of industry control flow and protocol analysis method
CN112558555B (en) * 2019-09-26 2024-02-13 罗克韦尔自动化技术公司 Maintenance and debugging
CN110535731A (en) * 2019-09-26 2019-12-03 北京中水科水电科技开发有限公司 A kind of industrial control system ethernet communication on-line testing and resolve packet method
CN110597232A (en) * 2019-09-26 2019-12-20 杭州电子科技大学 Frequency converter cooling water pump fault alarm method based on dynamic confidence rule base
CN112558555A (en) * 2019-09-26 2021-03-26 罗克韦尔自动化技术公司 Maintenance and debugging
CN110597232B (en) * 2019-09-26 2020-09-25 杭州电子科技大学 Frequency converter cooling water pump fault alarm method based on dynamic confidence rule base
CN112578694A (en) * 2019-09-27 2021-03-30 西门子股份公司 Monitoring system, method, apparatus and computer readable medium for an industrial controller
CN110825040A (en) * 2019-10-22 2020-02-21 中国科学院信息工程研究所 Process control attack detection method and device for industrial control system
CN110968072A (en) * 2019-11-19 2020-04-07 朱彤 Electrical automation equipment monitoring system and method based on artificial intelligence
CN110958231A (en) * 2019-11-21 2020-04-03 博智安全科技股份有限公司 Industrial control safety event monitoring platform and method based on Internet
CN110868425A (en) * 2019-11-27 2020-03-06 上海三零卫士信息安全有限公司 Industrial control information safety monitoring system adopting black and white list for analysis
CN110855711A (en) * 2019-11-27 2020-02-28 上海三零卫士信息安全有限公司 Industrial control network security monitoring method based on white list matrix of SCADA (supervisory control and data acquisition) system
CN111193719A (en) * 2019-12-14 2020-05-22 贵州电网有限责任公司 Network intrusion protection system
CN110958262A (en) * 2019-12-15 2020-04-03 国网山东省电力公司电力科学研究院 Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry
CN111399463A (en) * 2019-12-24 2020-07-10 上海可鲁系统软件有限公司 Industrial network data one-way isolation method and device
CN111031062A (en) * 2019-12-24 2020-04-17 四川英得赛克科技有限公司 Industrial control system panoramic perception monitoring method, device and system with self-learning function
CN111399463B (en) * 2019-12-24 2023-10-20 上海可鲁系统软件有限公司 Industrial network data unidirectional isolation method and device
CN111901138B (en) * 2019-12-26 2021-10-19 长扬科技(北京)有限公司 Visual auditing method for illegal access of industrial network
CN111901138A (en) * 2019-12-26 2020-11-06 长扬科技(北京)有限公司 Visual auditing method for illegal access of industrial network
CN110912943B (en) * 2019-12-30 2021-10-01 北京明朝万达科技股份有限公司 Cross-network traffic analysis system
CN110912943A (en) * 2019-12-30 2020-03-24 北京明朝万达科技股份有限公司 Cross-network traffic analysis system
CN111176202A (en) * 2019-12-31 2020-05-19 成都烽创科技有限公司 Safety management method, device, terminal equipment and medium for industrial control network
CN111131332A (en) * 2020-01-16 2020-05-08 沈阳铁道科学技术研究所有限公司 Network service interconnection and flow acquisition, analysis and recording system
CN115191107A (en) * 2020-02-28 2022-10-14 西门子股份公司 Method and system for detecting data traffic in a communication network
CN115191107B (en) * 2020-02-28 2024-03-15 西门子股份公司 Method and system for detecting data traffic in a communication network
CN111538992A (en) * 2020-03-20 2020-08-14 贵州电网有限责任公司 Network security unified management platform in electric power information
CN112995122B (en) * 2020-03-25 2024-03-08 长扬科技(北京)股份有限公司 Industrial control network safety data visualization system
CN112995122A (en) * 2020-03-25 2021-06-18 长扬科技(北京)有限公司 Industrial control network security data visualization system and equipment
CN111563270A (en) * 2020-03-30 2020-08-21 中广核工程有限公司 Nuclear power plant digital security threat studying and judging system and method
CN111427307A (en) * 2020-04-22 2020-07-17 国网浙江省电力有限公司 Industrial control abnormity detection method, device and equipment
CN111427307B (en) * 2020-04-22 2021-08-24 国网浙江省电力有限公司 Industrial control abnormity detection method, device and equipment
CN111628994A (en) * 2020-05-26 2020-09-04 杭州安恒信息技术股份有限公司 Industrial control environment anomaly detection method, system and related device
CN111756714B (en) * 2020-06-15 2022-05-20 国家计算机网络与信息安全管理中心 Flow replay type test method and test engine for industrial control protocol
CN111756714A (en) * 2020-06-15 2020-10-09 国家计算机网络与信息安全管理中心 Flow replay type test method and test engine for industrial control protocol
CN111711626A (en) * 2020-06-16 2020-09-25 广州市安鸿网络科技有限公司 Method and system for monitoring network intrusion
CN111832027A (en) * 2020-06-29 2020-10-27 郑州云智信安安全技术有限公司 Network intrusion safety early warning system based on cloud computing
CN111970233B (en) * 2020-06-30 2023-09-01 浙江远望信息股份有限公司 Analysis and identification method for network violation external connection scene
CN111913430A (en) * 2020-06-30 2020-11-10 物耀安全科技(杭州)有限公司 Detection and protection method and system for control behavior of industrial control system
CN111970233A (en) * 2020-06-30 2020-11-20 浙江远望信息股份有限公司 Analysis and identification method for network violation external connection scene
CN112019590A (en) * 2020-07-09 2020-12-01 广东省建设工程质量安全检测总站有限公司 Remote monitoring system for static load test
CN111934913A (en) * 2020-07-15 2020-11-13 成都航空职业技术学院 Intelligent network management system
WO2022062178A1 (en) * 2020-09-22 2022-03-31 苏州市中拓互联信息科技有限公司 Cloud server information management method and system
CN113206818A (en) * 2020-09-22 2021-08-03 苏州市中拓互联信息科技有限公司 Cloud server safety protection method and system
CN112600867A (en) * 2020-09-30 2021-04-02 南京审计大学 Information processing integrated system for hidden engineering networking monitoring audit
CN112600867B (en) * 2020-09-30 2021-10-15 南京审计大学 Information processing integrated system for hidden engineering networking monitoring audit
CN112235280A (en) * 2020-10-10 2021-01-15 重庆科技学院 Ontology-based industrial internet IoT system security model
CN112235280B (en) * 2020-10-10 2022-07-01 重庆科技学院 Ontology-based industrial internet IoT system security model system
CN112187823A (en) * 2020-10-13 2021-01-05 绍兴文理学院 Internet of things availability evaluation method for malicious program diffusion under fog computing architecture
CN112417434A (en) * 2020-10-15 2021-02-26 北京八分量信息科技有限公司 Program white list protection method combined with UEBA mechanism
CN112437040A (en) * 2020-10-26 2021-03-02 北京珞安科技有限责任公司 Industrial network security firewall boundary protection system
CN112437041A (en) * 2020-10-27 2021-03-02 北京珞安科技有限责任公司 Industrial control safety audit system and method based on artificial intelligence
CN112367375A (en) * 2020-10-27 2021-02-12 国核自仪系统工程有限公司 Multi-terminal safety display system based on FPGA
CN112367375B (en) * 2020-10-27 2023-06-30 国核自仪系统工程有限公司 Multi-terminal safety display system based on FPGA
CN112383417A (en) * 2020-11-02 2021-02-19 杭州安恒信息安全技术有限公司 Terminal security external connection detection method, system, equipment and readable storage medium
CN112351024A (en) * 2020-11-03 2021-02-09 广东电网有限责任公司 Public network communication safety monitoring system and method
CN112351035A (en) * 2020-11-06 2021-02-09 杭州安恒信息技术股份有限公司 Industrial control security situation sensing method, device and medium
CN112351035B (en) * 2020-11-06 2022-07-15 杭州安恒信息技术股份有限公司 Industrial control security situation sensing method, device and medium
CN112291257A (en) * 2020-11-11 2021-01-29 福建奇点时空数字科技有限公司 Platform dynamic defense method based on event driving and timing migration
CN112347515A (en) * 2020-11-20 2021-02-09 福州大学 Data detection and safety isolation method for edge operating system
CN112667203B (en) * 2020-12-14 2024-02-27 南方电网数字电网研究院有限公司 Information security operation monitoring and early warning system beneficial to operation and maintenance flow management
CN112653678A (en) * 2020-12-14 2021-04-13 国家电网有限公司信息通信分公司 Network security situation perception analysis method and device
CN112667203A (en) * 2020-12-14 2021-04-16 南方电网数字电网研究院有限公司 Information safety operation monitoring and early warning system beneficial to operation and maintenance flow management
CN112653678B (en) * 2020-12-14 2023-01-24 国家电网有限公司信息通信分公司 Network security situation perception analysis method and device
CN112653693A (en) * 2020-12-21 2021-04-13 哈尔滨工大天创电子有限公司 Industrial control protocol analysis method and device, terminal equipment and readable storage medium
CN112333205B (en) * 2020-12-22 2022-11-25 河北鸿联九五信息产业有限公司 Network security monitoring system
CN112333205A (en) * 2020-12-22 2021-02-05 河北鸿联九五信息产业有限公司 Network security monitoring system
CN112839031A (en) * 2020-12-24 2021-05-25 江苏天创科技有限公司 Industrial control network security protection system and method
CN112799358A (en) * 2020-12-30 2021-05-14 上海磐御网络科技有限公司 Industrial control safety defense system
CN112838948B (en) * 2020-12-30 2023-02-28 江苏亨通工控安全研究院有限公司 Integrated industrial safety supervision and analysis system
CN112838948A (en) * 2020-12-30 2021-05-25 江苏亨通工控安全研究院有限公司 Integrated industrial safety supervision and analysis system
CN112887211A (en) * 2021-01-26 2021-06-01 北京树米网络科技有限公司 Internet protocol message data forwarding system
CN112995175A (en) * 2021-02-24 2021-06-18 西安热工研究院有限公司 Method for carrying out network safety protection based on power generation state of hydroelectric generating set
CN113055375B (en) * 2021-03-10 2022-06-17 华能国际电力股份有限公司 Power station industrial control system physical network oriented attack process visualization method
CN113055375A (en) * 2021-03-10 2021-06-29 华能国际电力股份有限公司 Power station industrial control system physical network oriented attack process visualization method
WO2022198580A1 (en) * 2021-03-25 2022-09-29 西门子股份公司 Industrial control network anomaly detection method and device
CN112926059B (en) * 2021-04-07 2024-04-23 恒安嘉新(北京)科技股份公司 Data processing method, device, equipment and storage medium
CN112926059A (en) * 2021-04-07 2021-06-08 恒安嘉新(北京)科技股份公司 Data processing method, device, equipment and storage medium
CN113114534A (en) * 2021-04-08 2021-07-13 苏煜程 Hybrid network fuzzy test tool based on neural network
CN113098892A (en) * 2021-04-19 2021-07-09 恒安嘉新(北京)科技股份公司 Data leakage prevention system and method based on industrial Internet
CN113518346A (en) * 2021-04-29 2021-10-19 国网上海市电力公司 System for protecting safety of 5G electric power slicing channel
CN113381980A (en) * 2021-05-13 2021-09-10 优刻得科技股份有限公司 Information security defense method and system, electronic device and storage medium
CN113194027A (en) * 2021-05-21 2021-07-30 上海振华重工(集团)股份有限公司 Safety communication gateway system for industrial internet of automatic wharf
CN113110268A (en) * 2021-05-28 2021-07-13 国家计算机网络与信息安全管理中心 Monitoring system, data acquisition equipment and method for rail transit control network
CN113079186A (en) * 2021-06-07 2021-07-06 北京网藤科技有限公司 Industrial network boundary protection method and system based on industrial control terminal feature recognition
CN113608741B (en) * 2021-07-07 2023-08-29 中国电子科技集团公司第三十研究所 Network security service integration method and device
CN113608741A (en) * 2021-07-07 2021-11-05 中国电子科技集团公司第三十研究所 Network security service integration method and device
CN113824682A (en) * 2021-08-12 2021-12-21 浙江木链物联网科技有限公司 Modular SCADA security situation perception system architecture
CN114448654B (en) * 2021-09-02 2023-03-31 中国科学院信息工程研究所 Block chain-based distributed trusted audit security evidence storing method
CN114448654A (en) * 2021-09-02 2022-05-06 中国科学院信息工程研究所 Block chain-based distributed trusted audit security evidence storing method
CN113949539A (en) * 2021-09-27 2022-01-18 广东核电合营有限公司 Protection method for network security of KNS system of nuclear power plant and KNS system
CN113938303A (en) * 2021-10-14 2022-01-14 上海中研宏瓴信息科技有限公司 Network detection and network management platform based on multi-mode network
CN114006750A (en) * 2021-10-29 2022-02-01 北京顶象技术有限公司 Abnormal operation detection method and device and electronic equipment
CN114629674A (en) * 2021-11-11 2022-06-14 北京计算机技术及应用研究所 Attention mechanism-based industrial control network security risk assessment method
CN113923051A (en) * 2021-11-12 2022-01-11 国网河南省电力公司漯河供电公司 Novel intranet abnormal IP (Internet protocol) discovery technology
CN114205123A (en) * 2021-11-20 2022-03-18 湖北天融信网络安全技术有限公司 Attack and defense confrontation-based threat hunting method, device, equipment and storage medium
CN114374528A (en) * 2021-11-24 2022-04-19 河南中裕广恒科技股份有限公司 Data security detection method and device, electronic equipment and medium
CN114217591A (en) * 2021-12-16 2022-03-22 网御铁卫(北京)科技有限公司 Network behavior self-learning system for industrial control system
CN114500011A (en) * 2022-01-13 2022-05-13 中国电子科技网络信息安全有限公司 Auxiliary decision-making method based on behavior baseline anomaly analysis and event arrangement
CN114500011B (en) * 2022-01-13 2023-12-05 中国电子科技网络信息安全有限公司 Auxiliary decision-making method based on behavior baseline anomaly analysis and event arrangement
CN114513536A (en) * 2022-01-18 2022-05-17 成都网域探行科技有限公司 Internet of things safety management analysis method
CN114513536B (en) * 2022-01-18 2023-12-08 成都网域探行科技有限公司 Internet of things safety management analysis method
CN114500056A (en) * 2022-01-28 2022-05-13 杭州立思辰安科科技有限公司 Attack detection method based on FF protocol
CN114465799A (en) * 2022-02-10 2022-05-10 北京神州慧安科技有限公司 Industrial control network safety supervision and early warning platform of production control system of thermal power plant
CN114567463B (en) * 2022-02-15 2024-04-02 浙江腾珑网安科技有限公司 Industrial network information safety monitoring and protecting system
CN114567463A (en) * 2022-02-15 2022-05-31 浙江腾珑网安科技有限公司 Industrial network information safety monitoring and protection system
CN114553537A (en) * 2022-02-22 2022-05-27 上海帝焚思信息科技有限公司 Abnormal flow monitoring method and system for industrial Internet
CN114666109A (en) * 2022-03-12 2022-06-24 深圳市龙信信息技术有限公司 Novel general hardware platform for information security
CN114647869B (en) * 2022-03-22 2024-04-05 安徽赛福贝特信息技术有限公司 Safety protection system based on database
CN114697098A (en) * 2022-03-22 2022-07-01 华能国际电力股份有限公司河北清洁能源分公司 Network security detection system and detection method
CN114647869A (en) * 2022-03-22 2022-06-21 安徽赛福贝特信息技术有限公司 Safety protection system based on database
CN114760234A (en) * 2022-03-30 2022-07-15 中核武汉核电运行技术股份有限公司 Verification system and method for protocol analysis result of industrial control system
CN115052056A (en) * 2022-04-26 2022-09-13 深圳市云伽智能技术有限公司 Industrial control communication method, device, equipment and storage medium
CN114839938A (en) * 2022-04-28 2022-08-02 东方电气中能工控网络安全技术(成都)有限责任公司 DCS industrial control network security audit analysis system and method
CN114745197A (en) * 2022-04-28 2022-07-12 东方电气中能工控网络安全技术(成都)有限责任公司 Method and system for monitoring industrial control network intrusion in real time
CN114938300A (en) * 2022-05-17 2022-08-23 浙江木链物联网科技有限公司 Industrial control system situation perception method and system based on equipment behavior analysis
CN115086007A (en) * 2022-06-13 2022-09-20 北京融讯智晖技术有限公司 Network safety monitoring system based on video cloud command system
CN115086007B (en) * 2022-06-13 2024-03-22 北京融讯智晖技术有限公司 Network security monitoring system based on video cloud command system
CN115174155A (en) * 2022-06-14 2022-10-11 中国南方电网有限责任公司超高压输电公司南宁监控中心 Industrial host terminal safety protection method, storage medium and computer device
CN115080357A (en) * 2022-07-22 2022-09-20 浙江中控技术股份有限公司 Method and system for monitoring data in each industrial control operation device in complex industrial control
CN115185466A (en) * 2022-07-25 2022-10-14 北京珞安科技有限责任公司 Hierarchical management and control tool and method for mobile storage device
CN115185466B (en) * 2022-07-25 2023-02-28 北京珞安科技有限责任公司 Hierarchical management and control tool and method for mobile storage device
CN115277220B (en) * 2022-07-29 2023-10-20 西安热工研究院有限公司 Industrial control network traffic safety classification method, system and readable storage device
CN115277220A (en) * 2022-07-29 2022-11-01 西安热工研究院有限公司 Industrial control network traffic safety classification method and system and readable storage device
CN115348339A (en) * 2022-08-12 2022-11-15 北京威努特技术有限公司 Industrial control abnormity detection method based on functional code and business data correlation
CN115348339B (en) * 2022-08-12 2023-11-21 北京威努特技术有限公司 Industrial control abnormity detection method based on correlation of function code and service data
CN115065568A (en) * 2022-08-19 2022-09-16 北京珞安科技有限责任公司 Industrial control network intrusion detection method and system
CN115065568B (en) * 2022-08-19 2022-12-20 北京珞安科技有限责任公司 Industrial control network intrusion detection method and system
CN115102793B (en) * 2022-08-24 2022-11-08 北京网藤科技有限公司 Industrial control network security policy matching method and system based on log information analysis
CN115102793A (en) * 2022-08-24 2022-09-23 北京网藤科技有限公司 Industrial control network security policy matching method and system based on log information analysis
CN115190191A (en) * 2022-09-13 2022-10-14 中电运行(北京)信息技术有限公司 Power grid industrial control system and control method based on protocol analysis
CN115695163A (en) * 2022-09-30 2023-02-03 郑州云智信安安全技术有限公司 Visualization method and system based on syslog log analysis process
CN115396236A (en) * 2022-10-27 2022-11-25 天津沄讯网络科技有限公司 Remote operation safety verification method and system for industrial internet intelligent equipment
CN115801634A (en) * 2022-12-01 2023-03-14 北京安帝科技有限公司 Network test system based on industrial internet safety
CN116318783A (en) * 2022-12-05 2023-06-23 浙江大学 Network industrial control equipment safety monitoring method and device based on safety index
CN116318783B (en) * 2022-12-05 2023-08-22 浙江大学 Network industrial control equipment safety monitoring method and device based on safety index
CN115643118A (en) * 2022-12-23 2023-01-24 北京市大数据中心 Method, electronic device and medium for defending TDA against threat attack
CN116170340A (en) * 2023-04-24 2023-05-26 图林科技(深圳)有限公司 Network security test evaluation method
CN116170236A (en) * 2023-04-24 2023-05-26 成都星云智联科技有限公司 Industrial control system abnormal flow detection method and system
CN116232770A (en) * 2023-05-08 2023-06-06 中国石油大学(华东) Enterprise network safety protection system and method based on SDN controller
CN116633693B (en) * 2023-07-24 2023-10-31 深圳市永达电子信息股份有限公司 Trusted security gateway implementation method based on full-element network identification
CN116633693A (en) * 2023-07-24 2023-08-22 深圳市永达电子信息股份有限公司 Trusted security gateway implementation method based on full-element network identification
CN116827698B (en) * 2023-08-31 2023-12-05 国能大渡河大数据服务有限公司 Network gateway flow security situation awareness system and method
CN116827698A (en) * 2023-08-31 2023-09-29 国能大渡河大数据服务有限公司 Network gateway flow security situation awareness system and method

Similar Documents

Publication Publication Date Title
CN109474607A (en) A kind of industrial control network safeguard protection monitoring system
Yılmaz et al. Attack detection/prevention system against cyber attack in industrial control systems
Sabahi et al. Intrusion detection: A survey
Yang et al. Harmonizing safety and security risk analysis and prevention in cyber-physical systems
Fovino et al. Cyber security assessment of a power plant
CN108809951A (en) A kind of penetration testing frame suitable for industrial control system
Mukhopadhyay et al. A comparative study of related technologies of intrusion detection & prevention systems
CN107770174A (en) A kind of intrusion prevention system and method towards SDN
CN111193738A (en) Intrusion detection method of industrial control system
Jarmakiewicz et al. Development of cyber security testbed for critical infrastructure
Rubio et al. Tracking apts in industrial ecosystems: A proof of concept
Ten et al. Cybersecurity for electric power control and automation systems
Khodabakhsh et al. Cyber-risk identification for a digital substation
Pashaei et al. Improving the IDS performance through early detection approach in local area networks using industrial control systems of honeypot
Li et al. Cyber attack detection of I&C systems in NPPS based on physical process data
Guo et al. Cyber security risk analysis of physical protection systems of nuclear power plants and research on the cyber security test platform using digital twin technology
Konstantinou et al. 15. Security Analysis of Smart Grid
Pranggono et al. Intrusion detection systems for critical infrastructure
Dhangar et al. Analysis of proposed intrusion detection system
LaPadula State of the art in anomaly detection and reaction
Maynard et al. Using Application Layer Metrics to Detect Advanced SCADA Attacks.
Whyte Using a systems-theoretic approach to analyze cyber attacks on cyber-physical systems
Lau et al. Securing supervisory control and data acquisition control systems
Yang et al. Cybersecurity testing technology in smart substations
Apolinário et al. ComSEC: Secure communications for baggage handling systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190315

RJ01 Rejection of invention patent application after publication