CN109474607A - A kind of industrial control network safeguard protection monitoring system - Google Patents
A kind of industrial control network safeguard protection monitoring system Download PDFInfo
- Publication number
- CN109474607A CN109474607A CN201811489268.0A CN201811489268A CN109474607A CN 109474607 A CN109474607 A CN 109474607A CN 201811489268 A CN201811489268 A CN 201811489268A CN 109474607 A CN109474607 A CN 109474607A
- Authority
- CN
- China
- Prior art keywords
- network
- data
- industry control
- protocol
- industrial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of industrial control network safeguard protection monitoring system, the system are prevented and are protected in real time to the industrial equipment of industry control network, and system is passed through acquisition, analysis layer, functional layer and presentation layer and realized network security protection monitoring based on Integration application platform;Security Trend, system topological and industry control panorama are mainly shown by presentation layer;Acquisition layer includes the acquisition to network traffic data and the record to industry control network operation;Analysis layer mainly includes data processing, data correlation, data aggregate, data modeling, the integrated interface with other function module;Functional layer mainly includes monitoring audit, intrusion prevention, bug excavation, data isolation.Present system is prevented and is protected in real time to industrial equipment by industrial network control system intelligent protection technology;The data information of entire industry control network is monitored and is audited by monitoring audit technique, prevents industry control network by external attack;Can also have the function of industry control network bug excavation, escort safely for entire industry control network.
Description
Technical field
The present invention relates to a kind of monitoring system, especially industrial control network safeguard protections to monitor system.
Background technique
Critical infrastructure system is the basis of the large scale industries such as manufacturing industry, traffic and energy industry, " industry internet,
The technologies such as Internet of Things " are widely applied, and industrial control system becomes increasingly complex, and are connected to more and more business and external network, industry
Control network develops into from independent network state also to be increased therewith with corporate IT environment network interconnected, safety problem
Add, numerous security risks will increase the possibility of attack in industrial control system, these attacks can be asynchronous execution, and can grow
Phase using industrial control network safeguard protection monitoring system (hereinafter referred to as: industrial control system) in a variety of loopholes as target, industry control system
System is faced with various security threats and fragile sexual obsession.
Current Communication Control agreement is in the computer environment based on Internet Protocol (TCP/IP), and the past is in correlation
Fragility processing aspect, generally protects critical information component using safety regulation and operation scheme, from the angle for reducing risk
From the point of view of degree, it may not be feasible solution that simply IT safe practice, which is configured in industrial control system,.Although modern industry
Control system also uses communications protocol same with IT commerce NET, but the specific function of control system require (in combination with
Operation is required and executable is required) safe practice of original qualification may be made to become no effect.Some departments for example can
Source, traffic and flow manufacturing industry, it is extremely sensitive to the control of time, so the potential and problem of handling up being isolated by safety measure
It may cause the unacceptable delay of system, so that it cannot work normally.
Modern network-based communication, it is necessary to solve safety problem in industrial control system field, industrial control field it is key
Network security problem mainly has as follows: the backdoor programs in network boundary;The fragility of common communication agreement;Equipment lacks or does not have
There is safeguard protection;Attack to field device;Database attack;Data communication intercepts in the air and intermediate link attack;Software and
Firewall is inappropriate or the patch that is not present updates;Dangerous programming;The inside and outside incorrect network security of individual
Operation;It is to establish peace that control system shortage, which is effectively reduced Applications In Risk Technique to understand system vulnerability and attack pattern to capture,
The effective measures defendd entirely.
Summary of the invention
The technical problem to be solved by the present invention is in view of the deficiencies of the prior art, provide a kind of new industrial control network
Safeguard protection monitors system, it can be achieved that carrying out effective prevention and protection in real time to industrial equipment;It is external to prevent industry control network
Attack.
The technical problem to be solved by the present invention is to what is realized by technical solution below.The present invention is a kind of industry
It controls network security protection and monitors system, its main feature is that: the system is prevented and is protected in real time to the industrial equipment of industry control network
Shield, system realize network security protection prison based on Integration application platform, through acquisition, analysis layer, functional layer and presentation layer
It surveys;
Security Trend, system topological and industry control panorama are mainly shown by presentation layer;Pass through industry control network safety comprehensive exhibition
Show that module provides visual panorama sketch, Security Trend, system topological and process flow for industry control network monitoring for protection system
Visualization interface;
Acquisition layer includes the acquisition to network traffic data and the record to industry control network operation;
Analysis layer mainly includes data processing, data correlation, data aggregate, data modeling, and integrated with other function module connects
Mouthful, it is the infrastructure component library of more application and developments, provides data foundation, the message mechanism of various abnormal conditions early warning for administrative decision
Content;
Functional layer mainly includes monitoring audit, intrusion prevention, bug excavation, data isolation, and functional layer main functional modules include
Industry control network intelligent protection module and industry control network abnormality detection module;Industry control network abnormality detection module mainly includes that safety is pre-
Alert, attack path and risk management;Industry control network intelligent protection module mainly includes protocol identification, rule verification and black and white name
It is single.
A kind of industrial control network safeguard protection of the present invention monitors system, special further preferred technical solution
Be: the industry control network intelligent protection module is directed to manufacturing Complicated Flow, by carrying out deep analysis to industrial protocol,
Content and data for industrial network agreement carry out careful compliance inspection, for including for point in operational order
Table, register abnormal operation alarm, enable Application intrusion detection and guard system in poisoning intrusion attacking system
Before detect Network Intrusion, using alarm with guard system expel Network Intrusion, be collected simultaneously Network Intrusion relevant information, as
The knowledge of crime prevention system is added to knowledge base.
Industry control network intelligent protection module carries out compliance inspection to various protocols by system intrusion detection and protection module
It looks into, realizes intrusion prevention, intimidation defense, antivirus protection and flow control and application management function;Include:
Network engine: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, composition
Network engine, support tradition IT network protocol, supporting industry network protocol, carry out ip fragmentation recombination, stream converge, TCP state with
Track, data capture, exchange, IPv4/v6 protocol stack stacking;
Management module: user management, configuration management, tactical management, incident management, log management, system monitoring are substantially carried out;
Safety response module: being directed to configuration information, configuration strategy, carries out corresponding response to detecting event.
For the industry control network exception monitoring module by the acquisition, analysis, identification of network data, real-time dynamic monitoring is logical
Believe content, network behavior and network flow, not only detect the exception of network security level, also incorporates the business peace of different industries
Full alarm, based on to industrial control protocols include Modbus TCP, OPC, Siemens S7, DNP3, IEC 60870-5-104,
The communication message progress deep analysis of IEC 61850-MMS, IEC 61850-GOOSE, IEC 61850-SV, real-time detection are directed to
The network attack of industrial protocol, user misoperation, User Violations operation, illegality equipment accesses and worm, virus type malice are soft
The propagation of part and Realtime Alerts, while well-documented history all network communication behaviors, the industrial control protocols communication including instruction-level
Record, Realtime Alerts response record the various sessions and event in network system comprehensively, are the safety accident of industrial control system
Investigation provides foundation;It realizes that the accurate all-the-way tracking of intelligent association analysis, assessment and security incident to the network information positions, is
The formulation of overall network security strategy provides support.
The industry control network exception monitoring module is mainly excavated by the depth to agreement and unusual checking is real
Existing abnormal alarm, traffic statistics, log query, report export function;Include:
Basic service layer: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, group
At base platform, tradition IT network protocol, supporting industry network protocol are supported;
Data analysis layer: mainly data acquisition module and protocol-decoding module carry out deep analysis and analysis to industry control agreement,
Extract key operation behavior;
Kernel business tier: the realization of systematic difference function is realized in this layer;Including the business conduct baseline based on industry control scene,
Abnormal behaviour alarm based on black and white lists;
User interface layer: the man-machine interface with end user is realized in this layer, administration interface is entered by WEB interface and carries out system
Configuration management.
After the network data of acquisition is analyzed and parsed by the industry control network safety comprehensive display module, by not
Treated result will be analyzed with form and carries out comprehensive displaying, and management level is given to provide decision recommendation;Include:
Threat Management: it by access industry control intrusion detection and industry control auditing system, realizes to application attack, worm, obtain permission
Class is attacked, the concentration of suspicious network activities behavior alerts, and safe operation maintenance personnel is completed by alarm filtering, alert analysis to threat
Monitoring, analysis, diagnostic work;
Asset management: statistics and analysis is carried out to the existing threat inside enterprise network from assets dimension;Help operation maintenance personnel
The case where knowing enterprises IT infrastructure clearly, comprising: assets IP address, title, the protocol port of opening and application;
Equipment management: unified centralized management is carried out to the equipment of access, enterprise security operation maintenance personnel is helped to carry out unification to equipment
Maintenance and management;
Report management: industry control audit and industry control intruding detection system log are collected, report is periodically generated.
System by industry control network abnormal behaviour and attack detecting and intelligent protocol identification, by the way of passive detection from
Acquire data packet in network, and carry out the parsing of data packet, intelligently with built in system protocol characteristic, device object carry out
Match, generate can network interaction information list for reference, pass through the matching to agreement distribution and flow information, form " network flow
Amount behavior baseline " and " industry control scene behavior baseline ", the formation of " network-flow characteristic baseline " help user with most efficiently square
Formula understands and grasp the service communication state in network, and discovery network is potentially safe;Intelligentized flow self-learning-ruler, and
Auxiliary system automatically generates relevant abnormality detection rule, tuning is carried out to existing rule, to carry out the different of industry control network
Often monitoring;Industry control scene assets topology is combed by " industry control scene behavior baseline " self-learning function, establishes industry control network behavior
Model realizes to industry control the alarms such as behavior different outside baseline such as configuration change, manipulation instruction change, load change, abnormal access
The alarm and response of site safety event, ensure the safe and stable operation of industrial control system;Intelligent protocol identification is in face of not
Know agreement, by capture communication data packets in business operation scene, from packet header, function code, data application part cooperates business
Operations Analyst, it is main to consider starting, stop, lower dress, upload, modification configuration, from same movement, repeatedly packet compares, must set out and
Motionless field then infers packet format information, therefrom extracts communication feature;Simulant-client is reset, and variation is reset, and is seen
It examines as a result, the simultaneously final formation rule in industry control network detection system.
Industry control network safe and intelligent protective module is made between internal network and external network by the combination of hardware and software
A security gateway is set up, to protect internal network from the threat from external network insecurity factor;Industry control network
Safe and intelligent protective module is also by filtering industry control protocol depth, monitoring and protect data flow, as much as possible to external network
Structure, operation conditions and the information for shielding network internal, the safety of industrial control system is realized with this;Industry control association is carried out using white list
The depth-type filtration and intelligent protection of view;Basic access control is carried out to industrial network agreement, and to industrial network agreement
Content and data carry out careful compliance inspection;Safety equipment supports a variety of industrial network communication protocols, is suitable for various nets
Network environment can be interacted with various field devices and be docked;Using each industrial protocol as an independent depth-type filtration mould
Block is loaded in a manner of plug-in unit.
Industry control network abnormality detection module carries out loophole digging to the data that industry control acquires by Fuzzing fuzz testing technology
Pick carries out security attack to controller, to find industrial control unit (ICU) safety defect that may be present;Using fuzzing technology
Come with the mode that dynamic analysis technology combines through structural anomaly message, in checking system in protocol conformance and correlation
Potential safety is verified in operation flow;By being directed to the byte-by-byte inspection of data data, each field of data is confirmed
Within the framework of the agreement whether content;According to the data of transmitting terminal, according to the regulation of agreement, calculates and correctly return to number
According to content;According to the content for sending data, the data that tested host should return under normal circumstances are obtained;It will be practical received
Data and the data comparison, it can judge whether the data received are consistent with expection;
Realize that whole envelope speed detects, security threat is assessed in real time, Unified Threat Management by soft or hard cooperative intelligent processing technique
Function, formation are detected, are protected, responding complete closed loop management mode;It is accurate to know using the application identification technology based on data flow
Attack in the application is hidden in Web2.0 application in other non-standard ports application and http protocol tunnel, discovery;It is based on
The leaking of sensitive data, file identification, server illegal external connection unusual checking realize the Advanced threat protection function of Intranet
Energy;Soft or hard cooperative intelligentization processing is completed the full packet filtering of gigabit wire speed, stream recombination, flow control and application by chip and is shunted, and
Most of attack is completed in the chip to check and reject, and unknown suspicious message is then reported at upper layer integration detection defence
Software is managed, is differentiated and is handled by the integrated threat for detecting defence processing software completion datagram, and is true according to the result of processing
It is fixed whether to adjust rule base.
Structural anomaly message is combined using fuzzing technology and dynamic analysis technology and realizes that safety examination method is:
According to selected protocol type, analyze whether currently transmitted data meet protocol specification;According to currently transmitted data, generate
The expected content for receiving data;The data received are analyzed again and whether expected data are consistent, if there is inconsistent
Situation records corresponding necessary error message for checking analysis;Finally, being analysed in depth to exception and generating presentation information;
Be by the method that soft or hard cooperative intelligent processing technique protects industry control network: software aspects by intrusion detection, peace
Full audit, abnormal flow function are integrated, and prevent violation mail from attacking;Network packet is examined by hardware processing module
It surveys, will test result and be transferred to software processing module, data threat is identified and is handled, rule is adjusted according to processing result
New rule is fed back to hardware processing module and completes soft or hard coprocessing mode, realizes duplicate protection and the defence of network by library.
Compared with prior art, the invention has the following advantages:
1, industrial control network safeguard protection monitoring system of the present invention is by industrial network control system intelligent protection technology to work
Industry equipment is prevented and is protected in real time;The data information of entire industry control network is monitored and is examined by monitoring audit technique
Meter prevents industry control network by external attack.
2, the present invention also has the function of industry control network bug excavation, escorts safely for entire industry control network, and construct
Industry control network monitoring for protection system is that safety condition is created in the informatization security of manufacturing industry and automation fusion.
3, the present invention improves the safety management level of industrial control system, prevents and block virus sense in entire industry control network
Dye, the virus diffusion from information network, rogue program illegally starts and the generation with the events such as the illegal connection of Ethernet,
Towards the safe level of industrial control network, ensures the reliability of industry control network safety and the timeliness of data exchange, realize work
The intelligent protection of industry network control system, monitoring audit, Hole Detection and data acquisition isolation, system protection comprehensively, it is reliable, can
Row, and sufficiently blended with industrial control equipment, it solves the problems, such as network, equipment safety, finally realizes the safe mesh of comprehensive industry control network
Mark.
4, present system introduces dynamic security and ongoing Security protects theory, establishes time-based safety theory base
The implementation of network security is divided into protection, detection and response three phases by plinth.In addition to deployment under the guidance of general safety strategy
Outside static safety prevention measure, the links such as monitoring response, disposition reply are also added, it is anti-to form dynamic, the safety of closed loop
Shield measure deployment mechanisms.Taking static protection in such a way that dynamic protection measure combines, occur in real-time detection network
Risk, security incident occur when can find and be disposed in time, and to the experience in disposal process summarize with
Just safeguard procedures are adjusted and perfect.
5, present system is using the protection system in length and breadth being association of activity and inertia, in the entire industrial control system network planning,
Active safety safeguard procedures, the Security mechanism that comprehensive utilization " black, white list " combines, for Web portal is employed many times
And the place easily attacked in transmission process is realized using means such as intrusion detection technology, firewall and safety monitoring designs
The risk occurred in real-time detection network, quick response burst accident reduce damage minimum.
Detailed description of the invention
A kind of overall architecture block diagram of Fig. 1 present system;
A kind of block architecture diagram of Fig. 2 intrusion detection and protection module;
Fig. 3 is a kind of block architecture diagram of industry control network abnormality detection module;
Fig. 4 is a kind of block architecture diagram of industry control network safety comprehensive display module.
Specific embodiment
The specific technical solution of the present invention described further below, in order to which those skilled in the art is further understood that
The present invention, without constituting the limitation to its right.
A kind of industrial control network safeguard protection monitoring system, system integrated stand composition can refer to Fig. 1;The system is to work
Control network industrial equipment prevented and protected in real time, system based on Integration application platform, by acquisition, analysis layer,
Functional layer and presentation layer realize network security protection monitoring;
Security Trend, system topological and industry control panorama are mainly shown by presentation layer;Pass through industry control network safety comprehensive exhibition
Show that module provides visual panorama sketch, Security Trend, system topological and process flow for industry control network monitoring for protection system
Visualization interface;
Acquisition layer includes the acquisition to network traffic data and the record to industry control network operation;
Analysis layer mainly includes data processing, data correlation, data aggregate, data modeling, and integrated with other function module connects
Mouthful, it is the infrastructure component library of more application and developments, provides data foundation, the message mechanism of various abnormal conditions early warning for administrative decision
Content;
Functional layer mainly includes monitoring audit, intrusion prevention, bug excavation, data isolation, and functional layer main functional modules include
Industry control network intelligent protection module and industry control network abnormality detection module;Industry control network abnormality detection module mainly includes that safety is pre-
Alert, attack path and risk management;Industry control network intelligent protection module mainly includes protocol identification, rule verification and black and white name
It is single.
Industry control network intelligent protection module is directed to manufacturing Complicated Flow, by carrying out deep analysis to industrial protocol,
Content and data for industrial network agreement carry out careful compliance inspection, for including for point in operational order
Table, register abnormal operation alarm, enable Application intrusion detection and guard system in poisoning intrusion attacking system
Before detect Network Intrusion, using alarm with guard system expel Network Intrusion, be collected simultaneously Network Intrusion relevant information, as
The knowledge of crime prevention system is added to knowledge base.
Industry control network intelligent protection module carries out compliance inspection to various protocols by system intrusion detection and protection module
It looks into, realizes intrusion prevention, intimidation defense, antivirus protection and flow control and application management function;Intrusion detection and protection mould
Its framework of block can refer to Fig. 2, comprising:
Network engine: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, composition
Network engine, support tradition IT network protocol, supporting industry network protocol, carry out ip fragmentation recombination, stream converge, TCP state with
Track, data capture, exchange, IPv4/v6 protocol stack stacking;
Management module: user management, configuration management, tactical management, incident management, log management, system monitoring are substantially carried out;
Safety response module: being directed to configuration information, configuration strategy, carries out corresponding response to detecting event.
For the industry control network exception monitoring module by the acquisition, analysis, identification of network data, real-time dynamic monitoring is logical
Believe content, network behavior and network flow, not only detect the exception of network security level, also incorporates the business peace of different industries
Full alarm, based on to industrial control protocols include Modbus TCP, OPC, Siemens S7, DNP3, IEC 60870-5-104,
The communication message progress deep analysis of IEC 61850-MMS, IEC 61850-GOOSE, IEC 61850-SV, real-time detection are directed to
The network attack of industrial protocol, user misoperation, User Violations operation, illegality equipment accesses and worm, virus type malice are soft
The propagation of part and Realtime Alerts, while well-documented history all network communication behaviors, the industrial control protocols communication including instruction-level
Record, Realtime Alerts response record the various sessions and event in network system comprehensively, are the safety accident of industrial control system
Investigation provides foundation;It realizes that the accurate all-the-way tracking of intelligent association analysis, assessment and security incident to the network information positions, is
The formulation of overall network security strategy provides support.
Referring to Fig. 3, the industry control network exception monitoring module is mainly excavated by the depth to agreement and abnormal row
Abnormal alarm, traffic statistics, log query, report export function are realized for detection;Include:
Basic service layer: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, group
At base platform, tradition IT network protocol, supporting industry network protocol are supported;
Data analysis layer: mainly data acquisition module and protocol-decoding module carry out deep analysis and analysis to industry control agreement,
Extract key operation behavior;
Kernel business tier: the realization of systematic difference function is realized in this layer;Including the business conduct baseline based on industry control scene,
Abnormal behaviour alarm based on black and white lists;
User interface layer: the man-machine interface with end user is realized in this layer, administration interface is entered by WEB interface and carries out system
Configuration management.
Referring to Fig. 4, the network data of acquisition is analyzed and is parsed by the industry control network safety comprehensive display module
Afterwards, treated result will be analyzed by different form and carries out comprehensive displaying, management level is given to provide decision recommendation;Include:
Threat Management: it by access industry control intrusion detection and industry control auditing system, realizes to application attack, worm, obtain permission
Class is attacked, the concentration of suspicious network activities behavior alerts, and safe operation maintenance personnel is completed by alarm filtering, alert analysis to threat
Monitoring, analysis, diagnostic work;
Asset management: statistics and analysis is carried out to the existing threat inside enterprise network from assets dimension;Help operation maintenance personnel
The case where knowing enterprises IT infrastructure clearly, comprising: assets IP address, title, the protocol port of opening and application;
Equipment management: unified centralized management is carried out to the equipment of access, enterprise security operation maintenance personnel is helped to carry out unification to equipment
Maintenance and management;
Report management: industry control audit and industry control intruding detection system log are collected, report is periodically generated.
System by industry control network abnormal behaviour and attack detecting and intelligent protocol identification, by the way of passive detection from
Acquire data packet in network, and carry out the parsing of data packet, intelligently with built in system protocol characteristic, device object carry out
Match, generate can network interaction information list for reference, pass through the matching to agreement distribution and flow information, form " network flow
Amount behavior baseline " and " industry control scene behavior baseline ", the formation of " network-flow characteristic baseline " help user with most efficiently square
Formula understands and grasp the service communication state in network, and discovery network is potentially safe;Intelligentized flow self-learning-ruler, and
Auxiliary system automatically generates relevant abnormality detection rule, tuning is carried out to existing rule, to carry out the different of industry control network
Often monitoring;Industry control scene assets topology is combed by " industry control scene behavior baseline " self-learning function, establishes industry control network behavior
Model realizes to industry control the alarms such as behavior different outside baseline such as configuration change, manipulation instruction change, load change, abnormal access
The alarm and response of site safety event, ensure the safe and stable operation of industrial control system;Intelligent protocol identification is in face of not
Know agreement, by capture communication data packets in business operation scene, from packet header, function code, data application part cooperates business
Operations Analyst, it is main to consider starting, stop, lower dress, upload, modification configuration, from same movement, repeatedly packet compares, must set out and
Motionless field then infers packet format information, therefrom extracts communication feature;Simulant-client is reset, and variation is reset, and is seen
It examines as a result, the simultaneously final formation rule in industry control network detection system.
Industry control network safe and intelligent protective module is made between internal network and external network by the combination of hardware and software
A security gateway is set up, to protect internal network from the threat from external network insecurity factor;Industry control network
Safe and intelligent protective module is also by filtering industry control protocol depth, monitoring and protect data flow, as much as possible to external network
Structure, operation conditions and the information for shielding network internal, the safety of industrial control system is realized with this;Industry control association is carried out using white list
The depth-type filtration and intelligent protection of view;Basic access control is carried out to industrial network agreement, and to industrial network agreement
Content and data carry out careful compliance inspection;Safety equipment supports a variety of industrial network communication protocols, is suitable for various nets
Network environment can be interacted with various field devices and be docked;Using each industrial protocol as an independent depth-type filtration mould
Block is loaded in a manner of plug-in unit.
Industry control network abnormality detection module carries out loophole digging to the data that industry control acquires by Fuzzing fuzz testing technology
Pick carries out security attack to controller, to find industrial control unit (ICU) safety defect that may be present;Using fuzzing technology
Come with the mode that dynamic analysis technology combines through structural anomaly message, in checking system in protocol conformance and correlation
Potential safety is verified in operation flow;By being directed to the byte-by-byte inspection of data data, each field of data is confirmed
Within the framework of the agreement whether content;According to the data of transmitting terminal, according to the regulation of agreement, calculates and correctly return to number
According to content;According to the content for sending data, the data that tested host should return under normal circumstances are obtained;It will be practical received
Data and the data comparison, it can judge whether the data received are consistent with expection;
Realize that whole envelope speed detects, security threat is assessed in real time, Unified Threat Management by soft or hard cooperative intelligent processing technique
Function, formation are detected, are protected, responding complete closed loop management mode;It is accurate to know using the application identification technology based on data flow
Attack in the application is hidden in Web2.0 application in other non-standard ports application and http protocol tunnel, discovery;It is based on
The leaking of sensitive data, file identification, server illegal external connection unusual checking realize the Advanced threat protection function of Intranet
Energy;Soft or hard cooperative intelligentization processing is completed the full packet filtering of gigabit wire speed, stream recombination, flow control and application by chip and is shunted, and
Most of attack is completed in the chip to check and reject, and unknown suspicious message is then reported at upper layer integration detection defence
Software is managed, is differentiated and is handled by the integrated threat for detecting defence processing software completion datagram, and is true according to the result of processing
It is fixed whether to adjust rule base.
Structural anomaly message is combined using fuzzing technology and dynamic analysis technology and realizes that safety examination method is:
According to selected protocol type, analyze whether currently transmitted data meet protocol specification;According to currently transmitted data, generate
The expected content for receiving data;The data received are analyzed again and whether expected data are consistent, if there is inconsistent
Situation records corresponding necessary error message for checking analysis;Finally, being analysed in depth to exception and generating presentation information;
Be by the method that soft or hard cooperative intelligent processing technique protects industry control network: software aspects by intrusion detection, peace
Full audit, abnormal flow function are integrated, and prevent violation mail from attacking;Network packet is examined by hardware processing module
It surveys, will test result and be transferred to software processing module, data threat is identified and is handled, rule is adjusted according to processing result
New rule is fed back to hardware processing module and completes soft or hard coprocessing mode, realizes duplicate protection and the defence of network by library.
Claims (10)
1. a kind of industrial control network safeguard protection monitors system, it is characterised in that:
The system is prevented and is protected in real time to the industrial equipment of industry control network, and system is led to based on Integration application platform
It crosses acquisition, analysis layer, functional layer and presentation layer and realizes network security protection monitoring;
Security Trend, system topological and industry control panorama are mainly shown by presentation layer;Pass through industry control network safety comprehensive exhibition
Show that module provides visual panorama sketch, Security Trend, system topological and process flow for industry control network monitoring for protection system
Visualization interface;
Acquisition layer includes the acquisition to network traffic data and the record to industry control network operation;
Analysis layer mainly includes data processing, data correlation, data aggregate, data modeling, and integrated with other function module connects
Mouthful, it is the infrastructure component library of more application and developments, provides data foundation, the message mechanism of various abnormal conditions early warning for administrative decision
Content;
Functional layer mainly includes monitoring audit, intrusion prevention, bug excavation, data isolation, and functional layer main functional modules include
Industry control network intelligent protection module and industry control network abnormality detection module;Industry control network abnormality detection module mainly includes that safety is pre-
Alert, attack path and risk management;Industry control network intelligent protection module mainly includes protocol identification, rule verification and black and white name
It is single.
2. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: the work
It controls network intelligence protective module and is directed to manufacturing Complicated Flow, by carrying out deep analysis to industrial protocol, for industrial network
The content and data of network agreement carry out careful compliance inspection, for including for a table, register in operational order
Abnormal operation is alarmed, and Application intrusion detection and guard system is enabled to detect invasion before poisoning intrusion attacking system
Attack expels Network Intrusion using alarm and guard system, Network Intrusion relevant information is collected simultaneously, as knowing for crime prevention system
Knowledge is added to knowledge base.
3. a kind of industrial control network safeguard protection according to claim 2 monitors system, it is characterised in that: industry control network
Intelligent protection module carries out compliance inspection to various protocols by system intrusion detection and protection module, realize intrusion prevention,
Intimidation defense, antivirus protection and flow control and application management function;Include:
Network engine: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, composition
Network engine, support tradition IT network protocol, supporting industry network protocol, carry out ip fragmentation recombination, stream converge, TCP state with
Track, data capture, exchange, IPv4/v6 protocol stack stacking;
Management module: user management, configuration management, tactical management, incident management, log management, system monitoring are substantially carried out;
Safety response module: being directed to configuration information, configuration strategy, carries out corresponding response to detecting event.
4. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: the work
Control acquisition, analysis, identification of the Network Abnormal monitoring modular by network data, real-time dynamic monitoring Content of Communication, network behavior
And network flow, the exception of network security level is not only detected, the service security alarm of different industries has also been incorporated, based on to work
Industry control protocol include Modbus TCP, OPC, Siemens S7, DNP3, IEC 60870-5-104, IEC 61850-MMS,
The communication message progress deep analysis of IEC 61850-GOOSE, IEC 61850-SV, real-time detection are directed to the network of industrial protocol
Attack, user misoperation, User Violations operation, illegality equipment access and worm, the propagation of virus type malware and real-time
Alarm, while well-documented history all network communication behaviors, the industrial control protocols communications records including instruction-level, Realtime Alerts are rung
It answers, records the various sessions and event in network system comprehensively, provide foundation for the safety accident investigation of industrial control system;It is real
Now the accurate all-the-way tracking of intelligent association analysis, assessment and the security incident of the network information is positioned, is the safe plan of overall network
Formulation slightly provides support.
5. a kind of industrial control network safeguard protection according to claim 4 monitors system, it is characterised in that: the work
Network Abnormal monitoring modular is controlled, is mainly excavated by the depth to agreement and unusual checking realizes abnormal alarm, flow
Statistics, log query, report export function;Include:
Basic service layer: providing reliable and stable hardware environment using hardware platform, assists the necessary software run with system, group
At base platform, tradition IT network protocol, supporting industry network protocol are supported;
Data analysis layer: mainly data acquisition module and protocol-decoding module carry out deep analysis and analysis to industry control agreement,
Extract key operation behavior;
Kernel business tier: the realization of systematic difference function is realized in this layer;Including the business conduct baseline based on industry control scene,
Abnormal behaviour alarm based on black and white lists;
User interface layer: the man-machine interface with end user is realized in this layer, administration interface is entered by WEB interface and carries out system
Configuration management.
6. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: the work
After the network data of acquisition is analyzed and parsed by control network security comprehensive display module, analysis is handled by different form
Result afterwards carries out comprehensive displaying, provides decision recommendation to management level;Include:
Threat Management: it by access industry control intrusion detection and industry control auditing system, realizes to application attack, worm, obtain permission
Class is attacked, the concentration of suspicious network activities behavior alerts, and safe operation maintenance personnel is completed by alarm filtering, alert analysis to threat
Monitoring, analysis, diagnostic work;
Asset management: statistics and analysis is carried out to the existing threat inside enterprise network from assets dimension;Help operation maintenance personnel
The case where knowing enterprises IT infrastructure clearly, comprising: assets IP address, title, the protocol port of opening and application;
Equipment management: unified centralized management is carried out to the equipment of access, enterprise security operation maintenance personnel is helped to carry out unification to equipment
Maintenance and management;
Report management: industry control audit and industry control intruding detection system log are collected, report is periodically generated.
7. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: system passes through
Industry control network abnormal behaviour and attack detecting and intelligent protocol identification, acquire data by the way of passive detection from network
Packet, and the parsing of data packet is carried out, it is intelligently matched, is generated for ginseng with protocol characteristic, the device object built in system
The network interaction information list examined, by agreement distribution and flow information matching, formed " network-flow characteristic baseline " and
The formation of " industry control scene behavior baseline ", " network-flow characteristic baseline " helps user to understand and grasp net with most quick way
Service communication state in network, discovery network are potentially safe;Intelligentized flow self-learning-ruler, and auxiliary system is given birth to automatically
At relevant abnormality detection rule, tuning is carried out to existing rule, to carry out the exception monitoring of industry control network;Pass through " work
Control scene behavior baseline " self-learning function combing industry control scene assets topology, industry control network behavior model is established, to different outside baseline
Behavior such as configuration change, manipulation instruction change, load change, abnormal access alarm, realize the announcement to industry control site safety event
Alert and response, ensures the safe and stable operation of industrial control system;Intelligent protocol identification is in face of unknown protocol, in business operation
By capture communication data packets in scene, from packet header, function code, data application part, cooperation business operation is analyzed, main to consider
Starting stops, lower dress, uploads, and modification configuration, from same movement, repeatedly packet compares, must set out with motionless field, then push away
Disconnected packet format information, therefrom extracts communication feature;Simulant-client is reset, and variation is reset, and is observed as a result, simultaneously finally in work
Control formation rule in network detection system.
8. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: industry control network
Safe and intelligent protective module makes to set up a safety net between internal network and external network by the combination of hardware and software
It closes, to protect internal network from the threat from external network insecurity factor;Industry control network safe and intelligent protective module
Also by the filtering of industry control protocol depth, monitoring and protection data flow, the as much as possible knot to external net mask network internal
Structure, operation conditions and information realize the safety of industrial control system with this;The depth-type filtration and intelligence of industry control agreement are carried out using white list
It can protection;Basic access control is carried out to industrial network agreement, and the content and data of industrial network agreement is carried out thin
The compliance inspection of cause;Safety equipment support a variety of industrial network communication protocols, be suitable for various network environments, can with it is various
Field device interacts docking;Using each industrial protocol as an independent depth filtration module, in a manner of plug-in unit
It is loaded.
9. a kind of industrial control network safeguard protection according to claim 1 monitors system, it is characterised in that: industry control network
Abnormality detection module carries out bug excavation to the data that industry control acquires by Fuzzing fuzz testing technology, carries out to controller
Security attack, to find industrial control unit (ICU) safety defect that may be present;Using fuzzing technology and dynamic analysis technology phase
In conjunction with mode come through structural anomaly message, in checking system in protocol conformance and related business process it is potential
Safety is verified;By being directed to the byte-by-byte inspection of data data, confirm whether each field contents of data advise in agreement
In fixed range;The content of correct returned data is calculated according to the regulation of agreement according to the data of transmitting terminal;According to hair
The content for sending data obtains the data that tested host should return under normal circumstances;It will practical received data and the data pair
Than, it can judge whether the data received are consistent with expection;
Realize that whole envelope speed detects, security threat is assessed in real time, Unified Threat Management by soft or hard cooperative intelligent processing technique
Function, formation are detected, are protected, responding complete closed loop management mode;It is accurate to know using the application identification technology based on data flow
Attack in the application is hidden in Web2.0 application in other non-standard ports application and http protocol tunnel, discovery;It is based on
The leaking of sensitive data, file identification, server illegal external connection unusual checking realize the Advanced threat protection function of Intranet
Energy;Soft or hard cooperative intelligentization processing is completed the full packet filtering of gigabit wire speed, stream recombination, flow control and application by chip and is shunted, and
Most of attack is completed in the chip to check and reject, and unknown suspicious message is then reported at upper layer integration detection defence
Software is managed, is differentiated and is handled by the integrated threat for detecting defence processing software completion datagram, and is true according to the result of processing
It is fixed whether to adjust rule base.
10. a kind of industrial control network safeguard protection according to claim 7 monitors system, it is characterised in that: use
Fuzzing technology and dynamic analysis technology combine structural anomaly message and realize that safety examination method is: according to selected
Protocol type, analyzes whether currently transmitted data meet protocol specification;According to currently transmitted data, expected reception number is generated
According to content;The data received are analyzed again and whether expected data are consistent, and if there is inconsistent situation, record is corresponding
Necessary error message for check analysis;Finally, being analysed in depth to exception and generating presentation information;Pass through soft or hard collaboration intelligence
The method that processing technique protects industry control network, which can be changed, is: in software aspects by intrusion detection, security audit, abnormal flow
Function is integrated, and prevents violation mail from attacking;Network packet is detected by hardware processing module, will test result biography
It is defeated to arrive software processing module, data threat is identified and is handled, rule base is adjusted according to processing result, it will new rule feedback
Soft or hard coprocessing mode is completed to hardware processing module, realizes duplicate protection and the defence of network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811489268.0A CN109474607A (en) | 2018-12-06 | 2018-12-06 | A kind of industrial control network safeguard protection monitoring system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811489268.0A CN109474607A (en) | 2018-12-06 | 2018-12-06 | A kind of industrial control network safeguard protection monitoring system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109474607A true CN109474607A (en) | 2019-03-15 |
Family
ID=65675824
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811489268.0A Pending CN109474607A (en) | 2018-12-06 | 2018-12-06 | A kind of industrial control network safeguard protection monitoring system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109474607A (en) |
Cited By (119)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109818985A (en) * | 2019-04-11 | 2019-05-28 | 江苏亨通工控安全研究院有限公司 | A kind of industrial control system loophole trend analysis and method for early warning and system |
CN109862045A (en) * | 2019-04-01 | 2019-06-07 | 中科天御(苏州)科技有限公司 | A kind of industrial control system dynamic security method and device based on SDN |
CN109982359A (en) * | 2019-04-29 | 2019-07-05 | 四川英得赛克科技有限公司 | A kind of hotspot monitoring device and its method using more hotspot monitoring technology |
CN110033174A (en) * | 2019-03-20 | 2019-07-19 | 烽台科技(北京)有限公司 | A kind of industrial information efficient public security system building method |
CN110059073A (en) * | 2019-03-18 | 2019-07-26 | 浙江工业大学 | Web data automatic visual method based on Subgraph Isomorphism |
CN110083583A (en) * | 2019-03-29 | 2019-08-02 | 北京奇安信科技有限公司 | Streaming events processing method and processing device |
CN110149303A (en) * | 2019-03-27 | 2019-08-20 | 李登峻 | A kind of network safety pre-warning method and early warning system of Party school |
CN110221581A (en) * | 2019-04-26 | 2019-09-10 | 工业互联网创新中心(上海)有限公司 | Industrial control network monitoring device and method |
CN110262420A (en) * | 2019-06-18 | 2019-09-20 | 国家计算机网络与信息安全管理中心 | A kind of distributed industrial control network security detection system |
CN110311946A (en) * | 2019-05-10 | 2019-10-08 | 国网浙江省电力有限公司宁波供电公司 | Business datum security processing, the apparatus and system calculated based on cloud and mist |
CN110401642A (en) * | 2019-07-10 | 2019-11-01 | 浙江中烟工业有限责任公司 | A kind of acquisition of industry control flow and protocol analysis method |
CN110535731A (en) * | 2019-09-26 | 2019-12-03 | 北京中水科水电科技开发有限公司 | A kind of industrial control system ethernet communication on-line testing and resolve packet method |
CN110597232A (en) * | 2019-09-26 | 2019-12-20 | 杭州电子科技大学 | Frequency converter cooling water pump fault alarm method based on dynamic confidence rule base |
CN110825040A (en) * | 2019-10-22 | 2020-02-21 | 中国科学院信息工程研究所 | Process control attack detection method and device for industrial control system |
CN110855711A (en) * | 2019-11-27 | 2020-02-28 | 上海三零卫士信息安全有限公司 | Industrial control network security monitoring method based on white list matrix of SCADA (supervisory control and data acquisition) system |
CN110868425A (en) * | 2019-11-27 | 2020-03-06 | 上海三零卫士信息安全有限公司 | Industrial control information safety monitoring system adopting black and white list for analysis |
CN110912943A (en) * | 2019-12-30 | 2020-03-24 | 北京明朝万达科技股份有限公司 | Cross-network traffic analysis system |
CN110958231A (en) * | 2019-11-21 | 2020-04-03 | 博智安全科技股份有限公司 | Industrial control safety event monitoring platform and method based on Internet |
CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
CN110968072A (en) * | 2019-11-19 | 2020-04-07 | 朱彤 | Electrical automation equipment monitoring system and method based on artificial intelligence |
CN111031062A (en) * | 2019-12-24 | 2020-04-17 | 四川英得赛克科技有限公司 | Industrial control system panoramic perception monitoring method, device and system with self-learning function |
CN111131332A (en) * | 2020-01-16 | 2020-05-08 | 沈阳铁道科学技术研究所有限公司 | Network service interconnection and flow acquisition, analysis and recording system |
CN111176202A (en) * | 2019-12-31 | 2020-05-19 | 成都烽创科技有限公司 | Safety management method, device, terminal equipment and medium for industrial control network |
CN111193719A (en) * | 2019-12-14 | 2020-05-22 | 贵州电网有限责任公司 | Network intrusion protection system |
CN111399463A (en) * | 2019-12-24 | 2020-07-10 | 上海可鲁系统软件有限公司 | Industrial network data one-way isolation method and device |
CN111427307A (en) * | 2020-04-22 | 2020-07-17 | 国网浙江省电力有限公司 | Industrial control abnormity detection method, device and equipment |
CN111538992A (en) * | 2020-03-20 | 2020-08-14 | 贵州电网有限责任公司 | Network security unified management platform in electric power information |
CN111563270A (en) * | 2020-03-30 | 2020-08-21 | 中广核工程有限公司 | Nuclear power plant digital security threat studying and judging system and method |
CN111628994A (en) * | 2020-05-26 | 2020-09-04 | 杭州安恒信息技术股份有限公司 | Industrial control environment anomaly detection method, system and related device |
CN111711626A (en) * | 2020-06-16 | 2020-09-25 | 广州市安鸿网络科技有限公司 | Method and system for monitoring network intrusion |
CN111756714A (en) * | 2020-06-15 | 2020-10-09 | 国家计算机网络与信息安全管理中心 | Flow replay type test method and test engine for industrial control protocol |
CN111832027A (en) * | 2020-06-29 | 2020-10-27 | 郑州云智信安安全技术有限公司 | Network intrusion safety early warning system based on cloud computing |
CN111835680A (en) * | 2019-04-18 | 2020-10-27 | 四川卫鼎新科信息技术有限公司 | Safety protection system of industry automatic manufacturing |
CN111901138A (en) * | 2019-12-26 | 2020-11-06 | 长扬科技(北京)有限公司 | Visual auditing method for illegal access of industrial network |
CN111913430A (en) * | 2020-06-30 | 2020-11-10 | 物耀安全科技(杭州)有限公司 | Detection and protection method and system for control behavior of industrial control system |
CN111934913A (en) * | 2020-07-15 | 2020-11-13 | 成都航空职业技术学院 | Intelligent network management system |
CN111970233A (en) * | 2020-06-30 | 2020-11-20 | 浙江远望信息股份有限公司 | Analysis and identification method for network violation external connection scene |
CN112019590A (en) * | 2020-07-09 | 2020-12-01 | 广东省建设工程质量安全检测总站有限公司 | Remote monitoring system for static load test |
CN112187823A (en) * | 2020-10-13 | 2021-01-05 | 绍兴文理学院 | Internet of things availability evaluation method for malicious program diffusion under fog computing architecture |
CN112235280A (en) * | 2020-10-10 | 2021-01-15 | 重庆科技学院 | Ontology-based industrial internet IoT system security model |
CN112291257A (en) * | 2020-11-11 | 2021-01-29 | 福建奇点时空数字科技有限公司 | Platform dynamic defense method based on event driving and timing migration |
CN112333205A (en) * | 2020-12-22 | 2021-02-05 | 河北鸿联九五信息产业有限公司 | Network security monitoring system |
CN112351035A (en) * | 2020-11-06 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Industrial control security situation sensing method, device and medium |
CN112351024A (en) * | 2020-11-03 | 2021-02-09 | 广东电网有限责任公司 | Public network communication safety monitoring system and method |
CN112347515A (en) * | 2020-11-20 | 2021-02-09 | 福州大学 | Data detection and safety isolation method for edge operating system |
CN112367375A (en) * | 2020-10-27 | 2021-02-12 | 国核自仪系统工程有限公司 | Multi-terminal safety display system based on FPGA |
CN112383417A (en) * | 2020-11-02 | 2021-02-19 | 杭州安恒信息安全技术有限公司 | Terminal security external connection detection method, system, equipment and readable storage medium |
CN112417434A (en) * | 2020-10-15 | 2021-02-26 | 北京八分量信息科技有限公司 | Program white list protection method combined with UEBA mechanism |
CN112437040A (en) * | 2020-10-26 | 2021-03-02 | 北京珞安科技有限责任公司 | Industrial network security firewall boundary protection system |
CN112437041A (en) * | 2020-10-27 | 2021-03-02 | 北京珞安科技有限责任公司 | Industrial control safety audit system and method based on artificial intelligence |
CN112558555A (en) * | 2019-09-26 | 2021-03-26 | 罗克韦尔自动化技术公司 | Maintenance and debugging |
CN112578694A (en) * | 2019-09-27 | 2021-03-30 | 西门子股份公司 | Monitoring system, method, apparatus and computer readable medium for an industrial controller |
CN112600867A (en) * | 2020-09-30 | 2021-04-02 | 南京审计大学 | Information processing integrated system for hidden engineering networking monitoring audit |
CN112653678A (en) * | 2020-12-14 | 2021-04-13 | 国家电网有限公司信息通信分公司 | Network security situation perception analysis method and device |
CN112653693A (en) * | 2020-12-21 | 2021-04-13 | 哈尔滨工大天创电子有限公司 | Industrial control protocol analysis method and device, terminal equipment and readable storage medium |
CN112667203A (en) * | 2020-12-14 | 2021-04-16 | 南方电网数字电网研究院有限公司 | Information safety operation monitoring and early warning system beneficial to operation and maintenance flow management |
CN112799358A (en) * | 2020-12-30 | 2021-05-14 | 上海磐御网络科技有限公司 | Industrial control safety defense system |
CN112839031A (en) * | 2020-12-24 | 2021-05-25 | 江苏天创科技有限公司 | Industrial control network security protection system and method |
CN112838948A (en) * | 2020-12-30 | 2021-05-25 | 江苏亨通工控安全研究院有限公司 | Integrated industrial safety supervision and analysis system |
CN112887211A (en) * | 2021-01-26 | 2021-06-01 | 北京树米网络科技有限公司 | Internet protocol message data forwarding system |
CN112926059A (en) * | 2021-04-07 | 2021-06-08 | 恒安嘉新(北京)科技股份公司 | Data processing method, device, equipment and storage medium |
CN112995175A (en) * | 2021-02-24 | 2021-06-18 | 西安热工研究院有限公司 | Method for carrying out network safety protection based on power generation state of hydroelectric generating set |
CN112995122A (en) * | 2020-03-25 | 2021-06-18 | 长扬科技(北京)有限公司 | Industrial control network security data visualization system and equipment |
CN113055375A (en) * | 2021-03-10 | 2021-06-29 | 华能国际电力股份有限公司 | Power station industrial control system physical network oriented attack process visualization method |
CN113079186A (en) * | 2021-06-07 | 2021-07-06 | 北京网藤科技有限公司 | Industrial network boundary protection method and system based on industrial control terminal feature recognition |
CN113098892A (en) * | 2021-04-19 | 2021-07-09 | 恒安嘉新(北京)科技股份公司 | Data leakage prevention system and method based on industrial Internet |
CN113110268A (en) * | 2021-05-28 | 2021-07-13 | 国家计算机网络与信息安全管理中心 | Monitoring system, data acquisition equipment and method for rail transit control network |
CN113114534A (en) * | 2021-04-08 | 2021-07-13 | 苏煜程 | Hybrid network fuzzy test tool based on neural network |
CN113194027A (en) * | 2021-05-21 | 2021-07-30 | 上海振华重工(集团)股份有限公司 | Safety communication gateway system for industrial internet of automatic wharf |
CN113206818A (en) * | 2020-09-22 | 2021-08-03 | 苏州市中拓互联信息科技有限公司 | Cloud server safety protection method and system |
CN113381980A (en) * | 2021-05-13 | 2021-09-10 | 优刻得科技股份有限公司 | Information security defense method and system, electronic device and storage medium |
CN113518346A (en) * | 2021-04-29 | 2021-10-19 | 国网上海市电力公司 | System for protecting safety of 5G electric power slicing channel |
CN113557482A (en) * | 2019-03-29 | 2021-10-26 | 欧姆龙株式会社 | Controller system |
CN113608741A (en) * | 2021-07-07 | 2021-11-05 | 中国电子科技集团公司第三十研究所 | Network security service integration method and device |
CN113824682A (en) * | 2021-08-12 | 2021-12-21 | 浙江木链物联网科技有限公司 | Modular SCADA security situation perception system architecture |
CN113923051A (en) * | 2021-11-12 | 2022-01-11 | 国网河南省电力公司漯河供电公司 | Novel intranet abnormal IP (Internet protocol) discovery technology |
CN113938303A (en) * | 2021-10-14 | 2022-01-14 | 上海中研宏瓴信息科技有限公司 | Network detection and network management platform based on multi-mode network |
CN113949539A (en) * | 2021-09-27 | 2022-01-18 | 广东核电合营有限公司 | Protection method for network security of KNS system of nuclear power plant and KNS system |
CN114006750A (en) * | 2021-10-29 | 2022-02-01 | 北京顶象技术有限公司 | Abnormal operation detection method and device and electronic equipment |
CN114205123A (en) * | 2021-11-20 | 2022-03-18 | 湖北天融信网络安全技术有限公司 | Attack and defense confrontation-based threat hunting method, device, equipment and storage medium |
CN114217591A (en) * | 2021-12-16 | 2022-03-22 | 网御铁卫(北京)科技有限公司 | Network behavior self-learning system for industrial control system |
CN114374528A (en) * | 2021-11-24 | 2022-04-19 | 河南中裕广恒科技股份有限公司 | Data security detection method and device, electronic equipment and medium |
CN114448654A (en) * | 2021-09-02 | 2022-05-06 | 中国科学院信息工程研究所 | Block chain-based distributed trusted audit security evidence storing method |
CN114465799A (en) * | 2022-02-10 | 2022-05-10 | 北京神州慧安科技有限公司 | Industrial control network safety supervision and early warning platform of production control system of thermal power plant |
CN114500056A (en) * | 2022-01-28 | 2022-05-13 | 杭州立思辰安科科技有限公司 | Attack detection method based on FF protocol |
CN114500011A (en) * | 2022-01-13 | 2022-05-13 | 中国电子科技网络信息安全有限公司 | Auxiliary decision-making method based on behavior baseline anomaly analysis and event arrangement |
CN114513536A (en) * | 2022-01-18 | 2022-05-17 | 成都网域探行科技有限公司 | Internet of things safety management analysis method |
CN114553537A (en) * | 2022-02-22 | 2022-05-27 | 上海帝焚思信息科技有限公司 | Abnormal flow monitoring method and system for industrial Internet |
CN114567463A (en) * | 2022-02-15 | 2022-05-31 | 浙江腾珑网安科技有限公司 | Industrial network information safety monitoring and protection system |
CN114629674A (en) * | 2021-11-11 | 2022-06-14 | 北京计算机技术及应用研究所 | Attention mechanism-based industrial control network security risk assessment method |
CN114647869A (en) * | 2022-03-22 | 2022-06-21 | 安徽赛福贝特信息技术有限公司 | Safety protection system based on database |
CN114666109A (en) * | 2022-03-12 | 2022-06-24 | 深圳市龙信信息技术有限公司 | Novel general hardware platform for information security |
CN114697098A (en) * | 2022-03-22 | 2022-07-01 | 华能国际电力股份有限公司河北清洁能源分公司 | Network security detection system and detection method |
CN114745197A (en) * | 2022-04-28 | 2022-07-12 | 东方电气中能工控网络安全技术(成都)有限责任公司 | Method and system for monitoring industrial control network intrusion in real time |
CN114760234A (en) * | 2022-03-30 | 2022-07-15 | 中核武汉核电运行技术股份有限公司 | Verification system and method for protocol analysis result of industrial control system |
CN114839938A (en) * | 2022-04-28 | 2022-08-02 | 东方电气中能工控网络安全技术(成都)有限责任公司 | DCS industrial control network security audit analysis system and method |
CN114938300A (en) * | 2022-05-17 | 2022-08-23 | 浙江木链物联网科技有限公司 | Industrial control system situation perception method and system based on equipment behavior analysis |
CN115052056A (en) * | 2022-04-26 | 2022-09-13 | 深圳市云伽智能技术有限公司 | Industrial control communication method, device, equipment and storage medium |
CN115065568A (en) * | 2022-08-19 | 2022-09-16 | 北京珞安科技有限责任公司 | Industrial control network intrusion detection method and system |
CN115086007A (en) * | 2022-06-13 | 2022-09-20 | 北京融讯智晖技术有限公司 | Network safety monitoring system based on video cloud command system |
CN115080357A (en) * | 2022-07-22 | 2022-09-20 | 浙江中控技术股份有限公司 | Method and system for monitoring data in each industrial control operation device in complex industrial control |
CN115102793A (en) * | 2022-08-24 | 2022-09-23 | 北京网藤科技有限公司 | Industrial control network security policy matching method and system based on log information analysis |
WO2022198580A1 (en) * | 2021-03-25 | 2022-09-29 | 西门子股份公司 | Industrial control network anomaly detection method and device |
CN115174155A (en) * | 2022-06-14 | 2022-10-11 | 中国南方电网有限责任公司超高压输电公司南宁监控中心 | Industrial host terminal safety protection method, storage medium and computer device |
CN115191107A (en) * | 2020-02-28 | 2022-10-14 | 西门子股份公司 | Method and system for detecting data traffic in a communication network |
CN115185466A (en) * | 2022-07-25 | 2022-10-14 | 北京珞安科技有限责任公司 | Hierarchical management and control tool and method for mobile storage device |
CN115190191A (en) * | 2022-09-13 | 2022-10-14 | 中电运行(北京)信息技术有限公司 | Power grid industrial control system and control method based on protocol analysis |
CN115277220A (en) * | 2022-07-29 | 2022-11-01 | 西安热工研究院有限公司 | Industrial control network traffic safety classification method and system and readable storage device |
CN115348339A (en) * | 2022-08-12 | 2022-11-15 | 北京威努特技术有限公司 | Industrial control abnormity detection method based on functional code and business data correlation |
CN115396236A (en) * | 2022-10-27 | 2022-11-25 | 天津沄讯网络科技有限公司 | Remote operation safety verification method and system for industrial internet intelligent equipment |
CN115643118A (en) * | 2022-12-23 | 2023-01-24 | 北京市大数据中心 | Method, electronic device and medium for defending TDA against threat attack |
CN115695163A (en) * | 2022-09-30 | 2023-02-03 | 郑州云智信安安全技术有限公司 | Visualization method and system based on syslog log analysis process |
CN115801634A (en) * | 2022-12-01 | 2023-03-14 | 北京安帝科技有限公司 | Network test system based on industrial internet safety |
CN116170236A (en) * | 2023-04-24 | 2023-05-26 | 成都星云智联科技有限公司 | Industrial control system abnormal flow detection method and system |
CN116170340A (en) * | 2023-04-24 | 2023-05-26 | 图林科技(深圳)有限公司 | Network security test evaluation method |
CN116232770A (en) * | 2023-05-08 | 2023-06-06 | 中国石油大学(华东) | Enterprise network safety protection system and method based on SDN controller |
CN116318783A (en) * | 2022-12-05 | 2023-06-23 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
CN116633693A (en) * | 2023-07-24 | 2023-08-22 | 深圳市永达电子信息股份有限公司 | Trusted security gateway implementation method based on full-element network identification |
CN116827698A (en) * | 2023-08-31 | 2023-09-29 | 国能大渡河大数据服务有限公司 | Network gateway flow security situation awareness system and method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108055282A (en) * | 2017-12-28 | 2018-05-18 | 国网浙江省电力有限公司电力科学研究院 | Industry control abnormal behaviour analysis method and system based on self study white list |
CN108646722A (en) * | 2018-07-18 | 2018-10-12 | 杭州安恒信息技术股份有限公司 | A kind of industrial control system information security simulation model and terminal |
-
2018
- 2018-12-06 CN CN201811489268.0A patent/CN109474607A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108055282A (en) * | 2017-12-28 | 2018-05-18 | 国网浙江省电力有限公司电力科学研究院 | Industry control abnormal behaviour analysis method and system based on self study white list |
CN108646722A (en) * | 2018-07-18 | 2018-10-12 | 杭州安恒信息技术股份有限公司 | A kind of industrial control system information security simulation model and terminal |
Non-Patent Citations (12)
Title |
---|
丁德忠等: "浅谈流域梯级水电站电力监控系统安全的综合防护", 《四川省水力发电工程学会2018年学术交流会暨"川云贵湘粤青"六省(区)施工技术交流会论文集》 * |
孙易安等: "工业控制系统安全网络防护研究", 《信息安全研究》 * |
张学聪: "基于Fuzzing测试的电力工控系统漏洞挖掘技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
张红金等: "工业控制系统信息安全因素及防护策略的探索", 《电子产品可靠性与环境试验》 * |
施宇: "某协会网络安全方案的设计与实施", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
杨伦: "基于Spark大数据分析框架的工业网络安全监测预警平台", 《自动化博览》 * |
沈志刚: "某火力发电公司厂级信息监控系统安全防护改造综述", 《电子技术与软件工程》 * |
沈晶等: "一种采用专用芯片的软硬协同安全防护技术", 《指挥控制与仿真》 * |
绿盟科技: "绿盟科技发布国内首款下一代入侵防护系统", 《计算机安全》 * |
蒲新宇: "安全审计:无法回避的安全新话题", 《计算机安全》 * |
蔡湃: "医院智能化弱电系统的设计", 《中国优秀硕士学位论文全文数据库工程科技Ⅱ辑》 * |
金波等: "入侵检测技术与智能化发展方向", 《信息网络安全》 * |
Cited By (159)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110059073B (en) * | 2019-03-18 | 2021-04-06 | 浙江工业大学 | Web data automatic visualization method based on subgraph isomorphism |
CN110059073A (en) * | 2019-03-18 | 2019-07-26 | 浙江工业大学 | Web data automatic visual method based on Subgraph Isomorphism |
CN110033174A (en) * | 2019-03-20 | 2019-07-19 | 烽台科技(北京)有限公司 | A kind of industrial information efficient public security system building method |
CN110149303A (en) * | 2019-03-27 | 2019-08-20 | 李登峻 | A kind of network safety pre-warning method and early warning system of Party school |
CN110083583A (en) * | 2019-03-29 | 2019-08-02 | 北京奇安信科技有限公司 | Streaming events processing method and processing device |
CN113557482A (en) * | 2019-03-29 | 2021-10-26 | 欧姆龙株式会社 | Controller system |
CN109862045B (en) * | 2019-04-01 | 2021-06-01 | 中科天御(苏州)科技有限公司 | SDN-based industrial control system dynamic defense method and device |
CN109862045A (en) * | 2019-04-01 | 2019-06-07 | 中科天御(苏州)科技有限公司 | A kind of industrial control system dynamic security method and device based on SDN |
CN109818985B (en) * | 2019-04-11 | 2021-06-22 | 江苏亨通工控安全研究院有限公司 | Industrial control system vulnerability trend analysis and early warning method and system |
CN109818985A (en) * | 2019-04-11 | 2019-05-28 | 江苏亨通工控安全研究院有限公司 | A kind of industrial control system loophole trend analysis and method for early warning and system |
CN111835680A (en) * | 2019-04-18 | 2020-10-27 | 四川卫鼎新科信息技术有限公司 | Safety protection system of industry automatic manufacturing |
CN110221581A (en) * | 2019-04-26 | 2019-09-10 | 工业互联网创新中心(上海)有限公司 | Industrial control network monitoring device and method |
CN109982359A (en) * | 2019-04-29 | 2019-07-05 | 四川英得赛克科技有限公司 | A kind of hotspot monitoring device and its method using more hotspot monitoring technology |
CN109982359B (en) * | 2019-04-29 | 2023-10-17 | 四川英得赛克科技有限公司 | Wireless hot spot monitoring device and method adopting multi-wireless hot spot monitoring technology |
CN110311946A (en) * | 2019-05-10 | 2019-10-08 | 国网浙江省电力有限公司宁波供电公司 | Business datum security processing, the apparatus and system calculated based on cloud and mist |
CN110262420A (en) * | 2019-06-18 | 2019-09-20 | 国家计算机网络与信息安全管理中心 | A kind of distributed industrial control network security detection system |
CN110401642A (en) * | 2019-07-10 | 2019-11-01 | 浙江中烟工业有限责任公司 | A kind of acquisition of industry control flow and protocol analysis method |
CN112558555B (en) * | 2019-09-26 | 2024-02-13 | 罗克韦尔自动化技术公司 | Maintenance and debugging |
CN110535731A (en) * | 2019-09-26 | 2019-12-03 | 北京中水科水电科技开发有限公司 | A kind of industrial control system ethernet communication on-line testing and resolve packet method |
CN110597232A (en) * | 2019-09-26 | 2019-12-20 | 杭州电子科技大学 | Frequency converter cooling water pump fault alarm method based on dynamic confidence rule base |
CN112558555A (en) * | 2019-09-26 | 2021-03-26 | 罗克韦尔自动化技术公司 | Maintenance and debugging |
CN110597232B (en) * | 2019-09-26 | 2020-09-25 | 杭州电子科技大学 | Frequency converter cooling water pump fault alarm method based on dynamic confidence rule base |
CN112578694A (en) * | 2019-09-27 | 2021-03-30 | 西门子股份公司 | Monitoring system, method, apparatus and computer readable medium for an industrial controller |
CN110825040A (en) * | 2019-10-22 | 2020-02-21 | 中国科学院信息工程研究所 | Process control attack detection method and device for industrial control system |
CN110968072A (en) * | 2019-11-19 | 2020-04-07 | 朱彤 | Electrical automation equipment monitoring system and method based on artificial intelligence |
CN110958231A (en) * | 2019-11-21 | 2020-04-03 | 博智安全科技股份有限公司 | Industrial control safety event monitoring platform and method based on Internet |
CN110868425A (en) * | 2019-11-27 | 2020-03-06 | 上海三零卫士信息安全有限公司 | Industrial control information safety monitoring system adopting black and white list for analysis |
CN110855711A (en) * | 2019-11-27 | 2020-02-28 | 上海三零卫士信息安全有限公司 | Industrial control network security monitoring method based on white list matrix of SCADA (supervisory control and data acquisition) system |
CN111193719A (en) * | 2019-12-14 | 2020-05-22 | 贵州电网有限责任公司 | Network intrusion protection system |
CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
CN111399463A (en) * | 2019-12-24 | 2020-07-10 | 上海可鲁系统软件有限公司 | Industrial network data one-way isolation method and device |
CN111031062A (en) * | 2019-12-24 | 2020-04-17 | 四川英得赛克科技有限公司 | Industrial control system panoramic perception monitoring method, device and system with self-learning function |
CN111399463B (en) * | 2019-12-24 | 2023-10-20 | 上海可鲁系统软件有限公司 | Industrial network data unidirectional isolation method and device |
CN111901138B (en) * | 2019-12-26 | 2021-10-19 | 长扬科技(北京)有限公司 | Visual auditing method for illegal access of industrial network |
CN111901138A (en) * | 2019-12-26 | 2020-11-06 | 长扬科技(北京)有限公司 | Visual auditing method for illegal access of industrial network |
CN110912943B (en) * | 2019-12-30 | 2021-10-01 | 北京明朝万达科技股份有限公司 | Cross-network traffic analysis system |
CN110912943A (en) * | 2019-12-30 | 2020-03-24 | 北京明朝万达科技股份有限公司 | Cross-network traffic analysis system |
CN111176202A (en) * | 2019-12-31 | 2020-05-19 | 成都烽创科技有限公司 | Safety management method, device, terminal equipment and medium for industrial control network |
CN111131332A (en) * | 2020-01-16 | 2020-05-08 | 沈阳铁道科学技术研究所有限公司 | Network service interconnection and flow acquisition, analysis and recording system |
CN115191107A (en) * | 2020-02-28 | 2022-10-14 | 西门子股份公司 | Method and system for detecting data traffic in a communication network |
CN115191107B (en) * | 2020-02-28 | 2024-03-15 | 西门子股份公司 | Method and system for detecting data traffic in a communication network |
CN111538992A (en) * | 2020-03-20 | 2020-08-14 | 贵州电网有限责任公司 | Network security unified management platform in electric power information |
CN112995122B (en) * | 2020-03-25 | 2024-03-08 | 长扬科技(北京)股份有限公司 | Industrial control network safety data visualization system |
CN112995122A (en) * | 2020-03-25 | 2021-06-18 | 长扬科技(北京)有限公司 | Industrial control network security data visualization system and equipment |
CN111563270A (en) * | 2020-03-30 | 2020-08-21 | 中广核工程有限公司 | Nuclear power plant digital security threat studying and judging system and method |
CN111427307A (en) * | 2020-04-22 | 2020-07-17 | 国网浙江省电力有限公司 | Industrial control abnormity detection method, device and equipment |
CN111427307B (en) * | 2020-04-22 | 2021-08-24 | 国网浙江省电力有限公司 | Industrial control abnormity detection method, device and equipment |
CN111628994A (en) * | 2020-05-26 | 2020-09-04 | 杭州安恒信息技术股份有限公司 | Industrial control environment anomaly detection method, system and related device |
CN111756714B (en) * | 2020-06-15 | 2022-05-20 | 国家计算机网络与信息安全管理中心 | Flow replay type test method and test engine for industrial control protocol |
CN111756714A (en) * | 2020-06-15 | 2020-10-09 | 国家计算机网络与信息安全管理中心 | Flow replay type test method and test engine for industrial control protocol |
CN111711626A (en) * | 2020-06-16 | 2020-09-25 | 广州市安鸿网络科技有限公司 | Method and system for monitoring network intrusion |
CN111832027A (en) * | 2020-06-29 | 2020-10-27 | 郑州云智信安安全技术有限公司 | Network intrusion safety early warning system based on cloud computing |
CN111970233B (en) * | 2020-06-30 | 2023-09-01 | 浙江远望信息股份有限公司 | Analysis and identification method for network violation external connection scene |
CN111913430A (en) * | 2020-06-30 | 2020-11-10 | 物耀安全科技(杭州)有限公司 | Detection and protection method and system for control behavior of industrial control system |
CN111970233A (en) * | 2020-06-30 | 2020-11-20 | 浙江远望信息股份有限公司 | Analysis and identification method for network violation external connection scene |
CN112019590A (en) * | 2020-07-09 | 2020-12-01 | 广东省建设工程质量安全检测总站有限公司 | Remote monitoring system for static load test |
CN111934913A (en) * | 2020-07-15 | 2020-11-13 | 成都航空职业技术学院 | Intelligent network management system |
WO2022062178A1 (en) * | 2020-09-22 | 2022-03-31 | 苏州市中拓互联信息科技有限公司 | Cloud server information management method and system |
CN113206818A (en) * | 2020-09-22 | 2021-08-03 | 苏州市中拓互联信息科技有限公司 | Cloud server safety protection method and system |
CN112600867A (en) * | 2020-09-30 | 2021-04-02 | 南京审计大学 | Information processing integrated system for hidden engineering networking monitoring audit |
CN112600867B (en) * | 2020-09-30 | 2021-10-15 | 南京审计大学 | Information processing integrated system for hidden engineering networking monitoring audit |
CN112235280A (en) * | 2020-10-10 | 2021-01-15 | 重庆科技学院 | Ontology-based industrial internet IoT system security model |
CN112235280B (en) * | 2020-10-10 | 2022-07-01 | 重庆科技学院 | Ontology-based industrial internet IoT system security model system |
CN112187823A (en) * | 2020-10-13 | 2021-01-05 | 绍兴文理学院 | Internet of things availability evaluation method for malicious program diffusion under fog computing architecture |
CN112417434A (en) * | 2020-10-15 | 2021-02-26 | 北京八分量信息科技有限公司 | Program white list protection method combined with UEBA mechanism |
CN112437040A (en) * | 2020-10-26 | 2021-03-02 | 北京珞安科技有限责任公司 | Industrial network security firewall boundary protection system |
CN112437041A (en) * | 2020-10-27 | 2021-03-02 | 北京珞安科技有限责任公司 | Industrial control safety audit system and method based on artificial intelligence |
CN112367375A (en) * | 2020-10-27 | 2021-02-12 | 国核自仪系统工程有限公司 | Multi-terminal safety display system based on FPGA |
CN112367375B (en) * | 2020-10-27 | 2023-06-30 | 国核自仪系统工程有限公司 | Multi-terminal safety display system based on FPGA |
CN112383417A (en) * | 2020-11-02 | 2021-02-19 | 杭州安恒信息安全技术有限公司 | Terminal security external connection detection method, system, equipment and readable storage medium |
CN112351024A (en) * | 2020-11-03 | 2021-02-09 | 广东电网有限责任公司 | Public network communication safety monitoring system and method |
CN112351035A (en) * | 2020-11-06 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Industrial control security situation sensing method, device and medium |
CN112351035B (en) * | 2020-11-06 | 2022-07-15 | 杭州安恒信息技术股份有限公司 | Industrial control security situation sensing method, device and medium |
CN112291257A (en) * | 2020-11-11 | 2021-01-29 | 福建奇点时空数字科技有限公司 | Platform dynamic defense method based on event driving and timing migration |
CN112347515A (en) * | 2020-11-20 | 2021-02-09 | 福州大学 | Data detection and safety isolation method for edge operating system |
CN112667203B (en) * | 2020-12-14 | 2024-02-27 | 南方电网数字电网研究院有限公司 | Information security operation monitoring and early warning system beneficial to operation and maintenance flow management |
CN112653678A (en) * | 2020-12-14 | 2021-04-13 | 国家电网有限公司信息通信分公司 | Network security situation perception analysis method and device |
CN112667203A (en) * | 2020-12-14 | 2021-04-16 | 南方电网数字电网研究院有限公司 | Information safety operation monitoring and early warning system beneficial to operation and maintenance flow management |
CN112653678B (en) * | 2020-12-14 | 2023-01-24 | 国家电网有限公司信息通信分公司 | Network security situation perception analysis method and device |
CN112653693A (en) * | 2020-12-21 | 2021-04-13 | 哈尔滨工大天创电子有限公司 | Industrial control protocol analysis method and device, terminal equipment and readable storage medium |
CN112333205B (en) * | 2020-12-22 | 2022-11-25 | 河北鸿联九五信息产业有限公司 | Network security monitoring system |
CN112333205A (en) * | 2020-12-22 | 2021-02-05 | 河北鸿联九五信息产业有限公司 | Network security monitoring system |
CN112839031A (en) * | 2020-12-24 | 2021-05-25 | 江苏天创科技有限公司 | Industrial control network security protection system and method |
CN112799358A (en) * | 2020-12-30 | 2021-05-14 | 上海磐御网络科技有限公司 | Industrial control safety defense system |
CN112838948B (en) * | 2020-12-30 | 2023-02-28 | 江苏亨通工控安全研究院有限公司 | Integrated industrial safety supervision and analysis system |
CN112838948A (en) * | 2020-12-30 | 2021-05-25 | 江苏亨通工控安全研究院有限公司 | Integrated industrial safety supervision and analysis system |
CN112887211A (en) * | 2021-01-26 | 2021-06-01 | 北京树米网络科技有限公司 | Internet protocol message data forwarding system |
CN112995175A (en) * | 2021-02-24 | 2021-06-18 | 西安热工研究院有限公司 | Method for carrying out network safety protection based on power generation state of hydroelectric generating set |
CN113055375B (en) * | 2021-03-10 | 2022-06-17 | 华能国际电力股份有限公司 | Power station industrial control system physical network oriented attack process visualization method |
CN113055375A (en) * | 2021-03-10 | 2021-06-29 | 华能国际电力股份有限公司 | Power station industrial control system physical network oriented attack process visualization method |
WO2022198580A1 (en) * | 2021-03-25 | 2022-09-29 | 西门子股份公司 | Industrial control network anomaly detection method and device |
CN112926059B (en) * | 2021-04-07 | 2024-04-23 | 恒安嘉新(北京)科技股份公司 | Data processing method, device, equipment and storage medium |
CN112926059A (en) * | 2021-04-07 | 2021-06-08 | 恒安嘉新(北京)科技股份公司 | Data processing method, device, equipment and storage medium |
CN113114534A (en) * | 2021-04-08 | 2021-07-13 | 苏煜程 | Hybrid network fuzzy test tool based on neural network |
CN113098892A (en) * | 2021-04-19 | 2021-07-09 | 恒安嘉新(北京)科技股份公司 | Data leakage prevention system and method based on industrial Internet |
CN113518346A (en) * | 2021-04-29 | 2021-10-19 | 国网上海市电力公司 | System for protecting safety of 5G electric power slicing channel |
CN113381980A (en) * | 2021-05-13 | 2021-09-10 | 优刻得科技股份有限公司 | Information security defense method and system, electronic device and storage medium |
CN113194027A (en) * | 2021-05-21 | 2021-07-30 | 上海振华重工(集团)股份有限公司 | Safety communication gateway system for industrial internet of automatic wharf |
CN113110268A (en) * | 2021-05-28 | 2021-07-13 | 国家计算机网络与信息安全管理中心 | Monitoring system, data acquisition equipment and method for rail transit control network |
CN113079186A (en) * | 2021-06-07 | 2021-07-06 | 北京网藤科技有限公司 | Industrial network boundary protection method and system based on industrial control terminal feature recognition |
CN113608741B (en) * | 2021-07-07 | 2023-08-29 | 中国电子科技集团公司第三十研究所 | Network security service integration method and device |
CN113608741A (en) * | 2021-07-07 | 2021-11-05 | 中国电子科技集团公司第三十研究所 | Network security service integration method and device |
CN113824682A (en) * | 2021-08-12 | 2021-12-21 | 浙江木链物联网科技有限公司 | Modular SCADA security situation perception system architecture |
CN114448654B (en) * | 2021-09-02 | 2023-03-31 | 中国科学院信息工程研究所 | Block chain-based distributed trusted audit security evidence storing method |
CN114448654A (en) * | 2021-09-02 | 2022-05-06 | 中国科学院信息工程研究所 | Block chain-based distributed trusted audit security evidence storing method |
CN113949539A (en) * | 2021-09-27 | 2022-01-18 | 广东核电合营有限公司 | Protection method for network security of KNS system of nuclear power plant and KNS system |
CN113938303A (en) * | 2021-10-14 | 2022-01-14 | 上海中研宏瓴信息科技有限公司 | Network detection and network management platform based on multi-mode network |
CN114006750A (en) * | 2021-10-29 | 2022-02-01 | 北京顶象技术有限公司 | Abnormal operation detection method and device and electronic equipment |
CN114629674A (en) * | 2021-11-11 | 2022-06-14 | 北京计算机技术及应用研究所 | Attention mechanism-based industrial control network security risk assessment method |
CN113923051A (en) * | 2021-11-12 | 2022-01-11 | 国网河南省电力公司漯河供电公司 | Novel intranet abnormal IP (Internet protocol) discovery technology |
CN114205123A (en) * | 2021-11-20 | 2022-03-18 | 湖北天融信网络安全技术有限公司 | Attack and defense confrontation-based threat hunting method, device, equipment and storage medium |
CN114374528A (en) * | 2021-11-24 | 2022-04-19 | 河南中裕广恒科技股份有限公司 | Data security detection method and device, electronic equipment and medium |
CN114217591A (en) * | 2021-12-16 | 2022-03-22 | 网御铁卫(北京)科技有限公司 | Network behavior self-learning system for industrial control system |
CN114500011A (en) * | 2022-01-13 | 2022-05-13 | 中国电子科技网络信息安全有限公司 | Auxiliary decision-making method based on behavior baseline anomaly analysis and event arrangement |
CN114500011B (en) * | 2022-01-13 | 2023-12-05 | 中国电子科技网络信息安全有限公司 | Auxiliary decision-making method based on behavior baseline anomaly analysis and event arrangement |
CN114513536A (en) * | 2022-01-18 | 2022-05-17 | 成都网域探行科技有限公司 | Internet of things safety management analysis method |
CN114513536B (en) * | 2022-01-18 | 2023-12-08 | 成都网域探行科技有限公司 | Internet of things safety management analysis method |
CN114500056A (en) * | 2022-01-28 | 2022-05-13 | 杭州立思辰安科科技有限公司 | Attack detection method based on FF protocol |
CN114465799A (en) * | 2022-02-10 | 2022-05-10 | 北京神州慧安科技有限公司 | Industrial control network safety supervision and early warning platform of production control system of thermal power plant |
CN114567463B (en) * | 2022-02-15 | 2024-04-02 | 浙江腾珑网安科技有限公司 | Industrial network information safety monitoring and protecting system |
CN114567463A (en) * | 2022-02-15 | 2022-05-31 | 浙江腾珑网安科技有限公司 | Industrial network information safety monitoring and protection system |
CN114553537A (en) * | 2022-02-22 | 2022-05-27 | 上海帝焚思信息科技有限公司 | Abnormal flow monitoring method and system for industrial Internet |
CN114666109A (en) * | 2022-03-12 | 2022-06-24 | 深圳市龙信信息技术有限公司 | Novel general hardware platform for information security |
CN114647869B (en) * | 2022-03-22 | 2024-04-05 | 安徽赛福贝特信息技术有限公司 | Safety protection system based on database |
CN114697098A (en) * | 2022-03-22 | 2022-07-01 | 华能国际电力股份有限公司河北清洁能源分公司 | Network security detection system and detection method |
CN114647869A (en) * | 2022-03-22 | 2022-06-21 | 安徽赛福贝特信息技术有限公司 | Safety protection system based on database |
CN114760234A (en) * | 2022-03-30 | 2022-07-15 | 中核武汉核电运行技术股份有限公司 | Verification system and method for protocol analysis result of industrial control system |
CN115052056A (en) * | 2022-04-26 | 2022-09-13 | 深圳市云伽智能技术有限公司 | Industrial control communication method, device, equipment and storage medium |
CN114839938A (en) * | 2022-04-28 | 2022-08-02 | 东方电气中能工控网络安全技术(成都)有限责任公司 | DCS industrial control network security audit analysis system and method |
CN114745197A (en) * | 2022-04-28 | 2022-07-12 | 东方电气中能工控网络安全技术(成都)有限责任公司 | Method and system for monitoring industrial control network intrusion in real time |
CN114938300A (en) * | 2022-05-17 | 2022-08-23 | 浙江木链物联网科技有限公司 | Industrial control system situation perception method and system based on equipment behavior analysis |
CN115086007A (en) * | 2022-06-13 | 2022-09-20 | 北京融讯智晖技术有限公司 | Network safety monitoring system based on video cloud command system |
CN115086007B (en) * | 2022-06-13 | 2024-03-22 | 北京融讯智晖技术有限公司 | Network security monitoring system based on video cloud command system |
CN115174155A (en) * | 2022-06-14 | 2022-10-11 | 中国南方电网有限责任公司超高压输电公司南宁监控中心 | Industrial host terminal safety protection method, storage medium and computer device |
CN115080357A (en) * | 2022-07-22 | 2022-09-20 | 浙江中控技术股份有限公司 | Method and system for monitoring data in each industrial control operation device in complex industrial control |
CN115185466A (en) * | 2022-07-25 | 2022-10-14 | 北京珞安科技有限责任公司 | Hierarchical management and control tool and method for mobile storage device |
CN115185466B (en) * | 2022-07-25 | 2023-02-28 | 北京珞安科技有限责任公司 | Hierarchical management and control tool and method for mobile storage device |
CN115277220B (en) * | 2022-07-29 | 2023-10-20 | 西安热工研究院有限公司 | Industrial control network traffic safety classification method, system and readable storage device |
CN115277220A (en) * | 2022-07-29 | 2022-11-01 | 西安热工研究院有限公司 | Industrial control network traffic safety classification method and system and readable storage device |
CN115348339A (en) * | 2022-08-12 | 2022-11-15 | 北京威努特技术有限公司 | Industrial control abnormity detection method based on functional code and business data correlation |
CN115348339B (en) * | 2022-08-12 | 2023-11-21 | 北京威努特技术有限公司 | Industrial control abnormity detection method based on correlation of function code and service data |
CN115065568A (en) * | 2022-08-19 | 2022-09-16 | 北京珞安科技有限责任公司 | Industrial control network intrusion detection method and system |
CN115065568B (en) * | 2022-08-19 | 2022-12-20 | 北京珞安科技有限责任公司 | Industrial control network intrusion detection method and system |
CN115102793B (en) * | 2022-08-24 | 2022-11-08 | 北京网藤科技有限公司 | Industrial control network security policy matching method and system based on log information analysis |
CN115102793A (en) * | 2022-08-24 | 2022-09-23 | 北京网藤科技有限公司 | Industrial control network security policy matching method and system based on log information analysis |
CN115190191A (en) * | 2022-09-13 | 2022-10-14 | 中电运行(北京)信息技术有限公司 | Power grid industrial control system and control method based on protocol analysis |
CN115695163A (en) * | 2022-09-30 | 2023-02-03 | 郑州云智信安安全技术有限公司 | Visualization method and system based on syslog log analysis process |
CN115396236A (en) * | 2022-10-27 | 2022-11-25 | 天津沄讯网络科技有限公司 | Remote operation safety verification method and system for industrial internet intelligent equipment |
CN115801634A (en) * | 2022-12-01 | 2023-03-14 | 北京安帝科技有限公司 | Network test system based on industrial internet safety |
CN116318783A (en) * | 2022-12-05 | 2023-06-23 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
CN116318783B (en) * | 2022-12-05 | 2023-08-22 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
CN115643118A (en) * | 2022-12-23 | 2023-01-24 | 北京市大数据中心 | Method, electronic device and medium for defending TDA against threat attack |
CN116170340A (en) * | 2023-04-24 | 2023-05-26 | 图林科技(深圳)有限公司 | Network security test evaluation method |
CN116170236A (en) * | 2023-04-24 | 2023-05-26 | 成都星云智联科技有限公司 | Industrial control system abnormal flow detection method and system |
CN116232770A (en) * | 2023-05-08 | 2023-06-06 | 中国石油大学(华东) | Enterprise network safety protection system and method based on SDN controller |
CN116633693B (en) * | 2023-07-24 | 2023-10-31 | 深圳市永达电子信息股份有限公司 | Trusted security gateway implementation method based on full-element network identification |
CN116633693A (en) * | 2023-07-24 | 2023-08-22 | 深圳市永达电子信息股份有限公司 | Trusted security gateway implementation method based on full-element network identification |
CN116827698B (en) * | 2023-08-31 | 2023-12-05 | 国能大渡河大数据服务有限公司 | Network gateway flow security situation awareness system and method |
CN116827698A (en) * | 2023-08-31 | 2023-09-29 | 国能大渡河大数据服务有限公司 | Network gateway flow security situation awareness system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109474607A (en) | A kind of industrial control network safeguard protection monitoring system | |
Yılmaz et al. | Attack detection/prevention system against cyber attack in industrial control systems | |
Sabahi et al. | Intrusion detection: A survey | |
Yang et al. | Harmonizing safety and security risk analysis and prevention in cyber-physical systems | |
Fovino et al. | Cyber security assessment of a power plant | |
CN108809951A (en) | A kind of penetration testing frame suitable for industrial control system | |
Mukhopadhyay et al. | A comparative study of related technologies of intrusion detection & prevention systems | |
CN107770174A (en) | A kind of intrusion prevention system and method towards SDN | |
CN111193738A (en) | Intrusion detection method of industrial control system | |
Jarmakiewicz et al. | Development of cyber security testbed for critical infrastructure | |
Rubio et al. | Tracking apts in industrial ecosystems: A proof of concept | |
Ten et al. | Cybersecurity for electric power control and automation systems | |
Khodabakhsh et al. | Cyber-risk identification for a digital substation | |
Pashaei et al. | Improving the IDS performance through early detection approach in local area networks using industrial control systems of honeypot | |
Li et al. | Cyber attack detection of I&C systems in NPPS based on physical process data | |
Guo et al. | Cyber security risk analysis of physical protection systems of nuclear power plants and research on the cyber security test platform using digital twin technology | |
Konstantinou et al. | 15. Security Analysis of Smart Grid | |
Pranggono et al. | Intrusion detection systems for critical infrastructure | |
Dhangar et al. | Analysis of proposed intrusion detection system | |
LaPadula | State of the art in anomaly detection and reaction | |
Maynard et al. | Using Application Layer Metrics to Detect Advanced SCADA Attacks. | |
Whyte | Using a systems-theoretic approach to analyze cyber attacks on cyber-physical systems | |
Lau et al. | Securing supervisory control and data acquisition control systems | |
Yang et al. | Cybersecurity testing technology in smart substations | |
Apolinário et al. | ComSEC: Secure communications for baggage handling systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190315 |
|
RJ01 | Rejection of invention patent application after publication |