CN109696892A - A kind of Safety Automation System and its control method - Google Patents
A kind of Safety Automation System and its control method Download PDFInfo
- Publication number
- CN109696892A CN109696892A CN201811574965.6A CN201811574965A CN109696892A CN 109696892 A CN109696892 A CN 109696892A CN 201811574965 A CN201811574965 A CN 201811574965A CN 109696892 A CN109696892 A CN 109696892A
- Authority
- CN
- China
- Prior art keywords
- attack
- module
- log
- automation system
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000004519 manufacturing process Methods 0.000 claims abstract description 63
- 238000007405 data analysis Methods 0.000 claims abstract description 29
- 238000012550 audit Methods 0.000 claims abstract description 24
- 230000008859 change Effects 0.000 claims description 10
- 230000006399 behavior Effects 0.000 claims description 9
- 102220605052 Histone H4-like protein type G_S61A_mutation Human genes 0.000 claims description 3
- 102220479869 Protein FAM180A_S62A_mutation Human genes 0.000 claims description 3
- 206010022000 influenza Diseases 0.000 claims description 2
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 230000009286 beneficial effect Effects 0.000 abstract 1
- 235000012907 honey Nutrition 0.000 description 52
- 241000208713 Dionaea Species 0.000 description 11
- 238000012544 monitoring process Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 206010054949 Metaplasia Diseases 0.000 description 1
- 101150030531 POP3 gene Proteins 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013497 data interchange Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000015689 metaplastic ossification Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
- G05B19/4185—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/31—From computer integrated manufacturing till monitoring
- G05B2219/31088—Network communication between supervisor and cell, machine group
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Manufacturing & Machinery (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Computer And Data Communications (AREA)
Abstract
Safety Automation System of the present invention and its control method are applied in mechanized production system;Safety Automation System and mechanized production system production environment having the same;Safety Automation System includes: acquisition module, obtains attack;Classification and Identification module, connection obtain module, classify to attack;Multiple decoy attack modules, each decoy attack module are connect with Classification and Identification module, and the attack of corresponding types is generated corresponding log;Data analysis module is connect with each decoy attack module, is read from log and is obtained the attack source information of each attack and count;Judgment module connects data analysis module, and the attack source more than preset threshold is integrated into warning message and is exported;Module is automated, is connect with judgment module, warning message is written in mechanized production system.The beneficial effects of the present invention are: the safety and reliability of mechanized production system is improved, the efficiency collected and audit attack is improved.
Description
Technical field
The present invention relates to production safety technical field more particularly to a kind of Safety Automation System and its control methods.
Background technique
As the continuous improvement of production safety technology and the quick of Internet technology are popularized, production safety technology can be given
New opportunities are brought in field, but also bring new threat.Due to the connectivity of internet, so that malefactor can be at any one
In the terminal for connecting internet, precisely attack remotely is initiated to production equipment.When network safety event occurs, people are urgent
Wonder the type and the attack for how preventing these malefactors that malefactor attacks the server of production equipment.
And occur to be acquired these security information containing a large amount of security incident relevant informations in the production equipment of network safety event
And analysis is concentrated, it can effectively obtain security incident generating process, provide direction for security incident disposition.
In the prior art, currently the work on the emergency disposal of production safety event leans on personnel to check safe letter manually
Breath is checked manually and audits, to determine whether attack is malicious attack behavior to production equipment, then to evil
Meaning attack is protected.However security information is checked and audited by manual type, there are security information will point
Dissipate, the scale of construction it is big, manual type is time-consuming and laborious, efficiency and the low disadvantage of accuracy rate.
Summary of the invention
For the above-mentioned problems in the prior art, one kind is now provided and is intended to have by setting and mechanized production system
There is the Safety Automation System of identical production environment, and attack is collected by Safety Automation System, and go to attack
To be classified and being analyzed, mechanized production system is written in the attack source automation after being classified and analyzed, to improve
The safety and reliability of mechanized production system, and improve the safety automation system of the efficiency for attack of collecting and audit
System and its control method.
Specific technical solution is as follows:
A kind of Safety Automation System is applied in mechanized production system;Wherein, Safety Automation System and automation
Production system production environment having the same;
Safety Automation System specifically includes:
Module is obtained, for obtaining the attack attacked Safety Automation System;
Classification and Identification module, connection obtain module, for being classified using preset attack type to attack;
Multiple decoy attack modules, each decoy attack module are connect with Classification and Identification module, each decoy attack module
Corresponding to the attack of a type, and the object of attack for the attack as corresponding types, generate corresponding day
Will simultaneously exports;
Data analysis module is connect with each decoy attack module, for receiving the day of each decoy attack module output
Will, and read from the specific fields of log and obtain the attack source information of each attack and counted, data analyze mould
Block exports statistical result;
Judgment module, connects data analysis module, and judgment module is used to judge attacking for each attack source according to statistical result
Number is hit whether more than a preset threshold, and the attack source more than preset threshold is integrated into a warning message and is exported;
Module is automated, is connect with judgment module, for warning message to be written in mechanized production system.
Preferably, Safety Automation System, wherein data analysis module includes:
Data analysis unit receives each log, and reads from the specific fields of log and obtain each attack
Attack source information;
Data statistics unit, connect with data analysis unit, unites to the same attack source information of each attack
Meter, and export statistical result.
Preferably, Safety Automation System, wherein automating module includes:
Warning message is written in mechanized production system writing unit;
Warning message is generated write-in file by generation unit;
Firewall unit is connect with text generation unit, and automated production is written in the attack source information in text file
In the firewall of system.
Preferably, Safety Automation System, wherein including a security audit module, security audit module and automation mould
Block connection, security audit module include:
First security audit unit, the warning message in mechanized production system is written in record automation module, to generate
First record content, and the first record content is sent to administrator;
Second security audit unit, real time monitoring automation module is by the behavior for attacking source information write-in firewall and prevents
Second record content to generate the second record content, and is sent to pipe by the change record that wall with flues is carried out according to attack source information
Reason person.
Preferably, Safety Automation System, wherein including memory module, memory module with acquisition module, is classified and known respectively
Other module, each decoy attack module are connected with judgment module, for storing attack, the tag along sort of attack, day
Will and warning message.
Further include a kind of control method of Safety Automation System, is applied in Safety Automation System;Wherein, safely certainly
Dynamicization system is applied in mechanized production system;
Control method the following steps are included:
Step S1 obtains the attack attacked Safety Automation System;
Step S2 classifies to attack using preset attack type;
The attack of each type is generated corresponding log and exported by step S3;
Step S4, receives the log of each decoy attack module output, and reads and obtained respectively from the specific fields of log
The attack source information of a attack is simultaneously counted, and data analysis module exports statistical result;
Step S5 judges whether the number of times of attack of each attack source is more than preset threshold;
It is exported if so, the attack source more than preset threshold is integrated into a warning message;
If it is not, return step S1;
Warning message is written in mechanized production system step S6.
Preferably, the control method of Safety Automation System, wherein step S4 the following steps are included:
Step S41 receives each log, and reads from the specific fields of log and obtain the attack source of each attack
Information;
Step S42 counts the same attack source information of each attack, and exports statistical result.
Preferably, the control method of Safety Automation System, wherein step S6 the following steps are included:
The warning message in mechanized production system is written in step S61A, record automation module, to generate the first record
Content;
First record content is sent to administrator by step S62A.
Preferably, the control method of Safety Automation System, wherein step S6 the following steps are included:
Step S61B, real time monitoring automation module will attack the behavior and firewall foundation of source information write-in firewall
The change record that source information carries out is attacked, to generate the second record content;
Second record content is sent to administrator by step S62B.
Above-mentioned technical proposal have the following advantages that or the utility model has the advantages that by be arranged it is having the same with mechanized production system
The Safety Automation System of production environment, and attack is collected by Safety Automation System, and divide attack
Class and analysis, the attack source automation write-in mechanized production system after being classified and analyzed, to improve automatic metaplasia
The safety and reliability of production system, and improve the efficiency collected and audit attack.
Detailed description of the invention
With reference to appended attached drawing, more fully to describe the embodiment of the present invention.However, appended attached drawing be merely to illustrate and
It illustrates, and is not meant to limit the scope of the invention.
Fig. 1 is the structural schematic diagram of Safety Automation System embodiment of the present invention;
Fig. 2 is the structural schematic diagram of the data analysis module of Safety Automation System embodiment of the present invention;
Fig. 3 is the structural schematic diagram of the automation module of Safety Automation System embodiment of the present invention;
Fig. 4 is the flow chart of the automation module of the embodiment of the control method of Safety Automation System of the present invention;
Fig. 5 is the process of the step S4 of the automation module of the embodiment of the control method of Safety Automation System of the present invention
Figure;
Fig. 6 is the process of the step S6 of the automation module of the embodiment of the control method of Safety Automation System of the present invention
Scheme A;
Fig. 7 is the process of the step S6 of the automation module of the embodiment of the control method of Safety Automation System of the present invention
Scheme B.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art without creative labor it is obtained it is all its
His embodiment, shall fall within the protection scope of the present invention.
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the present invention can phase
Mutually combination.
The present invention will be further explained below with reference to the attached drawings and specific examples, but not as the limitation of the invention.
As shown in Figure 1, the present invention includes a kind of Safety Automation System, it is applied in mechanized production system 1;Safety is certainly
Dynamicization system 2 and the production environment having the same of mechanized production system 1;
Safety Automation System 2 specifically includes:
Module 21 is obtained, for obtaining the attack attacked Safety Automation System 2;
Classification and Identification module 22, connection obtain module 21, for being divided using preset attack type attack
Class;
Multiple decoy attack modules 23, each decoy attack module 23 connect with Classification and Identification module 22, each lure and attack
The attack that module 23 corresponds to a type, and the object of attack for the attack as corresponding types are hit, is generated
Corresponding log simultaneously exports;
Data analysis module 24 is connect with each decoy attack module 23, defeated for receiving each decoy attack module 23
Log out, and read from the specific fields of log and obtain the attack source information of each attack and counted, data
Analysis module 24 exports statistical result;
Judgment module 25, connects data analysis module 24, and judgment module 25 is used to judge each attack according to statistical result
The number of times of attack in source whether more than a preset threshold, and by be more than preset threshold attack source be integrated into it is defeated in a warning message
Out;
Module 26 is automated, is connect with judgment module 25, for warning message to be written in mechanized production system 1.
In the above-described embodiments, by the way that the safety automation with the production environment having the same of mechanized production system 1 is arranged
Change system 2, and attack is collected by the acquisition module 21 of Safety Automation System 2, attacked against each other by Classification and Identification module 22
The behavior of hitting is classified, and the attack of a type is corresponded to by each decoy attack module 23, and for as correspondence
The object of attack of the attack of type generates corresponding log and exports, by data analysis module 24 to the specific of log
It is read in field and obtains the attack source information of each attack and counted, statistical result is carried out by judgment module 25
Judge and obtain warning message, warning message is automated by write-in mechanized production system 1 by automation module 26, to mention
The safety and reliability of high mechanized production system 1, it is more time saving and energy saving by way of automation, and improve write efficiency
And accuracy rate.
Further, as preferred embodiment, multiple decoy attack modules 23 can be multiple honey jar modules, each
Honey jar module corresponds to the attack of a type, and attacking for the attack as corresponding types according to Honeypot Techniques
Object is hit, corresponding honey jar log is generated and is exported.
Further, in above-mentioned preferred embodiment, each honey jar module includes:
First honey jar module --- Cowrie honey jar, i.e., it is interactive to be based on SSH (Secure Shell, safety shell protocol)
Honey jar, scanning SSH and TELNET (remote terminal protocol) Brute Force account and password can be recorded, when user is broken
After solving account and password login, saves and pass through wget (a kind of free tool for downloading file automatically from network) and curl
(CommandLine Uniform Resource Locator, be one using URL (Uniform Resource Locator,
Uniform resource locator) file transfer conveyance that works under order line of grammer) downloading file and pass through SFTP (Secure
File TransferProtocol, secure file transportation protocol) and the file that uploads of SCP (secure copy, transmission order).
That is the targeted attack of the first honey jar module is the attack of Brute Force account and password.In other words,
The system vulnerability simulated in first honey jar module is the system vulnerability for the attack.
Second honey jar module --- Honeytrap honey jar, for recording needle to transmission control protocol (Transmission
Control Protocol, TCP) or User Datagram Protocol (User Datagram Protocol, UDP) service attack row
For;And Honeytrap honey jar simulates some well-known services as a demons, and can analytical attack character string,
Execute corresponding downloading file instruction.
That is attack in the second honey jar module be for transmission control protocol or User Datagram Protocol service (such as
SMTP, pop3, remote desktop etc. service) attack.
Third honey jar module --- Elasticpot honey jar, i.e., (one kind is for distribution by a kind of simulation elastcisearch
The search server of full-text search) RCE (Reverse Compile Enginering, long-range execute) loophole honey jar, pass through
Forge function/, fragility ES (elastcisearch) example is responded in the request of/_ search ,/_ nodes (node)
A kind of JSON (data interchange format of the lightweight based on JavaScript language) format messages.
4th honey jar module --- Glastopf honey jar, i.e., (World Wide Web, the whole world are wide by a kind of low interactive Web
Domain net) honey jar is applied, it can simulate thousands of web loophole to Glastopf honey jar, for the different attack means of attack
Attacker is responded, then collects data from the attack process to target web application.Its target is for automation
Vulnerability scanning/utilize tool returns to corresponding conjunction for certain a kind of Land use systems by sorting out to vulnerability exploit mode
Reason is as a result, realize low interaction with this.
That is attack in the 4th honey jar module is the attack for automation vulnerability scanning/utilize.
5th honey jar module --- Dionaea honey jar, Dionaea are operate in one in Linux (a kind of operating system)
A application program, program is run under network environment, the default port of its open Internet (internet) general service, when
When having external connection, simulation normal service, which is given, to be fed back, while recording discrepancy network data flow.Network data flow is via detection
Category is handled after module detection, if there is shellcode (filling data) is then emulated;Under program meeting is automatic
Carry the malicious file of the specified downloading of specified or follow-on attack order in shellcode.
That is the attack in the 5th honey jar module is the evil of the specified downloading of specified or follow-on attack order in shellcode
Attack in meaning file.
Further, in above-mentioned preferred embodiment, each honey jar module generates corresponding honey jar log.
For example, Cowrie honey jar module generates corresponding cowrie honey jar log;
Honeytrap honey jar module generates corresponding honeytrap module log;
Elasticpot honey jar module generates corresponding elasticpot module log;
Glastopf honey jar module generates corresponding glastopf module log;
Dionaea honey jar module generates corresponding dionaea module log.
Further, in the above-described embodiments, as shown in Fig. 2, data analysis module 24 includes:
Data analysis unit 241 receives each log, and reads from the specific fields of log and obtain each attack
Attack source information;
Data statistics unit 242 is connect with data analysis unit 241, to the same attack source information of each attack
It is counted, and exports statistical result.
Further, as preferred embodiment, when attack is in the first honey jar module --- in Cowrie honey jar
Attack when, Cowrie honey jar generates corresponding cowrie module log, and data analysis unit 241 receives each cowrie
Module log, and from the specific fields of cowrie module log read obtain each attack attack source information (such as:
Read the attack source information that specific fields in the log of cowrie module are attack in src_ip), data statistics unit 242 is right
The same attack source information of each attack is counted, and exports statistical result, i.e., the same attack obtained by statistics
The quantity of source information, i.e., the number of times of attack of the same attack source.
Then statistical result is exported to judgment module 25, judgment module 25 is used to judge each attack according to statistical result
The number of times of attack in source is hit whether more than a preset threshold, and by be more than preset threshold attack source be integrated into it is defeated in a warning message
Out.
I.e. by the embodiment above understand the first honey jar module cowrie module log in each attack source whether
Carry out malicious attack.
Further, as preferred embodiment, when attack is in the second honey jar module --- Honeytrap honey jar
In attack when, Honeytrap honey jar generates corresponding honeytrap module log, and data analysis unit 241 receives often
A honeytrap module log, and read from the specific fields of honeytrap module log and obtain attacking for each attack
Hit source information (such as: read the log of honeytrap module in specific fields be remote_ip in attack attack source letter
Breath), data statistics unit 242 counts the same attack source information of each attack, and exports statistical result, i.e., logical
Cross the quantity for the same attack source information that statistics obtains, i.e., the number of times of attack of the same attack source.
Then statistical result is exported to judgment module 25, judgment module 25 is used to judge each attack according to statistical result
The number of times of attack in source is hit whether more than a preset threshold, and by be more than preset threshold attack source be integrated into it is defeated in a warning message
Out.
The each attack source understood by the embodiment above in the honeytrap module log of the first honey jar module is
No carry out malicious attack.
Further, as preferred embodiment, when attack is in third honey jar module --- Elasticpot honey
When attack in tank, Elasticpot honey jar generates corresponding elasticpot module log, and data analysis unit 241 connects
Each elasticpot module log is received, and is read from the specific fields of elasticpot module log and obtains each attack row
For attack source information (such as: read the log of elasticpot module in specific fields be attack in src_ip attack
Source information), data statistics unit 242 counts the same attack source information of each attack, and exports statistical result,
The quantity of the same attack source information obtained by statistics, i.e., the number of times of attack of the same attack source.
Then statistical result is exported to judgment module 25, judgment module 25 is used to judge each attack according to statistical result
The number of times of attack in source is hit whether more than a preset threshold, and by be more than preset threshold attack source be integrated into it is defeated in a warning message
Out.
Each attack source in the elasticpot module log of third honey jar module is understood by the embodiment above
Whether malicious attack is carried out.
Further, as preferred embodiment, when attack is in the 4th honey jar module --- Glastopf honey jar
In attack when, Glastopf honey jar generates corresponding glastopf module log, and data analysis unit 241 receives each
Glastopf module log, and read from the specific fields of glastopf module log and obtain the attack source of each attack
Information (such as: read the attack source information that specific fields in the log of glastopf module are attack in IP), data statistics
Unit 242 counts the same attack source information of each attack, and exports statistical result, i.e., is obtained by statistics
The quantity of same attack source information, i.e., the number of times of attack of the same attack source.
Then statistical result is exported to judgment module 25, judgment module 25 is used to judge each attack according to statistical result
The number of times of attack in source is hit whether more than a preset threshold, and by be more than preset threshold attack source be integrated into it is defeated in a warning message
Out.
The each attack source understood by the embodiment above in the glastopf module log of the 4th honey jar module is
No carry out malicious attack.
Further, as preferred embodiment, when attack is in the 5th honey jar module --- in Dionaea honey jar
Attack when, Dionaea honey jar generates corresponding dionaea module log, and data analysis unit 241 receives each
Dionaea module log, and read from the specific fields of dionaea module log and obtain the attack source letter of each attack
Breath (such as: read the attack source information that specific fields in the log of dionaea module are attack in src_ip), data statistics
Unit 242 counts the same attack source information of each attack, and exports statistical result, i.e., is obtained by statistics
The quantity of same attack source information, i.e., the number of times of attack of the same attack source.
Then statistical result is exported to judgment module 25, judgment module 25 is used to judge each attack according to statistical result
The number of times of attack in source is hit whether more than a preset threshold, and by be more than preset threshold attack source be integrated into it is defeated in a warning message
Out.
I.e. by the embodiment above understand the 5th honey jar module dionaea module log in each attack source whether
Carry out malicious attack.
Further, in the above-described embodiments, the attack source more than preset threshold is integrated into alarm signal by judgment module 25
While output in breath, the analysis data that judgment module 25 will meet each type of alert if generate mail and inform management
Person, so that manager can be informed in time, and then can be for accurate, quickly exclusion threatens and provides the best opportunity.
Except of course that lettergram mode, can also inform manager by modes such as short message, wechats.
Further, in the above-described embodiments, as shown in figure 3, automation module 26 includes:
Warning message is written in mechanized production system 1 writing unit 261;
Warning message is generated write-in file by generation unit 262;
Firewall unit 263 is connect with text generation unit 262, the attack source information in text file is written automatic
In the firewall for changing production system 1, to prevent the corresponding attack source of attack source information in text file to automated production
The access of system 1.
Wherein, write-in file can be text file, or other can be written into the fire prevention of mechanized production system 1
The file of wall.
Further, in the above-described embodiments, including a security audit module 27, security audit module 27 and automation mould
Block 26 connects, and security audit module 27 includes:
First security audit unit, the warning message in mechanized production system 1 is written in record automation module 26, with life
Administrator is sent to by lettergram mode at the first record content, and by the first record content, for tracing change;
Second security audit unit, real time monitoring automation module 26 will attack source information and mechanized production system 1 are written
Firewall behavior and firewall according to attack source information carry out change record, with generate second record content, and will
Second record content is sent to administrator by lettergram mode.
Wherein, in addition to lettergram mode, manager can also be informed by modes such as short message, wechats.
Further, as preferred embodiment, mechanized production system 1 is written into source address in automation module 26
Firewall when, trigger the local log in firewall, while local log being sent in remote server, remote server
In security audit module 27 in the second security audit unit generate the second record content by way of real time monitoring, and will
Second record content is sent to administrator by lettergram mode, so as to carry out comprehensively and timely audit, quickly finds safety
Hidden danger, positioning security problem.
Further, in the above-described embodiments, including memory module 28, memory module 28 with acquisition module 21, are divided respectively
Class identification module 22, each decoy attack module 23 and judgment module 25 connect, for storing attack, point of attack
Class label, log and warning message.
Memory module 28 stores the information of modules, facilitates subsequent calling and audit.
Further include a kind of control method of Safety Automation System, is applied in Safety Automation System 2;Wherein, safety
Automated system 2 is applied in mechanized production system 1;
As shown in figure 4, control method the following steps are included:
Step S1 obtains the attack attacked Safety Automation System 2;
Step S2 classifies to attack using preset attack type;
The attack of each type is generated corresponding log and exported by step S3;
Step S4 receives the log that each decoy attack module 23 exports, and reads and obtain from the specific fields of log
The attack source information of each attack is simultaneously counted, and data analysis module 24 exports statistical result;
Step S5 judges whether the number of times of attack of each attack source is more than preset threshold;
It is exported if so, the attack source more than preset threshold is integrated into a warning message;
If it is not, return step S1;
Warning message is written in mechanized production system 1 step S6.
In the above-described embodiments, by the way that the safety automation with the production environment having the same of mechanized production system 1 is arranged
Change system 2 is classified to attack and is counted by successively collecting attack, and is judged simultaneously statistical result
Warning message is obtained, warning message is finally automated into write-in mechanized production system 1, so that mechanized production system 1 is protected,
It is more time saving and energy saving by way of automation, and improve write efficiency and accuracy rate.
Further, in the above-described embodiments, as shown in figure 5, step S4 the following steps are included:
Step S41 receives each log, and reads from the specific fields of log and obtain the attack source of each attack
Information;
Step S42 counts the same attack source information of each attack, and exports statistical result.
Statistical result and preset threshold i.e. obtained by calculation are compared, to judge whether each attack source carries out
Malicious attack.
Further, in the above-described embodiments, as shown in fig. 6, step S6 the following steps are included:
The warning message in mechanized production system 1 is written in step S61A, record automation module 26, to generate the first note
Record content;
First record content is sent to administrator by step S62A.
Further, in the above-described embodiments, as shown in fig. 7, step S6 the following steps are included:
Step S61B, real time monitoring automation module 26 by attack source information write-in firewall behavior and firewall according to
According to the change record that attack source information carries out, to generate the second record content;
Second record content is sent to administrator by step S62B.
First record content and the second record content by lettergram mode are sent to administrator, so as to carry out comprehensively with
It timely audits, quickly finds security risk, positioning security problem.
The foregoing is merely preferred embodiments of the present invention, are not intended to limit embodiments of the present invention and protection model
It encloses, to those skilled in the art, should can appreciate that all with made by description of the invention and diagramatic content
Equivalent replacement and obviously change obtained scheme, should all be included within the scope of the present invention.
Claims (9)
1. a kind of Safety Automation System is applied in mechanized production system;It is characterized in that, the Safety Automation System
With mechanized production system production environment having the same;
The Safety Automation System specifically includes:
Module is obtained, for obtaining the attack attacked the Safety Automation System;
Classification and Identification module connects the acquisition module, for being divided using preset attack type the attack
Class;
Multiple decoy attack modules, each decoy attack module are connect with the Classification and Identification module, each described to lure
Attack the attack that module corresponds to a type, and the attack pair for the attack as corresponding types
As generating corresponding log and exporting;
Data analysis module is connect with each decoy attack module, for receiving each decoy attack module output
The log, and from the specific fields of the log read obtain each attack attack source information and carry out
Statistics, the data analysis module export statistical result;
Judgment module, connects the data analysis module, and the judgment module is used to judge each institute according to the statistical result
The number of times of attack of attack source is stated whether more than a preset threshold, and the attack source more than the preset threshold is integrated into one
It is exported in warning message;
Module is automated, is connect with the judgment module, for the warning message to be written in the mechanized production system.
2. Safety Automation System as described in claim 1, which is characterized in that the data analysis module includes:
Data analysis unit receives each log, and reads from the specific fields of the log and to obtain each described attack
Hit the attack source information of behavior;
Data statistics unit is connect with the data analysis unit, is believed the same attack source of each attack
Breath is counted, and exports the statistical result.
3. Safety Automation System as described in claim 1, which is characterized in that the automation module includes:
The warning message is written in the mechanized production system writing unit;
The warning message is generated write-in file by generation unit;
Firewall unit is connect with the text generation unit, and the attack source information write-in in text file is described certainly
In the firewall of dynamicization production system.
4. Safety Automation System as claimed in claim 3, which is characterized in that including a security audit module, the safety
Audit Module is connect with the automation module, and the security audit module includes:
First security audit unit records the alarm signal that the automation module is written in the mechanized production system
The first record content to generate the first record content, and is sent to administrator by breath;
Second security audit unit, monitor in real time it is described automation module by it is described attack source information write-in firewall behavior with
And the change record that the firewall is carried out according to the attack source information, to generate the second record content, and by described second
Record content is sent to the administrator.
5. Safety Automation System as described in claim 1, which is characterized in that including a memory module, the memory module
Respectively with the acquisition module, the Classification and Identification module, each decoy attack module connects with the judgment module, uses
In the storage attack, the tag along sort of the attack, the log and the warning message.
6. a kind of control method of Safety Automation System is applied in Safety Automation System;It is characterized in that, the safety
Automated system is applied in mechanized production system;
The control method the following steps are included:
Step S1 obtains the attack attacked the Safety Automation System;
Step S2 classifies to the attack using preset attack type;
The attack of each type is generated corresponding log and exported by step S3;
Step S4, receives the log of each decoy attack module output, and reads from the specific fields of the log
It obtains the attack source information of each attack and is counted, the data analysis module exports statistical result;
Whether step S5 judges the number of times of attack of each attack source more than a preset threshold;
It is exported if so, the attack source more than the preset threshold is integrated into a warning message;
If it is not, return step S1;
The warning message is written in the mechanized production system step S6.
7. the control method of Safety Automation System as claimed in claim 6, which is characterized in that the step S4 includes following
Step:
Step S41 receives each log, and reads from the specific fields of the log and obtain each attack
Attack source information;
Step S42 counts the same attack source information of each attack, and exports the statistics knot
Fruit.
8. the control method of Safety Automation System as claimed in claim 6, which is characterized in that the step S6 includes following
Step:
Step S61A records the warning message that the automation module is written in the mechanized production system, to generate
First record content;
The first record content is sent to administrator by step S62A.
9. the control method of Safety Automation System as claimed in claim 6, which is characterized in that the step S6 includes following
Step:
Step S61B monitors the automation module in real time for the behavior of the attack source information write-in firewall and described anti-
The change record that wall with flues is carried out according to the attack source information, to generate the second record content;
The second record content is sent to the administrator by step S62B.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811574965.6A CN109696892A (en) | 2018-12-21 | 2018-12-21 | A kind of Safety Automation System and its control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811574965.6A CN109696892A (en) | 2018-12-21 | 2018-12-21 | A kind of Safety Automation System and its control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109696892A true CN109696892A (en) | 2019-04-30 |
Family
ID=66232779
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811574965.6A Pending CN109696892A (en) | 2018-12-21 | 2018-12-21 | A kind of Safety Automation System and its control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109696892A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110417772A (en) * | 2019-07-25 | 2019-11-05 | 浙江大华技术股份有限公司 | The analysis method and device of attack, storage medium, electronic device |
| CN111565199A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network attack information processing method and device, electronic equipment and storage medium |
| CN113821792A (en) * | 2021-08-23 | 2021-12-21 | 中国电子科技网络信息安全有限公司 | Method and device for preventing model parameter stealing, computer equipment and storage medium |
Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005210601A (en) * | 2004-01-26 | 2005-08-04 | Nippon Telegr & Teleph Corp <Ntt> | Intrusion detector |
| US20070283436A1 (en) * | 2006-06-02 | 2007-12-06 | Nicholas Duffield | Method and apparatus for large-scale automated distributed denial of service attack detection |
| CN102075365A (en) * | 2011-02-15 | 2011-05-25 | 中国工商银行股份有限公司 | Method and device for locating and protecting network attack source |
| CN102724176A (en) * | 2012-02-23 | 2012-10-10 | 北京市计算中心 | Intrusion detection system facing cloud calculating environment |
| CN102790778A (en) * | 2012-08-22 | 2012-11-21 | 常州大学 | DDos (distributed denial of service) attack defensive system based on network trap |
| CN102882884A (en) * | 2012-10-13 | 2013-01-16 | 山东电力集团公司电力科学研究院 | Honeynet-based risk prewarning system and method in information production environment |
| CN103227797A (en) * | 2013-05-08 | 2013-07-31 | 上海电机学院 | Distributive management system of information network security for power enterprises |
| CN103312679A (en) * | 2012-03-15 | 2013-09-18 | 北京启明星辰信息技术股份有限公司 | APT (advanced persistent threat) detection method and system |
| CN103561004A (en) * | 2013-10-22 | 2014-02-05 | 西安交通大学 | Cooperative type active defense system based on honey nets |
| CN105376245A (en) * | 2015-11-27 | 2016-03-02 | 杭州安恒信息技术有限公司 | Rule-based detection method of ATP attack behavior |
| CN105721417A (en) * | 2015-11-16 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Honeypot apparatus carried in industrial control system, and industrial control system |
| CN105959250A (en) * | 2015-10-22 | 2016-09-21 | 杭州迪普科技有限公司 | Network attack black list management method and device |
| CN106027549A (en) * | 2016-06-30 | 2016-10-12 | 大连楼兰科技股份有限公司 | Early warning method and device for address resolution protocol (ARP) flooding attacks in local area network |
| CN107124332A (en) * | 2017-05-25 | 2017-09-01 | 天津大学 | A kind of Safety Analysis Method of wireless sensor network |
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN107294971A (en) * | 2017-06-23 | 2017-10-24 | 西安交大捷普网络科技有限公司 | The Threat sort method in server attack source |
| CN107404465A (en) * | 2016-05-20 | 2017-11-28 | 阿里巴巴集团控股有限公司 | Network data analysis method and server |
| CN107483481A (en) * | 2017-09-11 | 2017-12-15 | 杭州谷逸网络科技有限公司 | A kind of industrial control system attacking and defending analog platform and its implementation |
| CN107809321A (en) * | 2016-09-08 | 2018-03-16 | 南京联成科技发展股份有限公司 | A kind of security risk assessment and the implementation method of alarm generation |
| CN108390856A (en) * | 2018-01-12 | 2018-08-10 | 北京奇艺世纪科技有限公司 | A kind of ddos attack detection method, device and electronic equipment |
| CN108769071A (en) * | 2018-07-02 | 2018-11-06 | 腾讯科技(深圳)有限公司 | attack information processing method, device and internet of things honey pot system |
-
2018
- 2018-12-21 CN CN201811574965.6A patent/CN109696892A/en active Pending
Patent Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005210601A (en) * | 2004-01-26 | 2005-08-04 | Nippon Telegr & Teleph Corp <Ntt> | Intrusion detector |
| US20070283436A1 (en) * | 2006-06-02 | 2007-12-06 | Nicholas Duffield | Method and apparatus for large-scale automated distributed denial of service attack detection |
| CN102075365A (en) * | 2011-02-15 | 2011-05-25 | 中国工商银行股份有限公司 | Method and device for locating and protecting network attack source |
| CN102724176A (en) * | 2012-02-23 | 2012-10-10 | 北京市计算中心 | Intrusion detection system facing cloud calculating environment |
| CN103312679A (en) * | 2012-03-15 | 2013-09-18 | 北京启明星辰信息技术股份有限公司 | APT (advanced persistent threat) detection method and system |
| CN102790778A (en) * | 2012-08-22 | 2012-11-21 | 常州大学 | DDos (distributed denial of service) attack defensive system based on network trap |
| CN102882884A (en) * | 2012-10-13 | 2013-01-16 | 山东电力集团公司电力科学研究院 | Honeynet-based risk prewarning system and method in information production environment |
| CN103227797A (en) * | 2013-05-08 | 2013-07-31 | 上海电机学院 | Distributive management system of information network security for power enterprises |
| CN103561004A (en) * | 2013-10-22 | 2014-02-05 | 西安交通大学 | Cooperative type active defense system based on honey nets |
| CN105959250A (en) * | 2015-10-22 | 2016-09-21 | 杭州迪普科技有限公司 | Network attack black list management method and device |
| CN105721417A (en) * | 2015-11-16 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Honeypot apparatus carried in industrial control system, and industrial control system |
| CN105376245A (en) * | 2015-11-27 | 2016-03-02 | 杭州安恒信息技术有限公司 | Rule-based detection method of ATP attack behavior |
| CN107404465A (en) * | 2016-05-20 | 2017-11-28 | 阿里巴巴集团控股有限公司 | Network data analysis method and server |
| CN106027549A (en) * | 2016-06-30 | 2016-10-12 | 大连楼兰科技股份有限公司 | Early warning method and device for address resolution protocol (ARP) flooding attacks in local area network |
| CN107809321A (en) * | 2016-09-08 | 2018-03-16 | 南京联成科技发展股份有限公司 | A kind of security risk assessment and the implementation method of alarm generation |
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN107124332A (en) * | 2017-05-25 | 2017-09-01 | 天津大学 | A kind of Safety Analysis Method of wireless sensor network |
| CN107294971A (en) * | 2017-06-23 | 2017-10-24 | 西安交大捷普网络科技有限公司 | The Threat sort method in server attack source |
| CN107483481A (en) * | 2017-09-11 | 2017-12-15 | 杭州谷逸网络科技有限公司 | A kind of industrial control system attacking and defending analog platform and its implementation |
| CN108390856A (en) * | 2018-01-12 | 2018-08-10 | 北京奇艺世纪科技有限公司 | A kind of ddos attack detection method, device and electronic equipment |
| CN108769071A (en) * | 2018-07-02 | 2018-11-06 | 腾讯科技(深圳)有限公司 | attack information processing method, device and internet of things honey pot system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110417772A (en) * | 2019-07-25 | 2019-11-05 | 浙江大华技术股份有限公司 | The analysis method and device of attack, storage medium, electronic device |
| CN111565199A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network attack information processing method and device, electronic equipment and storage medium |
| CN111565199B (en) * | 2020-07-14 | 2021-10-01 | 腾讯科技(深圳)有限公司 | Network attack information processing method and device, electronic equipment and storage medium |
| CN113821792A (en) * | 2021-08-23 | 2021-12-21 | 中国电子科技网络信息安全有限公司 | Method and device for preventing model parameter stealing, computer equipment and storage medium |
| CN113821792B (en) * | 2021-08-23 | 2024-09-06 | 中国电子科技网络信息安全有限公司 | Method, device, computer equipment and storage medium for preventing model parameter from being stolen |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240121263A1 (en) | Autonomous report composer | |
| US12069073B2 (en) | Cyber threat defense system and method | |
| CN108933791A (en) | One kind being based on Electricity Information Network Safeguard tactics intelligent optimization method and device | |
| CN101447991B (en) | Test device used for testing intrusion detection system and test method thereof | |
| Cunningham et al. | Evaluating intrusion detection systems without attacking your friends: The 1998 DARPA intrusion detection evaluation | |
| CN107070929A (en) | A kind of industry control network honey pot system | |
| CN109696892A (en) | A kind of Safety Automation System and its control method | |
| CN103563302A (en) | Network asset information management | |
| Singh et al. | An approach to understand the end user behavior through log analysis | |
| CN101820413A (en) | Method for selecting optimized protection strategy for network security | |
| CN107295021A (en) | The safety detection method and system of a kind of main frame based on centralized management | |
| CN103295155A (en) | Security core service system monitoring method | |
| CN110149319A (en) | The method for tracing and device, storage medium, electronic device of APT tissue | |
| CN108551449A (en) | Anti-virus manages system and method | |
| Colbert et al. | A process-oriented intrusion detection method for industrial control systems | |
| CN102209006A (en) | Rule test equipment and method | |
| US20080072321A1 (en) | System and method for automating network intrusion training | |
| Xin et al. | Fuzzy feature extraction and visualization for intrusion detection | |
| Lee et al. | A study on efficient log visualization using d3 component against apt: How to visualize security logs efficiently? | |
| CN107454068A (en) | A kind of sweet net security postures cognitive method of combination Danger Immune theory | |
| Moore et al. | Discovering phishing dropboxes using email metadata | |
| CN114374530A (en) | IDS system and detection method for monitoring and analyzing based on real-time network flow | |
| Aldwairi et al. | Flukes: Autonomous log forensics, intelligence and visualization tool | |
| CN104683379A (en) | A new system for computing and debugging facing enterprise service platform with new technique of novel cloud computing | |
| Cheng et al. | Implementing IDS management on lock-keeper |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190430 |