CN109818985A - A kind of industrial control system loophole trend analysis and method for early warning and system - Google Patents
A kind of industrial control system loophole trend analysis and method for early warning and system Download PDFInfo
- Publication number
- CN109818985A CN109818985A CN201910288572.7A CN201910288572A CN109818985A CN 109818985 A CN109818985 A CN 109818985A CN 201910288572 A CN201910288572 A CN 201910288572A CN 109818985 A CN109818985 A CN 109818985A
- Authority
- CN
- China
- Prior art keywords
- attack
- probe
- control system
- early warning
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of industrial control system loophole trend analyses and method for early warning and system, comprising: several probes with core protocol in industrial control system are established in emulation, by probe deployment in public network and Intranet;Probe collects attack information in interactive mode;The industrial control system probe of emulation sends the attack information of collection in data analysis module, and data analysis module is responsible for data analysis and bug excavation;Data analysis module generates attack according to the result of data analysis and bug excavation and utilizes rule base and vulnerability database;Data analysis module utilizes rule base and vulnerability database using generated attack, and attack information analysis result is reported to safety equipment and early warning display platform by the attack information that analysis matching probe is sent back.Simulation industry control system of the present invention induces it to issue to the industrial control system of emulation and attacks, and collects its attack means, analysis loophole, the serious loophole information that exists or will be utilized into user's early warning production environment in advance.
Description
Technical field
The present invention relates to industrial control system security fields, and in particular to a kind of industrial control system loophole trend analysis and method for early warning
And system.
Background technique
Conventional information security defensive system include: firewall, UTM, IPS, IDS, vulnerability scanning system, Anti-Virus,
Terminal management system, WAF, DB-AUDIT and security monitor platform etc., from the aspect of network structure layering, product system is
It is sound, however, shortcoming is also obvious in terms of actual functional capability, it is mainly manifested in following three aspects:
1, these traditional safety products can only all resist the security threat in terms of some, form one by one
" Prevention-Security isolated island ".
2, lack and effective fusion association analysis is carried out to the information security data of magnanimity various dimensions, collaboration effect can not be generated
It answers.
3, these safety monitoring data cannot be made to become the efficient resource of upper layer security decision.
Most of these traditional Prevention-Security facilities are all by the log of safety equipment in seven layers of network of analysis to
The attack of generation is analyzed and is monitored, and the thinking of Passive Defence is substantially, and lacks network security situation awareness and connection
The ability of dynamic early warning, takes corresponding emergency measure again after detecting assault, often late, because thus
When network attack have occurred and that over, attack had resulted in irremediable loss.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of industrial control system loophole trend analysis and method for early warning and system,
Virtual production environment key control, pass through the core of analog hacker attack concern: industrial control system induces it to emulation
Industrial control system issue attack, collect its attack means, analyze loophole, exist in advance into user's early warning production environment or
The serious loophole information that will be utilized.
In order to solve the above-mentioned technical problems, the present invention provides a kind of industrial control system loophole trend analysis and method for early warning,
It is characterised by comprising:
Several probes with core protocol in industrial control system are established in emulation, and probe deployment is mutual in public network and industry
In the higher Intranet of completeness of networking;
The industrial control system probe of emulation collects attack information in interactive mode;
The industrial control system probe of emulation sends the attack information of collection in data analysis module, and data analyze mould
Block is responsible for data analysis and bug excavation;
Data analysis module generates attack according to the result of data analysis and bug excavation and utilizes rule base and vulnerability database;
Data analysis module utilizes rule base and vulnerability database using generated attack, and what analysis matching probe was sent back attacks
Information is hit, attack information analysis result is reported into safety equipment and early warning display platform.
It further comprise the side of the industrial control system probe that will emulate in a distributed manner in a preferred embodiment of the present invention
Formula is deployed in public network, induces the attack information active attack probe in public network, for probe for collecting attack information, probe will be public
The attack information collected in net is sent in data analysis module, the magnanimity that data analysis module is returned for public network deployment probe
Data are based on big data technology, carry out data analysis and bug excavation, and actually industry control is produced in statistics mass data first
The key character that environment threatens generates attack and utilizes rule base, excavates from mass data and wherein meets attack using rule
This kind of behavior is defined as vulnerability exploit and generates vulnerability database by the then behavior in library.
It further comprise the industrial control system probe deployment that will emulate in Intranet in a preferred embodiment of the present invention
In, rule base and vulnerability database, the data sent back in conjunction with the probe in Intranet are utilized using the generated attack of data analysis module
It analysis matching is carried out, is primarily based on attack using rule base, utilizes rule base Rapid matching with attack, find out and threaten
Key character, later, excavation is met attack and is analyzed using the behavior of rule with vulnerability database Data Matching from key character
Specific vulnerability information, and result and warning are reported to safety equipment and early warning display platform, play early warning and blocked dual
Effect.
In a preferred embodiment of the present invention, further comprise the core protocol being arranged on probe include: Modbus, OPC,
S7common、IEC04、EtherNet/IP、kamstrup、bacnet。
In a preferred embodiment of the present invention, further comprise probe interactive process include: simulation host computer and industry control
The communication process of system processed, including read ver, wirte read write command, start, stop function code, register value modification interaction
Operation, wherein the functional code of depth interaction utilizes, register value is modified, and it is anti-that probe can make actual strain to these operations
It answers, the data on flows packet of various heterogeneous networks request methods is monitored and captured using the flow tool of arresting, stored to big number
According in middleware, probe has used mirror image technology to be packaged, and is unified on early warning display platform and carries out line deployment up and down.
In a preferred embodiment of the present invention, further comprise can also by the engineer station of probe deployment to Intranet or
On scada server.
It further comprise establishing early warning display platform and patch forwarding platform, early warning in a preferred embodiment of the present invention
Display platform concentrates industry control environmental construction completeness in attack trend and the monitoring range shown in monitoring range;Patch forwarding
Platform pushes warning information and patch restoration information for the enterprise where user, to it.
It further comprise the attack information analysis result for obtaining data analysis module in a preferred embodiment of the present invention
With safety linkage, attack information is submitted into safety equipment and records preservation, while also will attack information and entire production
The abnormal log connection of environment, reaches anomalous presentation consistency, breaks " information island " formula security protection system.
In order to solve the above-mentioned technical problem, the present invention also provides a kind of industrial control system loophole trend analyses and early warning system
System, including data collection module, data storage medium, data analysis module, early warning display platform and patch forwarding platform;
The data collection module includes the probe with core protocol in industrial control system of distributed deployment, described
Probe deployment is in public network and the higher Intranet of industry internet completeness, for collecting the letter of the attack in public network or Intranet
Breath;
The data storage medium is used to store the attack information that the data collection module is collected, and attack information is turned
It is sent to data analysis module;
The data analysis module includes database generation unit and data analysis matching unit, and database generation unit is used
Rule base and vulnerability database are utilized in generating attack, database matching unit utilizes rule base and loophole using generated attack
Attack information analysis result is reported to safety equipment, early warning display platform by library, the attack information that analysis matching probe is sent back
With patch forwarding platform.
Industry control ring in the attack trend and monitoring range that the early warning display platform is used to concentrate show in monitoring range
Completeness is built in border;The patch forwarding platform pushes warning information and patch reparation letter for the enterprise where user, to it
Breath.
Beneficial effects of the present invention:
Analogue simulation industrial control system of the present invention, inducing immune attack information are issued to the industrial control system of emulation and are attacked,
According to the attack information of collection, establishes attack and utilize rule base and vulnerability database, analysis mainstream is attacked trend, provided a user in real time
Threat early warning, user can prevent trouble before it happens, and repair the implicit loophole of production environment in time, meanwhile, also avoid production environment
Because producing contingency caused by receiving detection.
Compared to traditional industry control defense system: the attack having occurred and that is analyzed and is monitored, be substantially by
The thinking of dynamic defence lacks the ability of network security situation awareness and the early warning that links, after detecting assault again
Corresponding emergency measure is taken, often late, because network attack is had occurred and that at this time, attack is had resulted in
Irremediable loss.
The present invention does not need the leakage for collecting authoritative website publication in real time no longer merely using specific vulnerability information as fingerprint base
Hole information, to guarantee the authority of itself fingerprint base, hacker attack means are changeable and abundant, and until authority's publication, timeliness is big
It is big to reduce.The present invention under the same conditions, can provide one directed entirely to production for industrial control system with production environment
The solution of core;Probe portion of the invention is to simulate the core protocol of all kinds of PLC controllers, can be freely deployed in
Public network or the higher Intranet of industry internet completeness;It is real as the target of inducing immune attack when probe deployment is in public network
When collect industry control vulnerability exploit mode popular at present, push newest loophole for user and threaten trend and establish database,
When probe deployment is in Intranet, it can be disposed with true industrial control equipment parallel connection, when Intranet is by attacking, give Security Officer one
Fixed buffer time captures loophole according to established database in advance and attacks and issue the user with early warning, at the same time will
Attack information submits to safety equipment, is blocked, reaches the defence purpose for not influencing production environment.
Detailed description of the invention
Fig. 1 is the flow chart of a kind of trend analysis of industrial control system loophole and method for early warning of the invention;
Fig. 2 is the frame diagram of a kind of trend analysis of industrial control system loophole and early warning system of the invention;
Fig. 3 is the technological frame figure of the invention by probe deployment in public network;
Fig. 4 is the technological frame figure of the invention by probe deployment in Intranet.
Figure label explanation: 10, data collection module;20, data storage medium;30, data analysis module;301, data
Library generation unit;302, data analyze matching unit;40, early warning display platform and patch forwarding platform;50, safety equipment.
Specific embodiment
The present invention will be further explained below with reference to the attached drawings and specific examples, so that those skilled in the art can be with
It more fully understands the present invention and can be practiced, but illustrated embodiment is not as a limitation of the invention.
Shown in referring to Fig.1, an embodiment of the trend analysis of industrial control system loophole and method for early warning of the invention, emulation is established
Several probes with core protocol in industrial control system are higher in public network or industry internet completeness by probe deployment
Intranet in;The industrial control system probe of emulation collects attack information in interactive mode;The industrial control system of emulation is visited
Needle sends the attack information of collection in data analysis module, and data analysis module is responsible for data analysis and bug excavation;
Data analysis module generates attack according to the result of data analysis and bug excavation and utilizes rule base and vulnerability database;Data analyze mould
Block utilizes rule base and vulnerability database using generated attack, and the attack information that analysis matching probe is sent back will attack information
Analysis result reports to safety equipment and early warning display platform.
In S1 step, the core protocol includes interface protocol in industrial control system, network protocol, communication protocols
View, such as the domestic and international common industry control of Modbus, OPC, S7common, IEC04, EtherNet/IP, kamstrup, bacnet
Agreement.
The probe has used mirror image technology to be packaged, and is unified on early warning display platform and carries out line distribution portion up and down
Administration, not only ensure that all standing of probe deployment network but also eliminates the worry installed manually.
In S2 step, the interactive process of the probe mainly simulates host computer and plc communication process, including read
Ver, wirte read write command, start, the interactive operations such as stop function code, register value modification, wherein depth interaction is functional
Code utilizes, register value is modified, and probe can make actual strain responses to these operations, enough in request time to guarantee
In the case of the data integrity that captures, the flow number of various heterogeneous networks request methods is monitored and captured using the flow tool of arresting
According to packet, stored into big data middleware.
In S3~S4 step, probe deployment is established into database in public network, the database includes that attack utilizes rule
Library and vulnerability database, referring to shown in Fig. 3, the process of Database is the following steps are included: by the industrial control system probe of emulation
It is deployed in public network in a distributed fashion, induces the attack information active attack probe in public network, probe is for collecting attack
Information, probe send the attack information collected in public network in data analysis module, and data analysis module is disposed for public network
The mass data that probe returns is based on big data technology, carries out data analysis and bug excavation, real in statistics mass data first
The key character that border threatens for industry control production environment generates attack and utilizes rule base, utilizes in rule base and dig from attack
Pick wherein meets attack using the behavior of rule, this kind of behavior is defined as vulnerability exploit and generates vulnerability database, and attack utilizes rule
The key character to threaten for industry control production environment is then defined in library, and specific attack is defined in vulnerability database,
Such mode can quickly be filtered out from the attack information of magnanimity for industry control production environment by key character matching first
The information to threaten matches vulnerability database by the dangerous information after screening again, locks specific attack.
In S5 step, by probe deployment in Intranet, the attack information and date library information of detection attack Intranet is than matching
Process, referring to shown in Fig. 4, comprising the following steps: by the industrial control system probe deployment of emulation in Intranet, utilize data point
It analyses the generated attack of module and utilizes rule base and vulnerability database, the data sent back in conjunction with the probe in Intranet carry out analysis matching,
Attack is primarily based on using rule base, rule base Rapid matching is utilized with attack, finds out the key character to threaten, it
Afterwards, it is excavated from key character and meets the behavior that attack utilizes rule, with vulnerability database Data Matching, analyze specific loophole letter
Breath, and result and warning are reported to safety equipment and early warning display platform, play a dual role of early warning and blocked.
In the present embodiment, deployment in parallel with safety equipment, finally will be uploaded to peace with the matched attack information of vulnerability database
Attack information is submitted to peace by full equipment, the attack information analysis result that data analysis module is obtained and safety linkage
Full equipment simultaneously records preservation, facilitates the Performance And Reliability for promoting safety equipment, while also will attack information and entire production
The abnormal log connection of environment, reaches anomalous presentation consistency, breaks " information island " formula security protection system, can be true with Intranet
Industrial control system actual situation combines, and is equivalent to the software production system of one disengaging hardware environment of reconstruction, is not influencing real production
Under the premise of line, the purpose of protection industrial control system safety is completed.
In the present embodiment, early warning display platform and patch forwarding platform are established, early warning display platform, which is concentrated, shows monitoring
Industry control environmental construction completeness in attack trend and monitoring range in range;Patch forwarding platform is for the enterprise where user
Industry pushes warning information and patch restoration information to it.
In another embodiment, can also by the engineer station of probe deployment to Intranet or scada server, or
Probe can be connected serially to key line, but such way is the most extreme, needs the control system in entire production system will
It is added to trust list, and Ying Jinliang is avoided.
Based on above-mentioned industrial control system loophole trend analysis and method for early warning, referring to shown in Fig. 2, industrial control system leakage of the invention
One embodiment of hole trend analysis and early warning system, including data collection module 10, data storage medium 20, data analysis module
30, early warning display platform and patch forwarding platform 40;
The data collection module 10 includes the probe with core protocol in industrial control system of distributed deployment, institute
Probe deployment is stated in public network and the higher Intranet of industry internet completeness, for collecting the letter of the attack in public network or Intranet
Breath;
The data storage medium 20 is used to store the attack information that the data collection module 10 is collected, and attack is believed
Breath is forwarded to data analysis module 30;
The 30 bag data library generation unit 301 of data analysis module and data analyze matching unit 302, and database generates
Unit 301 utilizes rule base and vulnerability database for generating attack, and database matching unit 302 utilizes rule using generated attack
Then library and vulnerability database, the attack information that sends back of analysis matching probe, will attack information analysis result report to safety equipment 50,
Early warning display platform and patch forwarding platform 40.
Industry control ring in the attack trend and monitoring range that the early warning display platform is used to concentrate show in monitoring range
Completeness is built in border;The patch forwarding platform pushes warning information and patch reparation letter for the enterprise where user, to it
Breath.
Embodiment described above is only to absolutely prove preferred embodiment that is of the invention and being lifted, protection model of the invention
It encloses without being limited thereto.Those skilled in the art's made equivalent substitute or transformation on the basis of the present invention, in the present invention
Protection scope within.Protection scope of the present invention is subject to claims.
Claims (9)
1. a kind of industrial control system loophole trend analysis and method for early warning characterized by comprising
Several probes with core protocol in industrial control system are established in emulation, by probe deployment in public network and industry internet
In the higher Intranet of completeness;
The industrial control system probe of emulation collects attack information in interactive mode;
The industrial control system probe of emulation sends the attack information of collection in data analysis module, and data analysis module is negative
Duty is to data analysis and bug excavation;
Data analysis module generates attack according to the result of data analysis and bug excavation and utilizes rule base and vulnerability database;
Data analysis module utilizes rule base and vulnerability database, the attack letter that analysis matching probe is sent back using generated attack
Attack information analysis result is reported to safety equipment and early warning display platform by breath.
2. industrial control system loophole trend analysis as described in claim 1 and method for early warning, which is characterized in that by the industry of emulation
Control system probe is deployed in public network in a distributed fashion, induces the attack information active attack probe in public network, probe
Information is attacked for collecting, probe sends the attack information collected in public network in data analysis module, data analysis module
The mass data returned for public network deployment probe is based on big data technology, carries out data analysis and bug excavation, counts first
The key character actually to threaten for industry control production environment in mass data generates attack and utilizes rule base, from magnanimity number
It is excavated in and meets the behavior that attack utilizes rule base, this kind of behavior is defined as vulnerability exploit and generates vulnerability database.
3. industrial control system loophole trend analysis as claimed in claim 2 and method for early warning, which is characterized in that by the industry of emulation
Control system probe deployment utilizes rule base and vulnerability database in Intranet, using the generated attack of data analysis module, in conjunction with
The data that probe in Intranet is sent back to carry out analysis matching, are primarily based on attack using rule base, utilize rule base fast with attack
Speed matching, finds out the key character to threaten, later, excavates from key character and meets the behavior that attack utilizes rule,
With vulnerability database Data Matching, specific vulnerability information is analyzed, and result and warning are reported to safety equipment and early warning displaying
Platform plays a dual role of early warning and blocks.
4. the trend analysis of industrial control system loophole and method for early warning as described in claim 1 any one, which is characterized in that probe
The core protocol of upper setting includes: Modbus, OPC, S7common, IEC04, EtherNet/IP, kamstrup, bacnet.
5. industrial control system loophole trend analysis as claimed in claim 4 and method for early warning, which is characterized in that probe interactive process
It include: to simulate the communication process of host computer and industrial control system, including read ver, wirte read write command, start, stop
Function code, register value modify interactive operation, and wherein the functional code of depth interaction utilizes, register value is modified, and probe can be to this
Actual strain responses are made in a little operations, and the flow of various heterogeneous networks request methods is monitored and captured using the flow tool of arresting
Data packet is stored into big data middleware, and probe has used mirror image technology to be packaged, and is unified in early warning display platform
Upper progress line deployment up and down.
6. industrial control system loophole trend analysis as described in claim 1 and method for early warning, which is characterized in that can also be by probe
It is deployed on the engineer station or scada server of Intranet.
7. industrial control system loophole trend analysis as described in claim 1 and method for early warning, which is characterized in that establish early warning displaying
Platform and patch forwarding platform, early warning display platform concentrate industry control in attack trend and the monitoring range shown in monitoring range
Environmental construction completeness;Patch forwarding platform pushes warning information and patch restoration information for the enterprise where user, to it.
8. industrial control system loophole trend analysis as described in claim 1 and method for early warning, which is characterized in that data are analyzed mould
Attack information is submitted to safety equipment and records preservation, together by the attack information analysis result and safety linkage that block obtains
When also will attack information and entire production environment abnormal log connection, reach anomalous presentation consistency, break " information island "
Formula security protection system.
9. a kind of industrial control system loophole trend analysis and early warning system, which is characterized in that stored including data collection module, data
Medium, data analysis module, early warning display platform and patch forwarding platform;
The data collection module includes the probe with core protocol in industrial control system of distributed deployment, the probe
It is deployed in public network and the higher Intranet of industry internet completeness, for collecting the attack information in public network or Intranet;
The data storage medium is used to store the attack information that the data collection module is collected, and attack information is forwarded to
Data analysis module;
Data analysis module bag data library generation unit and data analyze matching unit, and database generation unit is for generating
Attack utilizes rule base and vulnerability database, and database matching unit utilizes rule base and vulnerability database, analysis using generated attack
Attack information analysis result is reported to safety equipment, early warning display platform and patch by the attack information that matching probe is sent back
Forwarding platform.
Industry control environment is built in the attack trend and monitoring range that the early warning display platform is used to concentrate show in monitoring range
If completeness;The patch forwarding platform pushes warning information and patch restoration information for the enterprise where user, to it.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910288572.7A CN109818985B (en) | 2019-04-11 | 2019-04-11 | Industrial control system vulnerability trend analysis and early warning method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910288572.7A CN109818985B (en) | 2019-04-11 | 2019-04-11 | Industrial control system vulnerability trend analysis and early warning method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109818985A true CN109818985A (en) | 2019-05-28 |
| CN109818985B CN109818985B (en) | 2021-06-22 |
Family
ID=66611688
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910288572.7A Active CN109818985B (en) | 2019-04-11 | 2019-04-11 | Industrial control system vulnerability trend analysis and early warning method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109818985B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110149350A (en) * | 2019-06-24 | 2019-08-20 | 国网安徽省电力有限公司信息通信分公司 | A kind of associated assault analysis method of alarm log and device |
| CN110475227A (en) * | 2019-07-26 | 2019-11-19 | 上海帆一尚行科技有限公司 | The method, apparatus of car networking protecting information safety, system, electronic equipment |
| CN110658796A (en) * | 2019-10-10 | 2020-01-07 | 江苏亨通工控安全研究院有限公司 | Method for identifying industrial control network key component |
| CN110708332A (en) * | 2019-10-18 | 2020-01-17 | 河南中烟工业有限责任公司 | Cigarette network safety protection method |
| CN110866278A (en) * | 2019-11-14 | 2020-03-06 | 吉林亿联银行股份有限公司 | Method and device for blocking real-time intrusion of database |
| CN111404917A (en) * | 2020-03-11 | 2020-07-10 | 江苏亨通工控安全研究院有限公司 | Industrial control simulation equipment-based threat information analysis and detection method and system |
| CN111585969A (en) * | 2020-04-13 | 2020-08-25 | 上海核工程研究设计院有限公司 | Industrial control network security impact analysis method based on function analysis |
| CN111680906A (en) * | 2020-06-03 | 2020-09-18 | 贵州航天云网科技有限公司 | Industrial control system safety detection and early warning oriented system construction method and device |
| CN111913430A (en) * | 2020-06-30 | 2020-11-10 | 物耀安全科技(杭州)有限公司 | Detection and protection method and system for control behavior of industrial control system |
| CN112688938A (en) * | 2020-12-22 | 2021-04-20 | 太原微木智能装备有限公司 | Network performance measurement system and method based on attack and defense mode |
| CN113315771A (en) * | 2021-05-28 | 2021-08-27 | 苗叶 | Safety event warning device and method based on industrial control system |
| CN113592034A (en) * | 2021-08-23 | 2021-11-02 | 广州梦源信息科技有限公司 | Content push method and AI (Artificial Intelligence) management and control system based on big data visualization mining processing |
| CN113671909A (en) * | 2021-06-30 | 2021-11-19 | 云南昆钢电子信息科技有限公司 | Safety monitoring system and method for steel industrial control equipment |
| CN114301640A (en) * | 2021-12-15 | 2022-04-08 | 中电信数智科技有限公司 | Method and system for attack and defense drilling based on SRv6 network protocol |
| CN114986105A (en) * | 2022-07-02 | 2022-09-02 | 绍兴市上虞幼发轴承有限公司 | Rolling bearing production process |
| CN115102738A (en) * | 2022-06-15 | 2022-09-23 | 珠海市鸿瑞信息技术股份有限公司 | Equipment base station health situation perception system and method based on network attack trend |
| CN116318783A (en) * | 2022-12-05 | 2023-06-23 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
| CN116578995A (en) * | 2023-07-13 | 2023-08-11 | 汉兴同衡科技集团有限公司 | Anti-attack information security vulnerability analysis method, system, terminal and medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103561004A (en) * | 2013-10-22 | 2014-02-05 | 西安交通大学 | Cooperative type active defense system based on honey nets |
| US20140330695A1 (en) * | 2013-05-06 | 2014-11-06 | Viridity Energy, Inc. | Facilitating revenue generation from wholesale electricity markets based on a self-tuning energy asset model |
| CN105721417A (en) * | 2015-11-16 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Honeypot apparatus carried in industrial control system, and industrial control system |
| CN107070929A (en) * | 2017-04-20 | 2017-08-18 | 中国电子技术标准化研究院 | A kind of industry control network honey pot system |
| CN107221140A (en) * | 2017-06-14 | 2017-09-29 | 广州云峰信息科技有限公司 | A kind of business intelligence monitoring and early warning platform |
| CN108769022A (en) * | 2018-05-29 | 2018-11-06 | 浙江大学 | A kind of industrial control system safety experiment platform for penetration testing |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
-
2019
- 2019-04-11 CN CN201910288572.7A patent/CN109818985B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140330695A1 (en) * | 2013-05-06 | 2014-11-06 | Viridity Energy, Inc. | Facilitating revenue generation from wholesale electricity markets based on a self-tuning energy asset model |
| CN103561004A (en) * | 2013-10-22 | 2014-02-05 | 西安交通大学 | Cooperative type active defense system based on honey nets |
| CN105721417A (en) * | 2015-11-16 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Honeypot apparatus carried in industrial control system, and industrial control system |
| CN107070929A (en) * | 2017-04-20 | 2017-08-18 | 中国电子技术标准化研究院 | A kind of industry control network honey pot system |
| CN107221140A (en) * | 2017-06-14 | 2017-09-29 | 广州云峰信息科技有限公司 | A kind of business intelligence monitoring and early warning platform |
| CN108769022A (en) * | 2018-05-29 | 2018-11-06 | 浙江大学 | A kind of industrial control system safety experiment platform for penetration testing |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110149350B (en) * | 2019-06-24 | 2021-11-05 | 国网安徽省电力有限公司信息通信分公司 | Network attack event analysis method and device associated with alarm log |
| CN110149350A (en) * | 2019-06-24 | 2019-08-20 | 国网安徽省电力有限公司信息通信分公司 | A kind of associated assault analysis method of alarm log and device |
| CN110475227A (en) * | 2019-07-26 | 2019-11-19 | 上海帆一尚行科技有限公司 | The method, apparatus of car networking protecting information safety, system, electronic equipment |
| CN110475227B (en) * | 2019-07-26 | 2022-03-22 | 上海帆一尚行科技有限公司 | Method, device and system for protecting information security of Internet of vehicles and electronic equipment |
| CN110658796B (en) * | 2019-10-10 | 2020-11-17 | 江苏亨通工控安全研究院有限公司 | Method for identifying industrial control network key component |
| CN110658796A (en) * | 2019-10-10 | 2020-01-07 | 江苏亨通工控安全研究院有限公司 | Method for identifying industrial control network key component |
| CN110708332A (en) * | 2019-10-18 | 2020-01-17 | 河南中烟工业有限责任公司 | Cigarette network safety protection method |
| CN110866278A (en) * | 2019-11-14 | 2020-03-06 | 吉林亿联银行股份有限公司 | Method and device for blocking real-time intrusion of database |
| CN111404917B (en) * | 2020-03-11 | 2022-10-04 | 江苏亨通工控安全研究院有限公司 | Industrial control simulation equipment-based threat information analysis and detection method and system |
| CN111404917A (en) * | 2020-03-11 | 2020-07-10 | 江苏亨通工控安全研究院有限公司 | Industrial control simulation equipment-based threat information analysis and detection method and system |
| CN111585969A (en) * | 2020-04-13 | 2020-08-25 | 上海核工程研究设计院有限公司 | Industrial control network security impact analysis method based on function analysis |
| CN111585969B (en) * | 2020-04-13 | 2022-07-22 | 上海核工程研究设计院有限公司 | Industrial control network security impact analysis method based on function analysis |
| CN111680906A (en) * | 2020-06-03 | 2020-09-18 | 贵州航天云网科技有限公司 | Industrial control system safety detection and early warning oriented system construction method and device |
| CN111913430A (en) * | 2020-06-30 | 2020-11-10 | 物耀安全科技(杭州)有限公司 | Detection and protection method and system for control behavior of industrial control system |
| CN112688938B (en) * | 2020-12-22 | 2023-09-29 | 太原微木智能装备有限公司 | Network performance measurement system and method based on attack and defense modes |
| CN112688938A (en) * | 2020-12-22 | 2021-04-20 | 太原微木智能装备有限公司 | Network performance measurement system and method based on attack and defense mode |
| CN113315771A (en) * | 2021-05-28 | 2021-08-27 | 苗叶 | Safety event warning device and method based on industrial control system |
| CN113315771B (en) * | 2021-05-28 | 2023-06-27 | 苗叶 | Safety event alarm device and method based on industrial control system |
| CN113671909A (en) * | 2021-06-30 | 2021-11-19 | 云南昆钢电子信息科技有限公司 | Safety monitoring system and method for steel industrial control equipment |
| CN113592034A (en) * | 2021-08-23 | 2021-11-02 | 广州梦源信息科技有限公司 | Content push method and AI (Artificial Intelligence) management and control system based on big data visualization mining processing |
| CN114301640A (en) * | 2021-12-15 | 2022-04-08 | 中电信数智科技有限公司 | Method and system for attack and defense drilling based on SRv6 network protocol |
| CN114301640B (en) * | 2021-12-15 | 2023-09-01 | 中电信数智科技有限公司 | Attack and defense exercise method and system based on SRv6 network protocol |
| CN115102738A (en) * | 2022-06-15 | 2022-09-23 | 珠海市鸿瑞信息技术股份有限公司 | Equipment base station health situation perception system and method based on network attack trend |
| CN115102738B (en) * | 2022-06-15 | 2023-02-10 | 珠海市鸿瑞信息技术股份有限公司 | Equipment base station health situation perception system and method based on network attack trend |
| CN114986105A (en) * | 2022-07-02 | 2022-09-02 | 绍兴市上虞幼发轴承有限公司 | Rolling bearing production process |
| CN116318783A (en) * | 2022-12-05 | 2023-06-23 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
| CN116318783B (en) * | 2022-12-05 | 2023-08-22 | 浙江大学 | Network industrial control equipment safety monitoring method and device based on safety index |
| CN116578995A (en) * | 2023-07-13 | 2023-08-11 | 汉兴同衡科技集团有限公司 | Anti-attack information security vulnerability analysis method, system, terminal and medium |
| CN116578995B (en) * | 2023-07-13 | 2023-09-15 | 汉兴同衡科技集团有限公司 | Anti-attack information security vulnerability analysis method, system, terminal and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109818985B (en) | 2021-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109818985A (en) | A kind of industrial control system loophole trend analysis and method for early warning and system | |
| Lippmann et al. | The 1999 DARPA off-line intrusion detection evaluation | |
| CN107659543B (en) | Protection method for APT (android packet) attack of cloud platform | |
| CN112291232B (en) | Safety capability and safety service chain management platform based on tenants | |
| CN101567887B (en) | Vulnerability simulation overload honeypot method | |
| CN107070929A (en) | A kind of industry control network honey pot system | |
| Mukherjee et al. | Network intrusion detection | |
| CN109167796A (en) | A kind of deep-packet detection platform based on industrial SCADA system | |
| CN108111482A (en) | A kind of intelligent grid industrial control network safety test system and test method | |
| CN106371986A (en) | Log treatment operation and maintenance monitoring system | |
| CN112383538B (en) | Hybrid high-interaction industrial honeypot system and method | |
| CN112383546A (en) | Method for processing network attack behavior, related device and storage medium | |
| Barbosa et al. | Exploiting traffic periodicity in industrial control networks | |
| Dalamagkas et al. | A survey on honeypots, honeynets and their applications on smart grid | |
| CN111049827A (en) | Network system safety protection method, device and related equipment | |
| Cao et al. | Dipot: A distributed industrial honeypot system | |
| CN105871775B (en) | A kind of safety protecting method and DPMA Protection Model | |
| Suo et al. | Research on the application of honeypot technology in intrusion detection system | |
| CN109802966A (en) | A kind of network intrusions behavioural analysis detection method based on letter frame | |
| Lui et al. | Agent-based network intrusion detection system using data mining approaches | |
| Li et al. | Application of new active defense technology in power information network security | |
| CN108366088A (en) | A kind of information security early warning system for Instructing network | |
| Furfaro et al. | Gathering Malware Data through High-Interaction Honeypots. | |
| Zhang et al. | Design and implementation of a network based intrusion detection systems | |
| Xu et al. | Mobile communication security defense method based on honeypot technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |