CN110266735A - Industry communications protocol white list access control based on timing - Google Patents
Industry communications protocol white list access control based on timing Download PDFInfo
- Publication number
- CN110266735A CN110266735A CN201910692012.8A CN201910692012A CN110266735A CN 110266735 A CN110266735 A CN 110266735A CN 201910692012 A CN201910692012 A CN 201910692012A CN 110266735 A CN110266735 A CN 110266735A
- Authority
- CN
- China
- Prior art keywords
- control
- timing
- industrial
- access control
- white list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Communication Control (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the industry communications protocol white list access controls based on timing, step 1: being learnt by long-time, the industrial control protocols obtained in industrial control network exchange data, step 2: all control commands in each message in parsing industrial control protocols interaction, step 3: record control protocol control instruction and timing values, step 4: industrial control protocols Interaction context control planning chain is added in access control policy chain, guide the matched control strategy matching condition of access control, utilize the logical sequence relationship of big data processing technique analytical industry control protocol control instruction, and calculate the context of this access control instruction, the beneficial effects of the present invention are: the industry communications protocol white list access control based on timing, solves the fine granularity that access control technology in current white list technology is single dimension Access control lacks the control of time dimension, can not reach the significant deficiency of believable degree.
Description
Technical field
The present invention relates to white list access technique field, specific field is that the industry communications protocol white list based on timing is visited
Ask control.
Background technique
White list technology widely uses in industrial control network safety, relative to traditional black name of network security
Single technology is completed to build the white list of Industry Control communications protocol by intelligence learning more suitable for industrial control network environment
Mould.By to the industrial protocol parsing and identification in industrial control network, the control word for parsing industrial control protocols of depth
Section models the white name of industrial control protocols so that the protocol integrated test system learnt in all communication process instructs with control codomain field
Single model, and then depth, the fine-grained access for controlling industry control agreement are carried out using white list, reach abnormal access business
Control instruction can not access the purpose of industrial control equipment, prevent malice from controlling attack, so that safeguard industries control is set
The safety of standby safety, industrial control network.
Summary of the invention
The purpose of the present invention is to provide the industry communications protocol white list access controls based on timing, to solve above-mentioned back
The problem of being proposed in scape technology.
To achieve the above object, the invention provides the following technical scheme: the industry communications protocol white list based on timing is visited
Ask control, comprising the following steps:
Step 1: being learnt by long-time, the industrial control protocols obtained in industrial control network exchange data.
Step 2: all control commands in each message in parsing industrial control protocols interaction.
Step 3: being closed by the control that the technology of artificial intelligence and big data finds out the interaction of industrial control protocols control command
System forms industrial control protocols Interaction context control planning chain, and utilizes big data processing technique analytical industry control protocol
The logical sequence relationship of control instruction records control protocol control instruction and timing values.
Step 4: industrial control protocols Interaction context control planning chain being added in access control policy chain, guides and visits
It asks control matched control strategy matching condition, utilizes the logic of big data processing technique analytical industry control protocol control instruction
Sequential relationship, and the context of this access control instruction is calculated, and record.
Step 5: calculating the logical sequence value of this access control instruction.
Step 6: above-mentioned numerical value being matched by matching contextual policies, it fails to match then by packet loss, matching
Success carries out further work.
Step 7: when the success of above-mentioned values match, needing to carry out matching timing strategy to it, it fails to match then by message
It abandons, successful match carries out further work.
Step 8: when the success of above-mentioned values match, needing to carry out it to match industrial protocol white list, it fails to match then
By packet loss, then message passes through successful match.
Preferably, the control environment of the industrial control equipment has certain relevance.
Preferably, the control environment of the industrial control equipment has certain timing.
Compared with prior art, the beneficial effects of the present invention are: the industry communications protocol white list based on timing accesses control
System, solves the fine-granularity access control that access control technology in current white list technology is single dimension, lacks time dimension
Control, the significant deficiency of believable degree can not be reached, more meet the theory of the feasible access of industrial control network, allow hacker
It can not be attacked for industrial control protocols.
Detailed description of the invention
Fig. 1 is the structural diagram of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
It please refers to Fig. 1 present invention and technical solution: the industry communications protocol white list access control based on timing is provided, including
Following steps:
Step 1: being learnt by long-time, the industrial control protocols obtained in industrial control network exchange data.
Step 2: all control commands in each message in parsing industrial control protocols interaction.
Step 3: being closed by the control that the technology of artificial intelligence and big data finds out the interaction of industrial control protocols control command
System forms industrial control protocols Interaction context control planning chain, and utilizes big data processing technique analytical industry control protocol
The logical sequence relationship of control instruction records control protocol control instruction and timing values.
Step 4: industrial control protocols Interaction context control planning chain being added in access control policy chain, guides and visits
It asks control matched control strategy matching condition, utilizes the logic of big data processing technique analytical industry control protocol control instruction
Sequential relationship, and the context of this access control instruction is calculated, and record.
Step 5: calculating the logical sequence value of this access control instruction.
Step 6: above-mentioned numerical value being matched by matching contextual policies, it fails to match then by packet loss, matching
Success carries out further work.
Step 7: when the success of above-mentioned values match, needing to carry out matching timing strategy to it, it fails to match then by message
It abandons, successful match carries out further work.
Step 8: when the success of above-mentioned values match, needing to carry out it to match industrial protocol white list, it fails to match then
By packet loss, then message passes through successful match.
Current industrial control protocols white list access control technology is the fine-granularity access control of single dimension, when lacking
Between dimension control, believable degree, such as modbus-TCP agreement can not be reached, it is sharp in Schneider Quantum series of PLC
With No. 90 function codes in modbus agreement specification come start and stop PLC, there are many attacks that No. 90 function codes are utilized at present
Production is destroyed, but PLC is carried out start and stop not representing being exactly to attack in industrial control network, because in industrial production environment
It can schedule reboot PLC.There is such as modbus's to write register instruction again, although the product of market can learn to this at present
Instruction, and white list is generated, but defect is that this instruction of Life cycle is all believable, but attacker often also can use
The mesh that this instruction controls the industrial control equipments such as PLC, and then reaches its business, extorts, endangers national basis facility
, so current industrial protocol white list technology can not accomplish the control to these risks, the control ring of industrial control equipment
There is certain relevance in border, there is certain timing, so the white list control to industrial control protocols needs two dimensions
Control, so as to further achieve the purpose that complete credible access control.
Specifically, the control environment of the industrial control equipment has certain relevance.
Control command access incidence relation modeling to industrial control equipment, above and below industrial control equipment control command
Text association, that is, the control incidence relation modeling of control command sequence.
Specifically, the control environment of the industrial control equipment has certain timing.
Timing in the control access environment of industry control equipment is modeled, the execution of control command is carried out
Relative time is analyzed and is calculated, to create the time Controlling model of corresponding different command white list.
Working principle: the present invention passes through first to be learnt for a long time, and the industrial control protocols obtained in industrial control network are handed over
Change data, all control commands in each message in parsing industrial control protocols interaction pass through artificial intelligence and big data
Technology finds out the control planning of industrial control protocols control command interaction, forms industrial control protocols Interaction context control planning
Chain, and using the logical sequence relationship of big data processing technique analytical industry control protocol control instruction, record control protocol control
System instruction and timing values, industrial control protocols Interaction context control planning chain are added in access control policy chain, are guided
The matched control strategy matching condition of access control, utilizes patrolling for big data processing technique analytical industry control protocol control instruction
Sequential relationship is collected, and calculates the context of this access control instruction, and record, when calculating the logic of this access control instruction
Sequence value matches above-mentioned numerical value by matching contextual policies, and it fails to match then by packet loss, and successful match carries out down
The work of one step needs to carry out matching timing strategy to it when the success of above-mentioned values match, and it fails to match then by packet loss,
Successful match carries out further work, when the success of above-mentioned values match, needs to carry out it to match industrial protocol white list,
With failure then by packet loss, then message passes through successful match.
In the description of the present invention unless specifically defined or limited otherwise, term " installation ", " connected ", " connection ",
" fixation " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or integral;It can be machinery
Connection, is also possible to be electrically connected;It can be directly connected, two elements can also be can be indirectly connected through an intermediary
The interaction relationship of internal connection or two elements.It for the ordinary skill in the art, can be with concrete condition
Understand the concrete meaning of above-mentioned term in the present invention.
The standardized element that the present invention uses can commercially, and shaped piece is according to specification and attached drawing note
Load can carry out customized, and the specific connection type of each part is all made of in the prior art mature bolt, rivet, welding etc.
Conventional means, mechanical, part and equipment are all made of in the prior art, conventional model, in addition circuit connection uses the prior art
Middle conventional connection type, this will not be detailed here.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with
A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding
And modification, the scope of the present invention is defined by the appended.
Claims (3)
1. the industry communications protocol white list access control based on timing, it is characterised in that: the following steps are included:
Step 1: being learnt by long-time, the industrial control protocols obtained in industrial control network exchange data.
Step 2: all control commands in each message in parsing industrial control protocols interaction.
Step 3: the control planning of industrial control protocols control command interaction, shape are found out by the technology of artificial intelligence and big data
Refer at industrial control protocols Interaction context control planning chain, and using the control of big data processing technique analytical industry control protocol
The logical sequence relationship of order records control protocol control instruction and timing values.
Step 4: industrial control protocols Interaction context control planning chain being added in access control policy chain, access control is guided
Matched control strategy matching condition is made, the logical sequence of big data processing technique analytical industry control protocol control instruction is utilized
Relationship, and the context of this access control instruction is calculated, and record.
Step 5: calculating the logical sequence value of this access control instruction.
Step 6: above-mentioned numerical value being matched by matching contextual policies, it fails to match then by packet loss, successful match
Carry out further work.
Step 7: when the success of above-mentioned values match, need to carry out matching timing strategy to it, it fails to match then by packet loss,
Successful match carries out further work.
Step 8: when the success of above-mentioned values match, needing to carry out it to match industrial protocol white list, it fails to match then will report
Text abandons, and then message passes through successful match.
2. the industry communications protocol white list access control according to claim 1 based on timing, it is characterised in that: described
The control environment of industrial control equipment has certain relevance.
3. the industry communications protocol white list access control according to claim 1 based on timing, it is characterised in that: described
The control environment of industrial control equipment has certain timing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910692012.8A CN110266735B (en) | 2019-07-30 | 2019-07-30 | Industrial communication protocol white list access control method based on time sequence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910692012.8A CN110266735B (en) | 2019-07-30 | 2019-07-30 | Industrial communication protocol white list access control method based on time sequence |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110266735A true CN110266735A (en) | 2019-09-20 |
| CN110266735B CN110266735B (en) | 2021-08-27 |
Family
ID=67912339
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910692012.8A Active CN110266735B (en) | 2019-07-30 | 2019-07-30 | Industrial communication protocol white list access control method based on time sequence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110266735B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112468488A (en) * | 2020-11-25 | 2021-03-09 | 杭州安恒信息技术股份有限公司 | Industrial anomaly monitoring method and device, computer equipment and readable storage medium |
| CN112666907A (en) * | 2020-12-23 | 2021-04-16 | 北京天融信网络安全技术有限公司 | Industrial control strategy generation method and device, electronic equipment and storage medium |
| CN116318993A (en) * | 2023-03-16 | 2023-06-23 | 北京宏志国际科技有限公司 | Method and system for defending network harmful instruction attack by Internet of things product |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118749A (en) * | 2009-12-30 | 2011-07-06 | 比亚迪股份有限公司 | Network access control device for mobile terminal and mobile terminal equipment |
| CN105939334A (en) * | 2015-03-04 | 2016-09-14 | 费希尔-罗斯蒙特系统公司 | Anomaly detection in industrial communications networks |
| CN107040551A (en) * | 2017-06-12 | 2017-08-11 | 北京匡恩网络科技有限责任公司 | A kind of industry control network safe early warning method and system |
| CN108848067A (en) * | 2018-05-28 | 2018-11-20 | 北京威努特技术有限公司 | The OPC protocol security means of defence of intelligence learning and preset read-only white list rule |
| CN109218288A (en) * | 2018-08-01 | 2019-01-15 | 北京科技大学 | A kind of Network Intrusion Detection System for industrial robot control system |
| US20190156445A1 (en) * | 2017-11-22 | 2019-05-23 | General Electric Company | Application store for dynamically implementing licensing scheme |
| CN110011968A (en) * | 2019-02-28 | 2019-07-12 | 郑州轨道交通信息技术研究院 | A kind of tactful access control method based on industry control agreement general framework |
-
2019
- 2019-07-30 CN CN201910692012.8A patent/CN110266735B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118749A (en) * | 2009-12-30 | 2011-07-06 | 比亚迪股份有限公司 | Network access control device for mobile terminal and mobile terminal equipment |
| CN105939334A (en) * | 2015-03-04 | 2016-09-14 | 费希尔-罗斯蒙特系统公司 | Anomaly detection in industrial communications networks |
| CN107040551A (en) * | 2017-06-12 | 2017-08-11 | 北京匡恩网络科技有限责任公司 | A kind of industry control network safe early warning method and system |
| US20190156445A1 (en) * | 2017-11-22 | 2019-05-23 | General Electric Company | Application store for dynamically implementing licensing scheme |
| CN108848067A (en) * | 2018-05-28 | 2018-11-20 | 北京威努特技术有限公司 | The OPC protocol security means of defence of intelligence learning and preset read-only white list rule |
| CN109218288A (en) * | 2018-08-01 | 2019-01-15 | 北京科技大学 | A kind of Network Intrusion Detection System for industrial robot control system |
| CN110011968A (en) * | 2019-02-28 | 2019-07-12 | 郑州轨道交通信息技术研究院 | A kind of tactful access control method based on industry control agreement general framework |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112468488A (en) * | 2020-11-25 | 2021-03-09 | 杭州安恒信息技术股份有限公司 | Industrial anomaly monitoring method and device, computer equipment and readable storage medium |
| CN112468488B (en) * | 2020-11-25 | 2023-05-23 | 杭州安恒信息技术股份有限公司 | Industrial anomaly monitoring method, industrial anomaly monitoring device, computer equipment and readable storage medium |
| CN112666907A (en) * | 2020-12-23 | 2021-04-16 | 北京天融信网络安全技术有限公司 | Industrial control strategy generation method and device, electronic equipment and storage medium |
| CN112666907B (en) * | 2020-12-23 | 2022-04-01 | 北京天融信网络安全技术有限公司 | Industrial control strategy generation method and device, electronic equipment and storage medium |
| CN116318993A (en) * | 2023-03-16 | 2023-06-23 | 北京宏志国际科技有限公司 | Method and system for defending network harmful instruction attack by Internet of things product |
| CN116318993B (en) * | 2023-03-16 | 2023-10-27 | 北京宏志国际科技有限公司 | Method and system for defending network harmful instruction attack by Internet of things product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110266735B (en) | 2021-08-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110266735A (en) | Industry communications protocol white list access control based on timing | |
| US20160330222A1 (en) | System and methodology providing automation security analysis and network intrusion protection in an industrial environment | |
| US20190220374A1 (en) | Cyberattack-resilient control system design | |
| Lemaire et al. | A SysML extension for security analysis of industrial control systems | |
| CN102984170A (en) | System and method for safe filtering of industrial control network | |
| JP2021515498A (en) | Attribute-based policies for integrity monitoring and network intrusion detection | |
| Escudero et al. | Process-aware model based IDSs for industrial control systems cybersecurity: approaches, limits and further research | |
| CN112738063A (en) | Industrial control system network safety monitoring platform | |
| CN103814501A (en) | Diagnosis for GOOSE communication | |
| CN114371682A (en) | PLC control logic attack detection method and device | |
| CN105786500A (en) | Automatic generation method of embedded controller program framework | |
| CN114168152A (en) | Business application development and business operation and maintenance management system based on machine learning | |
| Biró et al. | Safe and secure cyber‐physical systems | |
| Havlena et al. | Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication | |
| Kumar et al. | IIoT-IDS network using inception CNN model | |
| Anwar et al. | Automatic security assessment of critical cyber-infrastructures | |
| Larrinaga et al. | Implementation of a reference architecture for cyber physical systems to support condition based maintenance | |
| CN109754225A (en) | A kind of design method and device of the monitoring system of the formulation of generation schedule a few days ago process | |
| CN113837281B (en) | Metallurgical factory Internet platform and data regeneration method | |
| CN104009859A (en) | Operation work order automatic processing method based on monitoring information | |
| CN114760151A (en) | Method and device for acquiring authority of upper computer through PLC | |
| CN104468149B (en) | Information processing method, intelligent terminal and cable network system | |
| CN105005486A (en) | Program online upgrading system and method for intelligent transformer substation equipment | |
| Yao et al. | AOIFF: a precise attack method for PLCs based on awareness of industrial field information | |
| EP4099656A1 (en) | Computer-implemented method and surveillance arrangement for identifying manipulations of cyber-physical-systems as well as computer-implemented-tool and cyber-physical-system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |