CN110266735B - Industrial communication protocol white list access control method based on time sequence - Google Patents
Industrial communication protocol white list access control method based on time sequence Download PDFInfo
- Publication number
- CN110266735B CN110266735B CN201910692012.8A CN201910692012A CN110266735B CN 110266735 B CN110266735 B CN 110266735B CN 201910692012 A CN201910692012 A CN 201910692012A CN 110266735 B CN110266735 B CN 110266735B
- Authority
- CN
- China
- Prior art keywords
- control
- industrial
- protocol
- matching
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses a time sequence-based industrial communication protocol white list access control method, which comprises the following steps of 1: and through long-time learning, acquiring industrial control protocol exchange data in the industrial control network, and step 2: analyzing all control commands in each message in the industrial control protocol interaction, and 3: recording control protocol control commands and timing values, and step 4: adding an industrial control protocol interaction context control relation chain into an access control strategy chain, guiding a control strategy matching condition matched with access control, analyzing a logic time sequence relation of an industrial control protocol control instruction by utilizing a big data processing technology, and calculating the context of the access control instruction, wherein the invention has the beneficial effects that: the time sequence-based industrial communication protocol white list access control method solves the major defects that the access control technology in the existing white list technology is only single-dimensional fine-grained access control, lacks time dimension control and cannot reach credibility.
Description
Technical Field
The invention relates to the technical field of white list access, in particular to a time sequence-based industrial communication protocol white list access control method.
Background
The white list technology is widely used in industrial control network security, is more suitable for industrial control network environment compared with the traditional network security black list technology, and completes the white list modeling of the industrial control communication protocol through intelligent learning. The control field and the control value field of the industrial control protocol are deeply analyzed through analyzing and identifying the industrial protocol in the industrial control network, so that protocol control instructions in all communication processes are learned, a white list model of the industrial control protocol is modeled, and then the access of the deep and fine-grained control industrial control protocol is performed by utilizing the white list, the purpose that the control instructions of abnormal access service cannot access the industrial control equipment is achieved, malicious control attack behaviors are prevented, and the safety of the industrial control equipment and the safety of the industrial control network are protected.
Disclosure of Invention
The present invention is directed to a timing-based white list access control method for an industrial communication protocol, so as to solve the problems in the background art.
In order to achieve the purpose, the invention provides the following technical scheme: the time sequence-based industrial communication protocol white list access control method comprises the following steps:
step 1: and acquiring industrial control protocol exchange data in the industrial control network through long-time learning.
Step 2: and analyzing all control commands in each message in the industrial control protocol interaction.
And step 3: finding out the control relation of industrial control protocol control command interaction through the technologies of artificial intelligence and big data to form an industrial control protocol interaction context control relation chain, analyzing the logic time sequence relation of the industrial control protocol control command by utilizing a big data processing technology, and recording the control protocol control command and the time sequence value.
And 4, step 4: adding an industrial control protocol interaction context control relation chain into an access control strategy chain, guiding a control strategy matching condition matched with access control, analyzing the logic time sequence relation of an industrial control protocol control instruction by utilizing a big data processing technology, calculating the context of the access control instruction, and recording.
And 5: and calculating the logic time sequence value of the access control instruction.
Step 6: and matching the numerical values through a matching context strategy, discarding the message when the matching fails, and performing the next work when the matching is successful.
And 7: and when the numerical value is successfully matched, a matching time sequence strategy is required, if the matching fails, the message is discarded, and the next step of work is carried out after the matching is successful.
And 8: when the numerical values are successfully matched, the industrial protocol white list needs to be matched, if the matching fails, the message is discarded, and if the matching succeeds, the message passes.
Preferably, the control environment of the industrial control device is related.
Preferably, the control environment of the industrial control device is time-sequential.
Compared with the prior art, the invention has the beneficial effects that: the time sequence-based industrial communication protocol white list access control method solves the major defects that the access control technology in the existing white list technology is only single-dimensional fine-grained access control, lacks time dimension control and cannot reach credibility degree, and is more in line with the theory of feasible access of an industrial control network, so that a hacker cannot attack the industrial control protocol.
Drawings
FIG. 1 is a schematic structural diagram of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Please refer to fig. 1, which provides the technical solution: the time sequence-based industrial communication protocol white list access control method comprises the following steps:
step 1: and acquiring industrial control protocol exchange data in the industrial control network through long-time learning.
Step 2: and analyzing all control commands in each message in the industrial control protocol interaction.
And step 3: finding out the control relation of industrial control protocol control command interaction through the technologies of artificial intelligence and big data to form an industrial control protocol interaction context control relation chain, analyzing the logic time sequence relation of the industrial control protocol control command by utilizing a big data processing technology, and recording the control protocol control command and the time sequence value.
And 4, step 4: adding an industrial control protocol interaction context control relation chain into an access control strategy chain, guiding a control strategy matching condition matched with access control, analyzing the logic time sequence relation of an industrial control protocol control instruction by utilizing a big data processing technology, calculating the context of the access control instruction, and recording.
And 5: and calculating the logic time sequence value of the access control instruction.
Step 6: and matching the numerical values through a matching context strategy, discarding the message when the matching fails, and performing the next work when the matching is successful.
And 7: and when the numerical value is successfully matched, a matching time sequence strategy is required, if the matching fails, the message is discarded, and the next step of work is carried out after the matching is successful.
And 8: when the numerical values are successfully matched, the industrial protocol white list needs to be matched, if the matching fails, the message is discarded, and if the matching succeeds, the message passes.
The existing industrial control protocol white list access control technology is only single-dimensional fine-grained access control, lacks time-dimensional control, and cannot reach the credibility degree, for example, a modbus-TCP protocol is used, a 90 functional code in a modbus protocol is used for starting and stopping a PLC in Schneider Kuntze series, at present, a lot of attack behaviors use the 90 functional code to destroy production, but starting and stopping the PLC in an industrial control network does not represent an attack, and the PLC can be periodically restarted in an industrial production environment. Furthermore, for example, a register writing instruction of modbus, although products on the market can learn the instruction and generate a white list, the defect is that the instruction is trusted in the whole life cycle, but an attacker can often control industrial control devices such as PLC by using the instruction, so as to achieve the purposes of commerce, lasso and damage to national infrastructure, so that the current industrial protocol white list technology cannot control the risks, and the control environment of the industrial control devices is associated and sometimes orderly, so that the white list control of the industrial control protocol requires two-dimensional control, and the purpose of complete trusted access control can be further achieved.
Specifically, the control environment of the industrial control device has a relationship.
The method comprises the following steps of modeling the access association relation of the control commands of the industrial control equipment, and modeling the context association of the control commands of the industrial control equipment, namely the control association relation of a control command sequence.
Specifically, the control environment of the industrial control device is time-sequenced.
Modeling the time sequence in the control access environment of the industrial control equipment, and analyzing and calculating the relative time of the execution of the control command, thereby creating a time control model corresponding to different command white lists.
The working principle is as follows: the invention firstly obtains industrial control protocol exchange data in an industrial control network through long-time learning, analyzes all control commands in each message in industrial control protocol interaction, finds out the control relation of the industrial control protocol control command interaction through artificial intelligence and big data technology, forms an industrial control protocol interaction context control relation chain, analyzes the logic time sequence relation of the industrial control protocol control command by utilizing big data processing technology, records the control protocol control command and the time sequence value, adds the industrial control protocol interaction context control relation chain into an access control strategy chain, guides the matching condition of an access control matched control strategy, analyzes the logic time sequence relation of the industrial control protocol control command by utilizing big data processing technology, calculates the context of the access control command, records and calculates the logic time sequence value of the access control command, and matching the numerical values through a matching context strategy, discarding the message if the matching fails, performing the next step of matching successfully, performing a matching timing sequence strategy on the numerical values when the matching of the numerical values is successful, discarding the message if the matching fails, performing the next step of matching successfully, performing an industrial protocol white list matching on the numerical values when the matching of the numerical values is successful, discarding the message if the matching fails, and passing the message if the matching is successful.
In the description of the present invention, unless otherwise expressly specified or limited, the terms "mounted," "connected," and "fixed" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral part; can be mechanically or electrically connected; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The standard parts used in the invention can be purchased from the market, the special-shaped parts can be customized according to the description of the specification and the accompanying drawings, the specific connection mode of each part adopts conventional means such as bolts, rivets, welding and the like mature in the prior art, the machines, the parts and equipment adopt conventional models in the prior art, and the circuit connection adopts the conventional connection mode in the prior art, so that the detailed description is omitted.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (3)
1. The time sequence-based industrial communication protocol white list access control method is characterized by comprising the following steps: the method comprises the following steps:
step 1: through long-time learning, industrial control protocol exchange data in the industrial control network is obtained,
step 2: all control commands in each message in the industrial control protocol interaction are analyzed,
and step 3: finding out the control relation of industrial control protocol control command interaction through artificial intelligence and big data technology to form an industrial control protocol interaction context control relation chain, analyzing the logic time sequence relation of industrial control protocol control commands by utilizing big data processing technology, recording control protocol control commands and time sequence values,
and 4, step 4: adding the industrial control protocol interaction context control relation chain into the access control strategy chain, guiding the control strategy matching conditions matched with the access control, analyzing the logic time sequence relation of the industrial control protocol control instruction by utilizing a big data processing technology, calculating the context of the access control instruction at this time, recording,
and 5: calculating the logic time sequence value of the access control instruction,
step 6: the values are matched through a matching context strategy, if the matching fails, the message is discarded, the matching succeeds, the next step of work is carried out,
and 7: when the numerical value matching is successful, the matching sequence strategy is required to be carried out, if the matching is failed, the message is discarded, the matching is successful, the next work is carried out,
and 8: when the numerical values are successfully matched, the industrial protocol white list needs to be matched, if the matching fails, the message is discarded, and if the matching succeeds, the message passes.
2. The time-based industrial communication protocol white list access control method of claim 1, wherein: the control environment of the industrial control equipment has relevance.
3. The time-based industrial communication protocol white list access control method of claim 1, wherein: the control environment of the industrial control device is time-sequenced.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910692012.8A CN110266735B (en) | 2019-07-30 | 2019-07-30 | Industrial communication protocol white list access control method based on time sequence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910692012.8A CN110266735B (en) | 2019-07-30 | 2019-07-30 | Industrial communication protocol white list access control method based on time sequence |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110266735A CN110266735A (en) | 2019-09-20 |
| CN110266735B true CN110266735B (en) | 2021-08-27 |
Family
ID=67912339
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910692012.8A Active CN110266735B (en) | 2019-07-30 | 2019-07-30 | Industrial communication protocol white list access control method based on time sequence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110266735B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112468488B (en) * | 2020-11-25 | 2023-05-23 | 杭州安恒信息技术股份有限公司 | Industrial anomaly monitoring method, industrial anomaly monitoring device, computer equipment and readable storage medium |
| CN112666907B (en) * | 2020-12-23 | 2022-04-01 | 北京天融信网络安全技术有限公司 | Industrial control strategy generation method and device, electronic equipment and storage medium |
| CN116318993B (en) * | 2023-03-16 | 2023-10-27 | 北京宏志国际科技有限公司 | Method and system for defending network harmful instruction attack by Internet of things product |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118749A (en) * | 2009-12-30 | 2011-07-06 | 比亚迪股份有限公司 | Network access control device for mobile terminal and mobile terminal equipment |
| CN110011968A (en) * | 2019-02-28 | 2019-07-12 | 郑州轨道交通信息技术研究院 | A kind of tactful access control method based on industry control agreement general framework |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10291506B2 (en) * | 2015-03-04 | 2019-05-14 | Fisher-Rosemount Systems, Inc. | Anomaly detection in industrial communications networks |
| CN107040551A (en) * | 2017-06-12 | 2017-08-11 | 北京匡恩网络科技有限责任公司 | A kind of industry control network safe early warning method and system |
| US20190156445A1 (en) * | 2017-11-22 | 2019-05-23 | General Electric Company | Application store for dynamically implementing licensing scheme |
| CN108848067B (en) * | 2018-05-28 | 2021-05-25 | 北京威努特技术有限公司 | OPC protocol safety protection method for intelligently learning and presetting read-only white list rule |
| CN109218288A (en) * | 2018-08-01 | 2019-01-15 | 北京科技大学 | A kind of Network Intrusion Detection System for industrial robot control system |
-
2019
- 2019-07-30 CN CN201910692012.8A patent/CN110266735B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118749A (en) * | 2009-12-30 | 2011-07-06 | 比亚迪股份有限公司 | Network access control device for mobile terminal and mobile terminal equipment |
| CN110011968A (en) * | 2019-02-28 | 2019-07-12 | 郑州轨道交通信息技术研究院 | A kind of tactful access control method based on industry control agreement general framework |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110266735A (en) | 2019-09-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110266735B (en) | Industrial communication protocol white list access control method based on time sequence | |
| Ghaeini et al. | State-aware anomaly detection for industrial control systems | |
| WO2016172514A1 (en) | Improving control system resilience by highly coupling security functions with control | |
| CN109462590B (en) | Unknown protocol reverse analysis method based on fuzzy test | |
| CN108234430B (en) | Abnormal flow monitoring method for distributed control system | |
| CN112039196A (en) | Power monitoring system private protocol analysis method based on protocol reverse engineering | |
| CN114371682B (en) | PLC control logic attack detection method and device | |
| CN112149120A (en) | Transparent transmission type double-channel electric power Internet of things safety detection system | |
| CN111224973A (en) | Network attack rapid detection system based on industrial cloud | |
| CN109743339B (en) | Network security monitoring method and device for power plant station and computer equipment | |
| CN115296903A (en) | Data security supervision method based on privacy calculation | |
| CN110365717A (en) | Industrial intrusion detection method and system based on HART-IP agreement | |
| Alem et al. | A hybrid intrusion detection system in industry 4.0 based on ISA95 standard | |
| CN116991743A (en) | Industrial control equipment black box fuzzy test method based on protocol reverse | |
| Larrinaga et al. | Implementation of a reference architecture for cyber physical systems to support condition based maintenance | |
| CN111935089B (en) | Data processing method based on big data and edge calculation and artificial intelligence server | |
| Sun et al. | Maskfuzzer: A maskgan-based industrial control protocol fuzz testing framework | |
| CN110488772B (en) | DCS centralized monitoring method and device and centralized monitoring terminal | |
| Wei et al. | SOM-based intrusion detection for SCADA systems | |
| CN115604016B (en) | Industrial control abnormal behavior monitoring method and system of behavior feature chain model | |
| Liu et al. | Cyber-Physical Taint Analysis in Multi-stage Manufacturing Systems (MMS): A Case Study | |
| Wu et al. | Real-time monitoring of smart grid terminals based on multi-dimensional information fusion | |
| CN112949743B (en) | Credibility judgment method and system for network operation and maintenance operation and electronic equipment | |
| CN116208297B (en) | Self-adaptive coding method and device for transmission data of numerical control machine tool and related equipment | |
| Varkey et al. | Automated Anomaly Detection Tool for Industrial Control System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |