CN110351281A - A kind of general data frame analytic method, device and equipment - Google Patents
A kind of general data frame analytic method, device and equipment Download PDFInfo
- Publication number
- CN110351281A CN110351281A CN201910636835.9A CN201910636835A CN110351281A CN 110351281 A CN110351281 A CN 110351281A CN 201910636835 A CN201910636835 A CN 201910636835A CN 110351281 A CN110351281 A CN 110351281A
- Authority
- CN
- China
- Prior art keywords
- data frame
- frame
- value
- type identification
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The present invention discloses a kind of general data frame analytic method, device and equipment.Wherein, this method comprises: according to default frame format and the corresponding frame type identification of data frame transmitting terminal, judge whether current data frame is scrambled data frame, wherein, scrambled data frame is different with the frame format of non-encrypted data frame, and the frame type identification is used to identify the type for the data frame that the data frame transmitting terminal is sent in resolving;The data deposit parsing queue that if current data frame is scrambled data frame, the current data frame is decrypted using preset-key, and decryption is obtained.Through the invention, a kind of general data frame analyzing method is provided for SCADA system, using default frame format and the corresponding frame type identification of data frame transmitting terminal, only needs a set of server program that can support the parsing of scrambled data frame and non-encrypted data frame, safeguarded convenient for server.
Description
Technical field
The present invention relates to data analytic technique field, in particular to a kind of general data frame analytic method, device and
Equipment.
Background technique
SCADA (Supervisory Control And Data Acquisition, data acquisition and monitoring control system
System) device data of total system need to be acquired, then it is subject to the monitoring application of computer.To ensure data safety, prevent
Data are ravesdropping, and in device data transmission process, introduce data encryption mechanism, only correct key could normally parse number
According to.
However, in the specific application process, there are preliminary engineering monitoring to be not introduced into data encryption mechanism, later period project monitor and control
The case where introducing data encryption mechanism, leads to have two sets of server analysis programs, parses encryption data and clear data respectively,
It is not easy to server maintenance, increases O&M cost.
For the problem that SCADA system there are two sets of server analysis programs in the prior art, it is unfavorable for server maintenance, mesh
It is preceding not yet to put forward effective solutions.
Summary of the invention
The embodiment of the present invention provides a kind of general data frame analytic method, device and equipment, to solve in the prior art
The problem of SCADA system has two sets of server analysis programs, is unfavorable for server maintenance.
In order to solve the above technical problems, the embodiment of the invention provides a kind of general data frame analytic methods, comprising:
According to default frame format and the corresponding frame type identification of data frame transmitting terminal, judge whether current data frame is encryption
Data frame, wherein scrambled data frame is different with the frame format of non-encrypted data frame, and the frame type identification is used in resolving
The type for the data frame that the middle mark data frame transmitting terminal is sent;
If the current data frame is scrambled data frame, the current data frame is decrypted using preset-key, and
The data deposit parsing queue that decryption is obtained.
Optionally, it is preset byte and value is pre- that the default frame format, which is in the head of scrambled data frame setting length,
If the data of value;
According to default frame format and the corresponding frame type identification of data frame transmitting terminal, judge whether current data frame is encryption
Data frame, comprising:
Judge whether the frame type identification is the first value, wherein first value indicates to confirm non-encrypted frame;
If the frame type identification is not the first value, preset byte is read from network-caching area according to the default frame format
Data;
Whether the data for judging the preset byte are preset value;
If the data of the preset byte are preset value, determine that the current data frame is scrambled data frame.
Optionally, after whether the data for judging the preset byte are preset value, further includes:
If the data of the preset byte are not preset values, judge whether the frame type identification is second value, wherein institute
Stating second value indicates confirmation encrypted frame;
If so, deviating the preset byte from the network-caching area, and returns to re-execute and judge the frame type
The step of identifying whether as the first value;
If not, it is determined that the current data frame is non-encrypted data frame, and according to the process of analysis of non-encrypted data frame
It is parsed.
Optionally, before the current data frame is decrypted using preset-key, further includes:
The length of the current data frame is read, and takes complete current data according to the length read of the current data frame
Frame;
First completeness check is carried out to the current data frame;
If the first completeness check passes through, the current data frame is decrypted using the preset-key.
Optionally, after carrying out the first completeness check to the current data frame, further includes:
If the first completeness check does not pass through, according to non-encrypted data frame read data frame length, and it is complete to carry out second
Property verification if the second completeness check does not pass through deviate a byte from the network-caching area, and return and re-execute and sentence
The step of whether the frame type identification that breaks is the first value.
Optionally, after it will decrypt the deposit parsing queue of obtained data, further includes:
The length that the current data frame is deviated from network-caching area, by the corresponding frame type mark of the data frame transmitting terminal
Knowledge is set to second value, and returns to re-execute the step of whether the frame type identification is the first value judged.
Optionally, after judging whether the frame type identification is the first value, further includes:
If the frame type identification is the first value, confirm that the current data frame is non-encrypted data frame;
The length of the current data frame is read, and takes complete current data according to the length read of the current data frame
Frame;
Second completeness check is carried out to the current data frame;
If the second completeness check passes through, by the data content deposit parsing queue in the current data frame;
If the second completeness check does not pass through, a byte is deviated from the network-caching area, and return and re-execute
The step of whether the frame type identification is the first value judged.
Optionally, after by the data content deposit parsing queue in the current data frame, further includes:
The length that the current data frame is deviated from the network-caching area, by the corresponding frame class of the data frame transmitting terminal
Type mark is set to the first value, and returns to re-execute the step of whether the frame type identification is the first value judged.
Optionally, according to frame format and the corresponding frame type identification of data frame transmitting terminal is preset, judge current data frame
Before whether being scrambled data frame, further includes:
The corresponding frame type identification of each data frame transmitting terminal is initialized as third value, wherein the third value indicates silent
Recognize encrypted frame.
The embodiment of the invention provides a kind of general data frame resolvers, comprising:
Judgment module, for judging current number according to frame format and the corresponding frame type identification of data frame transmitting terminal is preset
It whether is scrambled data frame according to frame, wherein scrambled data frame is different with the frame format of non-encrypted data frame, the frame type identification
For identifying the type for the data frame that the data frame transmitting terminal is sent in resolving;
Deciphering module, in the case where the current data frame is scrambled data frame, using preset-key to described
Current data frame is decrypted, and the data deposit parsing queue that decryption is obtained.
Optionally, it is preset byte and value is pre- that the default frame format, which is in the head of scrambled data frame setting length,
If the data of value;
The judgment module includes:
First judging unit, for judging whether the frame type identification is the first value, wherein first value indicates true
Recognize non-encrypted frame;
Reading unit, if not being the first value for the frame type identification, according to the default frame format from network-caching
The data of area's reading preset byte;
Second judgment unit, for judging whether the data of the preset byte are preset value;
Determination unit determines the current data frame for encryption number if the data for the preset byte are preset value
According to frame.
The embodiment of the invention also provides a kind of equipment, parse and fill including general data frame described in the embodiment of the present invention
It sets.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, described
General data frame analytic method as described in the embodiments of the present invention is realized when program is executed by processor.
The embodiment of the invention also provides a kind of electronic equipment, comprising:
One or more processors;
Memory, for storing one or more programs, when one or more of programs are by one or more of places
When managing device execution, so that one or more of processors realize general data frame parsing side as described in the embodiments of the present invention
Method.
It applies the technical scheme of the present invention, provides a kind of general data frame analyzing method for SCADA system, using pre-
If frame format and the corresponding frame type identification of data frame transmitting terminal, only need an a set of server program can support scrambled data frame and
The parsing of non-encrypted data frame is safeguarded convenient for server.
Detailed description of the invention
Fig. 1 is the flow chart for the general data frame analytic method that the embodiment of the present invention one provides;
Fig. 2 is the specific flow chart of general data frame analytic method provided by Embodiment 2 of the present invention;
Fig. 3 is the data frame analyzing configuration diagram of the prior art;
Fig. 4 is the configuration diagram of general data frame parsing provided by Embodiment 2 of the present invention;
Fig. 5 is the structural block diagram for the general data frame resolver that the embodiment of the present invention three provides;
Fig. 6 is the structural schematic diagram for the electronic equipment that the embodiment of the present invention five provides.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into
It is described in detail to one step, it is clear that described embodiments are only a part of the embodiments of the present invention, rather than whole implementation
Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts
All other embodiment, shall fall within the protection scope of the present invention.
It should be noted that term " first ", " second " etc. in description and claims of this specification and attached drawing
It is to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that the number used in this way
According to being interchangeable under appropriate circumstances, so that the embodiment of the present invention described herein can be in addition to illustrating herein or describing
Those of other than sequence implement.In addition, term " includes " and " having " and their any deformation, it is intended that covering is not
Exclusive includes, for example, the process, method, system, product or equipment for containing a series of steps or units be not necessarily limited to it is clear
Step or unit those of is listed on ground, but is not clearly listed or for these process, methods, product or is set
Standby intrinsic other step or units.
It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions
It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not
The sequence being same as herein executes shown or described step.
The term used in embodiments of the present invention is only to be not intended to be limiting merely for for the purpose of describing particular embodiments
The present invention.In the embodiment of the present invention and the "an" of singular used in the attached claims, " described " and "the"
It is also intended to including most forms, unless the context clearly indicates other meaning, " a variety of " generally comprise at least two.
It should be appreciated that term "and/or" used herein is only a kind of incidence relation for describing affiliated partner, indicate
There may be three kinds of relationships, for example, A and/or B, can indicate: individualism A, exist simultaneously A and B, individualism B these three
Situation.In addition, character "/" herein, typicallys represent the relationship that forward-backward correlation object is a kind of "or".
Depending on context, word as used in this " if ", " if " can be construed to " ... when " or
" when ... " or " in response to determination " or " in response to detection ".Similarly, context is depended on, phrase " if it is determined that " or " such as
Fruit detection (condition or event of statement) " can be construed to " when determining " or " in response to determination " or " when detection (statement
Condition or event) when " or " in response to detection (condition or event of statement) ".
The alternative embodiment that the invention will now be described in detail with reference to the accompanying drawings.
Embodiment one
Fig. 1 is the flow chart for the general data frame analytic method that the embodiment of the present invention one provides, as shown in Figure 1, this method
The following steps are included:
Whether S101 judges current data frame according to default frame format and the corresponding frame type identification of data frame transmitting terminal
For scrambled data frame, wherein scrambled data frame is different with the frame format of non-encrypted data frame, and frame type identification is used for parsed
The type for the data frame that journey identification data frame transmitting terminal is sent.
In the present embodiment, frame format is defined, to distinguish scrambled data frame and non-encrypted data frame from format.Default frame lattice
Formula, which can be, is additionally arranged that length is preset byte and value is the data of preset value on the head of scrambled data frame.For example, long
Degree is a byte, and value 1F, in parsing, if the first character section of data frame is 1F, which is likely to add
Ciphertext data frame, it is of course also possible to which the first character section of non-encrypted data frame is precisely 1F, in this regard, can pass through frame type identification
And/or completeness check carrys out auxiliary judgment, to guarantee the accurate parsing of data frame.
For SCADA system, resolution unit faces multiple equipment (i.e. data frame transmitting terminal), if an equipment sends encryption
Data frame, then the equipment sends always scrambled data frame in the interactive process with resolution unit.Frame type is arranged in the present embodiment
Mark, in resolving auxiliary judgment it is to be resolved be scrambled data frame or non-encrypted data frame, it is corresponding to carry out
Specific parsing.Frame type identification includes a variety of values, and different values indicates different data frame types, for example, 0 indicates silent
Recognize encrypted frame, 1 indicates the encrypted frame of confirmation, and 2 indicate the non-encrypted frame of confirmation.In resolution unit, established for each with it
The data frame transmitting terminal of connection is respectively provided with corresponding frame type identification, and initial value is disposed as indicating default encryption frame.Afterwards
Continuous sent based on data frame transmitting terminal known to judgement is scrambled data frame or non-encrypted data frame on earth, and by its frame type
Mark is set as being worth accordingly.
S102 solves the current data frame using preset-key if the current data frame is scrambled data frame
Data deposit parsing queue close, and that decryption is obtained.
The technical solution of the present embodiment provides a kind of general data frame analyzing method for SCADA system, using default
Frame format and the corresponding frame type identification of data frame transmitting terminal only need an a set of server program that can support scrambled data frame and non-
The parsing of scrambled data frame is safeguarded convenient for server, and analyzing efficiency is high.
Optionally, S101 includes: to judge whether the frame type identification is the first value, wherein first value indicates true
Recognize non-encrypted frame;If the frame type identification is not the first value, reads and preset from network-caching area according to the default frame format
The data of byte;Whether the data for judging the preset byte are preset value;If the data of the preset byte are preset value, really
The fixed current data frame is scrambled data frame.
In this optional embodiment, network-caching area is for caching data frame to be resolved.Frame type identification indicates current
Data frame is not the non-encrypted frame of confirmation, then judges whether current data frame is scrambled data frame according to default frame format.
Further, if the data of the preset byte are not preset values, judge whether the frame type identification is second
Value, wherein the second value indicates confirmation encrypted frame;If so, deviating the preset byte from the network-caching area, and return
It returns and re-executes the step of whether the frame type identification is the first value judged, to parse data frame again;If not, it is determined that institute
Stating current data frame is non-encrypted data frame, and is parsed according to the process of analysis of non-encrypted data frame.
In present embodiment, a kind of situation is, current data frame does not meet default frame format, and indicate should for frame type identification
Frame be confirmation encrypted frame, this be it is contradictory, indicate that the data of preset byte are error bytes, skip the data of preset byte,
Judgement is re-started, it is thus achieved that the rejecting of error byte.Another situation is that current data frame does not meet default frame lattice
Formula, and it is the encrypted frame of confirmation that frame type identification, which indicates the frame not, it can thus be appreciated that determine that the frame is non-encrypted frame, it can be according to non-
The process of analysis of encrypted frame is parsed, and the process of analysis of non-encrypted frame refers to following description.
Optionally, before the current data frame is decrypted using preset-key, further includes: according to encryption data
Frame reads the length of the current data frame, and takes complete current data frame according to the length read of the current data frame;It is right
The current data frame carries out the first completeness check;If the first completeness check passes through, using the preset-key to described
Current data frame is decrypted.
Further, after carrying out the first completeness check to the current data frame, further includes: if the first integrality
Verification does not pass through, according to non-encrypted data frame read data frame length, and the second completeness check is carried out, if the second integrality school
It tests and does not pass through, then deviate a byte from the network-caching area, and return to re-execute whether judge the frame type identification
The step of for the first value, to parse data frame again.
Wherein, there is fixed field to mark the length of the data frame in data frame, can be read completely using the field
Data frame.In order to guarantee the accurate complete of received data frame, completeness check, such as CRC check can be carried out, if verification
Pass through, indicate that data frame receipt is correct, if verification does not pass through, indicates that there are error bytes for data frame.
In this optional embodiment, the reading and verification of data frame are carried out according to scrambled data frame, verification does not pass through, determines
The wrong byte of the data frame, is then read out and verifies according to non-encrypted data frame, with authentication error byte, then deviates
After one byte, rejudge.Realize the rejecting of error byte.
In some embodiments, after the data deposit parsing queue that S102 obtains decryption, further includes: slow from network
The length that area deviates the current data frame is deposited, the corresponding frame type identification of the data frame transmitting terminal is set to second value, and
Return re-executes the step of whether the frame type identification is the first value judged.Through the above steps, to next data
Frame is parsed, also, frame type identification is set to second value, indicates that confirmation current data frame transmitting terminal sends encryption frame number
According to.
The process of analysis of non-encrypted data frame is as follows:
After judging whether the frame type identification is the first value, further includes: if the frame type identification is the first value,
Confirm that the current data frame is non-encrypted data frame;The length of the current data frame is read, and according to the current data
The length read of frame takes complete current data frame;Second completeness check, such as CRC check are carried out to the current data frame;
If the second completeness check passes through, by the data content deposit parsing queue in the current data frame;If the second integrality school
It tests and does not pass through, then deviate a byte from the network-caching area, and return to re-execute whether judge the frame type identification
The step of for the first value, to parse data frame again.
The verification of non-encrypted data frame does not pass through in the present embodiment, indicates there are error byte, by byte offset, with house
The error byte is abandoned, and then realizes correct data frame analyzing.
Optionally, after by the data content deposit parsing queue in the current data frame, further includes: from the net
Network buffer area deviates the length of the current data frame, and the corresponding frame type identification of the data frame transmitting terminal is set to first
Value, and return to re-execute the step of whether the frame type identification is the first value judged.Through the above steps, to next
Data frame is parsed, also, frame type identification is set to the first value, and it is non-encrypted to indicate that confirmation current data frame transmitting terminal is sent
Frame data.
Preferably, according to frame format and the corresponding frame type identification of data frame transmitting terminal is preset, judge current data frame
Before whether being scrambled data frame, the corresponding frame type identification of each data frame transmitting terminal is initialized as third value, wherein third
Value indicates default encryption frame.The frame type identification of initial each data frame transmitting terminal is default encryption frame, that is to say, that the present invention is real
It applies example default to parse according to encrypted frame, to realize general process of analysis.
Embodiment two
The present embodiment on the basis of the above embodiment 1, provides the example flow diagram of general data frame analytic method,
Same as the previously described embodiments or corresponding term explains that this embodiment is not repeated.In the present embodiment, in the head of scrambled data frame
Portion additionally increases the data of 1 byte, value 1F, and non-encrypted data frame does not include such data, data frame transmitting terminal then
Data frame is sent according to above-mentioned format.Frame type identification flag, value are 0 expression default encryption frame, and value is 1 expression confirmation
Encrypted frame, value are that 2 expressions confirm non-encrypted frame.
As shown in Fig. 2, this method comprises the following steps:
Step 1: frame type identification flag being set for each data frame transmitting terminal, and is initialized as 0, continues step 2.
Step 2: whether judgment frame type identification flag is not equal to 2, if true, continuation step 3;If vacation, step is skipped to
11。
Step 3: reading first character joint number evidence from buffer network-caching area, assignment headbyte continues step 4.
Step 4: judging whether first character joint number is equal to 1F according to headbyte, if true, continuation step 5;If vacation, jump
To step 9.
Step 5: pressing encryption data frame format, read encryption data frame length elengthbyte, and press encryption data frame length
It spends elengthbyte and reads complete data frame, continue step 6.
Step 6: carrying out complete encryption data frame check, if verification passes through, continue step 7;If verification does not pass through, step is skipped to
Rapid 11.
Step 7: data frame being decrypted, the data frame deposit data after decryption are parsed into queue, continue step
8。
Step 8: deviating elengthbyte byte from buffer network-caching area, frame type identification is set to 1, return step
2, continue to parse next frame encryption data.
Step 9: whether judgment frame type identification flag is equal to 1, if true, continuation step 10;If vacation, step is skipped to
11。
Step 10: deviating a byte from buffer network-caching area, return step 2 parses encryption data again.
Step 11: pressing non-encrypted data frame format, read data frame length nlengthbyte, and read whole frame, continue
Step 12.
Step 12: carrying out complete non-encrypted data frame check, if verification passes through, continue step 13;If not passing through, step is skipped to
Rapid 15.
Step 13: deposit data parse queue, continue step 14.
Step 14: deviating nlengthbyte byte from buffer network-caching area, frame type identification is set to 2, return step
2, continue to parse next frame encryption data.
Step 15: deviating a byte from buffer network-caching area, return step 2 parses encryption data again.
As shown in figure 3, in the prior art, being utilized respectively different resolution units, the encryption number that each equipment is sent is parsed
According to frame and non-encrypted data frame.As shown in figure 4, encryption can be realized using a general resolution unit based on above-mentioned process
The parsing of data frame and non-encrypted data frame, it is convenient for safeguarding.
Embodiment three
Based on the same inventive concept, a kind of general data frame resolver is present embodiments provided, can be used to implement
State general data frame analytic method described in embodiment.
Fig. 5 is the structural block diagram for the general data frame resolver that the embodiment of the present invention three provides, as shown in figure 5, the dress
It sets and includes:
Judgment module 501, for according to frame format and the corresponding frame type identification of data frame transmitting terminal is preset, judgement to be current
Whether data frame is scrambled data frame, wherein scrambled data frame is different with the frame format of non-encrypted data frame, the frame type mark
Know the type for identifying the data frame that the data frame transmitting terminal is sent in resolving;
Deciphering module 502, in the case where the current data frame is scrambled data frame, using preset-key to institute
The data deposit parsing queue stated current data frame to be decrypted, and decryption is obtained.
It is preset byte and value is preset value that the default frame format, which is in the head of scrambled data frame setting length,
Data.
Optionally, the judgment module 501 includes:
First judging unit, for judging whether the frame type identification is the first value, wherein first value indicates true
Recognize non-encrypted frame;
First reading unit, if not being the first value for the frame type identification, according to the default frame format from network
The data of buffer area reading preset byte;
Second judgment unit, for judging whether the data of the preset byte are preset value;
First determination unit determines that the current data frame is to add if the data for the preset byte are preset value
Ciphertext data frame.
Optionally, the judgment module 501 further include:
Third judging unit judges that the frame type identification is if the data for the preset byte are not preset values
No is second value, wherein the second value indicates confirmation encrypted frame;
First migration processing unit is used for if so, deviating the preset byte from the network-caching area, and return to weight
It is new to execute the step of whether the frame type identification is the first value judged;
Second determination unit, for if not, it is determined that the current data frame is non-encrypted data frame, and according to non-encrypted
The process of analysis of data frame is parsed.
Optionally, above-mentioned apparatus further include:
Read module, it is described current for reading before the current data frame is decrypted using preset-key
The length of data frame, and complete current data frame is taken according to the length read of the current data frame;
Correction verification module, for carrying out the first completeness check to the current data frame;If the first completeness check passes through,
Deciphering module 502 is decrypted the current data frame using the preset-key;If the first completeness check does not pass through, press
According to non-encrypted data frame read data frame length, and the second completeness check is carried out, if the second completeness check does not pass through, from
The network-caching area deviates a byte, and return re-execute judge the frame type identification whether be the first value step
Suddenly.
Optionally, above-mentioned apparatus further include: migration processing module, for the deposit parsing queue of obtained data will to be decrypted
Later, the length that the current data frame is deviated from network-caching area, by the corresponding frame type identification of the data frame transmitting terminal
It is set to second value, and returns to re-execute the step of whether the frame type identification is the first value judged.
Optionally, judgment module 501 further include:
Third determination unit confirms that the current data frame is non-encrypted if being the first value for the frame type identification
Data frame;
Second reading unit, for reading the length of the current data frame, and according to the length of the current data frame
Read complete current data frame;
Verification unit, for carrying out the second completeness check to the current data frame;If the second completeness check passes through,
By the data content deposit parsing queue in the current data frame;If the second completeness check does not pass through, from the network
Buffer area deviates a byte, and returns to re-execute the step of whether the frame type identification is the first value judged.
Optionally, judgment module 501 further include: the second migration processing unit, for will be in the current data frame
After data content deposit parsing queue, the length of the current data frame is deviated from the network-caching area, by the data
The corresponding frame type identification of frame transmitting terminal is set to the first value, and returns to re-execute and judge whether the frame type identification is first
The step of value.
Optionally, above-mentioned apparatus further include: initialization module is used in judgment module 501 according to default frame format and number
Each data frame is sent before judging whether current data frame is scrambled data frame according to the corresponding frame type identification of frame transmitting terminal
Corresponding frame type identification is held to be initialized as third value, wherein the third value indicates default encryption frame.
Method provided by the embodiment of the present invention can be performed in above-mentioned apparatus, has the corresponding functional module of execution method and has
Beneficial effect.The not technical detail of detailed description in the present embodiment, reference can be made to method provided in an embodiment of the present invention.
The present embodiment also provides a kind of equipment, including above-mentioned general data frame resolver, specifically, the equipment can be
It is responsible for the equipment of parsing data frame in SCADA system.
Example IV
A kind of computer readable storage medium is present embodiments provided, computer program is stored thereon with, which is located
It manages when device executes and realizes general data frame analytic method described in the embodiment of the present invention.
Embodiment five
The present embodiment provides a kind of electronic equipment, comprising:
One or more processors;
Memory, for storing one or more programs, when one or more of programs are by one or more of places
When managing device execution, so that one or more of processors realize general data frame parsing side as described in the embodiments of the present invention
Method.
The electronic equipment can be the equipment for being responsible for parsing data frame in SCADA system.
Fig. 6 is the structural schematic diagram for the electronic equipment that the embodiment of the present invention five provides, as shown in fig. 6, the electronic equipment packet
It includes: one or more processors 610 and memory 620, in Fig. 6 by taking a processor 610 as an example.
The electronic equipment can also include: communication device 630.
Processor 610, memory 620 and communication device 630 can be connected by bus or other modes, in Fig. 6 with
For being connected by bus.
Memory 620 is used as a kind of non-volatile computer readable storage medium storing program for executing, can be used for storing non-volatile software journey
Sequence, non-volatile computer executable program and module, as in the embodiment of the present invention to general data frame analytic method pair
Program instruction/the module answered.Processor 610 by operation be stored in memory 620 non-volatile software program, instruction with
And module, thereby executing various function application and data processing, i.e. the general data frame parsing of realization above method embodiment
Method.
Memory 620 may include storing program area and storage data area, wherein storing program area can store operation dress
It sets, application program required at least one function;Storage data area can be stored according to frame type identification and parsing data etc..
It can also include nonvolatile memory in addition, memory 620 may include high-speed random access memory, for example, at least one
A disk memory, flush memory device or other non-volatile solid state memory parts.
Communication device 630 can receive the data frame that data frame transmitting terminal is sent.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member
It is physically separated with being or may not be, component shown as a unit may or may not be physics list
Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs
In some or all of the modules achieve the purpose of the solution of this embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (14)
1. a kind of data frame analyzing method characterized by comprising
According to default frame format and the corresponding frame type identification of data frame transmitting terminal, judge whether current data frame is encryption data
Frame, wherein scrambled data frame is different with the frame format of non-encrypted data frame, and the frame type identification is used to get the bid in resolving
Know the type for the data frame that the data frame transmitting terminal is sent;
If the current data frame is scrambled data frame, the current data frame is decrypted using preset-key, and will solution
Close obtained data deposit parsing queue.
2. the method according to claim 1, wherein the default frame format is set on the head of scrambled data frame
Set that length is preset byte and value is the data of preset value;
According to default frame format and the corresponding frame type identification of data frame transmitting terminal, judge whether current data frame is encryption data
Frame, comprising:
Judge whether the frame type identification is the first value, wherein first value indicates to confirm non-encrypted frame;
If the frame type identification is not the first value, the number of preset byte is read from network-caching area according to the default frame format
According to;
Whether the data for judging the preset byte are preset value;
If the data of the preset byte are preset value, determine that the current data frame is scrambled data frame.
3. according to the method described in claim 2, it is characterized in that, whether being preset value in the data for judging the preset byte
Later, further includes:
If the data of the preset byte are not preset values, judge whether the frame type identification is second value, wherein described
Two-value indicates confirmation encrypted frame;
If so, deviating the preset byte from the network-caching area, and returns to re-execute and judge the frame type identification
The step of whether being the first value;
If not, it is determined that the current data frame is non-encrypted data frame, and carries out according to the process of analysis of non-encrypted data frame
Parsing.
4. the method according to claim 1, wherein being solved using preset-key to the current data frame
Before close, further includes:
The length of the current data frame is read, and takes complete current data frame according to the length read of the current data frame;
First completeness check is carried out to the current data frame;
If the first completeness check passes through, the current data frame is decrypted using the preset-key.
5. according to the method described in claim 4, it is characterized in that, carrying out the first completeness check to the current data frame
Later, further includes:
If the first completeness check does not pass through, according to non-encrypted data frame read data frame length, and the second integrality school is carried out
It tests, if the second completeness check does not pass through, deviates a byte from the network-caching area, and return to re-execute and judge institute
The step of whether frame type identification is the first value stated.
6. the method according to claim 1, wherein will decrypt obtain data deposit parsing queue after,
Further include:
The length that the current data frame is deviated from network-caching area sets the corresponding frame type identification of the data frame transmitting terminal
For second value, and return to re-execute the step of whether the frame type identification is the first value judged.
7. according to the method described in claim 2, it is characterized in that, judge the frame type identification whether be the first value it
Afterwards, further includes:
If the frame type identification is the first value, confirm that the current data frame is non-encrypted data frame;
The length of the current data frame is read, and takes complete current data frame according to the length read of the current data frame;
Second completeness check is carried out to the current data frame;
If the second completeness check passes through, by the data content deposit parsing queue in the current data frame;
If the second completeness check does not pass through, a byte is deviated from the network-caching area, and return and re-execute judgement
The step of whether the frame type identification is the first value.
8. the method according to the description of claim 7 is characterized in that the data content in the current data frame is stored in solution
After analysis queue, further includes:
The length that the current data frame is deviated from the network-caching area, by the corresponding frame type mark of the data frame transmitting terminal
Knowledge is set to the first value, and returns to re-execute the step of whether the frame type identification is the first value judged.
9. method according to any one of claim 1 to 8, which is characterized in that according to default frame format and data frame
The corresponding frame type identification of transmitting terminal, before judging whether current data frame is scrambled data frame, further includes:
The corresponding frame type identification of each data frame transmitting terminal is initialized as third value, wherein the third value indicates that default adds
Close frame.
10. a kind of data frame analyzing device characterized by comprising
Judgment module, for judging current data frame according to frame format and the corresponding frame type identification of data frame transmitting terminal is preset
It whether is scrambled data frame, wherein scrambled data frame is different with the frame format of non-encrypted data frame, and the frame type identification is used for
The type for the data frame that the data frame transmitting terminal is sent is identified in resolving;
Deciphering module, in the case where the current data frame is scrambled data frame, using preset-key to described current
Data frame is decrypted, and the data deposit parsing queue that decryption is obtained.
11. device according to claim 10, which is characterized in that the default frame format is on the head of scrambled data frame
It is arranged that length is preset byte and value is the data of preset value;
The judgment module includes:
First judging unit, for judging whether the frame type identification is the first value, wherein first value indicates that confirmation is non-
Encrypted frame;
Reading unit is read according to the default frame format from network-caching area if not being the first value for the frame type identification
Take the data of preset byte;
Second judgment unit, for judging whether the data of the preset byte are preset value;
Determination unit determines that the current data frame is scrambled data frame if the data for the preset byte are preset value.
12. a kind of equipment, which is characterized in that including data frame analyzing device described in claim 10 or 11.
13. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is processed
Device realizes data frame analyzing method as claimed in any one of claims 1-9 wherein when executing.
14. a kind of electronic equipment characterized by comprising
One or more processors;
Memory, for storing one or more programs, when one or more of programs are by one or more of processors
When execution, so that one or more of processors realize data frame analyzing side as claimed in any one of claims 1-9 wherein
Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910636835.9A CN110351281B (en) | 2019-07-15 | 2019-07-15 | Universal data frame analysis method, device and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910636835.9A CN110351281B (en) | 2019-07-15 | 2019-07-15 | Universal data frame analysis method, device and equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110351281A true CN110351281A (en) | 2019-10-18 |
CN110351281B CN110351281B (en) | 2021-01-05 |
Family
ID=68176365
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910636835.9A Active CN110351281B (en) | 2019-07-15 | 2019-07-15 | Universal data frame analysis method, device and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110351281B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111510916A (en) * | 2020-04-08 | 2020-08-07 | 国网上海市电力公司 | WAMS data encryption and decryption method, device and system |
CN114710237A (en) * | 2022-03-25 | 2022-07-05 | 湖南鼎一致远科技发展有限公司 | Data processing method and device of communication interface, electronic equipment and storage medium |
CN114915503A (en) * | 2022-07-15 | 2022-08-16 | 广州万协通信息技术有限公司 | Data stream splitting processing encryption method based on security chip and security chip device |
CN114979307A (en) * | 2022-04-19 | 2022-08-30 | 杭州涂鸦信息技术有限公司 | Communication protocol analysis method, intelligent terminal and storage medium |
CN116881934A (en) * | 2023-06-05 | 2023-10-13 | 珠海妙存科技有限公司 | Encryption and decryption method, system and device for data and storage medium |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102447530A (en) * | 2011-11-23 | 2012-05-09 | 西安电子科技大学 | Data frame aggregation method with fault-tolerant function |
CN103312496A (en) * | 2013-05-10 | 2013-09-18 | 北京国基科技股份有限公司 | Data encryption and decryption method and device as well as data encryption and decryption system |
CN104318286A (en) * | 2014-10-31 | 2015-01-28 | 东莞宇龙通信科技有限公司 | NFC label data management method and system and terminal |
CN104361287A (en) * | 2014-11-12 | 2015-02-18 | 深圳市中兴移动通信有限公司 | Method and device for switching working states of terminal |
CN104735457A (en) * | 2015-03-27 | 2015-06-24 | 南京中新赛克科技有限责任公司 | Video encryption and decryption method based on H.264 code |
CN105897669A (en) * | 2015-11-11 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Data sending method, data receiving method, sending terminal, receiving terminal and CAN bus network |
CN106685585A (en) * | 2015-11-10 | 2017-05-17 | 阿里巴巴集团控股有限公司 | Data communication method and apparatus thereof |
WO2018142571A1 (en) * | 2017-02-03 | 2018-08-09 | 三菱電機株式会社 | Transfer apparatus and communication network |
CN108494650A (en) * | 2018-02-07 | 2018-09-04 | 丽水博远科技有限公司 | A kind of binary signaling protocol data link layer transmission frame format |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106254147B (en) * | 2016-09-08 | 2019-06-28 | 珠海全志科技股份有限公司 | It is a kind of for the configuration method of Wi-Fi network, internet-of-things terminal and control terminal |
-
2019
- 2019-07-15 CN CN201910636835.9A patent/CN110351281B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102447530A (en) * | 2011-11-23 | 2012-05-09 | 西安电子科技大学 | Data frame aggregation method with fault-tolerant function |
CN103312496A (en) * | 2013-05-10 | 2013-09-18 | 北京国基科技股份有限公司 | Data encryption and decryption method and device as well as data encryption and decryption system |
CN104318286A (en) * | 2014-10-31 | 2015-01-28 | 东莞宇龙通信科技有限公司 | NFC label data management method and system and terminal |
CN104361287A (en) * | 2014-11-12 | 2015-02-18 | 深圳市中兴移动通信有限公司 | Method and device for switching working states of terminal |
CN104735457A (en) * | 2015-03-27 | 2015-06-24 | 南京中新赛克科技有限责任公司 | Video encryption and decryption method based on H.264 code |
CN106685585A (en) * | 2015-11-10 | 2017-05-17 | 阿里巴巴集团控股有限公司 | Data communication method and apparatus thereof |
CN105897669A (en) * | 2015-11-11 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Data sending method, data receiving method, sending terminal, receiving terminal and CAN bus network |
WO2018142571A1 (en) * | 2017-02-03 | 2018-08-09 | 三菱電機株式会社 | Transfer apparatus and communication network |
CN108494650A (en) * | 2018-02-07 | 2018-09-04 | 丽水博远科技有限公司 | A kind of binary signaling protocol data link layer transmission frame format |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111510916A (en) * | 2020-04-08 | 2020-08-07 | 国网上海市电力公司 | WAMS data encryption and decryption method, device and system |
CN114710237A (en) * | 2022-03-25 | 2022-07-05 | 湖南鼎一致远科技发展有限公司 | Data processing method and device of communication interface, electronic equipment and storage medium |
CN114710237B (en) * | 2022-03-25 | 2024-01-26 | 湖南鼎一致远科技发展有限公司 | Data processing method and device of communication interface, electronic equipment and storage medium |
CN114979307A (en) * | 2022-04-19 | 2022-08-30 | 杭州涂鸦信息技术有限公司 | Communication protocol analysis method, intelligent terminal and storage medium |
CN114915503A (en) * | 2022-07-15 | 2022-08-16 | 广州万协通信息技术有限公司 | Data stream splitting processing encryption method based on security chip and security chip device |
CN116881934A (en) * | 2023-06-05 | 2023-10-13 | 珠海妙存科技有限公司 | Encryption and decryption method, system and device for data and storage medium |
CN116881934B (en) * | 2023-06-05 | 2024-02-23 | 珠海妙存科技有限公司 | Encryption and decryption method, system and device for data and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110351281B (en) | 2021-01-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110351281A (en) | A kind of general data frame analytic method, device and equipment | |
CN103368957B (en) | Method and system that web page access behavior is processed, client, server | |
CN113378236B (en) | Evidence data online security notarization platform and security method | |
US10135830B2 (en) | Utilizing transport layer security (TLS) fingerprints to determine agents and operating systems | |
CN107528818B (en) | Data processing method and device for media file | |
US10389685B2 (en) | Systems and methods for securely transferring selective datasets between terminals | |
CN112788270B (en) | Video backtracking method, device, computer equipment and storage medium | |
CN107784205B (en) | User product auditing method, device, server and storage medium | |
CN108769171A (en) | The copy of distributed storage keeps verification method, device, equipment and storage medium | |
CN112685682B (en) | Method, device, equipment and medium for identifying forbidden object of attack event | |
CN104869136A (en) | High-concurrency safe transmission method of Internet advertisement monitoring information | |
CN106649342A (en) | Data processing method and apparatus in data acquisition platform | |
CN115563600A (en) | Data auditing method and device, electronic equipment and storage medium | |
CN110765490A (en) | Method and apparatus for processing information | |
CN113704569A (en) | Information processing method and device and electronic equipment | |
CN112016922A (en) | Information security protection method and equipment applied to block chain financial fusion and online payment | |
KR101480040B1 (en) | Method, system and computer readable recording medium for web-page monitoring | |
CN111046309A (en) | Page view rendering method, device and equipment and readable storage medium | |
CN113807697B (en) | Alarm association-based order sending method and device | |
CN109558744B (en) | Data processing method and system | |
CN114338129A (en) | Message anomaly detection method, device, equipment and medium | |
CN109218284B (en) | XSS vulnerability detection method and device, computer equipment and readable medium | |
CN111752819B (en) | Abnormality monitoring method, device, system, equipment and storage medium | |
CN105791888A (en) | Video analyzing method and video analyzing device | |
CN115695032B (en) | Network security detection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |