CN111555936B - Industrial control asset detection method, device and equipment - Google Patents
Industrial control asset detection method, device and equipment Download PDFInfo
- Publication number
- CN111555936B CN111555936B CN202010343683.6A CN202010343683A CN111555936B CN 111555936 B CN111555936 B CN 111555936B CN 202010343683 A CN202010343683 A CN 202010343683A CN 111555936 B CN111555936 B CN 111555936B
- Authority
- CN
- China
- Prior art keywords
- asset
- entry
- industrial control
- access information
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The application provides an industrial control asset detection method, device and equipment. The industrial control asset detection method is applied to industrial control asset detection equipment, and comprises the following steps: analyzing a network data packet in an industrial control network to obtain access information of the network data packet; generating an access relation table of the industrial control network according to the access information; each table entry of the access relation table records access information of the network data packet; and aiming at each table entry of the access relation table, carrying out asset detection according to the access information recorded by the table entry. According to the industrial control asset detection method, the industrial control asset detection device and the industrial control asset detection equipment, when asset detection is carried out, a large number of detection messages can be prevented from being sent to a network, and abnormal operation of the industrial control equipment can be avoided.
Description
Technical Field
The application relates to the field of industrial control systems, in particular to an industrial control asset detection method, device and equipment.
Background
With the rapid development of industrial internet technology, industrial control systems face more and more security risks. The security assessment of the industrial control system is more and more urgent, and the primary task of the security risk assessment of the industrial control system is to effectively sort the industrial control assets in the industrial control network and to clarify the industrial control asset condition of the industrial control network.
Currently, industrial control asset detection is often performed by an active detection method. During specific implementation, the industrial control network is subjected to full IP scanning to obtain the survival assets, then the survival assets are subjected to full port pre-scanning to obtain the survival ports, and then the survival ports are sent with detection messages to read the asset information of the industrial control assets corresponding to the survival ports.
When the industrial control asset detection is carried out by the method, a large number of messages need to be sent to the network, and the operation of the industrial control asset is easy to be abnormal.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus, and a device for detecting an industrial control asset, so as to solve the problem that the existing detection method is easy to cause abnormal operation of the industrial control asset.
The application provides an industrial control asset detection method in a first aspect, which is applied to industrial control asset detection equipment, and the method comprises the following steps:
analyzing a network data packet in an industrial control network to obtain access information of the network data packet;
generating an access relation table of the industrial control network according to the access information; each table entry of the access relation table records access information of the network data packet;
and aiming at each table entry of the access relation table, carrying out asset detection according to the access information recorded by the table entry.
In a second aspect, the present application provides an industrial control asset detection device, which is applied to an industrial control asset detection device, and comprises an acquisition module, a processing module and a detection module, wherein,
the acquisition module is used for analyzing a network data packet in an industrial control network to acquire access information of the network data packet;
the processing module is used for generating an access relation table of the industrial control network according to the access information; each table entry of the access relation table records access information of the network data packet;
and the detection module is used for detecting the assets according to the access information recorded by each table entry of the access relation table.
A third aspect of the present application provides a computer storage medium having a computer program stored thereon, which when executed by a processor, performs the steps of any of the industrial asset detection methods provided herein.
A fourth aspect of the present application provides an industrial control asset detection device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of any of the industrial control asset detection methods provided in the present application when executing the program.
According to the industrial control asset detection method, the industrial control asset detection device and the industrial control asset detection equipment, the network data packet in the industrial control network is analyzed to obtain the access information of the network data packet, the access relation table of the industrial control network is generated according to the access information, and then asset detection is carried out on each table entry of the access relation table according to the access information recorded by the table entry. Therefore, the survival equipment in the industrial control network can be determined based on the access relation table, and the survival equipment does not need to be determined through whole network segment scanning, so that a large number of detection messages can be prevented from being sent to the network, and abnormal operation of the industrial control equipment can be avoided.
Drawings
FIG. 1 is a flow chart of a first embodiment of a method for detecting industrial assets provided by the present application;
FIG. 2 is a flowchart of a second embodiment of a method for acquiring industrial assets provided by the present application;
FIG. 3 is a flowchart of a third embodiment of a method for detecting industrial assets according to the present application;
FIG. 4 is a diagram of a hardware configuration of an industrial control asset detection device in which an industrial control asset detection apparatus according to an exemplary embodiment of the present application is located;
fig. 5 is a schematic structural diagram of a first industrial control asset detection device provided by the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The application provides an industrial control asset detection method, device and equipment, which aim to solve the problem that the existing detection method is easy to cause abnormal operation of industrial control assets.
The following description is made of the related terms:
industrial Control System (ICS): including control systems used in a variety of industrial processes, including supervisory control and data acquisition Systems (SCADA), Distributed Control Systems (DCS), and other control systems, such as Programmable Logic Controllers (PLC), among others.
Industrial assets control: relevant equipment applying the industrial control system comprises SCADA, PLC, DCS, RTU, HMI, industrial exchanger, industrial operator station or engineer station and the like.
An industrial protocol: in an industrial control system, communication message protocols between an upper computer and a control device and between the control device and the control device generally include read-write control of analog quantity and digital quantity. Common industrial protocols are Modbus, S7, DNP3, EtherNet/IP, BACnet, FINS, etc.
Several specific embodiments are given below to describe the technical solutions of the present application in detail, and these specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 1 is a flowchart of a first embodiment of an industrial control asset detection method provided in the present application. Referring to fig. 1, the method provided in this embodiment may include:
s101, analyzing a network data packet in the industrial control network to obtain access information of the network data packet.
Specifically, the access information at least includes a source MAC address, a source IP address, a destination MAC address, a destination IP address, a base protocol, and an application protocol.
It should be noted that the method provided in this embodiment is applied to industrial control asset detection equipment, and the equipment may be an industrial control firewall, an industrial control detection and audit equipment, and the like.
S102, generating an access relation table of the industrial control network according to the access information; and each table entry of the access relation table records the access information of the network data packet.
Specifically, traffic learning can be performed on a network data packet in the industrial control network according to a preset learning period to obtain the access relation table. The learning period is set according to actual needs, and this embodiment is not limited to this. For example, in one embodiment, the learning period may be 7 days.
For example, in an embodiment, when a learning period starts, an access relationship table may be created first, and then, each time a network data packet is received, the network data packet is analyzed to obtain access information of the network data packet, and whether the access relationship table includes the access information is determined, if not, the access information is added to the access relationship table as an entry until the learning period ends, and the learned legal access relationship table is output.
For another example, in another embodiment, when a learning period ends, all network data packets received in the learning period may be analyzed to obtain access information of each network data packet, and then all the access information may be aggregated, and an access relationship table may be generated based on the aggregated access information.
For example, table 1 is a schematic diagram of an access relationship table shown in an exemplary embodiment of the present application.
Table 1 access relationship table
Referring to table 1, in the example shown in table 1, each entry of the access relationship table records access information, and the access information includes a source MAC address, a source IP address, a destination MAC address, a destination IP address, a base protocol, and an application protocol.
S103, aiming at each table entry of the access relation table, asset detection is carried out according to the access information recorded by the table entry.
Specifically, for each entry, a detection message may be sent to the destination IP address recorded in the entry, so as to perform asset detection. It should be noted that, when the probe packet is assembled, the packet content depends on a preset packet sending format, which is not limited in this embodiment.
It should be noted that, in the present application, after the asset information is successfully detected, the asset information may be used for business or storage display. The specific implementation principle of using the asset information for service or storage display may refer to the description in the related art, and is not described herein again.
In the industrial control asset detection method provided by this embodiment, the network data packet in the industrial control network is analyzed to obtain the access information of the network data packet, and an access relation table of the industrial control network is generated according to the access information, so that asset detection is performed according to the access information recorded in each table entry of the access relation table. Therefore, the survival equipment in the industrial control network can be determined based on the access relation table, and the survival equipment does not need to be determined through whole network segment scanning, so that a large number of detection messages can be prevented from being sent to the network, and abnormal operation of the industrial control equipment can be avoided.
Optionally, in a possible implementation manner of the present application, each entry of the access relationship table further records an asset detection state corresponding to access information, a default state of the asset detection state is enabled, and performing asset detection according to the access information recorded in the entry includes:
when the asset detection state recorded by the table entry is enabled, performing asset detection according to the access information recorded by the table entry;
after the asset detection is performed according to the access information recorded by the entry, the method further includes:
and after the asset information is successfully detected, updating the asset detection state recorded by the table entry to be forbidden.
For example, table 2 is a schematic diagram of an access relationship table shown in another exemplary embodiment of the present application:
table 2 access relationship table
Referring to table 2, in this embodiment, each entry of the access relationship table further records an asset detection state corresponding to the access information. At this time, when asset detection is performed according to the access information recorded by the entry, when the asset detection state recorded by the entry is enabled, asset detection is performed according to the access information recorded by the entry, and after the asset information is successfully detected, the asset detection state recorded by the entry is updated to be disabled. Therefore, for the table entry with the forbidden asset detection state, repeated detection is not performed subsequently, and resources can be saved.
In the method provided by this embodiment, each entry of the access relationship table further records an asset detection state corresponding to the access information, when asset detection is performed according to one entry, detection is performed only when the asset detection state recorded in the entry is enabled, and after the asset information is successfully detected, the asset detection state recorded in the entry is updated to be disabled. Therefore, for the table entry with the forbidden asset detection state, repeated detection is not performed subsequently, and resources can be saved.
Fig. 2 is a flowchart of a second embodiment of an industrial control asset acquisition method provided by the present application. Referring to fig. 2, in the method provided in this embodiment, on the basis of the foregoing embodiment, after the generating the access relationship table, the method further includes:
s201, aiming at each table entry of the access relation table, judging whether the access information recorded by the table entry is matched with preset non-industrial control asset information.
And S202, if yes, updating the asset detection state recorded by the table entry to be ignored.
Specifically, in one embodiment, the non-industry control asset information may include interference asset information and non-industry control asset information. In particular, an interfering asset database for storing interfering asset information and a non-industry asset database for storing non-industry asset information may be provided.
The interference asset information is non-industrial control asset information set according to multicast/broadcast flow which does not have asset detection capability, such as LLMNR, SSDP, ARP and the like in the industrial control network. For example, when an access information corresponds to multicast or broadcast traffic, the asset detection state corresponding to the access information is updated to ignore at this time.
In addition, the non-industry asset information is obtained by accumulation based on the industry asset characteristics and is set according to the flow which does not belong to the industry. For example, industrial control equipment in the power industry is not applicable to other industries, and when asset detection is performed in other industries, the flow with the application protocol of IEC61850-MMS (the protocol is the application protocol used in the power industry) is set as a non-industrial control asset. At this time, when the application protocol of an access message is IEC61850-MMS, the asset detection state corresponding to the access message is updated to ignore.
It should be noted that the non-industrial control asset information is configured by the user according to actual needs. In the present embodiment, the specific contents thereof are not limited. For example, a user monitors multicast traffic that is not involved in non-industrial control asset information in an industrial control network, and at this time, the user may add the multicast traffic to the non-industrial control asset information.
For example, table 3 is a schematic diagram of an access relationship table shown in an exemplary embodiment of the present application:
table 3 access relationship table
Referring to table 3, in this embodiment, the asset detection status of multicast/broadcast traffic that LLMNR, SSDP, ARP do not have asset detection capability is ignored. Therefore, when asset detection is carried out, the asset detection is not carried out, so that detection resources can be saved, and the detection efficiency is improved.
It should be noted that the matching process of the non-industrial control asset information is periodic, and the non-industrial control asset information can be matched according to a preset matching period. For example, the matching may be performed every 30 days.
Optionally, in a possible implementation manner of the present application, after updating the asset detection state, the method further includes:
and displaying the asset detection state corresponding to each access information to a user through a human-computer interaction interface so that the user can correct the asset detection state corresponding to each access information.
In particular, it may be presented to the user, for example, via a web page or command line. Which the user can modify.
By displaying the asset detection state corresponding to the access information to the user, the user can check whether the neglected state is reasonable or not, and further modify the unreasonable state.
According to the method provided by the embodiment, the asset detection state corresponding to the access information matched with the non-industrial control asset information is updated to be ignored, so that the asset detection state corresponding to the access information without detection significance can be updated to be ignored, the access information is not detected, the detection resources can be saved, and the detection efficiency is improved.
Optionally, in an embodiment, after updating the asset detection status recorded by the entry to ignore, the method further includes:
and deleting the table entries of the access relation table and the asset detection state which are ignored.
Specifically, by deleting the entry whose asset detection state is ignored, the detection efficiency can be improved
It should be noted that, entries whose asset detection state is ignored may be deleted according to a preset deletion period. For example, every 7 days. There is no necessary link between the deletion period and the aforementioned learning period and matching period.
Fig. 3 is a flowchart of a third embodiment of an industrial control asset detection method according to an exemplary embodiment of the present application. In the method provided by this embodiment, each entry of the access relationship table records a corresponding relationship between access information and an asset detection state, referring to fig. 3, the method provided by this embodiment may include:
s301, taking the first table entry in the access relation table as a target table entry.
S302, judging whether the asset detection state recorded by the target table entry is enabled, if not, executing a step S303, and if so, executing a step 304.
S303, taking the next table entry in the access relation table as a target table entry, and repeatedly executing the step S302 until the last table entry.
S304, detecting assets according to the access information recorded by the target table item;
s305, determining whether the response message is received, if yes, executing step 306, and if not, executing step S307.
S306, extracting the asset information from the received response message, and updating the asset detection state recorded by the target table entry to be forbidden.
S307, judging whether the detection times reach the preset times, if not, executing a step 308, and if so, executing a step 309.
Specifically, the preset number is set according to actual needs, and in this embodiment, a specific value of the preset number is not limited. For example, in one embodiment, the predetermined number of times may be 3.
And S308, detecting assets according to the access information recorded in the target table item.
And S309, counting detection failure records.
It should be noted that, by counting the detection failure records, the backtracking check is facilitated. In addition, for the specific implementation principle and implementation procedure of steps S301 to S309, reference may be made to the description in the foregoing embodiments, and details are not described here.
Optionally, in the industrial control asset detection method provided in this embodiment, the method further includes:
receiving a manual detection instruction for specifying access information input by a user;
and detecting assets according to the specified access information.
Specifically, the asset detection can be performed on the specific access information based on the manual detection instruction, so that if the asset information is not detected based on a certain piece of access information, the user can perform the asset detection according to the specific access information based on the manual detection instruction, thereby avoiding restarting the whole detection process, improving the detection efficiency and saving the detection resources. For another example, for an unreasonable entry to be ignored, the user may manually modify the asset detection state of the entry, and then trigger a manual detection instruction for the entry, at this time, the device may perform asset detection based on the specified access information, thereby avoiding restarting the entire detection process, improving the detection efficiency, and saving the detection resources
Corresponding to the embodiment of the industrial control asset detection method, the application also provides an embodiment of the industrial control asset detection device.
The embodiment of the industrial control asset detection device can be applied to industrial control asset detection equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and as a device in a logical sense, the device is formed by reading corresponding computer program instructions in a memory into an internal memory for operation through a processor of the industrial control asset detection equipment where the device is located. In terms of hardware, as shown in fig. 4, a hardware structure diagram of an industrial control asset detection device where an industrial control asset detection apparatus is located according to an exemplary embodiment of the present application is shown, except for the memory 410, the processor 420, the memory 430, and the network interface 440 shown in fig. 4, a computer device where the apparatus is located in the embodiment may also include other hardware according to an actual function of the industrial control asset detection apparatus, which is not described again.
Fig. 5 is a schematic structural diagram of a first industrial control asset detection device provided by the present application. Referring to fig. 5, the apparatus provided in this embodiment is applied to industrial control asset detection equipment, and the apparatus includes an obtaining module 510, a processing module 520, and a detecting module 530, wherein,
the obtaining module 510 is configured to analyze a network data packet in an industrial control network, and obtain access information of the network data packet;
the processing module 520 is configured to generate an access relation table of the industrial control network according to the access information; each table entry of the access relation table records access information of the network data packet;
the detecting module 530 is configured to perform asset detection on each entry of the access relationship table according to the access information recorded in the entry.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 1, and the implementation principle and the technical effect are similar, which are not described herein again.
Further, each entry of the access relation table also records an asset detection state corresponding to the access information, and the default state of the asset detection state is enabled;
the detecting module 530 is specifically configured to perform asset detection according to the access information recorded in the entry when the asset detection state recorded in the entry is enabled;
the processing module 520 is further configured to update the asset detection status recorded in the entry to disabled after the detection module 530 successfully detects the asset information according to the access information recorded in the entry.
Further, the processing module 520 is further configured to, after the access relationship table is generated, determine, for each entry of the access relationship table, whether the access information recorded in the entry matches preset non-industrial control asset information, and update the asset detection state recorded in the entry to be ignored when it is determined that the access information recorded in the entry matches the preset non-industrial control asset information.
Further, the processing module 520 is further configured to delete the entry in the access relationship table whose asset detection state is ignored after updating the asset detection state recorded in the entry to be ignored.
The present application further provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of any of the industrial control asset detection methods provided herein.
In particular, computer-readable media suitable for storing computer program instructions and data include all forms of non-volatile memory, media and memory devices, including by way of example semiconductor memory devices (e.g., EPROM, EEPROM, and flash memory devices), magnetic disks (e.g., internal hard disk or removable disks), magneto-optical disks, and CD ROM and DVD-ROM disks.
With continued reference to fig. 4, the present application further provides an industrial control asset detection device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of any of the industrial control asset detection methods provided by the present application when executing the computer program.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. An industrial control asset detection method is applied to industrial control asset detection equipment, and the method comprises the following steps:
analyzing a network data packet in an industrial control network to obtain access information of the network data packet;
generating an access relation table of the industrial control network according to the access information; each table entry of the access relation table records access information of the network data packet;
and aiming at each table entry of the access relation table, sending a detection message according to the access information recorded by the table entry so as to detect the assets.
2. The method according to claim 1, wherein each entry of the access relationship table further records an asset detection state corresponding to access information, a default state of the asset detection state is enabled, and the asset detection according to the access information recorded by the entry includes:
when the asset detection state recorded by the table entry is enabled, performing asset detection according to the access information recorded by the table entry;
after the asset detection is performed according to the access information recorded by the entry, the method further includes:
and after the asset information is successfully detected, updating the asset detection state recorded by the table entry to be forbidden.
3. The method of claim 2, wherein after generating the access relationship table, the method further comprises:
aiming at each table entry of the access relation table, judging whether the access information recorded by the table entry matches with preset non-industrial control asset information;
if yes, updating the asset detection state recorded by the table entry to be ignored.
4. The method of claim 3, wherein after updating the asset detection status of the entry record to ignore, the method further comprises:
and deleting the entry of which the asset detection state is ignored in the access relation table.
5. The method of claim 1, wherein if asset information is not successfully detected based on the access information recorded in the entry, the method further comprises:
judging whether the detection times reach preset times or not;
if not, asset detection is carried out according to the access information recorded in the table item;
and if so, counting detection failure records.
6. The method of claim 1, further comprising:
receiving a manual detection instruction for specifying access information input by a user;
and detecting assets according to the specified access information.
7. The industrial control asset detection device is characterized by being applied to industrial control asset detection equipment and comprising an acquisition module, a processing module and a detection module, wherein,
the acquisition module is used for analyzing a network data packet in an industrial control network to acquire access information of the network data packet;
the processing module is used for generating an access relation table of the industrial control network according to the access information; each table entry of the access relation table records access information of the network data packet;
and the detection module is used for sending a detection message according to the access information recorded by the table entry aiming at each table entry of the access relation table so as to detect the assets.
8. The apparatus according to claim 7, wherein each entry of the access relationship table further records an asset detection state corresponding to access information, and a default state of the asset detection state is enabled;
the detection module is specifically configured to perform asset detection according to the access information recorded by the entry when the asset detection state recorded by the entry is enabled;
the processing module is further configured to update the asset detection state recorded in the entry to be disabled after the detection module successfully detects the asset information according to the access information recorded in the entry.
9. A computer storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
10. An industrial asset detection device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor when executing the program implementing the steps of the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010343683.6A CN111555936B (en) | 2020-04-27 | 2020-04-27 | Industrial control asset detection method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010343683.6A CN111555936B (en) | 2020-04-27 | 2020-04-27 | Industrial control asset detection method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111555936A CN111555936A (en) | 2020-08-18 |
| CN111555936B true CN111555936B (en) | 2022-03-25 |
Family
ID=72004074
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010343683.6A Active CN111555936B (en) | 2020-04-27 | 2020-04-27 | Industrial control asset detection method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111555936B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112671887B (en) * | 2020-12-21 | 2023-03-03 | 哈尔滨工大天创电子有限公司 | Asset identification method and device, electronic equipment and computer storage medium |
| CN113315769B (en) * | 2021-05-27 | 2023-04-07 | 杭州迪普科技股份有限公司 | Industrial control asset information collection method and device |
| CN114025014B (en) * | 2021-10-29 | 2024-01-30 | 北京恒安嘉新安全技术有限公司 | Asset detection method and device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109802953A (en) * | 2018-12-29 | 2019-05-24 | 北京奇安信科技有限公司 | A kind of recognition methods of industry control assets and device |
| CN110113335A (en) * | 2019-05-06 | 2019-08-09 | 杭州齐安科技有限公司 | A kind of industrial control equipment fingerprint method for normalizing |
| CN110351251A (en) * | 2019-06-20 | 2019-10-18 | 哈尔滨工业大学(威海) | A kind of industrial control equipment assets detection method based on filtering technique |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3091692B1 (en) * | 2015-05-06 | 2020-07-15 | General Electric Technology GmbH | A network connection monitoring assembly for an industrial control system |
-
2020
- 2020-04-27 CN CN202010343683.6A patent/CN111555936B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109802953A (en) * | 2018-12-29 | 2019-05-24 | 北京奇安信科技有限公司 | A kind of recognition methods of industry control assets and device |
| CN110113335A (en) * | 2019-05-06 | 2019-08-09 | 杭州齐安科技有限公司 | A kind of industrial control equipment fingerprint method for normalizing |
| CN110351251A (en) * | 2019-06-20 | 2019-10-18 | 哈尔滨工业大学(威海) | A kind of industrial control equipment assets detection method based on filtering technique |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111555936A (en) | 2020-08-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111555936B (en) | Industrial control asset detection method, device and equipment | |
| CN112883031B (en) | Industrial control asset information acquisition method and device | |
| CN113507461B (en) | Network monitoring system and network monitoring method based on big data | |
| CN111130883A (en) | Method and device for determining topological graph of industrial control equipment and electronic equipment | |
| CN111246406A (en) | Short message sending method, system, storage medium and terminal equipment | |
| CN112118249B (en) | Security protection method and device based on log and firewall | |
| CN115442259A (en) | System identification method and device | |
| CN111953568B (en) | Method and device for managing packet loss information | |
| CN113497797A (en) | Method and device for detecting abnormality of ICMP tunnel transmission data | |
| CN113472580B (en) | Alarm system and alarm method based on dynamic loading mechanism | |
| CN108133026B (en) | Multi-data processing method, system and storage medium | |
| CN113709129A (en) | White list generation method, device and system based on traffic learning | |
| CN113794696A (en) | Network security information processing method and system based on causal model | |
| CN111010362B (en) | Monitoring method and device for abnormal host | |
| CN109040089B (en) | Network policy auditing method, equipment and computer readable storage medium | |
| US11940890B2 (en) | Timing index anomaly detection method, device and apparatus | |
| CN113645241B (en) | Intrusion detection method, device and equipment for industrial control proprietary protocol | |
| CN115309498A (en) | Container state adjusting method, device, equipment and storage medium for K8s cluster | |
| CN112272184A (en) | Industrial flow detection method, device, equipment and medium | |
| CN112580092A (en) | Sensitive file identification method and device | |
| CN115442284B (en) | System and method for testing equipment | |
| CN116208431B (en) | Industrial control network flow abnormality detection method, system, device and readable medium | |
| US20240064163A1 (en) | System and method for risk-based observability of a computing platform | |
| CN116600031B (en) | Message processing method, device, equipment and storage medium | |
| CN114844691B (en) | Data processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |