CN111935189B - Industrial control terminal strategy control system and industrial control terminal strategy control method - Google Patents
Industrial control terminal strategy control system and industrial control terminal strategy control method Download PDFInfo
- Publication number
- CN111935189B CN111935189B CN202011081811.0A CN202011081811A CN111935189B CN 111935189 B CN111935189 B CN 111935189B CN 202011081811 A CN202011081811 A CN 202011081811A CN 111935189 B CN111935189 B CN 111935189B
- Authority
- CN
- China
- Prior art keywords
- strategy
- control
- terminal
- module
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention provides an industrial control terminal strategy control system and an industrial control terminal strategy control method, wherein the industrial control terminal strategy control system comprises: the system comprises a plurality of PC terminals and a configuration auditing end which is in communication connection with the plurality of PC terminals and is used for sending a control strategy to the plurality of PC terminals; the PC terminal is provided with an acquisition control module, the acquisition control module acquires information of the PC terminal and reports data of the acquired information to the configuration auditing end, the configuration auditing end calculates a control strategy according to the data and sends the control strategy to the plurality of PC terminals, and the acquisition control module receives and operates the control strategy. The industrial control terminal strategy control system can carry out real-time monitoring according to the operation of the user at each PC terminal, and can identify and process the misoperation or illegal operation of the user in time through real-time detection and calculation, so that the novel threats and attacks can be effectively responded in time, and the system can safely and stably run.
Description
Technical Field
The invention relates to the field of safety protection of industrial control systems, in particular to an industrial control terminal strategy control system and a control method of the control system.
Background
With the rapid development of network, communication, computer and other technologies, the industrial control system is continuously promoted towards informatization and digitization, and the traditional 'physical isolation myth' is broken through, so that the industrial control system is no longer an island of information, the safety of terminal equipment and the safety of terminal data face serious threats, and the harmfulness is maximum under the attack of APT. The APT has strong secrecy during attack, and is difficult to detect, and the traditional network security defense facilities such as an intrusion detection system based on feature matching, a firewall and the like cannot resist the APT attack. And novel technical means based on node models, flow monitoring, protocol analysis and the like are still to be perfected.
In addition, the industrial control system evolves to be controlled by a centralized control and a distributed control to a bus. How to effectively supervise the working state of each system and effectively control each component becomes an important detection means for dealing with novel threats. The industrial control system core component comprises: a security management area, a server area, a data relay component and other auxiliary components, etc. The safety management area carries out data acquisition, reports information such as the state of a local terminal and the task execution condition to the control service center through the data relay part, and simultaneously receives a control strategy released from the control service center and executes related operations. The control service area receives the data uploaded by the safety management part, displays the data by utilizing visual calculation, monitors the result, records logs and the like. Meanwhile, the data relay part is used for sending the control instruction to each terminal, and the terminal executes related operation. When the server area releases the control command, the server area needs to provide a relevant control strategy and an auditing strategy. Control strategies, auditing strategies, are empirical or privacy requirements dependent, once established, and are subject to little change. Resulting in an inefficient response to new threats and attacks. Meanwhile, feedback analysis is not effectively performed by using the audit logs, and the strategy cannot be updated in time.
Disclosure of Invention
The present invention is directed to solve at least one of the problems in the background art, and provides an industrial control terminal policy control system and an industrial control terminal policy control method.
In order to achieve the above object, the present invention provides an industrial control terminal policy control system, which is characterized by comprising: the system comprises a plurality of PC terminals and a configuration auditing end which is in communication connection with the plurality of PC terminals and is used for sending control strategies to the plurality of PC terminals;
the PC terminal is provided with an acquisition control module, the acquisition control module acquires information of the PC terminal and reports data of the acquired information to the configuration auditing end, the configuration auditing end calculates a control strategy according to the data and sends the control strategy to the plurality of PC terminals, and the acquisition control module receives and operates the control strategy.
According to one aspect of the invention, the configuration auditing end comprises: the system comprises a dynamic strategy generation module, a static strategy pool, a dynamic strategy pool, a strategy transfer module, a log display module, a log analysis module, a log receiving module and a data storage function module.
According to one aspect of the invention, the log receiving module receives reported data of the PC terminal;
the log analysis module analyzes and restores the reported data received in the log receiving module and stores the reported data in the data storage function module, and the data in the data storage function module is used for log display and log feedback analysis;
the dynamic strategy generation module carries out real-time calculation on the analysis data of the log analysis module, carries out cluster analysis on the reported data of the PC terminal, scores and classifies related users of the PC terminal, and generates related control strategies according to user classification data;
the dynamic strategy pool records the control strategy generated in the dynamic strategy generation module;
the static strategy pool is an existing configuration user strategy control module, and comprises an external control strategy, a process control strategy, a burning control strategy, a file monitoring control strategy, a printing monitoring control strategy, a service monitoring control strategy and an illegal external connection control strategy;
and the strategy transfer module performs AND operation on the strategies in the static strategy pool and the dynamic strategy pool and transfers the operated strategies to the PC terminal.
According to one aspect of the invention, the collection control module collects the PC terminal information including a terminal ID, a terminal type, a terminal name, a terminal operating system, a terminal affiliated department name, a terminal asset number, an asset owner name, a user name, an agent version, a complete IP address, a gateway, an MAC address, keyword information, a terminal status, a deletion flag, a user privacy level, a network status, an online flag, an online time, an offline time, a creation time, a last modification time, software and hardware information, account information, operating resource information, a startup item, and a scheduled task.
In order to achieve the above object, the present invention further provides a method for controlling an industrial control terminal policy, which is characterized by comprising the following steps:
the acquisition control module reports the acquired data to the configuration auditing end;
the configuration auditing end calculates the acquired data in real time and performs clustering analysis to obtain a corresponding control strategy and sends the control strategy to the PC terminal;
and the configuration auditing end scores the behavior event data of the user of the PC terminal, judges whether the score corresponding to the data reaches a system set threshold value or not according to the control strategy, and if so, audits the corresponding behavior event for the user of the PC terminal.
According to one aspect of the invention, the configuration auditing end calculates the acquired data in real time to be a dynamic strategy generation module which calculates the data analyzed by the log analysis module in real time, calculates the user login password verification success rate, the user terminal matching rate, the user permission utilization rate, the user resource access rate, the running resource matching rate, the startup item matching rate and the plan task matching rate in real time, then stores the calculation information through the data storage function module, and obtains the offset rate A between the current operation and the historical operation.
According to one aspect of the invention, the current operation comprises a number of times of misoperation and a number of times of normal operation, and the offset rate is a ratio of the number of times of misoperation to the total number of times of the historical operation.
According to one aspect of the invention, the collected data is subjected to cluster analysis through the dynamic strategy generation module, after analysis, the analysis result is graded from small to large according to the number of users, meanwhile, a reference grade is set, whether the current misoperation is smaller than the reference grade is judged, if yes, a control strategy corresponding to the misoperation is extracted, the subdivision of the strategy in a static strategy pool is classified into a new strategy, meanwhile, the strategy is counted in a dynamic strategy pool, and the strategies in the static strategy pool and the dynamic strategy pool are subjected to AND operation, and the formed control strategy is sent to the PC terminal.
According to one aspect of the present invention, the dynamic policy generation module is used to score the behavior event data of the user of the PC terminal, and the scoring formula is: 100-a (1-a) d-b d, wherein a is a dynamic policy weighting coefficient, b is a static policy weighting coefficient, a + b =1, d is a policy decrement.
According to an aspect of the invention, further comprising: marking the violation categories of misoperation through a dynamic strategy generation module after grading, storing violation information including the violation categories into a data storage function module, and simultaneously generating alarm information and issuing the alarm information to the PC terminal.
According to one scheme of the invention, the industrial control terminal strategy control system can carry out real-time monitoring according to the operation of the user at each PC terminal, and can identify and process the misoperation or illegal operation of the user in time through real-time detection and calculation, so that novel threats and attacks can be effectively responded in time. Moreover, the industrial control terminal strategy control system can also perform log display and log feedback analysis on the reported data of the PC terminal, so that the configuration auditing terminal can update the strategy in time, and the monitoring and control are more timely and accurate.
According to one scheme of the invention, the audit strategy is real-time audit, and illegal users and illegal behaviors can be identified and processed in time, so that novel threats can be effectively and timely coped with, and coping control strategies can be timely updated. Therefore, in the process of industrial manufacturing and the like, the operation state of the industrial system can be collected and monitored in real time, the operation state can be controlled in real time, the system can operate safely and stably, even if terminal data face threats in the fields of industry, energy, traffic, water conservancy and the like, the system can effectively deal with the terminal data, the system cannot be paralyzed due to misoperation or illegal operation, and the production can be carried out safely and smoothly.
Drawings
FIG. 1 is a block diagram schematically illustrating an industrial control terminal policy control system according to an embodiment of the present invention;
fig. 2 schematically shows a flowchart of an industrial control terminal policy control method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the scope of the present invention.
Fig. 1 is a schematic diagram illustrating a structure of an industrial control terminal policy control system according to an embodiment of the present invention. As shown in fig. 1, the industrial control terminal policy control system includes: the system comprises a plurality of PC terminals and configuration auditing terminals in communication connection with the PC terminals, wherein the configuration auditing terminals are used for sending control strategies to the PC terminals so as to immediately identify whether behaviors of users in the PC terminals are illegal, and timely notify and process the behaviors if the behaviors are illegal. In this embodiment, the PC terminal has an acquisition control module, which is configured to acquire information of the PC terminal and report the acquired information data to the configuration audit terminal, after the configuration audit terminal receives the data, the configuration audit terminal calculates a control policy according to the data and sends the control policy to each PC terminal, and the acquisition control module in each PC terminal receives and runs the control policy, thereby implementing real-time monitoring of whether the operation of the PC terminal user is accurate. Furthermore, as can be seen from the above, the industrial control terminal policy control system of the present embodiment adopts a C/S architecture, and the security management area is mainly composed of a station control PC terminal, where the PC terminal is a user client.
According to one embodiment of the present invention, as shown in fig. 1, the configuration auditing end includes: the system comprises a dynamic strategy generation module, a static strategy pool, a dynamic strategy pool, a strategy transfer module, a log display module, a log analysis module, a log receiving module and a data storage function module.
The log receiving module receives reported data of the PC terminal, the log analyzing module analyzes and restores the reported data received in the log receiving module and stores the data in the data storage function module, and then the data in the data storage function module is used for log display and log feedback analysis.
Furthermore, the dynamic strategy generation module carries out real-time calculation on the analysis data of the log analysis module and carries out cluster analysis on the reported data of the PC terminal, so as to realize grading and classification on related users of the PC terminal and generate related control strategies according to the user classification data. The dynamic strategy pool records the control strategy generated in the dynamic strategy generation module. The static strategy pool is an existing configuration user strategy control module, and comprises an external control strategy, a process control strategy, a burning control strategy, a file monitoring control strategy, a printing monitoring control strategy, a service monitoring control strategy and an illegal external connection control strategy. And the strategy transfer module performs AND operation on the strategies in the static strategy pool and the dynamic strategy pool and transfers the operated strategies to the PC terminal. The strategy releasing module performs AND operation on the strategies in the static strategy pool and the dynamic strategy pool, namely performs AND operation on the strategy shared by the static strategy pool and the dynamic strategy pool, but directly combines the strategy not shared by the static strategy pool and the dynamic strategy pool, and then releases the strategy after the AND operation and the strategy not shared by the static strategy pool and the dynamic strategy pool to the PC terminal.
According to one embodiment of the invention, the collection control module collects PC terminal information including terminal ID, terminal type, terminal name, terminal operating system, terminal affiliated department name, terminal asset number, asset owner name, user name, agent version, complete IP address, gateway, MAC address, keyword information, terminal state, deletion flag bit, user security, network state, online flag bit, online time, offline time, creation time, last modification time, software and hardware information, account information, running resource information, startup item and planning task.
According to the embodiment of the invention, the industrial control terminal strategy control system can carry out real-time monitoring according to the operation of the user at each PC terminal, and can identify and process the misoperation or illegal operation of the user in time through real-time detection and calculation, so that the novel threat and attack can be effectively responded in time. Moreover, the industrial control terminal strategy control system can also perform log display and log feedback analysis on the reported data of the PC terminal, so that the configuration auditing terminal can update the strategy in time, and the monitoring and control are more timely and accurate.
Further, the present invention also provides a method for implementing policy control of an industrial control terminal by using the above industrial control terminal policy control system, where a flowchart of the method is shown in fig. 2, and in this embodiment, the method for implementing policy control of an industrial control terminal includes the following steps:
a. the acquisition control module reports the acquired data to the configuration auditing end;
b. the configuration auditing end calculates the acquired data in real time and performs clustering analysis to obtain a corresponding control strategy and sends the control strategy to the PC terminal;
c. and the configuration auditing end scores the behavior event data of the user of the PC terminal, judges whether the score corresponding to the data reaches a system set threshold value or not according to the control strategy, and if so, audits the corresponding behavior event for the user of the PC terminal.
According to an embodiment of the present invention, in the step b, the configuration auditing end calculates the collected data in real time to be the data analyzed by the log analysis module, and calculates the user login password verification success rate, the user terminal matching rate, the user permission utilization rate, the user resource access rate, the operating resource matching rate, the startup item matching rate and the plan task matching rate in real time, and then stores the calculation information through the data storage function module, and obtains the offset rate a between the current operation and the historical operation. In the present embodiment, the current operation includes the number of times of erroneous operation and the number of times of normal operation, and the offset rate is a ratio of the number of times of erroneous operation to the total number of times of historical operation.
Moreover, while the real-time calculation is performed, the collected data needs to be subjected to cluster analysis through a dynamic policy generation module, after the analysis, the analysis results are graded from small to large according to the number of users, meanwhile, a reference grade is set, whether the current misoperation is smaller than the reference grade is judged, if yes, a control policy corresponding to the misoperation is extracted, the fine categories of the policy in the static policy pool are classified into new policies, the policies are counted in the dynamic policy pool, and the policies in the static policy pool and the dynamic policy pool are subjected to AND operation, so that a new control policy is formed and sent to the PC terminal. For example, in the process of calculating, updating and releasing the policy, if the number of static policy pools is 80, and the number of dynamic policy pools is 1, the weighting coefficient of one static policy pool is 1/(80 + 1), and the weighting coefficient of the dynamic policy pool is 1-1/(80 + 1).
According to the embodiment of the invention, for example, information such as the user login password verification success rate, the user terminal matching rate, the user permission utilization rate, the user resource access rate, the running resource matching rate, the starting item matching rate, the plan task matching rate and the like is calculated in real time, stored, and the current operation and historical data offset rate A is obtained. And simultaneously, performing multi-dimensional clustering analysis on all user data in the system according to information such as positions, departments, the operation data, control strategies and the like, dividing the types of behaviors of the user according to the positions and the departments into category grades according to an analysis result, setting a reference grade according to user requirements, judging whether the grade of the user behavior (misoperation) is smaller than the reference grade, and if so, extracting the control strategy corresponding to the user behavior for subsequent operation. Further, for example, all users in the system perform cluster analysis on the behaviors, the analysis results are classified into various grades, the grades are classified from 1 to 10 according to the number of the users, if the cluster level of the user behaviors is smaller than 2 (2 is a reference grade), and meanwhile, the fine categories of the strategies in the static strategies form new strategies and are counted in the dynamic strategy pool.
According to an embodiment of the present invention, in the step c, the behavior event data of the user of the PC terminal is scored through the dynamic policy generation module, and the scoring formula is as follows: 100-a (1-a) d-b d, wherein a is a dynamic policy weighting coefficient, b is a static policy weighting coefficient, a + b =1, d is a policy decrement number, and d is that each security level unit is made according to each security requirement, the stricter the security is, the larger the value is.
In this embodiment, after scoring, the violation categories of the misoperation are marked by the dynamic policy generation module, for example, according to the analysis result, the categories of behaviors of the user according to positions and departments are divided into category grades and marked for the user, and if the user has a mark, the marking is not repeated. And then storing the violation information including the violation categories into a data storage function module, and generating alarm information and issuing the alarm information to the PC terminal.
According to one embodiment of the invention, if the similar misoperation or illegal operation is carried out by the subsequent users of the same type, the steps are repeated.
According to the arrangement of the invention, the audit strategy is real-time audit, and illegal users and illegal behaviors can be identified and processed in time, so that novel threats can be effectively and timely coped with, and coping control strategies can be timely updated. Therefore, in the process of industrial manufacturing and the like, the operation state of the industrial system can be collected and monitored in real time, the operation state can be controlled in real time, the system can operate safely and stably, even if terminal data face threats in the fields of industry, energy, traffic, water conservancy and the like, the system can effectively deal with the terminal data, the system cannot be paralyzed due to misoperation or illegal operation, and the production can be carried out safely and smoothly.
Finally, it is noted that the above-mentioned preferred embodiments illustrate rather than limit the invention, and that, although the invention has been described in detail with reference to the above-mentioned preferred embodiments, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the scope of the invention as defined by the appended claims.
Claims (10)
1. An industrial control terminal strategy control system is characterized by comprising: the system comprises a plurality of PC terminals and a configuration auditing end which is in communication connection with the plurality of PC terminals and is used for sending control strategies to the plurality of PC terminals;
the PC terminal is provided with an acquisition control module, the acquisition control module acquires information of the PC terminal and reports data of the acquired information to the configuration auditing end, the configuration auditing end calculates a control strategy according to the data and sends the control strategy to the plurality of PC terminals, and the acquisition control module receives and operates the control strategy;
the configuration auditing end comprises: the system comprises a dynamic strategy generation module, a static strategy pool, a dynamic strategy pool, a strategy transfer module and a log analysis module;
the dynamic strategy generation module carries out real-time calculation on the analysis data of the log analysis module, carries out cluster analysis on the reported data of the PC terminal, scores and classifies related users of the PC terminal, and generates related control strategies according to user classification data;
the dynamic strategy pool records the control strategy generated in the dynamic strategy generation module;
the static strategy pool is an existing configuration user strategy control module, and comprises an external control strategy, a process control strategy, a burning control strategy, a file monitoring control strategy, a printing monitoring control strategy, a service monitoring control strategy and an illegal external connection control strategy;
and the strategy transfer module performs AND operation on the strategies in the static strategy pool and the dynamic strategy pool and transfers the operated strategies to the PC terminal.
2. The industrial control terminal strategy control system of claim 1, wherein the configuration audit end further comprises: the device comprises a log display module, a log receiving module and a data storage function module.
3. The industrial control terminal strategy control system of claim 2,
the log receiving module receives reported data of the PC terminal;
the log analysis module analyzes and restores the reported data received in the log receiving module and stores the data in the data storage function module, and the data in the data storage function module is used for log display and log feedback analysis.
4. The industrial control terminal strategy control system of claim 1, wherein the collection control module collects the PC terminal information including terminal ID, terminal type, terminal name, terminal operating system, name of department to which the terminal belongs, terminal asset number, name of owner of the asset, user name, agent version, complete IP address, gateway, MAC address, keyword information, terminal status, delete flag bit, user privacy level, network status, online flag bit, online time, offline time, creation time, last modification time, software and hardware information, account information, operating resource information, startup items, and scheduling tasks.
5. An industrial control terminal strategy control method of the industrial control terminal strategy control system according to any one of claims 1 to 4, characterized by comprising the following steps:
the acquisition control module reports the acquired data to the configuration auditing end;
the configuration auditing end calculates the acquired data in real time and performs clustering analysis to obtain a corresponding control strategy and sends the control strategy to the PC terminal;
the configuration auditing end scores the behavior event data of the user of the PC terminal, judges whether the score corresponding to the data reaches a system set threshold value according to the control strategy, and if so, audits the corresponding behavior event for the user of the PC terminal;
wherein, the configuration audit end includes: the system comprises a dynamic strategy generation module, a static strategy pool, a dynamic strategy pool, a strategy transfer module and a log analysis module;
the dynamic strategy generation module carries out real-time calculation on the analysis data of the log analysis module, carries out cluster analysis on the reported data of the PC terminal, scores and classifies related users of the PC terminal, and generates related control strategies according to user classification data;
the dynamic strategy pool records the control strategy generated in the dynamic strategy generation module;
the static strategy pool is an existing configuration user strategy control module, and comprises an external control strategy, a process control strategy, a burning control strategy, a file monitoring control strategy, a printing monitoring control strategy, a service monitoring control strategy and an illegal external connection control strategy;
and the strategy transfer module performs AND operation on the strategies in the static strategy pool and the dynamic strategy pool and transfers the operated strategies to the PC terminal.
6. The strategy control method according to claim 5, wherein the configuration auditing end calculates the collected data in real time, namely, a dynamic strategy generation module calculates the data analyzed by the log analysis module in real time, calculates the user login password verification success rate, the user terminal matching rate, the user permission utilization rate, the user resource access rate, the operating resource matching rate, the startup item matching rate and the plan task matching rate in real time, stores the calculation information through a data storage function module, and obtains the offset rate A between the current operation and the historical operation.
7. The policy control method according to claim 6, wherein the current operation includes a number of times of erroneous operation and a number of times of normal operation, and the offset rate is a ratio of the number of times of erroneous operation to the total number of times of the historical operation.
8. The strategy control method according to claim 7, characterized in that the collected data is subjected to cluster analysis by the dynamic strategy generation module, after analysis, the analysis result is graded from small to large according to the number of users, meanwhile, a reference grade is set, whether the current misoperation is smaller than the reference grade is judged, if yes, a control strategy corresponding to the misoperation is extracted, the fine categories of the strategy in a static strategy pool are respectively formed into a new strategy, meanwhile, the strategy is counted in a dynamic strategy pool, and the strategies in the static strategy pool and the dynamic strategy pool are subjected to AND operation, and the formed control strategy is sent to the PC terminal.
9. The policy control method according to claim 8, wherein the dynamic policy generation module scores behavioral event data of the user of the PC terminal according to the following formula: 100-a (1-a) d-b d, wherein a is a dynamic policy weighting coefficient, b is a static policy weighting coefficient, a + b =1, d is a policy decrement.
10. The policy control method according to claim 5, further comprising: marking the violation categories of misoperation through a dynamic strategy generation module after grading, storing violation information including the violation categories into a data storage function module, and simultaneously generating alarm information and issuing the alarm information to the PC terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011081811.0A CN111935189B (en) | 2020-10-12 | 2020-10-12 | Industrial control terminal strategy control system and industrial control terminal strategy control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011081811.0A CN111935189B (en) | 2020-10-12 | 2020-10-12 | Industrial control terminal strategy control system and industrial control terminal strategy control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111935189A CN111935189A (en) | 2020-11-13 |
| CN111935189B true CN111935189B (en) | 2021-02-05 |
Family
ID=73334333
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011081811.0A Active CN111935189B (en) | 2020-10-12 | 2020-10-12 | Industrial control terminal strategy control system and industrial control terminal strategy control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111935189B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113553182A (en) * | 2021-07-22 | 2021-10-26 | 工银科技有限公司 | Configuration method, device, equipment, medium and program product of terminal control strategy |
| CN114546519B (en) * | 2022-01-26 | 2023-10-03 | 华北电力大学 | Industrial control safety data acquisition system and method |
| CN115914005B (en) * | 2022-12-23 | 2024-01-23 | 星环信息科技(上海)股份有限公司 | Data auditing system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104378365A (en) * | 2014-10-30 | 2015-02-25 | 广东电子工业研究院有限公司 | Safety management center capable of conducting collaborative analysis |
| CN104811437A (en) * | 2015-03-16 | 2015-07-29 | 南京麦伦思科技有限公司 | Industrial control network safety strategy generation system and method |
| CN106936858A (en) * | 2015-12-29 | 2017-07-07 | 研祥智能科技股份有限公司 | A kind of cloud platform monitoring system and method |
| CN107566430A (en) * | 2016-06-30 | 2018-01-09 | 全球能源互联网研究院 | A kind of electric power mobile terminal compliance inspection and policy controlling system |
| CN110033174A (en) * | 2019-03-20 | 2019-07-19 | 烽台科技(北京)有限公司 | A kind of industrial information efficient public security system building method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102023599B (en) * | 2010-02-11 | 2012-08-29 | 北京瑞华赢科技发展有限公司 | Tunnel monitoring system |
| KR20130124357A (en) * | 2011-03-28 | 2013-11-13 | 인터내셔널 비지네스 머신즈 코포레이션 | Anomaly detection system, anomaly detection method, and program of same |
-
2020
- 2020-10-12 CN CN202011081811.0A patent/CN111935189B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104378365A (en) * | 2014-10-30 | 2015-02-25 | 广东电子工业研究院有限公司 | Safety management center capable of conducting collaborative analysis |
| CN104811437A (en) * | 2015-03-16 | 2015-07-29 | 南京麦伦思科技有限公司 | Industrial control network safety strategy generation system and method |
| CN106936858A (en) * | 2015-12-29 | 2017-07-07 | 研祥智能科技股份有限公司 | A kind of cloud platform monitoring system and method |
| CN107566430A (en) * | 2016-06-30 | 2018-01-09 | 全球能源互联网研究院 | A kind of electric power mobile terminal compliance inspection and policy controlling system |
| CN110033174A (en) * | 2019-03-20 | 2019-07-19 | 烽台科技(北京)有限公司 | A kind of industrial information efficient public security system building method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111935189A (en) | 2020-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111935189B (en) | Industrial control terminal strategy control system and industrial control terminal strategy control method | |
| CN112235283B (en) | Vulnerability description attack graph-based network attack evaluation method for power engineering control system | |
| CN108933791B (en) | Intelligent optimization method and device based on power information network safety protection strategy | |
| Ye et al. | Probabilistic techniques for intrusion detection based on computer audit data | |
| Wang et al. | An exhaustive research on the application of intrusion detection technology in computer network security in sensor networks | |
| CN111669375B (en) | Online safety situation assessment method and system for power industrial control terminal | |
| US20150304346A1 (en) | Apparatus and method for detecting anomaly of network | |
| CN106888205A (en) | A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis | |
| CN110324323B (en) | New energy plant station network-related end real-time interaction process anomaly detection method and system | |
| CN103563302A (en) | Network asset information management | |
| CN105867347B (en) | Cross-space cascading fault detection method based on machine learning technology | |
| US20130179937A1 (en) | Security model analysis | |
| CN102906756A (en) | Security threat detection associated with security events and actor category model | |
| CN109639756A (en) | A kind of terminal network incidence relation is shown and equipment accesses real-time monitoring system | |
| CN110830467A (en) | Network suspicious asset identification method based on fuzzy prediction | |
| CN100414554C (en) | Electronic data evidence obtaining method and system for computer | |
| Zuo et al. | Power information network intrusion detection based on data mining algorithm | |
| KR20130020862A (en) | Apparatus and method for anomaly detection in scada network using self-similarity | |
| CN111614639A (en) | Network security analysis method based on boundary theory | |
| EP2656322B1 (en) | Intrusion detection | |
| CN116090015B (en) | Intelligent authority application management system and method based on big data | |
| CN112528325B (en) | Data information security processing method and system | |
| Liang | Research on network security filtering model and key algorithms based on network abnormal traffic analysis | |
| KR102444922B1 (en) | Apparatus of controlling intelligent access for security situation recognition in smart grid | |
| CN112839029B (en) | Botnet activity degree analysis method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |