CN112073432A - Shield data acquisition and transmission system and network security transmission method - Google Patents
Shield data acquisition and transmission system and network security transmission method Download PDFInfo
- Publication number
- CN112073432A CN112073432A CN202011024125.XA CN202011024125A CN112073432A CN 112073432 A CN112073432 A CN 112073432A CN 202011024125 A CN202011024125 A CN 202011024125A CN 112073432 A CN112073432 A CN 112073432A
- Authority
- CN
- China
- Prior art keywords
- network
- data
- shield
- plc
- acquisition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to the technical field of data acquisition in the field of shields, in particular to a shield data acquisition and transmission system and a network security transmission method. The system comprises a PLC acquisition system, a data transmission system, an integrated gateway and a VPN terminal, wherein the acquisition system is connected with a shield PLC network through an internal network port of the integrated gateway, the data transmission system is connected with the VPN terminal through an external network port of the integrated gateway, the VPN terminal is responsible for establishing a virtual private network with a VPN server, the data is encrypted and then uploaded to an acquisition center server through a public network, the shield PLC network and the public network are isolated through the integrated gateway to realize internal and external network isolation, the shield PLC network is physically prevented from being directly exposed on the public network, and the shield PLC network is prevented from being attacked by public network viruses and DDOS.
Description
Technical Field
The invention relates to the technical field of data acquisition in the field of shields, in particular to a shield data acquisition and transmission system and a network security transmission method.
Background
Shield construction belongs to underground super engineering, the field construction environment is complex, in order to carry out remote real-time monitoring on shield project construction and store massive real-time sequence data of shield tunneling, a shield data acquisition system needs to be loaded on a construction field, and the acquired data is transmitted to a big data center for storage and calculation. In order to ensure that the loaded data acquisition system does not cause a safety problem to the shield PLC control network, a safe network isolation and data transmission method and system need to be designed, wherein firstly, viruses are prevented from attacking the shield PLC control network, secondly, a safety encryption measure is added when data are transmitted through a public network in a transmission link, and after all, the cost of directly realizing the purpose of accessing a data center through a special line is too high.
Disclosure of Invention
The invention aims to provide a shield data acquisition and transmission system and a network safety transmission method so as to realize low-cost, safe and reliable shield mass data remote transmission.
The specific scheme of the invention is as follows:
the utility model provides a shield constructs data acquisition transmission system, includes PLC collection system, data transfer system, VPN terminal, PLC collection system is connected to data transfer system's input, and the output links to each other with the intranet mouth at VPN terminal, the outer net mouth at VPN terminal is connected to long-range collection center server through internet public network.
Preferably, the PLC acquisition system includes an integrated gateway and a shield PLC network switch, the integrated gateway is two network cards, a Lan1 port of the gateway is connected to the shield PLC network switch through a shielded six-type twisted pair, and a Lan2 port of the gateway is connected to an internal port of the VPN terminal through a shielded six-type twisted pair, so that the integrated gateway performs a first physical network isolation on the shield PLC network, and the VPN terminal performs a second physical network isolation.
A network security transmission method of a shield data acquisition and transmission system comprises the following steps:
s1, configuring an LAN1 port address of a PLC acquisition system as the same IP of a shield PLC network, so that the PLC acquisition system and the shield PLC network are connected, and the PLC acquisition system starts and receives various parameters of the shield machine in an unlimited cycle manner;
and S2, the PLC acquisition system performs DES encryption on the received parameters and then performs cache storage.
And S3, configuring the LAN2 port address of the PLC acquisition system as the same IP section of the intranet network of the VPN terminal, enabling the external network port of the VPN terminal to be connected with the internet public network, establishing a safe and reliable virtual private network between the VPN server and the VPN terminal, and communicating a remote acquisition center server.
And S4, the data transmission system is responsible for transmitting the cached encrypted file to a remote acquisition center server, deleting the encrypted file after transmission is finished, and the remote acquisition center server carries out DES decryption and storage on the received encrypted file to finish data transmission.
Preferably, in step S4, the specific implementation method is:
firstly, coding data by using a custom protocol during data transmission, adopting a custom data transmission message format, converting parameters into binary streams, and then storing the binary streams in a to-be-sent area in a file form;
secondly, the data transmission system uses the Socket to carry out data forwarding, firstly applies for a Socket to connect with a remote acquisition center server, after the server receives a connection request, a new Socket is generated to establish connection with the client and communicate with the client, and the original monitoring Socket continues monitoring;
and finally, the server analyzes the received data, the data analysis uses a process opposite to the data coding, the binary stream is converted into corresponding parameter data according to the user-defined protocol and the point location information corresponding to the database, and the parameter data is decrypted by Des and then stored in a Redis cache.
The invention has the beneficial effects that:
1. the shield PLC acquisition and transmission system adopts the separate design of acquisition and transmission, acquired parameters are cached in the local storage of the device, even if the public network is disconnected, acquired shield parameter data can be continuously cached in the storage and cannot be lost, once the network is recovered, the data transmission system continues to upload the data, and the breakpoint continuous transmission capability is ensured.
2. The PLC acquisition system is connected with a shield PLC network through an internal network port of an integrated gateway, the data transmission system is connected with a VPN terminal through an external network port of the integrated gateway, the VPN terminal is responsible for establishing a virtual private network with a VPN server, and the virtual private network is uploaded to a remote acquisition center server through a public network after encryption, so that safety encryption measures in the data transmission process are increased, the shield PLC network and the public network are isolated from the internal network and the external network through the integrated gateway, the shield PLC network is physically prevented from being directly exposed on the public network, and the shield PLC network is prevented from being attacked by public network viruses and DDOS.
Drawings
FIG. 1 is a schematic overall flow chart of a shield data acquisition and transmission system;
FIG. 2 is a schematic diagram of the encryption and decryption processes of data transmission to the collection center server;
FIG. 3 is a diagram of a data encoding storage format;
fig. 4 is a data decryption storage flow chart.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Example 1
A shield data acquisition and transmission system adopts a Windows7 operating system, and comprises a PLC acquisition system, a data transmission system and a VPN terminal, wherein the input end of the data transmission system is connected with the PLC acquisition system, the output end of the data transmission system is connected with an internal network port of the VPN terminal, and an external network port of the VPN terminal is connected to a remote acquisition center server through an internet public network; the method comprises the steps that firstly, a PLC acquisition system acquires various parameters of the shield tunneling machine, acquired data are transmitted to a VPN terminal through a data transmission system and uploaded to a public network through the VPN terminal, and then a virtual private network between a VPN server and the VPN terminal is established through the public network and is connected with a remote acquisition center server.
The PLC acquisition system comprises an integrated gateway and a shield PLC network switch, the integrated gateway is two network cards, a gateway Lan1 port is connected with the shield PLC network switch through a shielding six-type twisted pair, a gateway LAN2 port is connected with an internal port of a VPN terminal through a shielding six-type twisted pair, so that the integrated gateway can isolate a first-layer physical network from the shield PLC network, the VPN terminal can isolate a second-layer physical network, and the shield PLC network and a public network can be isolated from the internal network and the external network through the integrated gateway.
A network security transmission method of a shield data acquisition and transmission system comprises the following steps:
s1, configuring an LAN1 port address of a PLC acquisition system as the same IP of a shield PLC network, so that the PLC acquisition system and the shield PLC network are connected, and the PLC acquisition system starts and receives various parameters of the shield machine in an unlimited cycle manner;
s2, the PLC acquisition system carries out DES encryption on the received parameters and then carries out cache storage;
s3, configuring the LAN2 port address of the PLC acquisition system as the same IP section of the intranet network of the VPN terminal, enabling the external network port of the VPN terminal to be connected with the internet public network, establishing a safe and reliable virtual private network between the VPN server and the VPN terminal, and communicating a remote acquisition center server;
and S4, the data transmission system is responsible for transmitting the cached encrypted file to a remote acquisition center server, deleting the encrypted file after transmission is finished, and the remote acquisition center server carries out DES decryption and storage on the received encrypted file to finish data transmission.
In step S4, the specific implementation method is:
firstly, coding data by using a custom protocol during data transmission, adopting a custom data transmission message format, converting data parameters into binary streams, and then storing the binary streams in a to-be-sent area in a file form;
secondly, the data transmission system uses the Socket to carry out data forwarding, firstly applies for a Socket to connect with a remote acquisition center server, after the server receives a connection request, a new Socket is generated to establish connection with the client and communicate with the client, and the original monitoring Socket continues monitoring;
and finally, the server analyzes the received data, the data analysis uses a process opposite to the data coding, the binary stream is converted into corresponding parameter data according to the user-defined protocol and the point location information corresponding to the database, and the parameter data is decrypted by Des and then stored in a Redis cache.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing embodiments, or that certain features may be replaced by equivalents thereof; any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (4)
1. The utility model provides a shield constructs data acquisition transmission system, its characterized in that includes PLC acquisition system, data transfer system, VPN terminal, PLC acquisition system is connected to data transfer system's input, and the output links to each other with the intranet mouth at VPN terminal, the outer net mouth at VPN terminal is connected to long-range collection center server through the internet public network.
2. The shield data acquisition and transmission system according to claim 1, wherein the PLC acquisition system includes an integrated gateway and a shield PLC network switch, the integrated gateway is a two-piece network card, the Lan1 port of the gateway is connected to the shield PLC network switch through six shielded twisted pairs, and the Lan2 port of the gateway is connected to the internal port of the VPN terminal through six shielded twisted pairs, so that the integrated gateway performs a first physical network isolation on the shield PLC network and the VPN terminal performs a second physical network isolation.
3. A network security transmission method of a shield data acquisition and transmission system according to claim 1 or 2, characterized by comprising the steps of:
s1, configuring an LAN1 port address of a PLC acquisition system as the same IP of a shield PLC network, so that the PLC acquisition system and the shield PLC network are connected, and the PLC acquisition system starts and receives various parameters of the shield machine in an unlimited cycle manner;
s2, the PLC acquisition system carries out DES encryption on the received parameters and then carries out cache storage;
s3, configuring the LAN2 port address of the PLC acquisition system as the same IP section of the intranet network of the VPN terminal, enabling the external network port of the VPN terminal to be connected to the internet public network, establishing a safe and reliable virtual private network between the VPN server and the VPN terminal, and communicating a remote acquisition center server;
and S4, the data transmission system is responsible for transmitting the cached encrypted file to a remote acquisition center server, deleting the encrypted file after transmission is finished, and the remote acquisition center server carries out DES decryption and storage on the received encrypted file to finish data transmission.
4. The network security transmission method of the shield data acquisition and transmission system according to claim 3, wherein in step S4, the specific implementation method is as follows:
firstly, coding data by using a custom protocol during data transmission, adopting a custom data transmission message format, converting data parameters into binary streams, and then storing the binary streams in a to-be-sent area in a file form;
secondly, the data transmission system uses the Socket to carry out data forwarding, firstly applies for a Socket to connect with a remote acquisition center server, after the server receives a connection request, a new Socket is generated to establish connection with the client and communicate with the client, and the original monitoring Socket continues monitoring;
and finally, the server analyzes the received data, the data analysis uses a process opposite to the data coding, the binary stream is converted into corresponding parameter data according to the user-defined protocol and the point location information corresponding to the database, and the parameter data is decrypted by Des and then stored in a Redis cache.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011024125.XA CN112073432A (en) | 2020-09-25 | 2020-09-25 | Shield data acquisition and transmission system and network security transmission method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011024125.XA CN112073432A (en) | 2020-09-25 | 2020-09-25 | Shield data acquisition and transmission system and network security transmission method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112073432A true CN112073432A (en) | 2020-12-11 |
Family
ID=73683495
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011024125.XA Pending CN112073432A (en) | 2020-09-25 | 2020-09-25 | Shield data acquisition and transmission system and network security transmission method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112073432A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112882437A (en) * | 2021-03-04 | 2021-06-01 | 中铁隧道局集团有限公司 | Intelligent tunneling system and control method based on 5G + big data tunnel boring machine |
CN112910963A (en) * | 2021-01-18 | 2021-06-04 | 翰克偲诺水务集团有限公司 | Method and system for cross-domain data interaction between local area network and Internet of water treatment equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102520685A (en) * | 2011-12-06 | 2012-06-27 | 北京山竹科技有限公司 | Data acquisition system capable of monitoring and controlling industrial field and acquisition method thereof |
CN202486579U (en) * | 2011-12-06 | 2012-10-10 | 北京山竹科技有限公司 | Data acquisition system capable of monitoring and controlling industrial field |
-
2020
- 2020-09-25 CN CN202011024125.XA patent/CN112073432A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102520685A (en) * | 2011-12-06 | 2012-06-27 | 北京山竹科技有限公司 | Data acquisition system capable of monitoring and controlling industrial field and acquisition method thereof |
CN202486579U (en) * | 2011-12-06 | 2012-10-10 | 北京山竹科技有限公司 | Data acquisition system capable of monitoring and controlling industrial field |
Non-Patent Citations (1)
Title |
---|
孙振川 等: "隧道掘进机工程大数据管理平台关键技术及应用研究", 《隧道建设》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112910963A (en) * | 2021-01-18 | 2021-06-04 | 翰克偲诺水务集团有限公司 | Method and system for cross-domain data interaction between local area network and Internet of water treatment equipment |
CN112882437A (en) * | 2021-03-04 | 2021-06-01 | 中铁隧道局集团有限公司 | Intelligent tunneling system and control method based on 5G + big data tunnel boring machine |
CN112882437B (en) * | 2021-03-04 | 2022-04-22 | 中铁隧道局集团有限公司 | Intelligent tunneling system and control method based on 5G + big data tunnel boring machine |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107040459A (en) | A kind of intelligent industrial secure cloud gateway device system and method | |
CN112073432A (en) | Shield data acquisition and transmission system and network security transmission method | |
DE69118454T2 (en) | General encryption method for communication networks | |
CN103841118B (en) | Method for constructing reliable two-way covert channel based on TCP effective loads | |
CN108881302B (en) | Industrial Ethernet and BLVDS bus interconnection communication device and industrial control system | |
CN112422389B (en) | Ethernet and field bus fusion gateway based on chip-level encryption and transmission method | |
CN105308896A (en) | Secure network communication | |
CN101132420A (en) | Link overwriting method and device based on SSL VPN | |
CN107453861B (en) | A kind of collecting method based on SSH2 agreement | |
CN108521331A (en) | Hidden information based on source address sends system and sending method | |
CN108566369B (en) | Data acquisition system and method based on industrial big data | |
CN109104428A (en) | Internet of things data quantum encrypted transmission equipment and transmission method | |
CN110505244A (en) | Long-range tunnel access technique gateway and server | |
CN110011786A (en) | A kind of IP secret communication method of high safety | |
CN107172028A (en) | A kind of fieldbus data sharing method and device | |
CN112235308A (en) | Data transmission method and system for industrial equipment with different communication protocols | |
CN101408756A (en) | Remote monitoring and anglicizing system and method of nuclear power steam turbine regulation system | |
CN102724133A (en) | Method and device for transmitting internet protocol (IP) message | |
CN109459972A (en) | The belt conveyor programmable logic controller (PLC) tele-diagnostic device of Virtual Private Network | |
CN113630387A (en) | Method for realizing user name and password replacement in MySQL protocol authentication process based on proxy | |
CN115225414B (en) | Encryption strategy matching method and device based on IPSEC (Internet protocol Security) and communication system | |
CN115801452A (en) | Data acquisition instrument with network security isolation function | |
CN108989486A (en) | A kind of communication means and communication system | |
CN109788249B (en) | Video monitoring control method based on industrial internet operating system | |
JP2002026927A (en) | Capsulating method and unit, and program recording medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201211 |
|
RJ01 | Rejection of invention patent application after publication |