CN112073432A - Shield data acquisition and transmission system and network security transmission method - Google Patents

Shield data acquisition and transmission system and network security transmission method Download PDF

Info

Publication number
CN112073432A
CN112073432A CN202011024125.XA CN202011024125A CN112073432A CN 112073432 A CN112073432 A CN 112073432A CN 202011024125 A CN202011024125 A CN 202011024125A CN 112073432 A CN112073432 A CN 112073432A
Authority
CN
China
Prior art keywords
network
data
shield
plc
acquisition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011024125.XA
Other languages
Chinese (zh)
Inventor
孙振川
褚长海
张合沛
高会中
江南
王利明
任颖莹
陈瑞祥
王雅文
郭璐
韩伟锋
陈桥
杨振兴
杨延栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Key Laboratory of Shield Machine and Boring Technology
China Railway Tunnel Group Co Ltd CRTG
Original Assignee
State Key Laboratory of Shield Machine and Boring Technology
China Railway Tunnel Group Co Ltd CRTG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Key Laboratory of Shield Machine and Boring Technology, China Railway Tunnel Group Co Ltd CRTG filed Critical State Key Laboratory of Shield Machine and Boring Technology
Priority to CN202011024125.XA priority Critical patent/CN112073432A/en
Publication of CN112073432A publication Critical patent/CN112073432A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention relates to the technical field of data acquisition in the field of shields, in particular to a shield data acquisition and transmission system and a network security transmission method. The system comprises a PLC acquisition system, a data transmission system, an integrated gateway and a VPN terminal, wherein the acquisition system is connected with a shield PLC network through an internal network port of the integrated gateway, the data transmission system is connected with the VPN terminal through an external network port of the integrated gateway, the VPN terminal is responsible for establishing a virtual private network with a VPN server, the data is encrypted and then uploaded to an acquisition center server through a public network, the shield PLC network and the public network are isolated through the integrated gateway to realize internal and external network isolation, the shield PLC network is physically prevented from being directly exposed on the public network, and the shield PLC network is prevented from being attacked by public network viruses and DDOS.

Description

Shield data acquisition and transmission system and network security transmission method
Technical Field
The invention relates to the technical field of data acquisition in the field of shields, in particular to a shield data acquisition and transmission system and a network security transmission method.
Background
Shield construction belongs to underground super engineering, the field construction environment is complex, in order to carry out remote real-time monitoring on shield project construction and store massive real-time sequence data of shield tunneling, a shield data acquisition system needs to be loaded on a construction field, and the acquired data is transmitted to a big data center for storage and calculation. In order to ensure that the loaded data acquisition system does not cause a safety problem to the shield PLC control network, a safe network isolation and data transmission method and system need to be designed, wherein firstly, viruses are prevented from attacking the shield PLC control network, secondly, a safety encryption measure is added when data are transmitted through a public network in a transmission link, and after all, the cost of directly realizing the purpose of accessing a data center through a special line is too high.
Disclosure of Invention
The invention aims to provide a shield data acquisition and transmission system and a network safety transmission method so as to realize low-cost, safe and reliable shield mass data remote transmission.
The specific scheme of the invention is as follows:
the utility model provides a shield constructs data acquisition transmission system, includes PLC collection system, data transfer system, VPN terminal, PLC collection system is connected to data transfer system's input, and the output links to each other with the intranet mouth at VPN terminal, the outer net mouth at VPN terminal is connected to long-range collection center server through internet public network.
Preferably, the PLC acquisition system includes an integrated gateway and a shield PLC network switch, the integrated gateway is two network cards, a Lan1 port of the gateway is connected to the shield PLC network switch through a shielded six-type twisted pair, and a Lan2 port of the gateway is connected to an internal port of the VPN terminal through a shielded six-type twisted pair, so that the integrated gateway performs a first physical network isolation on the shield PLC network, and the VPN terminal performs a second physical network isolation.
A network security transmission method of a shield data acquisition and transmission system comprises the following steps:
s1, configuring an LAN1 port address of a PLC acquisition system as the same IP of a shield PLC network, so that the PLC acquisition system and the shield PLC network are connected, and the PLC acquisition system starts and receives various parameters of the shield machine in an unlimited cycle manner;
and S2, the PLC acquisition system performs DES encryption on the received parameters and then performs cache storage.
And S3, configuring the LAN2 port address of the PLC acquisition system as the same IP section of the intranet network of the VPN terminal, enabling the external network port of the VPN terminal to be connected with the internet public network, establishing a safe and reliable virtual private network between the VPN server and the VPN terminal, and communicating a remote acquisition center server.
And S4, the data transmission system is responsible for transmitting the cached encrypted file to a remote acquisition center server, deleting the encrypted file after transmission is finished, and the remote acquisition center server carries out DES decryption and storage on the received encrypted file to finish data transmission.
Preferably, in step S4, the specific implementation method is:
firstly, coding data by using a custom protocol during data transmission, adopting a custom data transmission message format, converting parameters into binary streams, and then storing the binary streams in a to-be-sent area in a file form;
secondly, the data transmission system uses the Socket to carry out data forwarding, firstly applies for a Socket to connect with a remote acquisition center server, after the server receives a connection request, a new Socket is generated to establish connection with the client and communicate with the client, and the original monitoring Socket continues monitoring;
and finally, the server analyzes the received data, the data analysis uses a process opposite to the data coding, the binary stream is converted into corresponding parameter data according to the user-defined protocol and the point location information corresponding to the database, and the parameter data is decrypted by Des and then stored in a Redis cache.
The invention has the beneficial effects that:
1. the shield PLC acquisition and transmission system adopts the separate design of acquisition and transmission, acquired parameters are cached in the local storage of the device, even if the public network is disconnected, acquired shield parameter data can be continuously cached in the storage and cannot be lost, once the network is recovered, the data transmission system continues to upload the data, and the breakpoint continuous transmission capability is ensured.
2. The PLC acquisition system is connected with a shield PLC network through an internal network port of an integrated gateway, the data transmission system is connected with a VPN terminal through an external network port of the integrated gateway, the VPN terminal is responsible for establishing a virtual private network with a VPN server, and the virtual private network is uploaded to a remote acquisition center server through a public network after encryption, so that safety encryption measures in the data transmission process are increased, the shield PLC network and the public network are isolated from the internal network and the external network through the integrated gateway, the shield PLC network is physically prevented from being directly exposed on the public network, and the shield PLC network is prevented from being attacked by public network viruses and DDOS.
Drawings
FIG. 1 is a schematic overall flow chart of a shield data acquisition and transmission system;
FIG. 2 is a schematic diagram of the encryption and decryption processes of data transmission to the collection center server;
FIG. 3 is a diagram of a data encoding storage format;
fig. 4 is a data decryption storage flow chart.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Example 1
A shield data acquisition and transmission system adopts a Windows7 operating system, and comprises a PLC acquisition system, a data transmission system and a VPN terminal, wherein the input end of the data transmission system is connected with the PLC acquisition system, the output end of the data transmission system is connected with an internal network port of the VPN terminal, and an external network port of the VPN terminal is connected to a remote acquisition center server through an internet public network; the method comprises the steps that firstly, a PLC acquisition system acquires various parameters of the shield tunneling machine, acquired data are transmitted to a VPN terminal through a data transmission system and uploaded to a public network through the VPN terminal, and then a virtual private network between a VPN server and the VPN terminal is established through the public network and is connected with a remote acquisition center server.
The PLC acquisition system comprises an integrated gateway and a shield PLC network switch, the integrated gateway is two network cards, a gateway Lan1 port is connected with the shield PLC network switch through a shielding six-type twisted pair, a gateway LAN2 port is connected with an internal port of a VPN terminal through a shielding six-type twisted pair, so that the integrated gateway can isolate a first-layer physical network from the shield PLC network, the VPN terminal can isolate a second-layer physical network, and the shield PLC network and a public network can be isolated from the internal network and the external network through the integrated gateway.
A network security transmission method of a shield data acquisition and transmission system comprises the following steps:
s1, configuring an LAN1 port address of a PLC acquisition system as the same IP of a shield PLC network, so that the PLC acquisition system and the shield PLC network are connected, and the PLC acquisition system starts and receives various parameters of the shield machine in an unlimited cycle manner;
s2, the PLC acquisition system carries out DES encryption on the received parameters and then carries out cache storage;
s3, configuring the LAN2 port address of the PLC acquisition system as the same IP section of the intranet network of the VPN terminal, enabling the external network port of the VPN terminal to be connected with the internet public network, establishing a safe and reliable virtual private network between the VPN server and the VPN terminal, and communicating a remote acquisition center server;
and S4, the data transmission system is responsible for transmitting the cached encrypted file to a remote acquisition center server, deleting the encrypted file after transmission is finished, and the remote acquisition center server carries out DES decryption and storage on the received encrypted file to finish data transmission.
In step S4, the specific implementation method is:
firstly, coding data by using a custom protocol during data transmission, adopting a custom data transmission message format, converting data parameters into binary streams, and then storing the binary streams in a to-be-sent area in a file form;
secondly, the data transmission system uses the Socket to carry out data forwarding, firstly applies for a Socket to connect with a remote acquisition center server, after the server receives a connection request, a new Socket is generated to establish connection with the client and communicate with the client, and the original monitoring Socket continues monitoring;
and finally, the server analyzes the received data, the data analysis uses a process opposite to the data coding, the binary stream is converted into corresponding parameter data according to the user-defined protocol and the point location information corresponding to the database, and the parameter data is decrypted by Des and then stored in a Redis cache.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing embodiments, or that certain features may be replaced by equivalents thereof; any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (4)

1. The utility model provides a shield constructs data acquisition transmission system, its characterized in that includes PLC acquisition system, data transfer system, VPN terminal, PLC acquisition system is connected to data transfer system's input, and the output links to each other with the intranet mouth at VPN terminal, the outer net mouth at VPN terminal is connected to long-range collection center server through the internet public network.
2. The shield data acquisition and transmission system according to claim 1, wherein the PLC acquisition system includes an integrated gateway and a shield PLC network switch, the integrated gateway is a two-piece network card, the Lan1 port of the gateway is connected to the shield PLC network switch through six shielded twisted pairs, and the Lan2 port of the gateway is connected to the internal port of the VPN terminal through six shielded twisted pairs, so that the integrated gateway performs a first physical network isolation on the shield PLC network and the VPN terminal performs a second physical network isolation.
3. A network security transmission method of a shield data acquisition and transmission system according to claim 1 or 2, characterized by comprising the steps of:
s1, configuring an LAN1 port address of a PLC acquisition system as the same IP of a shield PLC network, so that the PLC acquisition system and the shield PLC network are connected, and the PLC acquisition system starts and receives various parameters of the shield machine in an unlimited cycle manner;
s2, the PLC acquisition system carries out DES encryption on the received parameters and then carries out cache storage;
s3, configuring the LAN2 port address of the PLC acquisition system as the same IP section of the intranet network of the VPN terminal, enabling the external network port of the VPN terminal to be connected to the internet public network, establishing a safe and reliable virtual private network between the VPN server and the VPN terminal, and communicating a remote acquisition center server;
and S4, the data transmission system is responsible for transmitting the cached encrypted file to a remote acquisition center server, deleting the encrypted file after transmission is finished, and the remote acquisition center server carries out DES decryption and storage on the received encrypted file to finish data transmission.
4. The network security transmission method of the shield data acquisition and transmission system according to claim 3, wherein in step S4, the specific implementation method is as follows:
firstly, coding data by using a custom protocol during data transmission, adopting a custom data transmission message format, converting data parameters into binary streams, and then storing the binary streams in a to-be-sent area in a file form;
secondly, the data transmission system uses the Socket to carry out data forwarding, firstly applies for a Socket to connect with a remote acquisition center server, after the server receives a connection request, a new Socket is generated to establish connection with the client and communicate with the client, and the original monitoring Socket continues monitoring;
and finally, the server analyzes the received data, the data analysis uses a process opposite to the data coding, the binary stream is converted into corresponding parameter data according to the user-defined protocol and the point location information corresponding to the database, and the parameter data is decrypted by Des and then stored in a Redis cache.
CN202011024125.XA 2020-09-25 2020-09-25 Shield data acquisition and transmission system and network security transmission method Pending CN112073432A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011024125.XA CN112073432A (en) 2020-09-25 2020-09-25 Shield data acquisition and transmission system and network security transmission method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011024125.XA CN112073432A (en) 2020-09-25 2020-09-25 Shield data acquisition and transmission system and network security transmission method

Publications (1)

Publication Number Publication Date
CN112073432A true CN112073432A (en) 2020-12-11

Family

ID=73683495

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011024125.XA Pending CN112073432A (en) 2020-09-25 2020-09-25 Shield data acquisition and transmission system and network security transmission method

Country Status (1)

Country Link
CN (1) CN112073432A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112882437A (en) * 2021-03-04 2021-06-01 中铁隧道局集团有限公司 Intelligent tunneling system and control method based on 5G + big data tunnel boring machine
CN112910963A (en) * 2021-01-18 2021-06-04 翰克偲诺水务集团有限公司 Method and system for cross-domain data interaction between local area network and Internet of water treatment equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102520685A (en) * 2011-12-06 2012-06-27 北京山竹科技有限公司 Data acquisition system capable of monitoring and controlling industrial field and acquisition method thereof
CN202486579U (en) * 2011-12-06 2012-10-10 北京山竹科技有限公司 Data acquisition system capable of monitoring and controlling industrial field

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102520685A (en) * 2011-12-06 2012-06-27 北京山竹科技有限公司 Data acquisition system capable of monitoring and controlling industrial field and acquisition method thereof
CN202486579U (en) * 2011-12-06 2012-10-10 北京山竹科技有限公司 Data acquisition system capable of monitoring and controlling industrial field

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
孙振川 等: "隧道掘进机工程大数据管理平台关键技术及应用研究", 《隧道建设》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112910963A (en) * 2021-01-18 2021-06-04 翰克偲诺水务集团有限公司 Method and system for cross-domain data interaction between local area network and Internet of water treatment equipment
CN112882437A (en) * 2021-03-04 2021-06-01 中铁隧道局集团有限公司 Intelligent tunneling system and control method based on 5G + big data tunnel boring machine
CN112882437B (en) * 2021-03-04 2022-04-22 中铁隧道局集团有限公司 Intelligent tunneling system and control method based on 5G + big data tunnel boring machine

Similar Documents

Publication Publication Date Title
CN107040459A (en) A kind of intelligent industrial secure cloud gateway device system and method
CN112073432A (en) Shield data acquisition and transmission system and network security transmission method
DE69118454T2 (en) General encryption method for communication networks
CN103841118B (en) Method for constructing reliable two-way covert channel based on TCP effective loads
CN108881302B (en) Industrial Ethernet and BLVDS bus interconnection communication device and industrial control system
CN112422389B (en) Ethernet and field bus fusion gateway based on chip-level encryption and transmission method
CN105308896A (en) Secure network communication
CN101132420A (en) Link overwriting method and device based on SSL VPN
CN107453861B (en) A kind of collecting method based on SSH2 agreement
CN108521331A (en) Hidden information based on source address sends system and sending method
CN108566369B (en) Data acquisition system and method based on industrial big data
CN109104428A (en) Internet of things data quantum encrypted transmission equipment and transmission method
CN110505244A (en) Long-range tunnel access technique gateway and server
CN110011786A (en) A kind of IP secret communication method of high safety
CN107172028A (en) A kind of fieldbus data sharing method and device
CN112235308A (en) Data transmission method and system for industrial equipment with different communication protocols
CN101408756A (en) Remote monitoring and anglicizing system and method of nuclear power steam turbine regulation system
CN102724133A (en) Method and device for transmitting internet protocol (IP) message
CN109459972A (en) The belt conveyor programmable logic controller (PLC) tele-diagnostic device of Virtual Private Network
CN113630387A (en) Method for realizing user name and password replacement in MySQL protocol authentication process based on proxy
CN115225414B (en) Encryption strategy matching method and device based on IPSEC (Internet protocol Security) and communication system
CN115801452A (en) Data acquisition instrument with network security isolation function
CN108989486A (en) A kind of communication means and communication system
CN109788249B (en) Video monitoring control method based on industrial internet operating system
JP2002026927A (en) Capsulating method and unit, and program recording medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201211

RJ01 Rejection of invention patent application after publication