CN112468489B - Industrial field data internet of things management system - Google Patents
Industrial field data internet of things management system Download PDFInfo
- Publication number
- CN112468489B CN112468489B CN202011338579.4A CN202011338579A CN112468489B CN 112468489 B CN112468489 B CN 112468489B CN 202011338579 A CN202011338579 A CN 202011338579A CN 112468489 B CN112468489 B CN 112468489B
- Authority
- CN
- China
- Prior art keywords
- module
- data
- class internet
- software package
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention discloses an industrial field data Internet of things management system, which comprises a management end, a network end and an application end, wherein the management end comprises a mobile phone terminal, a computer terminal and a safety module, the network end comprises an LDAP server, a router, a gateway, a core switch, a slave station 1 and a slave station 2, the application end comprises a PLC1, a PLC2, a first-class Internet of things device 1, a first-class Internet of things device n, a second-class Internet of things device 1 and a second-class Internet of things device n, the mobile phone terminal and the computer terminal are used for issuing an operation instruction, and the LDAP server, the router, the gateway, the core switch, the slave station 1 and the slave station 2 are sequentially used for a wireless/wired transmission network; the invention can detect the commands issued by the mobile phone and the computer, avoid the collection and the malicious operation of the computer by people, and avoid the issue of destructive commands, and simultaneously can also avoid the phenomenon of misoperation and the damage of equipment and products caused by misoperation.
Description
Technical Field
The invention relates to the field of Internet of things management systems, in particular to an industrial field data Internet of things management system.
Background
The industrial field data internet of things management system is a system for performing wireless network control on each processing device in an industrial field, can realize unified control work, and is quicker and more convenient to operate one by one and higher in efficiency compared with the traditional method that a person operates the processing device one by one;
the existing industrial field data internet of things management system has certain disadvantages to be improved when in use, firstly, the safety is low, the system is easy to invade, after the system is invaded, not only can a plurality of devices be damaged, but also important data can be lost, and the safety is poor; secondly, the misoperation of the equipment cannot be prevented, the equipment needs to be controlled through a software program during the operation of the equipment, if the software has a wrong phenomenon, the misoperation phenomenon of the equipment can be caused, the phenomena of equipment damage, product damage and the like can be caused by the wrong operation, and the practicability is poor.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the security is low, the device is easy to be invaded, after the device is invaded, not only can a plurality of devices be damaged, but also important data can be lost, and the security is poor; secondly, the misoperation of the equipment can not be prevented, the control is carried out through a software program during the operation of the equipment, if the software has a wrong phenomenon, the misoperation of the equipment can be caused, the phenomena of equipment damage, product damage and the like can be caused by the wrong operation, and the practicability is poor.
The technical problem is solved by the invention through the following technical scheme, the industrial field data internet of things management system comprises a management end, a network end and an application end, wherein the management end comprises a mobile phone terminal, a computer terminal and a safety module, the network end comprises an LDAP server, a router, a gateway, a core switch, a slave station 1 and a slave station 2, and the application end comprises a PLC1, a PLC2, a first-class internet of things device 1, a first-class internet of things device n, a second-class internet of things device 1 and a second-class internet of things device n;
the mobile phone terminal and the computer terminal are used for issuing an operation instruction;
the LDAP server, the router, the gateway, the core switch, the slave station 1 and the slave station 2 are sequentially used for a wireless/wired transmission network;
the PLC1 and the PLC2 are used for receiving an instruction network and respectively controlling the first-class Internet of things equipment 1 and the first-class Internet of things equipment n and the second-class Internet of things equipment 1 and the second-class Internet of things equipment n to work;
PLC1 and PLC2 are including preventing mistake operating module 1 and preventing mistake operating module 2 respectively.
Preferably, the security module comprises a data acquisition module, an intrusion detection module, an attack pattern library and a system configuration library.
Preferably, the security module specifically comprises the following processing steps:
the method comprises the following steps: when the mobile phone terminal and the computer terminal are invaded, an issued instruction after invasion needs to pass through the security module;
step two: the data acquisition module acquires data and transmits the data to the intrusion detection module;
step three: and the intrusion detection module compares the received data with the data of the attack mode library and the system configuration library, stops running in time when the intrusion phenomenon is found, and sends early warning information.
Preferably, the attack pattern library includes a storage unit and a partition unit, the partition unit partitions data stored in the storage unit, and the data are sequentially divided into an area a, an area B, and an area C.
Preferably, the anti-misoperation module 1 comprises a storage module 1, a storage module 2 and a comparison module.
Preferably, the storage module 1 stores a software package 1, the storage module 2 stores a software package 2, and the data stored in the software package 1 and the data stored in the software package 2 are identical.
Preferably, the specific processing steps of the misoperation prevention module 1 are as follows:
s1: when the PLC1 receives the execution command, the storage module 1 and the storage module 2 work simultaneously;
s2: the software package 1 and the software package 2 simultaneously send the operation programs with the same data to the comparison module;
s3: the comparison module compares whether the programs sent by the software package 1 and the software package 2 are the same or not, if the programs are the same, the operation instruction is correct, the first-class Internet of things device 1, the first-class Internet of things device n, the second-class Internet of things device 1 or the second-class Internet of things device n are executed, and if the programs are not the same, the operation instruction is mistaken, operation is suspended, and early warning information is sent.
Compared with the prior art, the invention has the following advantages:
by arranging the safety module, the instructions issued by the mobile phone and the computer can be detected, the problem that destructive instructions are issued due to malicious operation and control of a person on the computer and collection is avoided, and the use safety of the whole industrial field data Internet of things management system is greatly improved;
prevent maloperation module 1 cooperation through setting up and prevent maloperation module 2, every instruction all can be through the comparison module in every prevents maloperation module, two sets of data that the exact same can be stored to software package 1 and software package 2 simultaneously, every instruction all can be followed software package 1 and software package 2 in respectively sending one, compare the module and compare two the same instructions, if the phenomenon of the same is not completely appeared, then represent that damage phenomenon appears in one of them data, in time stop work and send the early warning, remind the staff to maintain, avoid the maloperation to lead to the damage of equipment and product.
Drawings
FIG. 1 is a system block diagram of the present invention;
FIG. 2 is a system diagram of a security module of the present invention;
fig. 3 is a system diagram of the misoperation prevention module of the invention.
Detailed Description
The following examples are given for the detailed implementation and the specific operation procedures, but the scope of the present invention is not limited to the following examples.
As shown in fig. 1-3, the present embodiment provides a technical solution: the industrial field data Internet of things management system comprises a management end, a network end and an application end, wherein the management end comprises a mobile phone terminal, a computer terminal and a safety module, the network end comprises an LDAP (lightweight directory access protocol) server, a router, a gateway, a core switch, a slave station 1 and a slave station 2, and the application end comprises a PLC1, a PLC2, a first-class Internet of things device 1, a first-class Internet of things device n, a second-class Internet of things device 1 and a second-class Internet of things device n;
the mobile phone terminal and the computer terminal are used for issuing an operation instruction;
the LDAP server, the router, the gateway, the core switch, the slave station 1 and the slave station 2 are sequentially used for a wireless/wired transmission network;
the PLC1 and the PLC2 are used for receiving the instruction network and respectively controlling the first-class internet of things equipment 1 and the first-class internet of things equipment n and the second-class internet of things equipment 1 and the second-class internet of things equipment n to work;
PLC1 and PLC2 include preventing that maloperation module 1 and prevent maloperation module 2 respectively.
The security module comprises a data acquisition module, an intrusion detection module, an attack mode library and a system configuration library.
The security module comprises the following specific processing steps:
the method comprises the following steps: when the mobile phone terminal and the computer terminal are invaded, an issued instruction after invasion needs to pass through the security module;
step two: the data acquisition module acquires data and transmits the data to the intrusion detection module;
step three: and the intrusion detection module compares the received data with the data of the attack mode library and the system configuration library, stops running in time when the intrusion phenomenon is found, and sends early warning information.
The attack mode library comprises a storage unit and a partition unit, the partition unit partitions data stored in the storage unit and is sequentially divided into an area A, an area B and an area C.
The anti-misoperation module 1 comprises a storage module 1, a storage module 2 and a comparison module.
The storage module 1 is stored with the software package 1, the storage module 2 is stored with the software package 2, and the data stored by the software package 1 and the data stored by the software package 2 are identical.
The anti-misoperation module 1 comprises the following specific processing steps:
s1: when the PLC1 receives the execution command, the storage module 1 and the storage module 2 work simultaneously;
s2: the software package 1 and the software package 2 simultaneously send the operation programs with the same data to the comparison module;
s3: the comparison module compares whether the programs sent by the software package 1 and the software package 2 are the same or not, if the programs are the same, the operation instruction is correct, the first-class Internet of things device 1, the first-class Internet of things device n, the second-class Internet of things device 1 or the second-class Internet of things device n are executed, and if the programs are not the same, the operation instruction is mistaken, operation is suspended, and early warning information is sent.
In summary, when the invention is used, firstly, an operation instruction is issued through a mobile phone terminal or a computer terminal, if the mobile phone terminal and the computer terminal are invaded, the instruction issued after invasion needs to pass through a security module, a data acquisition module acquires data and transmits the data to an invasion detection module, the invasion detection module compares the received data with data of an attack mode library and a system configuration library, when the invasion phenomenon is found, the operation is stopped in time, and early warning information is sent, when the invasion phenomenon is not found, a signal is sent to a PLC1 or a PLC2 through a server, a router, a gateway, a core switch, a slave station 1 and a slave station 2 in sequence, when the PLC1 receives an execution command, the storage module 1 and the storage module 2 work simultaneously, the software package 1 and the software package 2 send operation programs with the same data to the comparison module simultaneously, the comparison module compares whether the programs sent by the software package 1 and the software package 2 are the same or not, if the programs are the same, the operation instruction is correct, the first-class Internet of things equipment 1, the first-class Internet of things equipment n, the second-class Internet of things equipment 1 or the second-class Internet of things equipment n are executed, and if the programs are different, the operation instruction is mistaken, operation is suspended, and early warning information is sent.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (1)
1. Industrial field data thing networking management system, its characterized in that: the system comprises a management end, a network end and an application end, wherein the management end comprises a mobile phone terminal, a computer terminal and a safety module, the network end comprises an LDAP server, a router, a gateway, a core switch, a slave station 1 and a slave station 2, and the application end comprises a PLC1, a PLC2, a first-class Internet of things device 1, a first-class Internet of things device n, a second-class Internet of things device 1 and a second-class Internet of things device n;
the mobile phone terminal and the computer terminal are used for issuing an operation instruction;
the LDAP server, the router, the gateway, the core switch, the slave station 1 and the slave station 2 are sequentially used for a wireless/wired transmission network;
the PLC1 and the PLC2 are used for receiving network instructions and respectively controlling the first-class Internet of things equipment 1 and the first-class Internet of things equipment n and the second-class Internet of things equipment 1 and the second-class Internet of things equipment n to work;
the PLC1 and the PLC2 respectively comprise an anti-misoperation module 1 and an anti-misoperation module 2;
the anti-misoperation module 1 comprises a storage module 1, a storage module 2 and a comparison module;
the storage module 1 is internally stored with a software package 1, the storage module 2 is internally stored with a software package 2, and the data stored in the software package 1 is identical to the data stored in the software package 2;
the anti-misoperation module 1 comprises the following specific processing steps:
s1: when the PLC1 receives the execution command, the storage module 1 and the storage module 2 work simultaneously;
s2: the software package 1 and the software package 2 simultaneously send the operation programs with the same data to the comparison module;
s3: the comparison module compares whether the programs sent by the software package 1 and the software package 2 are the same or not, if the programs are the same, the operation instruction is correct, the first-class Internet of things equipment 1, the first-class Internet of things equipment n, the second-class Internet of things equipment 1 or the second-class Internet of things equipment n execute work, and if the programs are not the same, the operation instruction is incorrect, the operation is suspended and early warning information is sent;
the security module comprises a data acquisition module, an intrusion detection module, an attack mode library and a system configuration library;
the safety module comprises the following specific processing steps:
the method comprises the following steps: when the mobile phone terminal and the computer terminal are invaded, an issued instruction after invasion needs to pass through the security module;
step two: the data acquisition module acquires data and transmits the data to the intrusion detection module;
step three: the intrusion detection module compares the received data with data of an attack mode library and a system configuration library, stops running in time when an intrusion phenomenon is found, sends early warning information, and sends signals to the PLC1 or the PLC2 sequentially through the LDAP server, the router, the gateway, the core switch, the slave station 1 and the slave station 2 when the intrusion phenomenon is not found;
the attack pattern library comprises a storage unit and a partition unit, the partition unit partitions data stored in the storage unit and sequentially divides the data into an area A, an area B and an area C, and the area A, the area B and the area C respectively store different kinds of attack data;
through setting up the security module, can detect the instruction that cell-phone and computer were assigned, avoid cell-phone and computer to be controlled maliciously.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011338579.4A CN112468489B (en) | 2020-11-25 | 2020-11-25 | Industrial field data internet of things management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011338579.4A CN112468489B (en) | 2020-11-25 | 2020-11-25 | Industrial field data internet of things management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112468489A CN112468489A (en) | 2021-03-09 |
| CN112468489B true CN112468489B (en) | 2023-03-07 |
Family
ID=74799904
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011338579.4A Active CN112468489B (en) | 2020-11-25 | 2020-11-25 | Industrial field data internet of things management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112468489B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491108A (en) * | 2013-10-15 | 2014-01-01 | 浙江中控研究院有限公司 | Method and system for security protection of industrial control network |
| CN108833269A (en) * | 2018-06-26 | 2018-11-16 | 中国兵器装备集团自动化研究所 | A kind of intelligent things gateway towards industry spot |
| CN108931968A (en) * | 2018-07-25 | 2018-12-04 | 安徽三实信息技术服务有限公司 | A kind of network security protection system and its means of defence applied in industrial control system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070044003A1 (en) * | 2005-08-04 | 2007-02-22 | Jack Doweck | Method and apparatus of detecting and correcting soft error |
| US8286243B2 (en) * | 2007-10-23 | 2012-10-09 | International Business Machines Corporation | Blocking intrusion attacks at an offending host |
| US10042687B2 (en) * | 2016-08-08 | 2018-08-07 | Advanced Micro Devices, Inc. | Paired value comparison for redundant multi-threading operations |
| CN110609512B (en) * | 2019-09-25 | 2021-10-15 | 新奥(中国)燃气投资有限公司 | Internet of things platform and Internet of things equipment monitoring method |
-
2020
- 2020-11-25 CN CN202011338579.4A patent/CN112468489B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491108A (en) * | 2013-10-15 | 2014-01-01 | 浙江中控研究院有限公司 | Method and system for security protection of industrial control network |
| CN108833269A (en) * | 2018-06-26 | 2018-11-16 | 中国兵器装备集团自动化研究所 | A kind of intelligent things gateway towards industry spot |
| CN108931968A (en) * | 2018-07-25 | 2018-12-04 | 安徽三实信息技术服务有限公司 | A kind of network security protection system and its means of defence applied in industrial control system |
Non-Patent Citations (2)
| Title |
|---|
| 基于GPGPU平台的软错误检测模型研究;张茹玉;《中国优秀硕士学位论文全文数据库 信息科技辑》;20200815;摘要,第1、2章 * |
| 基于数据挖掘技术的入侵检测系统;张凤琴等;《现代电子技术》;20050201(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112468489A (en) | 2021-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20140298399A1 (en) | Apparatus and method for detecting anomality sign in controll system | |
| CN111163115A (en) | Internet of things safety monitoring method and system based on double engines | |
| EP2363993A1 (en) | Method and system for security maintenance in a network | |
| AU2018337982B2 (en) | Contraband detection through smart power components | |
| CN103561405A (en) | Method and device for countering Rogue AP | |
| EP3115980B1 (en) | Automated and adaptive channel selection algorithm based on least noise and least density of wireless sensors network in neighborhood | |
| CN106789982B (en) | Safety protection method and system applied to industrial control system | |
| CN103856957A (en) | Method and device for detecting counterfeit AP in wireless local area network | |
| CN112799358A (en) | Industrial control safety defense system | |
| CN110620791A (en) | Industrial safety data ferrying system with early warning function | |
| CN106998265A (en) | A kind of monitoring method and its device | |
| EP2916616A2 (en) | M2m gateway device and applying method thereof | |
| CN112468489B (en) | Industrial field data internet of things management system | |
| CN108408362A (en) | A kind of intelligent transportation monitoring system and monitoring method for conveyer belt | |
| CN107124425A (en) | The method and computing device of monitoring device safety | |
| CN115150209B (en) | Data processing method, industrial control system, electronic device, and storage medium | |
| CN111147427A (en) | Management system for computer network security | |
| CN106685702B (en) | Big data acquisition method based on industrial control system safety protection equipment | |
| CN112769814B (en) | Method and system for comprehensively coordinating network security equipment in linkage manner | |
| EP2450820B1 (en) | User authentication system and plant control system having user authentication system | |
| CN106774248B (en) | A kind of behavior pattern safety protecting method based on slave computer | |
| CN115550430B (en) | Monitoring method, platform, system and storage medium for door access abnormality | |
| EP4362413A1 (en) | Diagnostic device and diagnosis method | |
| CN115001804B (en) | Bypass access control system, method and storage medium applied to field station | |
| CN104410988A (en) | Wireless local area network operating state monitoring system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |