CN112799358B - Industrial control safety defense system - Google Patents
Industrial control safety defense system Download PDFInfo
- Publication number
- CN112799358B CN112799358B CN202011610240.5A CN202011610240A CN112799358B CN 112799358 B CN112799358 B CN 112799358B CN 202011610240 A CN202011610240 A CN 202011610240A CN 112799358 B CN112799358 B CN 112799358B
- Authority
- CN
- China
- Prior art keywords
- industrial control
- control
- industrial
- layer
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
- G05B19/4184—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM] characterised by fault tolerance, reliability of production system
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/31—From computer integrated manufacturing till monitoring
- G05B2219/31088—Network communication between supervisor and cell, machine group
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
An industrial control security defense system comprises a potential threat elimination layer, an industrial control security audit system, a monitoring center, an on-site monitoring layer, a control layer and a physical layer; the potential threat exclusion layer comprises a deep protocol parsing mechanism and a white list mechanism; the field monitoring layer carries out data exchange and behavior control on the control layer and the physical layer through the industrial Ethernet, and the industrial control security audit system can analyze and identify illegal operations, abnormal events and external attacks in the industrial control network in multiple angles and give an alarm in real time; the invention can carry out identity recognition by various means, limit the system operation authority, avoid override operation and malicious operation, avoid the influence of virus carried by external equipment on the system safety, carry out exclusive detection on common attack means, have small occupation of operation resources, improve the alarm response time of the whole system by unified monitoring management of the monitoring center and improve the accident handling speed.
Description
Technical Field
The invention relates to the field of industrial control system management, in particular to an industrial control security defense system.
Background
The industrial control system mainly refers to an industrial process control component for collecting and monitoring real-time data, and under the allocation of a computer, the automatic operation of equipment and the management and monitoring of a business process are realized. But because of the emergence of security holes, risks are increased for an industrial control system undoubtedly, normal production order is influenced, and even the health of people and the safety of public property are endangered.
At present, due to the limitation that high-end hacker technology is difficult to learn and master, many people directly acquire the existing industrial control system attack method from a network, or directly adopt an impersonation operator, an engineer and a factory system upgrading technician to directly enter a factory to be damaged, the existing industrial control security defense system cannot quickly identify and eliminate crises, meanwhile, the existing industrial control security defense system is used for mistakenly connecting equipment ports aiming at external computers, U disks and other equipment, viruses are easily caused to directly enter a terminal equipment system to start attack, and the existing industrial control security defense system generally issues instructions in a layered mode, so that crises are not timely enough to be processed. In order to solve the above problems, the present application provides an industrial control security defense system.
Disclosure of Invention
Object of the invention
The invention provides an industrial control security defense system for solving the technical problems in the background art, which carries out identity identification by multiple means, can limit the operation authority of the system, avoids override operation and malicious operation, avoids virus carried by external equipment from influencing the safety of the system, can carry out exclusion detection on common attack means, has small occupation of operation resources, and can improve the alarm response time of the whole system and the accident handling speed by unified monitoring management of a monitoring center.
(II) technical scheme
In order to solve the problems, the invention provides an industrial control security defense system, which comprises a potential threat removing layer, an industrial control security audit system, a monitoring center, an on-site monitoring layer, a control layer and a physical layer; the potential threat exclusion layer comprises a deep protocol parsing mechanism and a white list mechanism; the field monitoring layer carries out data exchange and behavior control on the control layer and the physical layer through the industrial Ethernet, the industrial control security audit system can analyze and identify illegal operation, abnormal events and external attack in the industrial control network in multiple angles and give an alarm in real time, meanwhile, the operation behaviors in industrial control services are comprehensively and detailedly recorded, and the tracing of security events is facilitated.
In an optional embodiment, the deep protocol parsing mechanism is connected with the industrial control ethernet through an industrial control firewall, detects the abnormality of communication flow through the industrial control firewall, detects the abnormality of a proprietary protocol piece commonly used in the industrial control communication network, and performs exclusion detection on common application protocol loopholes, link connection loopholes, and TCP/IP loopholes.
In an optional embodiment, the white list mechanism performs identity recognition through a fingerprint recognition device, a face recognition device, a manufacturer confirmation letter, a bar code recognizer, a USB detection system and the like, and can limit the operation authority of the system, the fingerprint recognition device and the face recognition device can perform identity confirmation of an operator and an engineer, the bar code recognizer and the USB detection system can facilitate connection of an appointed external computer and a USB, and the manufacturer confirmation letter reduces potential safety hazards during system maintenance and upgrading.
In an optional embodiment, the industrial control safety audit system comprises:
the method comprises the steps of accurately identifying and deeply analyzing main industrial control protocols such as OPC, modbus/TCP, IEC104, DNP3, profinet, MMS and S7, and information such as control instructions, parameters, remote sensing and remote sensing in a deep control layer and a physical layer;
monitoring the network state in real time, monitoring the operating state of the industrial control network in real time, autonomously learning conventional communication rules, establishing a credible standard behavior baseline, and monitoring and alarming abnormal instructions and behaviors sent out in the network in real time;
accurately identifying intrusion behaviors, establishing detection rules by utilizing a self-owned comparison database, accurately identifying intrusion behaviors such as vulnerability attacks and malicious code attacks in a network, and giving an alarm in real time;
the operation records are comprehensively audited, operation behaviors in industrial control services, such as instruction level operation data of instruction change, load change, configuration change and the like, are comprehensively and detailedly recorded, and safety events are conveniently traced;
the method comprises the steps of alarming in real time when the service is interrupted, continuously monitoring the communication state of a specified industrial protocol, alarming in real time when the flow interruption event influencing the continuity of the service is interrupted, and timely finding and eliminating potential safety hazards in the production environment;
and audit data is safely stored, original data in all industrial control networks are safely stored in a comparison database, and the audit data is stored for one year, so that the original data can be conveniently searched and analyzed in the later period.
In an optional embodiment, the field monitoring layer includes collection of various industrial data and anomaly detection of industrial process data, the collection of various industrial data is used as a data source for protocol analysis, an original data set is processed in a segmented mode, then anomaly point detection is performed on each segment of data through a DBSCAN algorithm, then the data set with the anomaly points removed is integrated and filled, meanwhile, a time sequence algorithm is used for analyzing a normal system state sequence of the industrial control system, the time sequence algorithm can be used for detecting a system state deviating from the normal state sequence and finding possible attack behaviors or system fault states, specifically, analysis can be performed through a network flow time sequence based on a hidden Markov model, analysis can be performed through anomaly detection of a behavior base line of a public system, analysis of industrial control behaviors is performed through anomalies of the industrial process data, and behaviors which are controlled maliciously by using changes of control parameters are monitored.
In an optional embodiment, the monitoring center can also serve as a cloud management service platform, and mainly comprises deployment, monitoring and management of all safety equipment modules, controllers and workstations in the whole system; the rule assists production, and guides application to conveniently and quickly create a firewall rule from an authority and authorization management report; receiving, processing and recording alarm information uploaded by the security module; the whole network flow is the area and the identification capability; white list based terminal control; and performing security event searching, tracking and preprocessing.
IN an alternative embodiment, the industrial Ethernet can use TPS-1 dedicated to PROFINET communication or R-IN32M3 supporting protocols such as EtherCAT, CC-Link IE, etherNet/IP, PROFINET and CANopen.
In an optional embodiment, the industrial control device on the physical layer includes a human-computer interaction interface, which can set data parameters, perform device control and display of processing information through an operation interface, and also includes various rocker monitoring devices and sensors, which monitor abnormal information in real time, and at the same time includes a connection circuit switch and a device power switch of an external control circuit, so that malicious control outside the physical partition is realized, and loss is reduced.
The technical scheme of the invention has the following beneficial technical effects:
the invention carries out identity recognition through a fingerprint recognition device, a face recognition device, a manufacturer confirmation letter, a bar code recognizer, a USB detection system and the like, can limit the operation authority of the system, avoids override operation and malicious operation, avoids that external equipment carries viruses to influence the safety of the system, reduces the potential safety hazard when the system is overhauled and upgraded, and has small occupation of operation resources; meanwhile, the communication flow abnormity is detected through the industrial control firewall, the communication network protocol part abnormity is detected, common application protocol bugs, link connection bugs and TCP/IP bugs are detected in a removing mode, the information safety protection capability of an industrial control system is improved, network communication behaviors are recorded comprehensively, analysis reports are generated and stored in a comparison database for a long time, the original data can be searched and analyzed conveniently, the accident responsibility can be traced, the alarm response time of the whole system can be prolonged through unified monitoring management of a monitoring center, the timeliness of information acquisition is guaranteed, the processing speed is improved, and the damage degree when other things happen is reduced.
Drawings
Fig. 1 is a schematic structural diagram of an industrial control security defense system according to the present invention.
Fig. 2 is a block diagram of a white list mechanism of an industrial control security defense system according to the present invention.
Fig. 3 is a diagram of a deep protocol parsing mechanism in an industrial control security defense system according to the present invention.
Fig. 4 is a schematic diagram of main functions of a monitoring center of an industrial control security defense system according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1 to 4, the industrial control security defense system provided by the present invention includes a potential threat removal layer, an industrial control security audit system, a monitoring center, an on-site monitoring layer, a control layer and a physical layer; the potential threat exclusion layer comprises a deep protocol parsing mechanism and a white list mechanism; the field monitoring layer carries out data exchange and behavior control on the control layer and the physical layer through the industrial Ethernet, the industrial control safety audit system can analyze and identify illegal operations, abnormal events and external attacks in the industrial control network in multiple angles and give an alarm in real time, and meanwhile, the operation behaviors in industrial control services are comprehensively and detailedly recorded, so that the safety events can be conveniently traced.
In an optional embodiment, the deep protocol parsing mechanism is connected with the industrial control ethernet through an industrial control firewall, detects the abnormality of communication flow through the industrial control firewall, detects the abnormality of a special protocol piece commonly used in the industrial control communication network, and performs exclusive detection on common application protocol bugs, link connection bugs, and TCP/IP bugs.
In an optional embodiment, the white list mechanism performs identity recognition through a fingerprint recognition device, a face recognition device, a manufacturer confirmation letter, a bar code recognizer, a USB detection system and the like, and can limit the operation authority of the system, the fingerprint recognition device and the face recognition device can perform identity confirmation of an operator and an engineer, the bar code recognizer and the USB detection system can facilitate connection of an appointed external computer and a USB, and the manufacturer confirmation letter reduces potential safety hazards during system maintenance and upgrading.
In an optional embodiment, the industrial control security audit system comprises:
the method comprises the steps of accurately identifying and deeply analyzing main industrial control protocols such as OPC, modbus/TCP, IEC104, DNP3, profinet, MMS and S7, and information such as control instructions, parameters, remote sensing and remote sensing in a deep control layer and a physical layer;
monitoring the network state in real time, monitoring the operating state of the industrial control network in real time, autonomously learning conventional communication rules, establishing a credible standard behavior baseline, and monitoring and alarming abnormal instructions and behaviors sent out in the network in real time;
accurately identifying intrusion behaviors, establishing detection rules by utilizing a self-owned comparison database, accurately identifying intrusion behaviors such as vulnerability attacks and malicious code attacks in a network, and giving an alarm in real time;
the operation records are comprehensively audited, operation behaviors in industrial control services, such as instruction level operation data of instruction change, load change, configuration change and the like, are comprehensively and detailedly recorded, and safety events are conveniently traced;
the method comprises the steps of alarming in real time when the service is interrupted, continuously monitoring the communication state of a specified industrial protocol, alarming in real time when the flow interruption event influencing the continuity of the service is interrupted, and timely finding and eliminating potential safety hazards in the production environment;
and audit data is safely stored, original data in all industrial control networks are safely stored in a comparison database, and the audit data is stored for one year, so that the original data can be conveniently searched and analyzed in the later period.
In an optional embodiment, the field monitoring layer includes collection of various industrial data and anomaly detection of industrial process data, the collection of various industrial data is used as a data source for protocol analysis, an original data set is processed in a segmented mode, then anomaly point detection is performed on each segment of data through a DBSCAN algorithm, then the data set with the anomaly points removed is integrated and filled, meanwhile, a time sequence algorithm is used for analyzing a normal system state sequence of the industrial control system, the time sequence algorithm can be used for detecting a system state deviating from the normal state sequence and finding possible attack behaviors or system fault states, specifically, analysis can be performed through a network flow time sequence based on a hidden Markov model, analysis can be performed through anomaly detection of a behavior base line of a public system, analysis of industrial control behaviors is performed through anomalies of the industrial process data, and behaviors which are controlled maliciously by using changes of control parameters are monitored.
In an optional embodiment, the monitoring center may also serve as a cloud management service platform, and mainly includes deploying, monitoring and managing all security device modules, controllers and workstations in the whole system; the rule assists production, and guides application to conveniently and quickly create a firewall rule from an authority and authorization management report; receiving, processing and recording alarm information uploaded by the security module; the whole network flow is the area and the identification capability; white list based terminal control; and performing security event searching, tracking and preprocessing.
IN an alternative embodiment, the industrial Ethernet can use TPS-1 dedicated to PROFINET communication or R-IN32M3 supporting protocols such as EtherCAT, CC-Link IE, etherNet/IP, PROFINET and CANopen.
In an optional embodiment, the industrial control device on the physical layer includes a human-computer interaction interface, which can set data parameters, perform device control and display of processing information through an operation interface, and also includes various rocker monitoring devices and sensors, which monitor abnormal information in real time, and at the same time includes a line switch and a device power switch of an external control line, so that malicious control outside the physical isolation is realized, and loss is reduced.
The invention comprehensively uses a white list mechanism, carries out identity recognition through a fingerprint recognition device, a face recognition device, a manufacturer confirmation letter, a bar code recognizer, a USB detection system and the like, the fingerprint recognition device and the face recognition device can carry out identity confirmation of operators and engineers, can limit the system operation authority, avoids override operation and malicious operation, the bar code recognizer and the USB detection system can be convenient for connecting an appointed external computer and the USB, avoids the external equipment carrying viruses to influence the system safety, the manufacturer confirmation letter confirms the identity information of the engineers, reduces the potential safety hazard when the system is overhauled and upgraded, and the occupation of operation resources is less than profit;
meanwhile, the deep protocol analysis mechanism detects the abnormity of communication flow through an industrial control firewall, detects the abnormity of a communication network protocol element, detects the common application protocol loophole, link connection loophole and TCP/IP loophole in an excluding way, improves the information safety protection capability of an industrial control system, rapidly identifies illegal operation, abnormal events, external attack and alarms in real time in the industrial control network, simultaneously and comprehensively records network communication behaviors, generates an analysis report and rationalization suggestions, provides a basis for investigation and evidence obtaining of safety events, and long-term retention of abnormal information in a comparison database, is convenient for searching and analyzing original data, and traces back accident responsibility.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (4)
1. An industrial control security defense system is characterized by comprising a potential threat elimination layer, an industrial control security audit system, a monitoring center, an on-site monitoring layer, a control layer and a physical layer;
the potential threat exclusion layer comprises a deep protocol parsing mechanism and a white list mechanism;
the deep protocol analysis mechanism is connected with the industrial control Ethernet through an industrial control firewall, detects the abnormity of communication flow through the industrial control firewall, detects the abnormity of a special protocol piece commonly used in an industrial control communication network, and performs exclusive detection on common application protocol loopholes, link connection loopholes and TCP/TP loopholes;
the white list mechanism carries out identity recognition through a fingerprint recognition device, a face recognition device, a manufacturer confirmation letter, a bar code recognizer and a USB detection system, and can limit the operation authority of the system, the fingerprint recognition device and the face recognition device can carry out identity confirmation of an operator and an engineer, the bar code recognizer and the USB detection system can facilitate the connection of a designated external computer and a USB, and the manufacturer confirmation letter reduces potential safety hazards when the system is maintained and upgraded;
the field monitoring layer carries out data exchange and behavior control on the control layer and the physical layer through the industrial Ethernet; the field monitoring layer comprises acquisition of various industrial data and abnormal detection of industrial process data, the acquisition of the various industrial data is used as a data source for protocol analysis, an original data set is processed in a segmented mode, then abnormal point detection is carried out on each segment of data by using a DBSCAN algorithm, then the data set after the abnormal points are removed is integrated and filled, meanwhile, a time sequence algorithm is used for analyzing a normal system state sequence of an industrial control system and used for detecting a system state deviating from the normal state sequence and finding out an attack behavior or a system fault state, the analysis can be carried out through a network flow time sequence based on a hidden Markov model, the analysis can also be carried out through the abnormal detection of an open system behavior base line, the industrial control behavior is analyzed through the abnormality of the industrial process data, and the behavior of malicious control by using the change of control parameters is monitored;
the industrial control safety audit system can analyze and identify illegal operations, abnormal events and external attacks in an industrial control network at multiple angles, give an alarm in real time, simultaneously comprehensively and detailedly record the operation behaviors in industrial control services, and is convenient for tracing the safety events;
the industrial control safety audit system comprises:
the method comprises the steps of accurate identification and deep analysis, accurate identification of OPC, modbus/TCP, TEC104, DNP3, profinet, MMS and S7 mainstream industrial control protocols, and deep analysis of control instructions, parameters, remote sensing and telemetering information in a control layer and a physical layer;
monitoring the network state in real time, monitoring the running state of the industrial control network in real time, autonomously learning conventional communication rules, establishing a credible standard behavior baseline, and monitoring and alarming abnormal instructions and behaviors sent out in the network in real time;
accurately identifying intrusion behaviors, establishing detection rules by utilizing a self-owned comparison database, accurately identifying vulnerability attacks and malicious code attack intrusion behaviors in a network, and giving an alarm in real time;
the operation records are audited comprehensively, and operation behaviors in the industrial control service are recorded comprehensively and in detail, wherein the operation behaviors comprise instruction-level operation data of instruction change, load change and configuration change, and safety events are traced conveniently;
the method comprises the steps of alarming in real time when the service is interrupted, continuously monitoring the communication state of a specified industrial protocol, alarming in real time when the flow interruption event affecting the service continuity occurs, and timely discovering and eliminating potential safety hazards in the production environment;
and audit data is safely stored, original data in all industrial control networks are safely stored in a comparison database, and the audit data is stored for one year, so that the original data can be conveniently searched and analyzed in the later period.
2. The system of claim 1, wherein the monitoring center can also serve as a cloud management service platform, and mainly comprises deployment, monitoring and management of all safety equipment modules, controllers and workstations in the whole system; the rule assists production, and guides application to conveniently and quickly create a firewall rule from an authority and authorization management report; receiving, processing and recording alarm information uploaded by the security module; the whole network flow is the area and the identification capability; white list based terminal control; and performing security event searching, tracking and preprocessing.
3. The system of claim 1, wherein the industrial EtherNet network can use TPS-1 dedicated to PROFINET communication or R-IN32M3 supporting EtherCAT, CC-Link IE, etherNet/IP, PROFINET, and CANopen protocols.
4. The industrial control security defense system according to claim 1, wherein the industrial control device of the physical layer comprises a human-computer interaction interface, which can set data parameters, perform device operation and control through an operation interface, display processing information, various rocker monitoring devices and sensors, monitor abnormal information in real time, and simultaneously comprise a line switch and a device power switch of an external control circuit, so that malicious operation and control outside the physical isolation can be realized, and loss can be reduced.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011610240.5A CN112799358B (en) | 2020-12-30 | 2020-12-30 | Industrial control safety defense system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011610240.5A CN112799358B (en) | 2020-12-30 | 2020-12-30 | Industrial control safety defense system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112799358A CN112799358A (en) | 2021-05-14 |
| CN112799358B true CN112799358B (en) | 2022-11-25 |
Family
ID=75804511
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011610240.5A Active CN112799358B (en) | 2020-12-30 | 2020-12-30 | Industrial control safety defense system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112799358B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113079185B (en) * | 2021-06-07 | 2021-09-24 | 北京网藤科技有限公司 | Industrial firewall control method and equipment for realizing deep data packet detection control |
| CN114355853B (en) * | 2021-12-30 | 2023-09-19 | 绿盟科技集团股份有限公司 | Industrial control data evidence obtaining method and device, electronic equipment and storage medium |
| CN114745154A (en) * | 2022-03-14 | 2022-07-12 | 中国海洋石油集团有限公司 | Safety control method for cable-controlled separate injection well |
| CN115001738A (en) * | 2022-04-19 | 2022-09-02 | 中国核电工程有限公司 | Network security depth defense system and method for industrial control system of nuclear power station |
| CN114978617B (en) * | 2022-05-06 | 2023-08-08 | 国网湖北省电力有限公司信息通信公司 | Network attack threat statistics judgment method based on Markov process learning model |
| CN115529162A (en) * | 2022-08-26 | 2022-12-27 | 中国科学院信息工程研究所 | Method and system for protecting abnormal behaviors of industrial control flow |
| CN115296929B (en) * | 2022-09-28 | 2023-01-13 | 北京珞安科技有限责任公司 | Industrial firewall management system and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109840077A (en) * | 2019-01-13 | 2019-06-04 | 国网信通产业集团有限公司 | A kind of industry control safety auditing system and its application based on protocol depth analysis |
| CN111339785A (en) * | 2020-05-18 | 2020-06-26 | 杭州木链物联网科技有限公司 | Semantic level security audit method based on business modeling |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8468244B2 (en) * | 2007-01-05 | 2013-06-18 | Digital Doors, Inc. | Digital information infrastructure and method for security designated data and with granular data stores |
| US20160028437A1 (en) * | 2014-07-22 | 2016-01-28 | Hyperion Energy Group Llc | Methods, systems, and apparatus for the monitoring, controlling, and communicating of lighting systems |
| CN107196910B (en) * | 2017-04-18 | 2019-09-10 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and deployment framework based on big data analysis |
| CN107493265B (en) * | 2017-07-24 | 2018-11-02 | 南京南瑞集团公司 | A kind of network security monitoring method towards industrial control system |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| CN111835680A (en) * | 2019-04-18 | 2020-10-27 | 四川卫鼎新科信息技术有限公司 | Safety protection system of industry automatic manufacturing |
-
2020
- 2020-12-30 CN CN202011610240.5A patent/CN112799358B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109840077A (en) * | 2019-01-13 | 2019-06-04 | 国网信通产业集团有限公司 | A kind of industry control safety auditing system and its application based on protocol depth analysis |
| CN111339785A (en) * | 2020-05-18 | 2020-06-26 | 杭州木链物联网科技有限公司 | Semantic level security audit method based on business modeling |
Non-Patent Citations (2)
| Title |
|---|
| 《Armor PLC: A Platform for Cyber Security Threats Assessments for PLCs》;WenhuiZhang;《Procedia Manufacturing》;20191231;第271页-第278页 * |
| 《基于工业以太网的煤矿安全监控系统研究》;王奇峰;《科技情报开发与经济》;20110415(第11期);第130页-第132页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112799358A (en) | 2021-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112799358B (en) | Industrial control safety defense system | |
| CN108848067B (en) | OPC protocol safety protection method for intelligently learning and presetting read-only white list rule | |
| CN112306019A (en) | Industrial control safety audit system based on protocol deep analysis and application thereof | |
| EP2487860B1 (en) | Method and system for improving security threats detection in communication networks | |
| CN109739203B (en) | Industrial network boundary protection system | |
| CN111881452B (en) | Safety test system for industrial control equipment and working method thereof | |
| US10547634B2 (en) | Non-intrusive digital agent for behavioral monitoring of cybersecurity-related events in an industrial control system | |
| CN104570822A (en) | Protection system, protection method and security composition device for an automate process control system (APCS) | |
| CN113055375B (en) | Power station industrial control system physical network oriented attack process visualization method | |
| CN112437041B (en) | Industrial control safety audit system and method based on artificial intelligence | |
| CN113924570A (en) | User behavior analysis for security anomaly detection in industrial control systems | |
| CN109768971A (en) | A method of based on network flow real-time detection industrial control host state | |
| CN112039858A (en) | Block chain service security reinforcement system and method | |
| US11683336B2 (en) | System and method for using weighting factor values of inventory rules to efficiently identify devices of a computer network | |
| CN110365717A (en) | Industrial intrusion detection method and system based on HART-IP agreement | |
| CN114125083A (en) | Industrial network distributed data acquisition method and device, electronic equipment and medium | |
| US11356468B2 (en) | System and method for using inventory rules to identify devices of a computer network | |
| CN115618353B (en) | Industrial production safety identification system and method | |
| KR101553891B1 (en) | Cyber security monitoring method and system of digital safety system in nuclear power plant | |
| CN115706669A (en) | Network security situation prediction method and system | |
| Yu et al. | Mining anomaly communication patterns for industrial control systems | |
| CN117061569B (en) | Internet of things-based industrial and social interaction digital information monitoring system | |
| CN117201081A (en) | Monitoring management system and method for network communication resource data | |
| US20210126932A1 (en) | System for technology infrastructure analysis | |
| Han et al. | Design of Multi-Protocol Industrial Ethernet Security Monitor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |