CN112953952A - Industrial security situation awareness method, platform, electronic device and storage medium - Google Patents
Industrial security situation awareness method, platform, electronic device and storage medium Download PDFInfo
- Publication number
- CN112953952A CN112953952A CN202110231938.4A CN202110231938A CN112953952A CN 112953952 A CN112953952 A CN 112953952A CN 202110231938 A CN202110231938 A CN 202110231938A CN 112953952 A CN112953952 A CN 112953952A
- Authority
- CN
- China
- Prior art keywords
- security
- data
- industrial internet
- industrial
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The embodiment of the invention relates to an industrial safety situation perception method, a platform, electronic equipment and a storage medium, in particular to the technical field of intelligent manufacturing/industrial control safety, and the method comprises the following steps: detecting security data of a plurality of industrial internet enterprises accessing to the industrial internet platform; storing the security data of the plurality of industrial internet enterprises and establishing an index; analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index; the security situation perception analysis is carried out based on the analysis and correlation analysis results to obtain the security situation information of at least one industrial internet enterprise, cross-industry cooperation and information sharing can be achieved when a plurality of industrial internet enterprises are promoted to carry out security protection, the overall security trend can be obtained, and the overall security risk can be reduced.
Description
Technical Field
The embodiment of the invention relates to the technical field of industrial safety, in particular to an industrial safety situation perception method, a platform, electronic equipment and a storage medium.
Background
The industrial internet is a key infrastructure for connecting an industrial whole system, an industrial whole chain and a value whole chain and supporting industrial intelligent development, has the characteristics of openness, interconnection, cross-domain, fusion and the like, has unique advantages of the industrial internet, and is an important premise and foundation for industrial internet development.
The industrial internet also brings new security problems as it breaks the relatively clear security boundaries of the past internet. Particularly, after the internet is connected, the external threat from the internet is faced, and the internal security problem such as industrial production and the like are mutually interwoven. Therefore, comprehensively and timely acquiring the security situation information of the industrial internet enterprises becomes a problem to be solved urgently.
Disclosure of Invention
In view of this, embodiments of the present invention provide an industrial security situation awareness method, a platform, an electronic device, and a storage medium, so as to promote multiple industrial internet enterprises to implement cross-industry collaboration and information sharing during security protection, so as to obtain an overall security trend.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of embodiments of the invention.
In a first aspect of the disclosure, an embodiment of the present invention provides an industrial security situation awareness method, including:
detecting security data of a plurality of industrial internet enterprises accessing to the industrial internet platform;
storing the security data of the plurality of industrial internet enterprises and establishing an index;
analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index;
and performing security situation awareness analysis based on the analysis and correlation analysis results to acquire security situation information of at least one industrial internet enterprise.
In one embodiment, probing security data of a plurality of industrial internet enterprises accessing an industrial internet platform comprises: detecting, by an asset detection engine, a vulnerability scanning engine, and/or a scheduling engine, security data for a plurality of industrial internet enterprises accessing an industrial internet platform; wherein the security data comprises industrial enterprise field security data and/or network data.
In one embodiment, probing, by an asset probing engine, vulnerability scanning engine, and/or scheduling engine, security data for a plurality of industrial internet enterprises accessing an industrial internet platform comprises: and detecting security data of a plurality of industrial internet enterprises accessed to the industrial internet platform through an asset detection engine, a vulnerability scanning engine and/or a scheduling engine which are uniformly configured by the industrial internet platform.
In one embodiment, storing the secure data of the plurality of industrial internet enterprises further comprises:
preprocessing the security data of the plurality of industrial internet enterprises to obtain at least one functional database, wherein the preprocessing at least comprises one preprocessing operation of: data formatting, data filtering, data merging and data information complementing;
wherein the at least one functional database comprises at least one of: an event information base, a fingerprint feature base, a vulnerability information base, an asset information base, a resource service base, and an enterprise information base.
In one embodiment, analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index comprises: analyzing and correlating the industrial security of the plurality of industrial internet enterprises using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
In one embodiment, the performing security posture awareness analysis based on the analysis and correlation analysis to obtain the security posture information of at least one industrial internet enterprise includes: and performing at least one security situation awareness analysis to obtain security situation information of at least one industrial internet enterprise based on the results of the analysis and correlation analysis, wherein the at least one security situation awareness analysis comprises: the method comprises the steps of comprehensive situation perception analysis, regional situation perception analysis, user situation perception analysis, site situation perception analysis and ICS/OT situation perception analysis.
In an embodiment, the security posture information includes overall risk visualization information, security detail visualization information, and/or security dynamic information.
In a second aspect of the present disclosure, an embodiment of the present invention further provides an industrial security situation awareness platform, including:
the data acquisition module is used for detecting the security data of a plurality of industrial internet enterprises accessed to the industrial internet platform;
the data storage module is used for storing the security data of the industrial Internet enterprises and establishing an index;
a data analysis module for analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index;
and the situation awareness module is used for performing security situation awareness analysis based on the analysis and correlation analysis results to acquire security situation information of at least one industrial internet enterprise.
In one embodiment, the data acquisition module is configured to: detecting, by an asset detection engine, a vulnerability scanning engine, and/or a scheduling engine, security data for a plurality of industrial internet enterprises accessing an industrial internet platform; wherein the security data comprises industrial enterprise field security data and/or network data.
In one embodiment, the data acquisition module is configured to: and detecting security data of a plurality of industrial internet enterprises accessed to the industrial internet platform through an asset detection engine, a vulnerability scanning engine and/or a scheduling engine which are uniformly configured by the industrial internet platform.
In one embodiment, the data storage module is further configured to: preprocessing the security data of the plurality of industrial internet enterprises to obtain at least one functional database, wherein the preprocessing at least comprises one preprocessing operation of: data formatting, data filtering, data merging and data information complementing;
wherein the at least one functional database comprises at least one of: an event information base, a fingerprint feature base, a vulnerability information base, an asset information base, a resource service base, and an enterprise information base.
In one embodiment, the data analysis module is configured to: analyzing and correlating the industrial security of the plurality of industrial internet enterprises using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
In one embodiment, the situation awareness module is configured to: and performing at least one security situation awareness analysis to obtain security situation information of at least one industrial internet enterprise based on the results of the analysis and correlation analysis, wherein the at least one security situation awareness analysis comprises:
the method comprises the steps of comprehensive situation perception analysis, regional situation perception analysis, user situation perception analysis, site situation perception analysis and ICS/OT situation perception analysis.
In an embodiment, the security posture information includes overall risk visualization information, security detail visualization information, and/or security dynamic information.
In a third aspect of the disclosure, an electronic device is provided. The electronic device includes: a processor; and a memory for storing executable instructions that, when executed by the processor, cause the electronic device to perform the method of the first aspect.
In a fourth aspect of the disclosure, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the method in the first aspect.
The technical scheme provided by the embodiment of the invention has the beneficial technical effects that:
the embodiment of the invention detects the security data of a plurality of industrial internet enterprises accessed to the industrial internet platform, stores and establishes the index so as to analyze and correlate the industrial security of the industrial internet enterprises based on the stored security data and the established index, and performs security situation perception analysis based on the analysis and correlation analysis result so as to obtain the security situation information of at least one industrial internet enterprise, so that cross-industry cooperation and information sharing can be realized when the plurality of industrial internet enterprises perform security protection, the whole security trend can be obtained, and the whole security risk can be reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only a part of the embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the contents of the embodiments of the present invention and the drawings without creative efforts.
FIG. 1 is a flow chart of a method for sensing industrial security situation according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart diagram of another method for sensing industrial safety situation provided in accordance with an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of an industrial security situation awareness platform provided in accordance with an embodiment of the present invention;
FIG. 4 shows a schematic diagram of an electronic device suitable for use in implementing embodiments of the present invention.
Detailed Description
In order to make the technical problems solved, the technical solutions adopted and the technical effects achieved by the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be described in further detail below with reference to the accompanying drawings, and it is obvious that the described embodiments are only some embodiments, but not all embodiments, of the embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, belong to the scope of protection of the embodiments of the present invention.
It should be noted that the terms "system" and "network" are often used interchangeably herein in embodiments of the present invention. Reference to "and/or" in embodiments of the invention is intended to include any and all combinations of one or more of the associated listed items. The terms "first", "second", and the like in the description and claims of the present disclosure and in the drawings are used for distinguishing between different objects and not for limiting a particular order.
It should be further noted that, in the embodiments of the present invention, each of the following embodiments may be executed alone, or may be executed in combination with each other, and the embodiments of the present invention are not limited in this respect.
The names of messages or information exchanged between the modules in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
The technical solutions of the embodiments of the present invention are further described by the following detailed description with reference to the accompanying drawings.
Fig. 1 shows a schematic flow diagram of an industrial security situation awareness method provided in an embodiment of the present invention, where this embodiment is applicable to a situation where cross-industry collaboration and information sharing are implemented when security protection is performed on multiple industrial internet enterprises, and an overall security trend can be obtained, and this method may be executed by an industrial security situation awareness platform that depends on an industrial internet platform, as shown in fig. 1, the industrial security situation awareness method described in this embodiment includes:
in step S110, security data of a plurality of industrial internet enterprises accessing to the industrial internet platform is probed.
The step can detect the security data of a plurality of industrial internet enterprises accessed to the industrial internet platform through one or more of an asset detection engine, a vulnerability scanning engine, a scheduling engine and the like. For example, the security data of a plurality of industrial internet enterprises accessing the industrial internet platform can be detected through an asset detection engine, a vulnerability scanning engine, a scheduling engine and the like which are uniformly configured by the industrial internet platform. The industrial internet enterprises can be key enterprises screened from a plurality of industrial internet enterprises accessed to the industrial internet platform, wherein the industrial internet enterprises can be screened according to the industry of the enterprises, and can also be screened according to the characteristics of the enterprises.
The adopted detection engine can be a detector owned by a plurality of industrial internet enterprises connected to an industrial internet platform, and can also be a detector uniformly equipped by the industrial internet platform.
If the detectors uniformly equipped by the industrial internet platform are adopted to obtain the safety data of each industrial internet enterprise, the detectors with uniform models, uniform detection rules, uniform transmission protocols and uniform data formats can be adopted so as to more conveniently and efficiently detect, screen, gather and store the data.
The detector can be used for detecting data in a switch of an industrial internet enterprise, and the safety data detected by the detector can be transmitted to the industrial safety situation perception platform through the data transmission device configured by the detector, for example, the safety data can be transmitted to the industrial safety situation perception platform through the 4G module or the 5G module configured by the detector, so that the original system architecture of each industrial internet enterprise is not damaged when the safety data is detected for a plurality of industrial internet enterprises, the nondestructive detection is realized, the network congestion of each industrial internet enterprise is avoided, and the jamming and the delay caused by the influence on other data transmission are avoided.
The security data may include various types, such as industrial enterprise field security data, network data, etc.
In step S120, the security data of the plurality of industrial internet enterprises are stored and indexed.
When the security data of the plurality of industrial internet enterprises are stored, the security data of the plurality of industrial internet enterprises can be preprocessed to obtain at least one functional database, wherein the preprocessing at least comprises one preprocessing operation selected from the following operations: data formatting, data filtering, data merging, and data information complementing.
Wherein the at least one function database may include a variety of databases, such as an event information database, a fingerprint feature database, a vulnerability information database, an asset information database, a resource service database, and an enterprise information database.
In step S130, the industrial security of the plurality of industrial internet enterprises is analyzed and associated based on the stored security data and the established index.
For example, the industrial security of the plurality of industrial internet enterprises may be analyzed and correlated using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
The industrial safety of the industrial internet enterprises is analyzed and associated, cross-industry cooperation and information sharing can be achieved when the industrial safety of the industrial internet enterprises is protected, and the overall safety trend can be obtained.
In step S140, security situation awareness analysis is performed to obtain security situation information of at least one industrial internet enterprise based on the results of the analysis and the correlation analysis.
For example, any one or more analysis methods such as comprehensive situation awareness analysis, regional situation awareness analysis, user situation awareness analysis, site situation awareness analysis, and ICS/OT situation awareness analysis may be performed based on the results of the analysis and the correlation analysis to obtain the security situation information of at least one industrial internet enterprise.
The security situation information includes, but is not limited to, whole risk visualization information, security detail visualization information, security dynamic information, and the like.
It should be noted that, because the plurality of industrial internet enterprises accessed to the industrial internet platform are industrial internet enterprises in unlimited industry and unlimited fields, different from the conventional security situation awareness method focusing on the enterprise, the method described in this embodiment is security situation information obtained after storing and analyzing the security data of the plurality of industrial internet enterprises accessed to the industrial internet platform, and can promote the plurality of industrial internet enterprises to implement cross-industry collaboration and information sharing during security protection, obtain overall security situation information, and reduce overall security risk.
In the embodiment, by detecting the security data of the plurality of industrial internet enterprises accessed to the industrial internet platform, storing and establishing the index, analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index, and performing security situation awareness analysis based on the analysis and correlation analysis results to obtain the security situation information of at least one industrial internet enterprise, the method can promote the plurality of industrial internet enterprises to realize cross-industry cooperation and information sharing during security protection, can obtain the whole security trend, and can reduce the whole security risk.
Fig. 2 is a schematic flow chart of another industrial security situation awareness method according to an embodiment of the present invention, and the embodiment is based on the foregoing embodiment and is optimized. As shown in fig. 2, the method for sensing industrial security situation according to this embodiment includes:
in step S210, security data of a plurality of industrial internet enterprises accessing to the industrial internet platform is probed.
For example, asset detection can be performed on the industrial internet network space of a counterweight unit, and asset identification and vulnerability identification can be performed after industrial internet assets are found, so that basic support is provided for subsequent operation.
For example, the security data may include industrial enterprise field security data, such as field security data detectable by an industrial threat detector ITD, uploaded to an enterprise-level platform interface of an industrial security situation awareness platform via a 4G module/5G module.
For another example, the security data may also include network data, and the enterprise security data may be obtained by performing traffic analysis, vulnerability scanning, and asset scanning on the network data of the enterprise's switches.
In step S220, the security data of the plurality of industrial internet enterprises is stored and indexed.
The method is used for providing underlying data storage service for the whole industrial security situation awareness platform, and the industrial security situation awareness platform is used as a big data platform and needs to collect, store and analyze mass data, so that in order to support storage and rapid query of local private cloud mass data, an optimized intelligent retrieval engine can be adopted, requirements of a large number of data search requests, data storage and the like are met, and higher query performance is achieved. Wherein the intelligent search engine can provide an index of full text search functions for distributed multi-user capabilities.
In step S230, the industrial security of the plurality of industrial internet enterprises is analyzed and associated based on the stored security data and the established index.
The purpose of this step is to provide relevant ability such as data processing, statistics, calculation for whole industry security situation perception platform. The analysis and the correlation analysis can be performed through an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a 3D visualization engine, a data processing engine and the like, so that various query, analysis and calculation are provided for an upper layer to support different application functions, and data support is provided for an upper layer application.
In step S240, comprehensive situation awareness analysis, regional situation awareness analysis, user situation awareness analysis, site situation awareness analysis, ICS/OT situation awareness analysis, and the like are performed based on the analysis and correlation analysis results to obtain security situation information of at least one industrial internet enterprise.
By monitoring, analyzing, early warning and risk visualization of key industrial internet enterprises, assets and industrial internet risks, a solution for building the industrial internet security service capacity of key units can be formed, so that the internal situation perception system, the internal security management system or the security management personnel of each industrial internet enterprise can be used for improving the industrial internet security comprehensive guarantee capacity and level of the enterprise.
The embodiment can automatically analyze industrial protocols, discover abnormal flow and sense network threats by an industrial threat detector deployed in each factory, and report the security risks of the factory to an industrial security situation sensing platform, so that operators of the platform can comprehensively master the industrial security situations of a plurality of industrial internet enterprises accessing the industrial internet platform, arrange problem troubleshooting and event handling quickly, and report important security events to an internal situation sensing system, an internal security management system or a security manager of each enterprise.
The embodiment utilizes the big data capability, threat information capability, industrial data analysis capability and visualization capability of the industrial internet platform on the basis of the previous embodiment, establishes an industrial security situation awareness system which takes internal and external monitoring as a basis, takes cooperative linkage and information sharing as driving, takes safe operation as a center and takes business service as a target, and obtains the security situation information of at least one industrial internet enterprise by carrying out comprehensive situation awareness analysis, regional situation awareness analysis, user situation awareness analysis, site situation awareness analysis, ICS/OT situation awareness analysis and the like, can promote a plurality of industrial internet enterprises to realize industry cooperation and information sharing when carrying out security protection, can obtain the overall security trend, and can reduce the overall security risk.
As implementations of the methods shown in the above diagrams, the present application provides an embodiment of an industrial security situation awareness platform, and fig. 3 illustrates a schematic structural diagram of an industrial security situation awareness platform provided in this embodiment, where the embodiment of the platform corresponds to the embodiment of the methods shown in fig. 1 and fig. 2, and the platform may be specifically applied to various electronic devices. As shown in fig. 3, the industrial security situation awareness platform according to this embodiment includes a data acquisition module 310, a data storage module 320, a data analysis module 330, and a situation awareness module 340.
The data collection module 310 is configured to detect security data of a plurality of industrial internet enterprises accessing the industrial internet platform.
The data storage module 320 is configured to store and index the secure data of the plurality of industrial internet enterprises.
The data analysis module 330 is configured to analyze and correlate the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index.
The situation awareness module 340 is configured to perform a security situation awareness analysis based on the analysis and correlation analysis to obtain security situation information of at least one industrial internet enterprise.
In accordance with one or more embodiments of the present disclosure, the data collection module 310 is configured for detecting, by an asset detection engine, vulnerability scanning engine, and/or scheduling engine, security data of a plurality of industrial internet enterprises accessing an industrial internet platform; wherein the security data comprises industrial enterprise field security data and/or network data.
According to one or more embodiments of the present disclosure, the data collection module 310 is configured to detect security data of a plurality of industrial internet enterprises accessing an industrial internet platform through an asset detection engine, a vulnerability scanning engine, and/or a scheduling engine that are uniformly configured by the industrial internet platform.
According to one or more embodiments of the present disclosure, the data storage module 310 is configured to be further configured to preprocess the secure data of the plurality of industrial internet enterprises to obtain at least one functional database, wherein the preprocessing includes at least one preprocessing operation of: data formatting, data filtering, data merging and data information complementing; wherein the at least one functional database comprises at least one of: an event information base, a fingerprint feature base, a vulnerability information base, an asset information base, a resource service base, and an enterprise information base.
According to one or more embodiments of the present disclosure, the data analysis module 330 is configured for analyzing and correlating the industrial security of the plurality of industrial internet enterprises using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
According to one or more embodiments of the present disclosure, the situation awareness module 340 is configured to perform at least one security situation awareness analysis based on the results of the analysis and correlation analysis to obtain security situation information of at least one industrial internet enterprise, wherein the at least one security situation awareness analysis comprises: the method comprises the steps of comprehensive situation perception analysis, regional situation perception analysis, user situation perception analysis, site situation perception analysis and ICS/OT situation perception analysis.
According to one or more embodiments of the present disclosure, the security posture information includes overall risk visualization information, security detail visualization information, and/or security dynamic information.
The industrial security situation awareness platform provided by the embodiment can execute the industrial security situation awareness method provided by the embodiment of the method, and has corresponding functional modules and beneficial effects of the execution method.
Referring now to FIG. 4, a block diagram of an electronic device 400 suitable for use in implementing embodiments of the present invention is shown. The terminal device in the embodiment of the present invention is, for example, a mobile device, a computer, or a vehicle-mounted device built in a floating car, or any combination thereof. In some embodiments, the mobile device may include, for example, a cell phone, a smart home device, a wearable device, a smart mobile device, a virtual reality device, and the like, or any combination thereof. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 4, electronic device 400 may include a processing device (e.g., central processing unit, graphics processor, etc.) 401 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)402 or a program loaded from a storage device 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the electronic apparatus 400 are also stored. The processing device 401, the ROM 402, and the RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
Generally, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 407 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 408 including, for example, tape, hard disk, etc.; and a communication device 409. The communication means 409 may allow the electronic device 400 to communicate wirelessly or by wire with other devices to exchange data. While fig. 4 illustrates an electronic device 400 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as a computer software program. For example, embodiments of the invention include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication device 409, or from the storage device 408, or from the ROM 402. The computer program performs the above-described functions defined in the methods of embodiments of the invention when executed by the processing apparatus 401.
It should be noted that the computer readable medium mentioned above can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In yet another embodiment of the invention, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: detecting security data of a plurality of industrial internet enterprises accessing to the industrial internet platform; storing the security data of the plurality of industrial internet enterprises and establishing an index; analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index; and performing security situation awareness analysis based on the analysis and correlation analysis results to acquire security situation information of at least one industrial internet enterprise.
Computer program code for carrying out operations for embodiments of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
The foregoing description is only a preferred embodiment of the invention and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure in the embodiments of the present invention is not limited to the specific combinations of the above-described features, but also encompasses other embodiments in which any combination of the above-described features or their equivalents is possible without departing from the spirit of the disclosure. For example, the above features and (but not limited to) the features with similar functions disclosed in the embodiments of the present invention are mutually replaced to form the technical solution.
Claims (10)
1. A method for industrial security situational awareness, comprising:
detecting security data of a plurality of industrial internet enterprises accessing to the industrial internet platform;
storing the security data of the plurality of industrial internet enterprises and establishing an index;
analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index;
and performing security situation awareness analysis based on the analysis and correlation analysis results to acquire security situation information of at least one industrial internet enterprise.
2. The method of claim 1, wherein probing the security data of the plurality of industrial internet enterprises accessing the industrial internet platform comprises:
detecting, by an asset detection engine, a vulnerability scanning engine, and/or a scheduling engine, security data for a plurality of industrial internet enterprises accessing an industrial internet platform;
wherein the security data comprises industrial enterprise field security data and/or network data.
3. The method of claim 2, wherein probing the security data of the plurality of industrial internet enterprises accessing the industrial internet platform by an asset probing engine, a vulnerability scanning engine, and/or a scheduling engine comprises:
and detecting security data of a plurality of industrial internet enterprises accessed to the industrial internet platform through an asset detection engine, a vulnerability scanning engine and/or a scheduling engine which are uniformly configured by the industrial internet platform.
4. The method of claim 1, wherein storing the secure data of the plurality of industrial internet enterprises further comprises:
preprocessing the security data of the plurality of industrial internet enterprises to obtain at least one functional database, wherein the preprocessing at least comprises one preprocessing operation of: data formatting, data filtering, data merging and data information complementing;
wherein the at least one functional database comprises at least one of: an event information base, a fingerprint feature base, a vulnerability information base, an asset information base, a resource service base, and an enterprise information base.
5. The method of claim 1, wherein analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index comprises:
analyzing and correlating the industrial security of the plurality of industrial internet enterprises using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
6. The method of claim 1, wherein performing a security posture awareness analysis based on the results of the analysis and correlation analysis to obtain security posture information of at least one industrial internet enterprise comprises:
and performing at least one security situation awareness analysis to obtain security situation information of at least one industrial internet enterprise based on the results of the analysis and correlation analysis, wherein the at least one security situation awareness analysis comprises:
the method comprises the steps of comprehensive situation perception analysis, regional situation perception analysis, user situation perception analysis, site situation perception analysis and ICS/OT situation perception analysis.
7. The method of claim 1, wherein the security posture information comprises overall risk visualization information, security detail visualization information, and/or security dynamic information.
8. An industrial security situation awareness platform, comprising:
the data acquisition module is used for detecting the security data of a plurality of industrial internet enterprises accessed to the industrial internet platform;
the data storage module is used for storing the security data of the industrial Internet enterprises and establishing an index;
a data analysis module for analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index;
and the situation awareness module is used for performing security situation awareness analysis based on the analysis and correlation analysis results to acquire security situation information of at least one industrial internet enterprise.
9. An electronic device, comprising:
one or more processors; and
a memory to store executable instructions that, when executed by the one or more processors, cause the electronic device to perform the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110231938.4A CN112953952A (en) | 2021-03-02 | 2021-03-02 | Industrial security situation awareness method, platform, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110231938.4A CN112953952A (en) | 2021-03-02 | 2021-03-02 | Industrial security situation awareness method, platform, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112953952A true CN112953952A (en) | 2021-06-11 |
Family
ID=76247230
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110231938.4A Pending CN112953952A (en) | 2021-03-02 | 2021-03-02 | Industrial security situation awareness method, platform, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112953952A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113872950A (en) * | 2021-09-18 | 2021-12-31 | 恒安嘉新(北京)科技股份公司 | Automobile safety analysis method and device, electronic equipment and storage medium |
| CN115242423A (en) * | 2022-05-25 | 2022-10-25 | 中国交通信息科技集团有限公司 | Industrial internet security situation display system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160189081A1 (en) * | 2014-12-31 | 2016-06-30 | Dassault Systemes Americas Corp. | Method and system for a cross-domain enterprise collaborative decision support framework |
| US20160189079A1 (en) * | 2014-12-31 | 2016-06-30 | Dassault Systemes Americas Corp. | Method and system for an information engine for analytics and decision-making |
| CN109840415A (en) * | 2018-12-29 | 2019-06-04 | 江苏博智软件科技股份有限公司 | A kind of industry control network Security Situation Awareness Systems |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
| CN111178760A (en) * | 2019-12-30 | 2020-05-19 | 成都烽创科技有限公司 | Risk monitoring method and device, terminal equipment and computer readable storage medium |
| CN111832017A (en) * | 2020-07-17 | 2020-10-27 | 中国移动通信集团广西有限公司 | Cloud-oriented database security situation sensing system |
-
2021
- 2021-03-02 CN CN202110231938.4A patent/CN112953952A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160189081A1 (en) * | 2014-12-31 | 2016-06-30 | Dassault Systemes Americas Corp. | Method and system for a cross-domain enterprise collaborative decision support framework |
| US20160189079A1 (en) * | 2014-12-31 | 2016-06-30 | Dassault Systemes Americas Corp. | Method and system for an information engine for analytics and decision-making |
| CN109840415A (en) * | 2018-12-29 | 2019-06-04 | 江苏博智软件科技股份有限公司 | A kind of industry control network Security Situation Awareness Systems |
| CN110740141A (en) * | 2019-11-15 | 2020-01-31 | 国网山东省电力公司信息通信公司 | integration network security situation perception method, device and computer equipment |
| CN111178760A (en) * | 2019-12-30 | 2020-05-19 | 成都烽创科技有限公司 | Risk monitoring method and device, terminal equipment and computer readable storage medium |
| CN111832017A (en) * | 2020-07-17 | 2020-10-27 | 中国移动通信集团广西有限公司 | Cloud-oriented database security situation sensing system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113872950A (en) * | 2021-09-18 | 2021-12-31 | 恒安嘉新(北京)科技股份公司 | Automobile safety analysis method and device, electronic equipment and storage medium |
| CN115242423A (en) * | 2022-05-25 | 2022-10-25 | 中国交通信息科技集团有限公司 | Industrial internet security situation display system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2015072612A (en) | Early stage condition grasping method and device | |
| CN110866642A (en) | Security monitoring method and device, electronic equipment and computer readable storage medium | |
| JP2018129023A (en) | Safety inspection method and device based on industrial internet operation system | |
| CN106331633A (en) | Method and system for displaying and quickly accessing a variety of monitoring resources | |
| CN112953952A (en) | Industrial security situation awareness method, platform, electronic device and storage medium | |
| CN112738040A (en) | Network security threat detection method, system and device based on DNS log | |
| CN112256682B (en) | Data quality detection method and device for multi-dimensional heterogeneous data | |
| CN117501658A (en) | Evaluation of likelihood of security event alarms | |
| CN114490280A (en) | Log processing method, device, equipment and medium | |
| CN112714169B (en) | Intra-scenic-area interconnection control system and control method | |
| CN113946646A (en) | Vehicle residence detection method and device, electronic equipment and storage medium | |
| CN115567563B (en) | Comprehensive transportation hub monitoring and early warning system based on end edge cloud and control method thereof | |
| CN115766401B (en) | Industrial alarm information analysis method and device, electronic equipment and computer medium | |
| CN210112053U (en) | Safety supervision system based on Internet of things | |
| CN116342342A (en) | Student behavior detection method, electronic device and readable storage medium | |
| CN114553725B (en) | Machine room monitoring alarm method and device, electronic equipment and storage medium | |
| KR101973728B1 (en) | Integration security anomaly symptom monitoring system | |
| CN115567258A (en) | Network security situation awareness method, system, electronic device and storage medium | |
| CN113014585A (en) | Industrial security threat monitoring method, platform, electronic device and storage medium | |
| CN115333791A (en) | Cloud-based vehicle safety protection method and related equipment | |
| CN114637898A (en) | Data monitoring system and method based on industrial internet | |
| CN110677271B (en) | Big data alarm method, device, equipment and storage medium based on ELK | |
| CN112232723A (en) | Method and device for detecting abnormal behaviors in real time, electronic equipment and storage medium | |
| US11930030B1 (en) | Detecting and responding to malicious acts directed towards machine learning models | |
| CN117041331B (en) | Fire alarm system and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210611 |
|
| RJ01 | Rejection of invention patent application after publication |