CN113014585A - Industrial security threat monitoring method, platform, electronic device and storage medium - Google Patents

Industrial security threat monitoring method, platform, electronic device and storage medium Download PDF

Info

Publication number
CN113014585A
CN113014585A CN202110236686.4A CN202110236686A CN113014585A CN 113014585 A CN113014585 A CN 113014585A CN 202110236686 A CN202110236686 A CN 202110236686A CN 113014585 A CN113014585 A CN 113014585A
Authority
CN
China
Prior art keywords
security
data
industrial internet
industrial
analysis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110236686.4A
Other languages
Chinese (zh)
Inventor
刘海洋
张维杰
孙明
黄玉宝
张天
王勇
周志勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Haier Digital Technology Qingdao Co Ltd
Haier Caos IoT Ecological Technology Co Ltd
Qingdao Haier Industrial Intelligence Research Institute Co Ltd
Original Assignee
Haier Digital Technology Qingdao Co Ltd
Haier Caos IoT Ecological Technology Co Ltd
Qingdao Haier Industrial Intelligence Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Haier Digital Technology Qingdao Co Ltd, Haier Caos IoT Ecological Technology Co Ltd, Qingdao Haier Industrial Intelligence Research Institute Co Ltd filed Critical Haier Digital Technology Qingdao Co Ltd
Priority to CN202110236686.4A priority Critical patent/CN113014585A/en
Publication of CN113014585A publication Critical patent/CN113014585A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention relates to an industrial safety threat monitoring method, a platform, electronic equipment and a storage medium, in particular to the technical field of intelligent manufacturing/industrial control safety, and the method comprises the following steps: detecting security data of a plurality of industrial internet enterprises accessing to the industrial internet platform; storing the security data of the plurality of industrial internet enterprises and establishing an index; analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index; security threat monitoring is performed based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise. The method can promote a plurality of industrial internet enterprises to realize cross-industry cooperation and information sharing during safety protection, can obtain whole safety threat information, and can reduce whole safety risk.

Description

Industrial security threat monitoring method, platform, electronic device and storage medium
Technical Field
The embodiment of the invention relates to the technical field of industrial safety control, in particular to an industrial safety threat monitoring method, a platform, electronic equipment and a storage medium.
Background
The industrial internet is a key infrastructure for connecting an industrial whole system, an industrial whole chain and a value whole chain and supporting industrial intelligent development, has the characteristics of openness, interconnection, cross-domain, fusion and the like, has unique advantages of the industrial internet, and is an important premise and foundation for industrial internet development.
The industrial internet also brings new security problems as it breaks the relatively clear security boundaries of the past internet. Particularly, after the internet is connected, the external threat from the internet is faced, and the internal security problem such as industrial production and the like are mutually interwoven. Therefore, the comprehensive and timely monitoring of the security threat information of the industrial internet enterprises becomes a problem to be solved urgently.
Disclosure of Invention
In view of this, embodiments of the present invention provide an industrial security threat monitoring method, a platform, an electronic device, and a storage medium, so as to implement cross-industry collaboration and information sharing when promoting security protection for multiple industrial internet enterprises, so as to obtain overall security threat information.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of embodiments of the invention.
In a first aspect of the disclosure, an embodiment of the present invention provides an industrial security threat monitoring method, including:
detecting security data of a plurality of industrial internet enterprises accessing to the industrial internet platform;
storing the security data of the plurality of industrial internet enterprises and establishing an index;
analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index;
security threat monitoring is performed based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise.
In one embodiment, probing security data of a plurality of industrial internet enterprises accessing an industrial internet platform comprises: detecting, by an asset detection engine, a vulnerability scanning engine, and/or a scheduling engine, security data for a plurality of industrial internet enterprises accessing an industrial internet platform; wherein the security data comprises industrial enterprise field security data and/or network data.
In one embodiment, probing, by an asset probing engine, vulnerability scanning engine, and/or scheduling engine, security data for a plurality of industrial internet enterprises accessing an industrial internet platform comprises: and detecting security data of a plurality of industrial internet enterprises accessed to the industrial internet platform through an asset detection engine, a vulnerability scanning engine and/or a scheduling engine which are uniformly configured by the industrial internet platform.
In one embodiment, storing the secure data of the plurality of industrial internet enterprises further comprises: preprocessing the security data of the plurality of industrial internet enterprises to obtain at least one functional database, wherein the preprocessing at least comprises one preprocessing operation of: data formatting, data filtering, data merging and data information complementing;
wherein the at least one functional database comprises at least one of: an event information base, a fingerprint feature base, a vulnerability information base, an asset information base, a resource service base, and an enterprise information base.
In one embodiment, analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index comprises: analyzing and correlating the industrial security of the plurality of industrial internet enterprises using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
In one embodiment, the performing security threat monitoring based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise comprises: performing at least one of the following security threat monitoring based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise:
summary data analysis, ICS/OT data analysis, asset data analysis, threat data analysis, and intelligence monitoring.
In one embodiment, the security threat information includes security monitoring information, security analysis information, and/or security pre-warning information.
In a second aspect of the present disclosure, an embodiment of the present invention further provides an industrial security threat monitoring platform, including:
the data acquisition module is used for detecting the security data of a plurality of industrial internet enterprises accessed to the industrial internet platform;
the data storage module is used for storing the security data of the industrial Internet enterprises and establishing an index;
a data analysis module for analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index;
and the threat monitoring module is used for carrying out security threat monitoring on the basis of the analysis and the result of the correlation analysis so as to obtain the security threat information of at least one industrial Internet enterprise.
In one embodiment, the data acquisition module is configured to: detecting, by an asset detection engine, a vulnerability scanning engine, and/or a scheduling engine, security data for a plurality of industrial internet enterprises accessing an industrial internet platform; wherein the security data comprises industrial enterprise field security data and/or network data.
In one embodiment, the industrial security threat monitoring platform is configured to: and detecting security data of a plurality of industrial internet enterprises accessed to the industrial internet platform through an asset detection engine, a vulnerability scanning engine and/or a scheduling engine which are uniformly configured by the industrial internet platform.
In one embodiment, the data storage module is further configured to: preprocessing the security data of the plurality of industrial internet enterprises to obtain at least one functional database, wherein the preprocessing at least comprises one preprocessing operation of: data formatting, data filtering, data merging and data information complementing;
wherein the at least one functional database comprises at least one of: an event information base, a fingerprint feature base, a vulnerability information base, an asset information base, a resource service base, and an enterprise information base.
In one embodiment, the data analysis module is configured to: analyzing and correlating the industrial security of the plurality of industrial internet enterprises using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
In one embodiment, the threat monitoring module is to: performing at least one of the following security threat monitoring based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise: summary data analysis, ICS/OT data analysis, asset data analysis, threat data analysis, and intelligence monitoring.
In one embodiment, the security threat information includes security monitoring information, security analysis information, and/or security pre-warning information.
In a third aspect of the disclosure, an electronic device is provided. The electronic device includes: a processor; and a memory for storing executable instructions that, when executed by the processor, cause the electronic device to perform the method of the first aspect.
In a fourth aspect of the disclosure, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the method in the first aspect.
The technical scheme provided by the embodiment of the invention has the beneficial technical effects that:
the embodiment of the invention detects the security data of a plurality of industrial internet enterprises accessed to the industrial internet platform, stores and establishes the index so as to analyze and correlate the industrial security of the industrial internet enterprises based on the stored security data and the established index, and monitors the security threat based on the analysis and correlation analysis result so as to obtain the security threat information of at least one industrial internet enterprise, thereby promoting the realization of cross-industry cooperation and information sharing when the plurality of industrial internet enterprises carry out security protection, obtaining the whole security threat information and reducing the whole security risk.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only a part of the embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the contents of the embodiments of the present invention and the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a method for monitoring industrial security threats according to an embodiment of the invention;
FIG. 2 is a schematic flow diagram of another industrial security threat monitoring method provided in accordance with an embodiment of the invention;
FIG. 3 is a schematic structural diagram of an industrial security threat monitoring platform provided in accordance with an embodiment of the present invention;
FIG. 4 is a block diagram of an overall architecture of a solution provided according to an embodiment of the present invention;
FIG. 5 shows a schematic diagram of an electronic device suitable for use in implementing embodiments of the present invention.
Detailed Description
In order to make the technical problems solved, the technical solutions adopted and the technical effects achieved by the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be described in further detail below with reference to the accompanying drawings, and it is obvious that the described embodiments are only some embodiments, but not all embodiments, of the embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, belong to the scope of protection of the embodiments of the present invention.
It should be noted that the terms "system" and "network" are often used interchangeably herein in embodiments of the present invention. Reference to "and/or" in embodiments of the invention is intended to include any and all combinations of one or more of the associated listed items. The terms "first", "second", and the like in the description and claims of the present disclosure and in the drawings are used for distinguishing between different objects and not for limiting a particular order.
It should be further noted that, in the embodiments of the present invention, each of the following embodiments may be executed alone, or may be executed in combination with each other, and the embodiments of the present invention are not limited in this respect.
The names of messages or information exchanged between the modules in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
The technical solutions of the embodiments of the present invention are further described by the following detailed description with reference to the accompanying drawings.
Fig. 1 shows a schematic flow diagram of an industrial security threat monitoring method according to an embodiment of the present invention, which is applicable to a situation where cross-industry collaboration and information sharing are implemented when security protection is performed on a plurality of industrial internet enterprises, and overall security threat information can be acquired, where the method may be executed by an industrial security threat monitoring platform that depends on an industrial internet platform, as shown in fig. 1, the industrial security threat monitoring method according to the embodiment includes:
in step S110, security data of a plurality of industrial internet enterprises accessing to the industrial internet platform is probed.
The step can detect the security data of a plurality of industrial internet enterprises accessed to the industrial internet platform through one or more of an asset detection engine, a vulnerability scanning engine, a scheduling engine and the like. For example, the security data of a plurality of industrial internet enterprises accessing the industrial internet platform can be detected through an asset detection engine, a vulnerability scanning engine, a scheduling engine and the like which are uniformly configured by the industrial internet platform.
The adopted detection engine can be a detector owned by a plurality of industrial internet enterprises connected to an industrial internet platform, and can also be a detector uniformly equipped by the industrial internet platform.
If the detectors uniformly equipped by the industrial internet platform are adopted to obtain the safety data of each industrial internet enterprise, the detectors with uniform models, uniform detection rules, uniform transmission protocols and uniform data formats can be adopted so as to more conveniently and efficiently detect, screen, gather and store the data.
The detector can be used for detecting data in a switch of an industrial internet enterprise, and the safety data detected by the detector can be transmitted to the industrial safety threat monitoring platform through the data transmission device configured by the detector, for example, the safety data can be transmitted to the industrial safety threat monitoring platform through the 4G module or the 5G module configured by the detector, so that the original system architecture of each industrial internet enterprise is not damaged when the safety data detection is performed on a plurality of industrial internet enterprises, the nondestructive detection is realized, the network congestion of each industrial internet enterprise is avoided, and the jamming and the time delay caused by the influence on other data transmission are avoided.
The security data may include various types, such as industrial enterprise field security data, network data, etc.
In step S120, the security data of the plurality of industrial internet enterprises are stored and indexed.
When the security data of the plurality of industrial internet enterprises are stored, the security data of the plurality of industrial internet enterprises can be preprocessed to obtain at least one functional database, wherein the preprocessing at least comprises one preprocessing operation selected from the following operations: data formatting, data filtering, data merging, and data information complementing.
Wherein the at least one function database may include a variety of databases, such as an event information database, a fingerprint feature database, a vulnerability information database, an asset information database, a resource service database, and an enterprise information database.
In step S130, the industrial security of the plurality of industrial internet enterprises is analyzed and associated based on the stored security data and the established index.
For example, the industrial security of the plurality of industrial internet enterprises may be analyzed and correlated using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
The industrial safety of the industrial internet enterprises is analyzed and associated, cross-industry cooperation and information sharing can be achieved when the industrial safety of the industrial internet enterprises is protected, and overall safety data can be obtained.
In step S140, security threat monitoring is performed to obtain security threat information of at least one industrial internet enterprise based on the results of the analysis and correlation analysis.
For example, any one or more analysis methods such as summary data analysis, ICS/OT data analysis, asset data analysis, threat data analysis, and intelligence monitoring may be performed based on the results of the analysis and correlation analysis to obtain security threat information of at least one industrial internet enterprise.
The security threat information includes, but is not limited to, security monitoring information, security analysis information, security pre-warning information, and the like.
It should be noted that, because the plurality of industrial internet enterprises accessed to the industrial internet platform are industrial internet enterprises in unlimited industry and unlimited fields, different from the conventional security threat monitoring method focusing on the enterprise, the method described in this embodiment is based on the security threat information obtained by storing and analyzing the security data of the plurality of industrial internet enterprises accessed to the industrial internet platform, and can promote the plurality of industrial internet enterprises to implement cross-industry collaboration and information sharing during security protection, and can obtain the whole security threat information, and can reduce the whole security risk.
In the embodiment, the security data of the plurality of industrial internet enterprises accessed to the industrial internet platform are detected, the security data are stored and the index is established so as to analyze and correlate the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index, the security threat monitoring is performed based on the analysis and correlation analysis results so as to acquire the security threat information of at least one industrial internet enterprise, the cross-industry cooperation and the information sharing can be realized when the plurality of industrial internet enterprises perform security protection, the whole security threat information can be acquired, and the whole security risk can be reduced.
Fig. 2 is a schematic flow chart of another industrial security threat monitoring method according to an embodiment of the present invention, which is based on the foregoing embodiment and is optimized. As shown in fig. 2, the industrial security threat monitoring method according to this embodiment includes:
in step S210, security data of a plurality of industrial internet enterprises accessing to the industrial internet platform is probed.
For example, a distributed-based extensible, scalable, and integratable industrial internet scanning system can be built to provide continuous industrial internet asset detection and vulnerability scanning capabilities.
During specific detection, asset detection can be performed on the industrial internet network space of a counterweight unit, asset identification and vulnerability identification can be performed after industrial internet assets are found, and basic support is provided for subsequent operation.
For example, the security data may include industrial enterprise field security data, such as field security data that may be detected by an industrial threat detector ITD, uploaded through a 4G module/5G module to an enterprise-level platform interface of an industrial security threat monitoring platform. For another example, the security data may further include network data, and the security data of the enterprise is obtained by performing traffic analysis, vulnerability scanning, and asset scanning on the network data of the switches of the enterprise.
In step S220, the security data of the plurality of industrial internet enterprises is stored and indexed.
The method is used for providing underlying data storage service for the whole industrial safety threat monitoring platform, and the industrial safety threat monitoring platform is used as a big data platform and needs to acquire, store and analyze mass data, so that in order to support storage and rapid query of local private cloud mass data, an optimized intelligent retrieval engine can be adopted, requirements of a large number of data search requests, data storage and the like are met, and higher query performance is realized. Wherein the intelligent search engine can provide an index of full text search functions for distributed multi-user capabilities.
In step S230, the industrial security of the plurality of industrial internet enterprises is analyzed and associated based on the stored security data and the established index.
The purpose of this step is to provide relevant capabilities such as data processing, statistics, calculation for the whole industrial security threat monitoring platform. The analysis and the correlation analysis can be performed through an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a 3D visualization engine, a data processing engine and the like, so that various query, analysis and calculation are provided for an upper layer to support different application functions, and data support is provided for an upper layer application.
In step S240, any one or more analysis methods, such as summary data analysis, ICS/OT data analysis, asset data analysis, threat data analysis, and intelligence monitoring, are performed based on the results of the analysis and correlation analysis to obtain security threat information of at least one industrial internet enterprise.
Fig. 4 is a schematic diagram of an overall architecture of a solution provided according to an embodiment of the present invention, and as shown in fig. 4, security monitoring and security information scanning from multiple industrial internet enterprises are established to perform security data acquisition, storage and analysis, and then security situation visualization display (for example, display in a situation visualization display area in fig. 4) and security threat analysis are performed based on analysis results to obtain security threat information, so as to provide a basis for operation.
For example, based on the obtained security threat information, an industrial control security emergency work mechanism can be established, the organization coordination and emergency handling capability of a supervision department in a healthy area can be improved, the security operation and maintenance capability of industrial internet enterprises can be improved, and the security consciousness of personnel can be strengthened.
For another example, based on the obtained security threat information, the security protection capability of the industrial internet enterprise can be improved, the production security of the enterprise can be guaranteed, the security threat of the networking enterprise can be found quickly, the problems that the industrial assets of the networking enterprise are not clear, the security risk is not early-warned, the industrial control threat is difficult to sense, the industrial control security is not provided with a gripper, the professional service is not timely and the like are solved, the security protection capability of the networking enterprise is effectively improved, and the production security of the industrial enterprise is guaranteed.
For another example, based on the obtained security threat information, the networked enterprise can have the security capabilities of industrial asset vulnerability discovery, industrial control network virus monitoring, industrial control network threat real-time alarm, industrial security incident emergency disposal and the like in a short time under the condition of small capital investment, thereby reducing the huge investment of the industrial enterprise in the aspect of industrial information security and relieving the pressure of insufficient capital of the industrial enterprise and the problem of unprofessional security service.
As an implementation of the methods shown in the above diagrams, the present application provides an embodiment of an industrial security threat monitoring platform, and fig. 3 illustrates a schematic structural diagram of the industrial security threat monitoring platform provided in this embodiment, where the embodiment of the platform corresponds to the embodiment of the methods shown in fig. 1 and fig. 2, and the platform may be specifically applied to various electronic devices. As shown in fig. 3, the industrial security threat monitoring platform according to the embodiment includes a data collection module 310, a data storage module 320, a data analysis module 330, and a threat monitoring module 340.
The data collection module 310 is configured to detect security data of a plurality of industrial internet enterprises accessing the industrial internet platform.
The data storage module 320 is configured to store and index the secure data of the plurality of industrial internet enterprises.
The data analysis module 330 is configured to analyze and correlate the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index.
The threat monitoring module 340 is configured for performing security threat monitoring based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise.
According to one or more embodiments of the present disclosure, the data collection module 310 is configured to further detect, by an asset detection engine, a vulnerability scanning engine, and/or a scheduling engine, security data of a plurality of industrial internet enterprises accessing an industrial internet platform; wherein the security data comprises industrial enterprise field security data and/or network data.
In accordance with one or more embodiments of the present disclosure, the industrial security threat monitoring platform is to: and detecting security data of a plurality of industrial internet enterprises accessed to the industrial internet platform through an asset detection engine, a vulnerability scanning engine and/or a scheduling engine which are uniformly configured by the industrial internet platform.
According to one or more embodiments of the present disclosure, the data storage module 320 is configured to be further configured to preprocess the secure data of the plurality of industrial internet enterprises to obtain at least one functional database, wherein the preprocessing includes at least one preprocessing operation of: data formatting, data filtering, data merging and data information complementing; wherein the at least one functional database comprises at least one of: an event information base, a fingerprint feature base, a vulnerability information base, an asset information base, a resource service base, and an enterprise information base.
According to one or more embodiments of the present disclosure, the data analysis module 330 is configured to further analyze and correlate the industrial security of the plurality of industrial internet enterprises using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
In accordance with one or more embodiments of the present disclosure, the security threat information includes security monitoring information, security analysis information, and/or security pre-warning information.
The industrial security threat monitoring platform provided by the embodiment can execute the industrial security threat monitoring method provided by the embodiment of the method disclosed by the embodiment, and has corresponding functional modules and beneficial effects of the execution method.
Referring now to FIG. 5, a block diagram of an electronic device 500 suitable for use in implementing embodiments of the present invention is shown. The terminal device in the embodiment of the present invention is, for example, a mobile device, a computer, or a vehicle-mounted device built in a floating car, or any combination thereof. In some embodiments, the mobile device may include, for example, a cell phone, a smart home device, a wearable device, a smart mobile device, a virtual reality device, and the like, or any combination thereof. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 5, electronic device 500 may include a processing means (e.g., central processing unit, graphics processor, etc.) 501 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data necessary for the operation of the electronic apparatus 500 are also stored. The processing device 501, the ROM 502, and the RAM 503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Generally, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 507 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, and the like; storage devices 508 including, for example, magnetic tape, hard disk, etc.; and a communication device 509. The communication means 509 may allow the electronic device 500 to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 illustrates an electronic device 500 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as a computer software program. For example, embodiments of the invention include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or installed from the storage means 508, or installed from the ROM 502. The computer program performs the above-described functions defined in the method of the embodiment of the present invention when executed by the processing apparatus 501.
It should be noted that the computer readable medium mentioned above can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In yet another embodiment of the invention, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: detecting security data of a plurality of industrial internet enterprises accessing to the industrial internet platform; storing the security data of the plurality of industrial internet enterprises and establishing an index; analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index; security threat monitoring is performed based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise.
Computer program code for carrying out operations for embodiments of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
The foregoing description is only a preferred embodiment of the invention and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure in the embodiments of the present invention is not limited to the specific combinations of the above-described features, but also encompasses other embodiments in which any combination of the above-described features or their equivalents is possible without departing from the spirit of the disclosure. For example, the above features and (but not limited to) the features with similar functions disclosed in the embodiments of the present invention are mutually replaced to form the technical solution.

Claims (10)

1. An industrial security threat monitoring method, comprising:
detecting security data of a plurality of industrial internet enterprises accessing to the industrial internet platform;
storing the security data of the plurality of industrial internet enterprises and establishing an index;
analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index;
security threat monitoring is performed based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise.
2. The method of claim 1, wherein probing the security data of the plurality of industrial internet enterprises accessing the industrial internet platform comprises:
detecting, by an asset detection engine, a vulnerability scanning engine, and/or a scheduling engine, security data for a plurality of industrial internet enterprises accessing an industrial internet platform;
wherein the security data comprises industrial enterprise field security data and/or network data.
3. The method of claim 2, wherein probing the security data of the plurality of industrial internet enterprises accessing the industrial internet platform by an asset probing engine, a vulnerability scanning engine, and/or a scheduling engine comprises:
and detecting security data of a plurality of industrial internet enterprises accessed to the industrial internet platform through an asset detection engine, a vulnerability scanning engine and/or a scheduling engine which are uniformly configured by the industrial internet platform.
4. The method of claim 1, wherein storing the secure data of the plurality of industrial internet enterprises further comprises:
preprocessing the security data of the plurality of industrial internet enterprises to obtain at least one functional database, wherein the preprocessing at least comprises one preprocessing operation of: data formatting, data filtering, data merging and data information complementing;
wherein the at least one functional database comprises at least one of: an event information base, a fingerprint feature base, a vulnerability information base, an asset information base, a resource service base, and an enterprise information base.
5. The method of claim 1, wherein analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index comprises:
analyzing and correlating the industrial security of the plurality of industrial internet enterprises using an intelligent retrieval engine, a data mining engine, a correlation analysis engine, a statistical analysis engine, a visualization engine, a data processing engine, a statistical reporting service, and/or a data service based on the stored security data and the established index.
6. The method of claim 1, wherein performing security threat monitoring based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise comprises:
performing at least one of the following security threat monitoring based on the results of the analysis and correlation analysis to obtain security threat information for at least one industrial internet enterprise:
summary data analysis, ICS/OT data analysis, asset data analysis, threat data analysis, and intelligence monitoring.
7. The method of claim 1, wherein the security threat information comprises security monitoring information, security analysis information, and/or security pre-warning information.
8. An industrial security threat monitoring platform, comprising:
the data acquisition module is used for detecting the security data of a plurality of industrial internet enterprises accessed to the industrial internet platform;
the data storage module is used for storing the security data of the industrial Internet enterprises and establishing an index;
a data analysis module for analyzing and correlating the industrial security of the plurality of industrial internet enterprises based on the stored security data and the established index;
and the threat monitoring module is used for carrying out security threat monitoring on the basis of the analysis and the result of the correlation analysis so as to obtain the security threat information of at least one industrial Internet enterprise.
9. An electronic device, comprising:
one or more processors; and
a memory to store executable instructions that, when executed by the one or more processors, cause the electronic device to perform the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
CN202110236686.4A 2021-03-03 2021-03-03 Industrial security threat monitoring method, platform, electronic device and storage medium Pending CN113014585A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110236686.4A CN113014585A (en) 2021-03-03 2021-03-03 Industrial security threat monitoring method, platform, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110236686.4A CN113014585A (en) 2021-03-03 2021-03-03 Industrial security threat monitoring method, platform, electronic device and storage medium

Publications (1)

Publication Number Publication Date
CN113014585A true CN113014585A (en) 2021-06-22

Family

ID=76404198

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110236686.4A Pending CN113014585A (en) 2021-03-03 2021-03-03 Industrial security threat monitoring method, platform, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN113014585A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160189081A1 (en) * 2014-12-31 2016-06-30 Dassault Systemes Americas Corp. Method and system for a cross-domain enterprise collaborative decision support framework
US20160189079A1 (en) * 2014-12-31 2016-06-30 Dassault Systemes Americas Corp. Method and system for an information engine for analytics and decision-making
CN107872454A (en) * 2017-11-04 2018-04-03 公安部第三研究所 A kind of monitoring of ultra-large type internet platform protection based on security rank threat information and analysis system and method based on big data technology
CN109840415A (en) * 2018-12-29 2019-06-04 江苏博智软件科技股份有限公司 A kind of industry control network Security Situation Awareness Systems
CN110740141A (en) * 2019-11-15 2020-01-31 国网山东省电力公司信息通信公司 integration network security situation perception method, device and computer equipment
CN111178760A (en) * 2019-12-30 2020-05-19 成都烽创科技有限公司 Risk monitoring method and device, terminal equipment and computer readable storage medium
CN111832017A (en) * 2020-07-17 2020-10-27 中国移动通信集团广西有限公司 Cloud-oriented database security situation sensing system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160189081A1 (en) * 2014-12-31 2016-06-30 Dassault Systemes Americas Corp. Method and system for a cross-domain enterprise collaborative decision support framework
US20160189079A1 (en) * 2014-12-31 2016-06-30 Dassault Systemes Americas Corp. Method and system for an information engine for analytics and decision-making
CN107872454A (en) * 2017-11-04 2018-04-03 公安部第三研究所 A kind of monitoring of ultra-large type internet platform protection based on security rank threat information and analysis system and method based on big data technology
CN109840415A (en) * 2018-12-29 2019-06-04 江苏博智软件科技股份有限公司 A kind of industry control network Security Situation Awareness Systems
CN110740141A (en) * 2019-11-15 2020-01-31 国网山东省电力公司信息通信公司 integration network security situation perception method, device and computer equipment
CN111178760A (en) * 2019-12-30 2020-05-19 成都烽创科技有限公司 Risk monitoring method and device, terminal equipment and computer readable storage medium
CN111832017A (en) * 2020-07-17 2020-10-27 中国移动通信集团广西有限公司 Cloud-oriented database security situation sensing system

Similar Documents

Publication Publication Date Title
CN111581291B (en) Data processing method, device, electronic equipment and readable medium
CN110866642A (en) Security monitoring method and device, electronic equipment and computer readable storage medium
CN110348718B (en) Service index monitoring method and device and electronic equipment
CN106331633A (en) Method and system for displaying and quickly accessing a variety of monitoring resources
CN113556254B (en) Abnormal alarm method and device, electronic equipment and readable storage medium
CN110347694B (en) Equipment monitoring method, device and system based on Internet of things
US11989743B2 (en) System and method for processing public sentiment, computer storage medium and electronic device
CN112953952A (en) Industrial security situation awareness method, platform, electronic device and storage medium
CN112738040A (en) Network security threat detection method, system and device based on DNS log
CN108520056A (en) Business datum monitoring method and device, system, readable medium and electronic equipment
CN109873790A (en) Network security detection method, device and computer readable storage medium
CN112926925A (en) Product supervision method and device, electronic equipment and storage medium
CN111405475A (en) Multidimensional sensing data collision fusion analysis method and device
CN115103157A (en) Video analysis method and device based on edge cloud cooperation, electronic equipment and medium
CN115629933A (en) Business system monitoring method, device, equipment and storage medium
CN110149303B (en) Party-school network security early warning method and early warning system
CN114490280A (en) Log processing method, device, equipment and medium
CN116010190A (en) ESB service monitoring management system and method
CN115567563B (en) Comprehensive transportation hub monitoring and early warning system based on end edge cloud and control method thereof
CN115766401B (en) Industrial alarm information analysis method and device, electronic equipment and computer medium
CN210112053U (en) Safety supervision system based on Internet of things
CN113014585A (en) Industrial security threat monitoring method, platform, electronic device and storage medium
CN111770085A (en) Network security system, method, equipment and medium
CN115514618A (en) Alarm event processing method and device, electronic equipment and medium
CN115277472A (en) Network security risk early warning system and method for multidimensional industrial control system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210622