CN113039755A - 用于工业控制系统的监测方法、装置、系统和计算机可读介质 - Google Patents
用于工业控制系统的监测方法、装置、系统和计算机可读介质 Download PDFInfo
- Publication number
- CN113039755A CN113039755A CN201880099575.XA CN201880099575A CN113039755A CN 113039755 A CN113039755 A CN 113039755A CN 201880099575 A CN201880099575 A CN 201880099575A CN 113039755 A CN113039755 A CN 113039755A
- Authority
- CN
- China
- Prior art keywords
- industrial
- control system
- network traffic
- industrial control
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 229
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000001514 detection method Methods 0.000 claims abstract description 61
- 230000004044 response Effects 0.000 claims abstract description 14
- 238000012806 monitoring device Methods 0.000 claims description 92
- 238000004458 analytical method Methods 0.000 claims description 59
- 230000008859 change Effects 0.000 description 9
- 238000004519 manufacturing process Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000002411 adverse Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000002776 aggregation Effects 0.000 description 2
- 238000004220 aggregation Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000002360 preparation method Methods 0.000 description 2
- 239000000523 sample Substances 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013075 data extraction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000003814 drug Substances 0.000 description 1
- 238000009776 industrial production Methods 0.000 description 1
- 239000007788 liquid Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 238000010223 real-time analysis Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0259—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
- G05B23/0262—Confirmation of fault detection, e.g. extra checks to confirm that a failure has indeed occurred
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
- H04L43/062—Generation of reports related to network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0428—Safety, monitoring
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B23/00—Testing or monitoring of control systems or parts thereof
- G05B23/02—Electric testing or monitoring
- G05B23/0205—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
- G05B23/0218—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults
- G05B23/0256—Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults injecting test signals and analyzing monitored process response, e.g. injecting the test signal while interrupting the normal operation of the monitored system; superimposing the test signal onto a control signal during normal operation of the monitored system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
- H04L41/0645—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis by additionally acting on or stimulating the network after receiving notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
一种工业控制系统的监测方法、装置、系统和计算机可读介质,用于对一个工业控制系统进行有效监测。该方法包括如下步骤:采用被动监测方式获取所述工业控制系统中传输的第一网络流量;根据所述第一网络流量中包括的所述工业控制系统中的工业设备的特征确定是否需要对所述工业控制系统采用主动探测方式进行监测;若确定需要对所述工业控制系统采用主动探测方式进行监测,则根据所述第一网络流量中包括的所述工业控制系统中的工业设备的特征确定目标工业设备,向确定的所述目标工业设备发送第三网络流量,以及获取所述目标工业设备为响应所述第三网络流量而发送的第二网络流量。
Description
PCT国内申请,说明书已公开。
Claims (12)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2018/123911 WO2020132949A1 (zh) | 2018-12-26 | 2018-12-26 | 用于工业控制系统的监测方法、装置、系统和计算机可读介质 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113039755A true CN113039755A (zh) | 2021-06-25 |
CN113039755B CN113039755B (zh) | 2024-08-27 |
Family
ID=71127537
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201880099575.XA Active CN113039755B (zh) | 2018-12-26 | 2018-12-26 | 用于工业控制系统的监测方法、装置、系统和计算机可读介质 |
Country Status (4)
Country | Link |
---|---|
US (1) | US11418521B2 (zh) |
EP (1) | EP3905595B1 (zh) |
CN (1) | CN113039755B (zh) |
WO (1) | WO2020132949A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024060245A1 (zh) * | 2022-09-23 | 2024-03-28 | 西门子股份公司 | 设备信任等级分析方法、装置、电子设备和存储介质 |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2019420582A1 (en) * | 2019-01-13 | 2021-09-02 | Strong Force IoT Portfolio 2016, LLC. | Methods, systems, kits and apparatuses for monitoring and managing industrial settings |
CN115550213A (zh) * | 2022-08-12 | 2022-12-30 | 中国航空无线电电子研究所 | 一种多场景多模式的dds监控系统 |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100776828B1 (ko) * | 2006-08-25 | 2007-11-19 | 고려대학교 산학협력단 | 유비쿼터스 홈네트워크 환경의 침입탐지 방법, 그 기록 매체 및 유비쿼터스 홈네트워크 환경의 침입탐지 장치 |
JP2010088031A (ja) * | 2008-10-02 | 2010-04-15 | Nec Corp | アンダーレイネットワーク障害検知方法及びネットワークシステム |
CN106789177A (zh) * | 2016-11-30 | 2017-05-31 | 武汉船舶通信研究所 | 一种网络故障处理的系统 |
CN106911529A (zh) * | 2015-12-22 | 2017-06-30 | 国网青海省电力公司 | 基于协议解析的电网工控安全检测系统 |
CN107040552A (zh) * | 2017-06-13 | 2017-08-11 | 上海斗象信息科技有限公司 | 网络攻击路径预测方法 |
CN107370732A (zh) * | 2017-07-14 | 2017-11-21 | 成都信息工程大学 | 基于神经网络和最优推荐的工控系统异常行为发现系统 |
CN108650225A (zh) * | 2018-04-03 | 2018-10-12 | 国家计算机网络与信息安全管理中心 | 一种远程安全监测设备、系统及远程安全监测方法 |
CN109067592A (zh) * | 2018-08-31 | 2018-12-21 | 国网辽宁省电力有限公司电力科学研究院 | 一种面向智能配用电的智能管控装置及管控方法 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1825388A4 (en) | 2004-11-17 | 2010-07-28 | Univ California | SYSTEM AND METHOD FOR PROVIDING A WEBSITE |
CN102377740A (zh) * | 2010-08-12 | 2012-03-14 | 西门子公司 | 一种工业访问控制方法及装置 |
US9518839B2 (en) * | 2013-11-26 | 2016-12-13 | Northrop Grumman Systems Corporation | Wavelet based monitoring of system parameters |
CN104811437B (zh) * | 2015-03-16 | 2017-12-22 | 南京麦伦思科技有限公司 | 一种工业控制网络中生成安全策略的系统和方法 |
US20170093910A1 (en) * | 2015-09-25 | 2017-03-30 | Acalvio Technologies, Inc. | Dynamic security mechanisms |
SG11201804435SA (en) * | 2015-12-01 | 2018-06-28 | Radiflow Ltd | Network security agent |
WO2017196216A1 (en) * | 2016-05-12 | 2017-11-16 | Telefonaktiebolaget Lm Ericsson (Publ) | A monitoring controller and a method performed thereby for monitoring network performance |
US11747799B2 (en) | 2017-05-31 | 2023-09-05 | Siemens Aktiengesellschaft | Industrial control system and network security monitoring method therefor |
US10942500B2 (en) * | 2018-06-11 | 2021-03-09 | Purdue Research Foundation | System architecture and method of processing data therein |
CN112671553A (zh) * | 2020-11-26 | 2021-04-16 | 中国电子科技网络信息安全有限公司 | 基于主被动探测的工控网络拓扑图生成方法 |
-
2018
- 2018-12-26 WO PCT/CN2018/123911 patent/WO2020132949A1/zh unknown
- 2018-12-26 US US17/417,898 patent/US11418521B2/en active Active
- 2018-12-26 EP EP18944895.4A patent/EP3905595B1/en active Active
- 2018-12-26 CN CN201880099575.XA patent/CN113039755B/zh active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100776828B1 (ko) * | 2006-08-25 | 2007-11-19 | 고려대학교 산학협력단 | 유비쿼터스 홈네트워크 환경의 침입탐지 방법, 그 기록 매체 및 유비쿼터스 홈네트워크 환경의 침입탐지 장치 |
JP2010088031A (ja) * | 2008-10-02 | 2010-04-15 | Nec Corp | アンダーレイネットワーク障害検知方法及びネットワークシステム |
CN106911529A (zh) * | 2015-12-22 | 2017-06-30 | 国网青海省电力公司 | 基于协议解析的电网工控安全检测系统 |
CN106789177A (zh) * | 2016-11-30 | 2017-05-31 | 武汉船舶通信研究所 | 一种网络故障处理的系统 |
CN107040552A (zh) * | 2017-06-13 | 2017-08-11 | 上海斗象信息科技有限公司 | 网络攻击路径预测方法 |
CN107370732A (zh) * | 2017-07-14 | 2017-11-21 | 成都信息工程大学 | 基于神经网络和最优推荐的工控系统异常行为发现系统 |
CN108650225A (zh) * | 2018-04-03 | 2018-10-12 | 国家计算机网络与信息安全管理中心 | 一种远程安全监测设备、系统及远程安全监测方法 |
CN109067592A (zh) * | 2018-08-31 | 2018-12-21 | 国网辽宁省电力有限公司电力科学研究院 | 一种面向智能配用电的智能管控装置及管控方法 |
Non-Patent Citations (1)
Title |
---|
严志涛;方滨兴;刘奇旭;崔翔;: "一种基于无线路由器的IoT设备轻量级防御框架", 中国科学院大学学报, no. 06 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024060245A1 (zh) * | 2022-09-23 | 2024-03-28 | 西门子股份公司 | 设备信任等级分析方法、装置、电子设备和存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN113039755B (zh) | 2024-08-27 |
EP3905595A1 (en) | 2021-11-03 |
EP3905595A4 (en) | 2022-07-20 |
US11418521B2 (en) | 2022-08-16 |
WO2020132949A1 (zh) | 2020-07-02 |
US20220046033A1 (en) | 2022-02-10 |
EP3905595B1 (en) | 2023-08-30 |
EP3905595C0 (en) | 2023-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11750563B2 (en) | Flow metadata exchanges between network and security functions for a security service | |
CN110661761B (zh) | 一种访问控制设备、方法、计算机程序产品和计算机可读介质 | |
US8844041B1 (en) | Detecting network devices and mapping topology using network introspection by collaborating endpoints | |
CN102082690B (zh) | 一种网络拓扑的被动发现设备及其发现方法 | |
EP3499837A1 (en) | Ot system monitoring method, apparatus, system, and storage medium | |
EP3993331B1 (en) | Flow metadata exchanges between network and security functions for a security service | |
CN113039755B (zh) | 用于工业控制系统的监测方法、装置、系统和计算机可读介质 | |
US11785048B2 (en) | Consistent monitoring and analytics for security insights for network and security functions for a security service | |
US11888900B2 (en) | Cryptographic security audit using network service zone locking | |
Spiekermann et al. | Challenges of network forensic investigation in virtual networks | |
Paul et al. | Towards the protection of industrial control systems–conclusions of a vulnerability analysis of profinet IO | |
US9749150B2 (en) | Method and system for monitoring network communications | |
CN108933707B (zh) | 一种工业网络的安全监控系统及方法 | |
Akande et al. | Limitations of passively mapping logical network topologies | |
Tenkanen et al. | Security assessment of a distributed, modbus-based building automation system | |
US9992083B1 (en) | System to detect network egress points | |
CN111343033B (zh) | 一种面向多层差异的网络管理系统 | |
Ndonda et al. | A public network trace of a control and automation system | |
EP3166280B1 (en) | Integrated security system having threat visualization and automated security device control | |
EP3166281B1 (en) | Integrated security system having threat visualization | |
James | Network Automation Methodology for Detecting Rogue Switch | |
Chang et al. | Enabling situational awareness in operational technology environments through software defined networking | |
Lontorfos | Securely accessing remote sensors in critical infrastructures. | |
Liu et al. | Community Cleanup: Incentivizing Network Hygiene via Distributed Attack Reporting | |
KR100938647B1 (ko) | 플로우 데이터 분석 결과에 따라 이를 저장하는 장치 및방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |