CN113039755A - 用于工业控制系统的监测方法、装置、系统和计算机可读介质 - Google Patents

用于工业控制系统的监测方法、装置、系统和计算机可读介质 Download PDF

Info

Publication number
CN113039755A
CN113039755A CN201880099575.XA CN201880099575A CN113039755A CN 113039755 A CN113039755 A CN 113039755A CN 201880099575 A CN201880099575 A CN 201880099575A CN 113039755 A CN113039755 A CN 113039755A
Authority
CN
China
Prior art keywords
industrial
control system
network traffic
industrial control
monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201880099575.XA
Other languages
English (en)
Other versions
CN113039755B (zh
Inventor
唐文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of CN113039755A publication Critical patent/CN113039755A/zh
Application granted granted Critical
Publication of CN113039755B publication Critical patent/CN113039755B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0259Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
    • G05B23/0262Confirmation of fault detection, e.g. extra checks to confirm that a failure has indeed occurred
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/062Generation of reports related to network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0218Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults
    • G05B23/0256Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults injecting test signals and analyzing monitored process response, e.g. injecting the test signal while interrupting the normal operation of the monitored system; superimposing the test signal onto a control signal during normal operation of the monitored system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • H04L41/0645Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis by additionally acting on or stimulating the network after receiving notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

一种工业控制系统的监测方法、装置、系统和计算机可读介质,用于对一个工业控制系统进行有效监测。该方法包括如下步骤:采用被动监测方式获取所述工业控制系统中传输的第一网络流量;根据所述第一网络流量中包括的所述工业控制系统中的工业设备的特征确定是否需要对所述工业控制系统采用主动探测方式进行监测;若确定需要对所述工业控制系统采用主动探测方式进行监测,则根据所述第一网络流量中包括的所述工业控制系统中的工业设备的特征确定目标工业设备,向确定的所述目标工业设备发送第三网络流量,以及获取所述目标工业设备为响应所述第三网络流量而发送的第二网络流量。

Description

PCT国内申请,说明书已公开。

Claims (12)

  1. PCT国内申请,权利要求书已公开。
CN201880099575.XA 2018-12-26 2018-12-26 用于工业控制系统的监测方法、装置、系统和计算机可读介质 Active CN113039755B (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/123911 WO2020132949A1 (zh) 2018-12-26 2018-12-26 用于工业控制系统的监测方法、装置、系统和计算机可读介质

Publications (2)

Publication Number Publication Date
CN113039755A true CN113039755A (zh) 2021-06-25
CN113039755B CN113039755B (zh) 2024-08-27

Family

ID=71127537

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880099575.XA Active CN113039755B (zh) 2018-12-26 2018-12-26 用于工业控制系统的监测方法、装置、系统和计算机可读介质

Country Status (4)

Country Link
US (1) US11418521B2 (zh)
EP (1) EP3905595B1 (zh)
CN (1) CN113039755B (zh)
WO (1) WO2020132949A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024060245A1 (zh) * 2022-09-23 2024-03-28 西门子股份公司 设备信任等级分析方法、装置、电子设备和存储介质

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2019420582A1 (en) * 2019-01-13 2021-09-02 Strong Force IoT Portfolio 2016, LLC. Methods, systems, kits and apparatuses for monitoring and managing industrial settings
CN115550213A (zh) * 2022-08-12 2022-12-30 中国航空无线电电子研究所 一种多场景多模式的dds监控系统

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100776828B1 (ko) * 2006-08-25 2007-11-19 고려대학교 산학협력단 유비쿼터스 홈네트워크 환경의 침입탐지 방법, 그 기록 매체 및 유비쿼터스 홈네트워크 환경의 침입탐지 장치
JP2010088031A (ja) * 2008-10-02 2010-04-15 Nec Corp アンダーレイネットワーク障害検知方法及びネットワークシステム
CN106789177A (zh) * 2016-11-30 2017-05-31 武汉船舶通信研究所 一种网络故障处理的系统
CN106911529A (zh) * 2015-12-22 2017-06-30 国网青海省电力公司 基于协议解析的电网工控安全检测系统
CN107040552A (zh) * 2017-06-13 2017-08-11 上海斗象信息科技有限公司 网络攻击路径预测方法
CN107370732A (zh) * 2017-07-14 2017-11-21 成都信息工程大学 基于神经网络和最优推荐的工控系统异常行为发现系统
CN108650225A (zh) * 2018-04-03 2018-10-12 国家计算机网络与信息安全管理中心 一种远程安全监测设备、系统及远程安全监测方法
CN109067592A (zh) * 2018-08-31 2018-12-21 国网辽宁省电力有限公司电力科学研究院 一种面向智能配用电的智能管控装置及管控方法

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1825388A4 (en) 2004-11-17 2010-07-28 Univ California SYSTEM AND METHOD FOR PROVIDING A WEBSITE
CN102377740A (zh) * 2010-08-12 2012-03-14 西门子公司 一种工业访问控制方法及装置
US9518839B2 (en) * 2013-11-26 2016-12-13 Northrop Grumman Systems Corporation Wavelet based monitoring of system parameters
CN104811437B (zh) * 2015-03-16 2017-12-22 南京麦伦思科技有限公司 一种工业控制网络中生成安全策略的系统和方法
US20170093910A1 (en) * 2015-09-25 2017-03-30 Acalvio Technologies, Inc. Dynamic security mechanisms
SG11201804435SA (en) * 2015-12-01 2018-06-28 Radiflow Ltd Network security agent
WO2017196216A1 (en) * 2016-05-12 2017-11-16 Telefonaktiebolaget Lm Ericsson (Publ) A monitoring controller and a method performed thereby for monitoring network performance
US11747799B2 (en) 2017-05-31 2023-09-05 Siemens Aktiengesellschaft Industrial control system and network security monitoring method therefor
US10942500B2 (en) * 2018-06-11 2021-03-09 Purdue Research Foundation System architecture and method of processing data therein
CN112671553A (zh) * 2020-11-26 2021-04-16 中国电子科技网络信息安全有限公司 基于主被动探测的工控网络拓扑图生成方法

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100776828B1 (ko) * 2006-08-25 2007-11-19 고려대학교 산학협력단 유비쿼터스 홈네트워크 환경의 침입탐지 방법, 그 기록 매체 및 유비쿼터스 홈네트워크 환경의 침입탐지 장치
JP2010088031A (ja) * 2008-10-02 2010-04-15 Nec Corp アンダーレイネットワーク障害検知方法及びネットワークシステム
CN106911529A (zh) * 2015-12-22 2017-06-30 国网青海省电力公司 基于协议解析的电网工控安全检测系统
CN106789177A (zh) * 2016-11-30 2017-05-31 武汉船舶通信研究所 一种网络故障处理的系统
CN107040552A (zh) * 2017-06-13 2017-08-11 上海斗象信息科技有限公司 网络攻击路径预测方法
CN107370732A (zh) * 2017-07-14 2017-11-21 成都信息工程大学 基于神经网络和最优推荐的工控系统异常行为发现系统
CN108650225A (zh) * 2018-04-03 2018-10-12 国家计算机网络与信息安全管理中心 一种远程安全监测设备、系统及远程安全监测方法
CN109067592A (zh) * 2018-08-31 2018-12-21 国网辽宁省电力有限公司电力科学研究院 一种面向智能配用电的智能管控装置及管控方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
严志涛;方滨兴;刘奇旭;崔翔;: "一种基于无线路由器的IoT设备轻量级防御框架", 中国科学院大学学报, no. 06 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024060245A1 (zh) * 2022-09-23 2024-03-28 西门子股份公司 设备信任等级分析方法、装置、电子设备和存储介质

Also Published As

Publication number Publication date
CN113039755B (zh) 2024-08-27
EP3905595A1 (en) 2021-11-03
EP3905595A4 (en) 2022-07-20
US11418521B2 (en) 2022-08-16
WO2020132949A1 (zh) 2020-07-02
US20220046033A1 (en) 2022-02-10
EP3905595B1 (en) 2023-08-30
EP3905595C0 (en) 2023-08-30

Similar Documents

Publication Publication Date Title
US11750563B2 (en) Flow metadata exchanges between network and security functions for a security service
CN110661761B (zh) 一种访问控制设备、方法、计算机程序产品和计算机可读介质
US8844041B1 (en) Detecting network devices and mapping topology using network introspection by collaborating endpoints
CN102082690B (zh) 一种网络拓扑的被动发现设备及其发现方法
EP3499837A1 (en) Ot system monitoring method, apparatus, system, and storage medium
EP3993331B1 (en) Flow metadata exchanges between network and security functions for a security service
CN113039755B (zh) 用于工业控制系统的监测方法、装置、系统和计算机可读介质
US11785048B2 (en) Consistent monitoring and analytics for security insights for network and security functions for a security service
US11888900B2 (en) Cryptographic security audit using network service zone locking
Spiekermann et al. Challenges of network forensic investigation in virtual networks
Paul et al. Towards the protection of industrial control systems–conclusions of a vulnerability analysis of profinet IO
US9749150B2 (en) Method and system for monitoring network communications
CN108933707B (zh) 一种工业网络的安全监控系统及方法
Akande et al. Limitations of passively mapping logical network topologies
Tenkanen et al. Security assessment of a distributed, modbus-based building automation system
US9992083B1 (en) System to detect network egress points
CN111343033B (zh) 一种面向多层差异的网络管理系统
Ndonda et al. A public network trace of a control and automation system
EP3166280B1 (en) Integrated security system having threat visualization and automated security device control
EP3166281B1 (en) Integrated security system having threat visualization
James Network Automation Methodology for Detecting Rogue Switch
Chang et al. Enabling situational awareness in operational technology environments through software defined networking
Lontorfos Securely accessing remote sensors in critical infrastructures.
Liu et al. Community Cleanup: Incentivizing Network Hygiene via Distributed Attack Reporting
KR100938647B1 (ko) 플로우 데이터 분석 결과에 따라 이를 저장하는 장치 및방법

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant