CN113422721A - Method for realizing mimicry industrial edge computing gateway - Google Patents
Method for realizing mimicry industrial edge computing gateway Download PDFInfo
- Publication number
- CN113422721A CN113422721A CN202110971317.XA CN202110971317A CN113422721A CN 113422721 A CN113422721 A CN 113422721A CN 202110971317 A CN202110971317 A CN 202110971317A CN 113422721 A CN113422721 A CN 113422721A
- Authority
- CN
- China
- Prior art keywords
- heterogeneous
- edge computing
- edge
- mimicry
- pool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5072—Grid computing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/566—Grouping or aggregating service requests, e.g. for unified processing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a realization method of a mimicry industrial edge computing gateway. The industrial edge computing gateway related by the method is applied to an industrial field, and is mainly used for analyzing and computing according to field collected data and controlling and feeding back on the industrial edge field according to a computing result. According to the invention, the execution body pool of the edge calculation module is obtained through the three-dimensional isomerism of the operating system, the development language and the compiling switch, so that the isomerism degree among a plurality of execution bodies is greatly increased, and the situation that a gateway is broken due to the vulnerability of a single execution body is prevented; and performing one-way contact communication interaction between each online executive and other gateway modules by adopting a publish/subscribe mode, performing edge calculation according to the acquired data, performing arbitration after the result, and finally performing field feedback control according to the arbitration result.
Description
Technical Field
The invention relates to the technical field of computer communication, in particular to a realization method of a mimicry industrial edge computing gateway.
Background
The industrial edge computing gateway is connected with field equipment at the lower part and connected with a cloud platform at the key position of the upper part and the lower part. The self equipment management capability of the gateway enables the data to reach a gateway layer, partial pre-analysis is carried out on the collected data through edge calculation, and then the data are uploaded to a cloud platform; or the device can also make a direct response through the edge calculation result and send a feedback command to the edge device.
The industrial internet is moving from closed isolation to open convergence, and the current network space has many security problems, and vulnerabilities and backdoors are becoming the biggest insecure factors, especially the edge computing gateway in the data exchange and processing center, and once the unknown vulnerability backdoor in the system is utilized, the whole industrial internet can be damaged seriously.
At present, an industrial internet space defense system is essentially defended against the security threat of known characteristics or behaviors, the effective defense is established on the basis of accurately mastering attack information, attack targets, characteristics, ways, behaviors, mechanisms and the like need to be mastered when effective defense is carried out, and the defense belongs to 'reinforcing sheep death' type passive defense on the basis.
The mimicry defense architecture adopts a dynamic heterogeneous redundancy mechanism to improve reliability and attack resistance, an industrial internet system designed based on the mimicry architecture has high safety, and the stability of an attack chain is fundamentally attacked by showing external or internal uncertainty or dynamics. The simulated industrial edge computing gateway defense does not pursue to establish a flawless, loophole-free, backdoor-free and perfect and flawless defense system, but a dynamic, heterogeneous and redundant system architecture is constructed. The detectability of the system is reduced by increasing the dynamic property of the edge computing system, the randomness of the edge computing system is increased, the permeability of the system is reduced, the heterogeneous redundancy of the edge computing system is increased, the difficulty of the cooperative attack is improved, the dynamic property, the randomness and the diversity of the system are increased, and the implementation difficulty of links of an attack chain is improved.
Chinese patent CN 111884996 a, "a plausible switch arbitration system and method based on credibility measurement" proposes an implementation method of a plausible switch arbitration system, which includes a forwarding plane, a management interface agent, an intermediate adaptation module, a forwarding plane agent, a plurality of heterogeneous executors, a plausible arbitration module based on credibility measurement, and a situation awareness and negative feedback scheduling module. Specifically, setting a quasi-state switch arbitration element; input information is distributed; collecting output information; a mimicry adjudication based on a confidence measure; issuing a judgment result, sensing switch threat situation and scheduling an execution body; the mimicry arbitration based on the confidence measure comprises: establishing an executive trusted index tree; collecting and updating execution body credible index data; calculating the credible weight of the output result of each executive body; and calculating the credibility of each output result.
Disclosure of Invention
The invention aims to provide a realization method of a mimicry industrial edge computing gateway, which achieves the aim of protecting an edge computing module and greatly improves the safety and reliability of the industrial edge computing gateway
In order to achieve the purpose, the invention provides the following technical scheme:
the application discloses a realization method of a mimicry industrial edge computing gateway, which specifically comprises the following steps:
s1, carrying out isomerism on the edge calculation executives to obtain an edge calculation heterogeneous executant pool, wherein the edge calculation heterogeneous executant pool is composed of a plurality of edge calculation heterogeneous executives; the edge computing executables are heterogeneous including but not limited to operating system dimension heterogeneous, programming language dimension heterogeneous and compiler switch dimension heterogeneous,
s2, selecting a plurality of edge calculation heterogeneous executives from the edge calculation heterogeneous executives pool to be online, and performing field data acquisition;
s3, the edge computing heterogeneous executive body computes the acquired field data to obtain a corresponding operation instruction;
and S4, the edge computing heterogeneous executive body sends the operation instruction to the mimicry arbitration module to perform mimicry arbitration, and outputs the final operation instruction to the feedback control module.
Preferably, in step S2, 3 edge-computation heterogeneous executives are selected from the edge-computation heterogeneous executives pool and come on-line.
Preferably, the acquiring of the field data in step S2 specifically includes the following operations: the field data acquisition module respectively publishes the field data to a channel of 'data _ executive body ID', and the online edge computing heterogeneous executive bodies subscribe to the field data from respective channels.
Preferably, the step S4, the delivering the operation instruction to the mimicry arbitration module by the edge-computing heterogeneous executor specifically includes issuing the operation instruction to the "cmd _ online executor ID" channel by the edge-computing heterogeneous executor, and the mimicry arbitration module subscribes to all the "cmd _ online executor ID" channels to obtain a plurality of operation instructions.
Preferably, the mimicry arbitration in the step S4 adopts mimicry selective multi-arbitration.
Preferably, in the step S1, the dimension heterogeneous of the operating system adopts a base image of Ubuntu and centros; the dimensionality isomerism of the programming language adopts three programming languages of C, GOLang and JAVA; the compile switch dimension heterogeneity employs static compile and dynamic compile options.
Preferably, the edge computing heterogeneous executive pool in S1 includes 12 edge computing heterogeneous executors, and the 12 edge computing heterogeneous executors are numbered from 0 to 11.
The invention has the beneficial effects that:
in the invention, the edge calculation executors are heterogeneous from multiple dimensions through different operating systems, programming languages and compiling options, so that a plurality of executors are prevented from being simultaneously attacked to form differential mode or common mode attack; the edge computing heterogeneous executives are not communicated with each other, and only communicate with the field data acquisition module and the mimicry arbitration module in a publishing/subscribing mode, so that the situation that one executor is broken to cause other executives to be broken and further form differential mode or common mode attack is prevented; the difficulty of attacking the industrial edge computing gateway system through the unknown vulnerability backdoor is greatly increased, and the safety and the reliability of the mimicry industrial edge computing gateway system are improved.
The features and advantages of the present invention will be described in detail by embodiments in conjunction with the accompanying drawings.
Drawings
FIG. 1 is a system architecture diagram of a method of implementing a simulated industrial edge computing gateway of the present invention;
FIG. 2 is a diagram of a heterogeneous scheme for an edge computation executor.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood, however, that the description herein of specific embodiments is only intended to illustrate the invention and not to limit the scope of the invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
Referring to fig. 2, the present invention provides a method for implementing a mimicry industrial edge computing gateway, which includes performing isomerism on an edge computing executable from three dimensions of an operating system, a programming language and a compiling option: the method comprises the following steps of Ubuntu and Centos two basic mirror images, C, GOLang and JAVA programming languages, static compiling and dynamic compiling, and therefore the edge computing heterogeneous executive body pool comprising 12 edge computing heterogeneous executive bodies is achieved.
Referring to fig. 1, in the present invention, 3 edge computing heterogeneous executives are randomly selected from an edge computing heterogeneous executives pool to be on-line, and each executor communicates with the outside by using a publish/subscribe method: the field data acquisition module respectively publishes the field data to a channel of 'data _ executive body ID', and the online edge computing heterogeneous executive bodies subscribe to the field data from respective channels; the operation instruction obtained after the edge calculation of each executive body is issued to the channel of 'cmd _ executive body ID', and the mimicry arbitration module subscribes the channel acquisition results.
The invention discloses a method for realizing a mimicry industrial edge computing gateway, wherein the system processing flow is shown in figure 1, and the method comprises the following steps:
(1) carrying out isomerism on the edge computing executable to obtain an edge computing heterogeneous executable pool, and randomly selecting three edge computing heterogeneous executables from the edge computing heterogeneous executable pool to be online;
(2) the field data acquisition module respectively publishes data to a channel of 'data _ executive body ID', and three online edge computing heterogeneous executive bodies subscribe the data from respective channels;
(3) the three online edge computing heterogeneous executors perform edge computation and obtain an operation instruction, and the operation instruction is issued to a 'cmd _ online executer ID' channel;
(4) the mimicry judging module subscribes all the ID channels of the cmd _ online executant, performs mimicry judging after obtaining the operation instructions of the three online edge calculation heterogeneous executants, and outputs the final operation instruction to the feedback control module;
the following is a specific embodiment, after acquiring data from production line equipment, the mimicry industrial edge control gateway performs edge calculation processing on the data, and then performs feedback control on the equipment according to an edge calculation result; a hacker breaks an executive body according to the code loophole and implants the executive body into a back door, and the mimicry industrial edge computing gateway can actively defend the attack.
The implementation method of the invention comprises the following procedures:
1. the field data acquisition module distributes data to all 'data _ executor IDs'. The three online edge computing heterogeneous executors subscribe to data of respective channels;
2. a hacker calculates the code loophole of the heterogeneous executive according to a certain edge and implants the code loophole into a back door, the calculated result is tampered, and the pipeline speed is divided by 2;
3. hackers try to attack other edge computing heterogeneous executors as well, and the multi-dimensional heterogeneous mode among the edge computing heterogeneous executors cannot be successful;
4. the mimicry arbitration module subscribes all ' cmd _ executives ' ID ' and obtains an operation instruction, wherein the instruction of two normal edge computing heterogeneous executives is ' deceleration ', and the instruction of the edge computing heterogeneous executives which are broken is ' unchanged ';
5. and the mimicry judging module performs feedback control by using deceleration according to the judging result and replaces the damaged edge computing heterogeneous executives in the edge computing heterogeneous executives pool.
In summary, in the invention, the edge computing heterogeneous executors are firstly heterogeneous from three dimensions of an operating system, a programming language and a compiling switch, and meanwhile, the edge computing heterogeneous executors are in one-way contact with other systems in a subscription/release manner, so that the difficulty of tampering and attacking the edge computing system is greatly increased; the method can prevent differential mode or common mode attacks caused by the fact that a plurality of executions are attacked by the same bug, and prevent other executions from being attacked due to the fact that one execution is attacked. The method greatly increases the difficulty of attacking the edge computing system through the unknown vulnerability backdoor, and improves the safety and reliability of the mimicry industrial edge computing gateway system.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents or improvements made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (7)
1. A realization method of a mimicry industrial edge computing gateway is characterized by comprising the following steps:
s1, carrying out isomerism on the edge calculation executives to obtain an edge calculation heterogeneous executant pool, wherein the edge calculation heterogeneous executant pool is composed of a plurality of edge calculation heterogeneous executives; the edge computing executables are heterogeneous including but not limited to operating system dimension heterogeneous, programming language dimension heterogeneous and compiler switch dimension heterogeneous,
s2, selecting a plurality of edge calculation heterogeneous executives from the edge calculation heterogeneous executives pool to be online, and performing field data acquisition;
s3, the edge computing heterogeneous executive body computes the acquired field data to obtain a corresponding operation instruction;
and S4, the edge computing heterogeneous executive body sends the operation instruction to the mimicry arbitration module to perform mimicry arbitration, and outputs the final operation instruction to the feedback control module.
2. The method of claim 1, wherein the method comprises: in step S2, 3 edge-computation heterogeneous executors are selected from the edge-computation heterogeneous executors pool.
3. The method of claim 1, wherein the method comprises: the field data acquisition in the step S2 specifically includes the following operations: the field data acquisition module respectively publishes the field data to a channel of 'data _ executive body ID', and the online edge computing heterogeneous executive bodies subscribe to the field data from respective channels.
4. The method of claim 1, wherein the method comprises: the step S4, in which the edge computing heterogeneous executor sends the operation instruction to the mimicry arbitration module specifically includes the following operations, the edge computing heterogeneous executor issues the operation instruction to the "cmd _ online executor ID" channel, and the mimicry arbitration module subscribes all the "cmd _ online executor ID" channels to obtain a plurality of operation instructions.
5. The method of claim 1, wherein the method comprises: the mimicry arbitration in the step S4 adopts mimicry multi-decision.
6. The method of claim 1, wherein the method comprises: in the step S1, the dimension heterogeneous of the operating system adopts a basic image of Ubuntu and centros; the dimensionality isomerism of the programming language adopts three programming languages of C, GOLang and JAVA; the compile switch dimension heterogeneity employs static compile and dynamic compile options.
7. The method of claim 1, wherein the method comprises: the edge computing heterogeneous executable pool in S1 includes 12 edge computing heterogeneous executors, and the 12 edge computing heterogeneous executors are numbered from 0 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110971317.XA CN113422721B (en) | 2021-08-24 | 2021-08-24 | Method for realizing mimicry industrial edge computing gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110971317.XA CN113422721B (en) | 2021-08-24 | 2021-08-24 | Method for realizing mimicry industrial edge computing gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113422721A true CN113422721A (en) | 2021-09-21 |
| CN113422721B CN113422721B (en) | 2021-11-09 |
Family
ID=77719446
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110971317.XA Active CN113422721B (en) | 2021-08-24 | 2021-08-24 | Method for realizing mimicry industrial edge computing gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113422721B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114866329A (en) * | 2022-05-24 | 2022-08-05 | 天津市枫尚通信科技有限公司 | Threat situation prediction method applying AI and big data analysis and threat perception system |
| CN116016040A (en) * | 2022-12-28 | 2023-04-25 | 国网智能电网研究院有限公司 | Mimicry edge gateway for access of electric power Internet of things terminal and mimicry processing method |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019095374A1 (en) * | 2017-11-20 | 2019-05-23 | Nokia Shanghai Bell Co., Ltd. | Apparatus, system and method for security management based on event correlation in a distributed multi-layered cloud environment |
| CN110022349A (en) * | 2019-01-17 | 2019-07-16 | 重庆邮电大学 | A kind of isomery industrial network device configuration micro services method based on edge calculations |
| CN110445787A (en) * | 2019-08-09 | 2019-11-12 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Heterogeneous testing device and method based on DHR framework mimicry defense platform |
| CN110505228A (en) * | 2019-08-23 | 2019-11-26 | 上海宽带技术及应用工程研究中心 | Big data processing method, system, medium and device based on edge cloud framework |
| CN111314214A (en) * | 2020-05-11 | 2020-06-19 | 之江实验室 | Mimicry industrial edge gateway and mimicry processing method |
| CN111416865A (en) * | 2020-03-24 | 2020-07-14 | 河南信大网御科技有限公司 | Protocol proxy processing method and system based on mimicry defense |
| CN111866030A (en) * | 2020-09-21 | 2020-10-30 | 之江实验室 | Industrial protocol identification device and method of mimicry edge gateway |
| CN112291253A (en) * | 2020-11-05 | 2021-01-29 | 南京邮电大学 | Heterogeneous redundancy-based server safety scheduling method in multi-access edge calculation |
-
2021
- 2021-08-24 CN CN202110971317.XA patent/CN113422721B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019095374A1 (en) * | 2017-11-20 | 2019-05-23 | Nokia Shanghai Bell Co., Ltd. | Apparatus, system and method for security management based on event correlation in a distributed multi-layered cloud environment |
| CN110022349A (en) * | 2019-01-17 | 2019-07-16 | 重庆邮电大学 | A kind of isomery industrial network device configuration micro services method based on edge calculations |
| CN110445787A (en) * | 2019-08-09 | 2019-11-12 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Heterogeneous testing device and method based on DHR framework mimicry defense platform |
| CN110505228A (en) * | 2019-08-23 | 2019-11-26 | 上海宽带技术及应用工程研究中心 | Big data processing method, system, medium and device based on edge cloud framework |
| CN111416865A (en) * | 2020-03-24 | 2020-07-14 | 河南信大网御科技有限公司 | Protocol proxy processing method and system based on mimicry defense |
| CN111314214A (en) * | 2020-05-11 | 2020-06-19 | 之江实验室 | Mimicry industrial edge gateway and mimicry processing method |
| CN111866030A (en) * | 2020-09-21 | 2020-10-30 | 之江实验室 | Industrial protocol identification device and method of mimicry edge gateway |
| CN112291253A (en) * | 2020-11-05 | 2021-01-29 | 南京邮电大学 | Heterogeneous redundancy-based server safety scheduling method in multi-access edge calculation |
Non-Patent Citations (1)
| Title |
|---|
| 张兴明等: "拟态防御马尔可夫博弈模型及防御策略选择", 《通信学报》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114866329A (en) * | 2022-05-24 | 2022-08-05 | 天津市枫尚通信科技有限公司 | Threat situation prediction method applying AI and big data analysis and threat perception system |
| CN116016040A (en) * | 2022-12-28 | 2023-04-25 | 国网智能电网研究院有限公司 | Mimicry edge gateway for access of electric power Internet of things terminal and mimicry processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113422721B (en) | 2021-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wu | Cyberspace mimic defense | |
| Chen et al. | A survey on ethereum systems security: Vulnerabilities, attacks, and defenses | |
| Cheng et al. | Orpheus: Enforcing cyber-physical execution semantics to defend against data-oriented attacks | |
| Aditya et al. | A survey on blockchain in robotics: Issues, opportunities, challenges and future directions | |
| CN113422721B (en) | Method for realizing mimicry industrial edge computing gateway | |
| CN109002721A (en) | Mining analysis method for information security vulnerability | |
| He et al. | Detection of vulnerabilities of blockchain smart contracts | |
| CN109871681A (en) | Android malware detection method is loaded towards dynamic code based on hybrid analysis | |
| US20240291863A1 (en) | Systems and Methods for Detecting Phishing-Based Cybersecurity Threats | |
| Eyisi et al. | Energy-based attack detection in networked control systems | |
| Alsobeh et al. | Integrating data-driven security, model checking, and self-adaptation for IoT systems using BIP components: A conceptual proposal model | |
| Aloseel et al. | Analytical review of cybersecurity for embedded systems | |
| US11706192B2 (en) | Integrated behavior-based infrastructure command validation | |
| Lahbib et al. | An event-B based approach for formal modelling and verification of smart contracts | |
| WO2021021573A1 (en) | Distribution of neural networks with blockchains | |
| Cao et al. | A survey on security in consensus and smart contracts | |
| Li et al. | Taming message-passing communication in compositional reasoning about confidentiality | |
| Van Bossuyt et al. | Model based resilience engineering for design and assessment of mission critical systems containing artificial intelligence components | |
| CN117034263A (en) | Application method of intelligent contract in unmanned aerial vehicle cluster | |
| Chondamrongkul et al. | Formal Security Analysis for Blockchain-based Software Architecture. | |
| Eke et al. | Framework for Detecting APTs Based on Steps Analysis and Correlation | |
| Aliabadi et al. | ARTINALI++: Multi-dimensional specification mining for complex cyber-physical system security | |
| Zhu et al. | IoT Security Detection Method Based on Multifeature and Multineural Network Fusion | |
| Zahid et al. | Security risk mitigation of cyber physical systems: a case study of a flight simulator | |
| Kibret | Property-based attestation in device swarms: a machine learning approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |