CN113792018A - Operation and maintenance system and method for realizing file secure exchange - Google Patents

Operation and maintenance system and method for realizing file secure exchange Download PDF

Info

Publication number
CN113792018A
CN113792018A CN202111365947.9A CN202111365947A CN113792018A CN 113792018 A CN113792018 A CN 113792018A CN 202111365947 A CN202111365947 A CN 202111365947A CN 113792018 A CN113792018 A CN 113792018A
Authority
CN
China
Prior art keywords
maintenance
identification
file
task
asset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111365947.9A
Other languages
Chinese (zh)
Other versions
CN113792018B (en
Inventor
张晓东
孔令武
关勇
王永峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Luoan Technology Co Ltd
Original Assignee
Beijing Luoan Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Luoan Technology Co Ltd filed Critical Beijing Luoan Technology Co Ltd
Priority to CN202210195988.6A priority Critical patent/CN114741693B/en
Priority to CN202111365947.9A priority patent/CN113792018B/en
Publication of CN113792018A publication Critical patent/CN113792018A/en
Application granted granted Critical
Publication of CN113792018B publication Critical patent/CN113792018B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/004Error avoidance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3612Software analysis for verifying properties of programs by runtime analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/164File meta data generation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/80Management or planning

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Human Computer Interaction (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An operation and maintenance system and method for realizing file safety exchange are applied to an operation and maintenance system comprising an external asset receiving unit, a transmission supervision unit and an operation and maintenance execution unit, and the three are connected through a physical interface to establish a file safety protection pipeline; the received operation and maintenance information contained in each operation and maintenance file corresponds to a plurality of identification information; configuring the type of the identification information and establishing an identification core, wherein the identification core comprises a file identification and a plurality of identification information associated with the file identification; after the format is transferred, the operation and maintenance file and the identification core are sent to a transmission monitoring unit; executing a file safety protection pipeline by using a parallel processing technology of an image processor to obtain an identification chain corresponding to the operation and maintenance file; and adding the operation and maintenance asset information to the database according to the identification chain, creating an operation and maintenance task corresponding to the asset, and completing the operation and maintenance task corresponding to the identification chain. The invention avoids the virus carried by the received file, damages the operation and maintenance assets in the operation and maintenance system, and can also prevent the illegal transmission of the operation and maintenance file.

Description

Operation and maintenance system and method for realizing file secure exchange
Technical Field
The present invention relates to the field of file transmission technologies, and in particular, to a system and a method for secure exchange of files in an operation and maintenance scenario.
Background
With the technological update of the times, an intelligent production mode for gradually realizing the automation and informatization of manufacturing plants becomes a trend, and monitoring and managing these production equipment is an important work for ensuring the normal operation of production.
The current operation and maintenance system of an enterprise mainly aims to realize the operation of equipment or the collection of data, and does not supervise the file transmission between an external network and the equipment. In actual operation, files carrying viruses or other problems have no specific influence on irrelevant devices, but in the process of file transmission between devices, the files carrying the viruses or other problems are damaged or destroyed on the relevant devices once being transmitted to the relevant devices, so that the whole production system of an enterprise is influenced.
After receiving the problem prompt, the maintenance personnel can maintain and restore the equipment, and cannot thoroughly destroy the files carrying the viruses or other problems, and the files carrying the viruses or other problems still contact the equipment or other related equipment after the maintenance and restoration in the later transmission process, so that the files carrying the viruses or other problems cannot be thoroughly deleted from the source.
Therefore, the problems of the prior art are to be further improved and developed.
Disclosure of Invention
The object of the invention is: in order to solve the problems in the prior art, the invention aims to provide a method for safely exchanging an operation and maintenance asset with an external asset file of an operation and maintenance system in an operation and maintenance scene.
The technical scheme is as follows: in order to solve the above technical problem, the present technical solution provides an operation and maintenance system for implementing secure exchange of files, wherein,
the system comprises an external asset receiving unit, a transmission monitoring unit and an operation and maintenance execution unit, wherein the external asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit are physically and separately provided with independent central processing units, are connected through a physical interface and establish a file safety protection pipeline through upstream and downstream data transmission;
the in-vitro asset receiving unit comprises a format conversion module, an identification adding module and a pipeline starting module;
the format conversion module performs unified format conversion on each received operation and maintenance file, and sets a unique file identifier for the operation and maintenance file after format conversion through the identifier adding module, wherein the operation and maintenance information contained in each operation and maintenance file corresponds to a plurality of identifier information;
the pipeline starting module is used for configuring the type of the identification information and establishing an identification core, and the identification core comprises a file identification and a plurality of identification information associated with the file identification; the pipeline starting module sends the operation and maintenance file and the identification core after format conversion to a transmission monitoring unit through a physical interface;
the transmission monitoring unit comprises a central processing unit and an image processor, and executes a file safety protection pipeline by using the parallel processing technology of the image processor to obtain an identification chain corresponding to the operation and maintenance file;
and the operation and maintenance execution unit adds the operation and maintenance asset information to the database according to the identification chain, creates an operation and maintenance task corresponding to the asset and completes the operation and maintenance task corresponding to the identification chain.
The operation and maintenance system for realizing the safe exchange of the files comprises an operation and maintenance identification cluster creating module, wherein the operation and maintenance identification cluster creating module is used for receiving an identification core sent by a pipeline starting module, calculating identification information and an identification information sequence associated with the identification core, and obtaining an identification cluster consisting of the identification information corresponding to the file identification and the identification information sequence according to calculation.
The operation and maintenance system for realizing the safe exchange of the files is characterized in that the operation and maintenance identification cluster creating module creates different safety protection pipelines for processing by an image processor according to the attributes of created identification clusters; the attribute of the identification cluster comprises a log file, a content file and an instruction file according to the difference of the operation and maintenance files.
The operation and maintenance system for realizing the file security exchange comprises an operation and maintenance identification cluster creating module, an image processor and a plurality of file security protection pipelines, wherein the operation and maintenance identification cluster creating module sends the identification cluster obtained by calculation and the file security protection pipelines corresponding to the identification cluster to the image processor, and the image processor executes the file security protection pipelines through parallel operation.
The operation and maintenance system for realizing the file security exchange executes a plurality of file security protection pipelines through the parallel operation of an image processor, wherein each security protection pipeline comprises a first protection task computing stage, the first protection task computing stages of the file security protection pipelines are respectively connected with a task resetting logic switch, and the task resetting logic switch is connected with the cache of the image processor.
The operation and maintenance system for realizing the file security exchange is characterized in that the task resetting logic switch performs dynamic switching of task logic according to first calculation result values of a plurality of identification clusters, comprises correlation operation among the plurality of identification clusters, calculates values sent to a security protection pipeline by the identification clusters, and sends the calculated identification clusters to a second protection task calculation stage of the corresponding security protection pipeline or sends the calculated identification clusters to a first protection task calculation stage of the corresponding security protection pipeline in a backflow mode.
The operation and maintenance system for realizing the file security exchange is characterized in that the operation task of the task reset logic switch further comprises instruction operation for combining calculation and carrying out security detection.
The operation and maintenance system for realizing the file security exchange is characterized in that the task resetting logic switch is connected with a cache, and the calculation data completed in the first protection task calculation stage of each security protection pipeline can be stored in the cache; the task resetting logic switch can read the calculation results of the first protection task calculation stage at different times from the cache according to the calculation results or settings, namely, the data of T time and the data before the T1 time period can be subjected to fusion calculation.
The operation and maintenance system for realizing the file secure exchange comprises a second protection task computing stage, wherein the second protection task computing stage is used for overhauling or lengthening a task cluster according to an instruction given by a task reset logic switch to obtain a final identification chain, and a calculation result of the identification chain is sent to an operation and maintenance execution unit through a data interface.
An operation and maintenance method for realizing file safety exchange is applied to an operation and maintenance system comprising an external asset receiving unit, a transmission monitoring unit and an operation and maintenance execution unit, wherein the three operation and maintenance systems are physically separated and provided with independent central processing units, the three operation and maintenance systems are connected through a physical interface, and a file safety protection pipeline is established through upstream and downstream data transmission; the method specifically comprises the following steps:
the method comprises the following steps: the in-vitro asset receiving unit performs unified format conversion on each received operation and maintenance file, unique file identification is set for the operation and maintenance file after format conversion, and operation and maintenance information contained in each operation and maintenance file corresponds to a plurality of identification information;
step two: configuring the type of identification information and establishing an identification core, wherein the identification core comprises a file identification and a plurality of identification information associated with the file identification; the operation and maintenance file and the identification core after format conversion are sent to a transmission monitoring unit through a physical interface;
step three: the transmission monitoring unit comprises a central processing unit and an image processor, and executes a file safety protection pipeline by using the parallel processing technology of the image processor to obtain an identification chain corresponding to the operation and maintenance file;
step four: and the operation and maintenance execution unit adds the operation and maintenance asset information to the database according to the identification chain, creates an operation and maintenance task corresponding to the asset and completes the operation and maintenance task corresponding to the identification chain.
(III) the beneficial effects are as follows: the operation and maintenance system and the method for realizing the safe exchange of the files identify the operation and maintenance files outside the operation and maintenance system, the in-vitro asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit of the operation and maintenance system are physically independent and are used for the respective independent central processing units, and the in-vitro asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit are connected through physical interfaces, so that the operation and maintenance files can be safely processed by different physical computing parts of the operation and maintenance system conveniently, and the processing speed is improved. The in-vitro asset receiving unit filters part of abnormal contents through the unified format conversion of the operation and maintenance file; in addition, the operation and maintenance files are managed in a unified mode through file identification and identification information; and finally, calculating the management relation of the identification information in the pipeline starting module to form an identification cluster of the operation and maintenance file, and sending the identification cluster to the transmission monitoring unit. The transmission monitoring unit lengthens or prunes the identification cluster by using the safety protection pipeline operated by the image processor, in the process, the task resetting logic switch is used for adjusting different task prevention calculation stages of the safety protection pipeline, data are interacted among different safety protection pipelines, and therefore an identification chain corresponding to the operation and maintenance file outside the operation and maintenance system is obtained, namely all management labels associated with the operation and maintenance file are associated in the identification chain, and the operation and maintenance execution unit is convenient to finish the operation and maintenance task corresponding to the operation and maintenance file outside the body. The invention also avoids the virus carried by the received file, damages the operation and maintenance assets in the operation and maintenance system, and prevents the illegal transmission of the operation and maintenance file.
Drawings
FIG. 1 is an architecture diagram of the operation and maintenance system of the present invention;
FIG. 2 is a functional block diagram of an in vitro asset receiving unit and transmission monitoring unit of the present invention;
FIG. 3 is a first schematic diagram of the logic structure of the safety protection pipeline of the transmission monitoring unit according to the present invention;
FIG. 4 is a schematic diagram of a second logic structure of the safety protection pipeline of the transmission monitoring unit according to the present invention;
FIG. 5 is a schematic diagram of the logical architecture of the OAM unit of the present invention;
FIG. 6 is a schematic diagram of a logic structure of the operation/maintenance warning module according to the present invention;
FIG. 7 is a flow chart of an operation and maintenance method for implementing secure exchange of files according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to preferred embodiments, and more details are set forth in the following description in order to provide a thorough understanding of the present invention, but it is apparent that the present invention can be embodied in many other forms different from the description herein and can be similarly generalized and deduced by those skilled in the art based on the practical application without departing from the spirit of the present invention, and therefore, the scope of the present invention should not be limited by the contents of this detailed embodiment.
The drawings are schematic representations of embodiments of the invention, and it is noted that the drawings are intended only as examples and are not drawn to scale and should not be construed as limiting the true scope of the invention.
A method for safely exchanging files in an operation and maintenance scene is directed at the safe exchange of files between an operation and maintenance asset and an asset outside the operation and maintenance asset in the operation and maintenance environment of the operation and maintenance system.
The operation and maintenance system of the present invention adopts the following architecture, as shown in fig. 1, specifically including: the system comprises an in-vitro asset receiving unit, a management unit and a management unit, wherein the in-vitro asset receiving unit is used for uniformly receiving files sent to an operation and maintenance system; the transmission monitoring unit is used for protecting the safety of the in-vitro operation and maintenance file; and the operation and maintenance execution unit is used for performing operation and maintenance management on the safe in-vitro operation and maintenance file detected and completed by the transmission monitoring unit.
The in-vitro asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit are physically arranged in a separated mode, and data transmission can be carried out among the in-vitro asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit in a wireless mode or can be connected in a physical connection interface mode. The invention preferably selects a physical connection interface mode to realize data transmission among the three. The in-vitro asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit are connected through physical interfaces, as shown in fig. 1, the in-vitro asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit are provided with independent central processing units, the processing speed of each central processing unit is improved through physical separation, and the safety performance of data transmission is controlled through the physical interfaces.
The in-vitro asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit establish a file safety protection pipeline through upstream and downstream data transmission.
The in-vitro asset receiving unit firstly interacts with an account management module and a verification module of the operation and maintenance execution unit, and receives the operation and maintenance file sent by the in-vitro network after the access authority of the operation and maintenance system is obtained. The operation and maintenance file comprises: hardware asset inventory and control, software asset inventory and control, persistent vulnerability management, controlling the use of administrator privileges, protecting the configuration of software and hardware on mobile devices, laptops, workstations and servers, and the like. Hardware asset inventory and control includes: the basic information of the host computer comprises a host name, a host IP and the like, and also comprises host control information comprising: service group, responsible person, machine room position, label, fixed asset number; hardware cleaning information: the system comprises a system kernel, a CPU, an internal memory, a hard disk, a magnetic disk use distribution and other hardware information; the software installed: including applications, drivers, utilities and plug-ins and their respective versions; virtual environment details including mirroring, etc. The in-vitro asset receiving unit receives a plurality of operation and maintenance files with different types, different formats and large data volume, for example, the preferred operation and maintenance system management comprises more than 400 business numbers, more than 20 host computers, more than 800 custom attributes and more than 1000 daily interface call volumes, and supports complex operation and maintenance management of covering business data, application data, basic software, machine room equipment and the like.
The in-vitro asset receiving unit comprises a format conversion module, an identification adding module and a pipeline starting module, as shown in fig. 2, the format conversion module extracts file information from received operation and maintenance files, converts the file information into a uniform format supported by an operation and maintenance system, and adds an identification to the received operation and maintenance files through the identification adding module, each operation and maintenance file has a unique file identification, the operation and maintenance information contained in each operation and maintenance file also identifies corresponding identification information, and each file identification contains a plurality of identification information. The pipeline starting module is used for configuring the type of the identification information and establishing an identification core, wherein the identification core comprises a file identification and a plurality of identification information associated with the file identification. The identification information may be management tags at various granularities of the operation and maintenance system. And the pipeline starting module establishes an identification core and sends the identification core to other parts of the file security protection pipeline for subsequent operation and maintenance information processing. The in-vitro asset receiving unit identifies and extracts information of the operation and maintenance file, converts the information into a uniform format, establishes the identification core, removes part of malicious codes possibly hidden in the operation and maintenance file in the process, improves the safety performance of the operation and maintenance file, and simultaneously starts a file safety protection pipeline through the pipeline starting module.
And the pipeline starting module of the in-vitro asset receiving unit sends the format-converted operation and maintenance file and the identification core to the transmission monitoring unit through a physical interface. The transmission monitoring unit comprises a central processing unit and an image processor, and executes a file safety protection pipeline by using the parallel processing technology of the image processor to obtain an identification chain corresponding to the operation and maintenance file; and the operation and maintenance execution unit adds the operation and maintenance asset information to the database according to the identification chain, creates an operation and maintenance task corresponding to the asset and completes the operation and maintenance task corresponding to the identification chain.
Preferably, the transmission monitoring unit includes an operation and maintenance identification cluster creating module, configured to receive an identification core sent by the pipeline starting module, calculate identification information and an identification information sequence associated with the identification core, and obtain an identification cluster formed by the identification information corresponding to the file identification and the identification information sequence according to the calculation. For example, an account corresponding to a physical address of a calculator is changed, and information such as corresponding mailbox setting, VPN setting, configuration of internal software and the like is added to an identification core as an identification attribute to form an identification cluster.
The operation and maintenance identification cluster creation module is a configurable module, and different rules for creating the identification cluster can be configured according to requirements. The operation and maintenance identification cluster creating module creates different safety protection pipelines according to the attributes of the created identification clusters to be processed by the image processor. The attribute of the identification cluster comprises a log file, a content file, an instruction file and the like according to different operation and maintenance files, and can be obtained by configuring the operation and maintenance identification cluster creating module.
And the operation and maintenance identification cluster creating module sends the calculated identification cluster and the file safety protection pipelines corresponding to the identification cluster to the graphics processor, and executes a plurality of file safety protection pipelines through parallel operation of the graphics processor. The safety protection pipeline comprises a first protection task computing stage, the first protection task computing stage of the file safety protection pipelines is respectively connected with the task resetting logic switch, and the task resetting logic switch is connected with the cache of the image processor. The task resetting logic switch performs dynamic switching of task logic according to the first calculation result values of the plurality of identification clusters, including correlation operations among the plurality of identification clusters, calculates the values sent by the identification clusters to the safety protection pipeline, and sends the calculated identification clusters to the second protection task calculation stage of the corresponding safety protection pipeline, or sends the calculated identification clusters to the first protection task calculation stage of the corresponding safety protection pipeline in a backflow manner, as shown in fig. 3. The operation of the task reset logic switch, as shown in fig. 4, includes task reflow calculation, task merge calculation, and instruction operation for performing security detection. The task resetting logic switch is connected with the cache, and the calculation data completed in the first protection task calculation stage of each safety protection pipeline can be stored in the cache; the task resetting logic switch can read the calculation results of the first protection task calculation stage at different times from the cache according to the calculation results or settings, namely, the data of T time and the data before the T1 time period can be subjected to fusion calculation.
A preferred embodiment of the task reset logic switch of the safety protection pipeline is as follows: setting the attribute of the first safety protection pipeline as an instruction file, the attribute of the second safety protection pipeline as a log file, and the attribute of the third safety protection pipeline as an in-content file.
The task resetting logic switch receives the identification cluster calculated in the first protection task calculation stage of the first safety protection pipeline and carries out correlation operation with the identification cluster in the first protection task calculation stage of the second safety protection pipeline, the calculated identification cluster needs to continue to carry out control instruction calculation calculated in the first protection task calculation stage of the first safety protection pipeline, and then the calculated identification cluster is sent to the calculation in the first protection task calculation stage of the first safety protection pipeline for backflow calculation. This condition may be used by the second safety protection pipeline to extract information about the change of the control instruction, thereby performing a reflow calculation on the identified cluster of control instructions.
The task resetting logic switch receives the identification cluster calculated in the first protection task calculation stage of the first safety protection pipeline and the identification cluster calculated in the first protection task calculation stage of the third safety protection pipeline to perform correlation operation, obtains two identification clusters which need to be combined and calculated after the calculated identification clusters are obtained, and sends the calculated identification clusters to the second protection task calculation stage of the third safety protection pipeline for calculation and combination calculation. The situation can be used for the content type file of the third safety protection pipeline and the control instruction of the first safety protection pipeline to be the warning type change data of the operation and maintenance equipment, the combined data is sent to the second protection task settlement stage of the third safety protection pipeline, the sandbox calling sub-modules of the second protection task settlement stage are used for carrying out unified sandbox operation, the safety degree of the identification cluster is detected, the identification cluster is lengthened or pruned to obtain a safe identification chain, and the operation and maintenance file outside the operation and maintenance system is received in the form of the safe identification chain.
And the second protection task computing stage overhauls or lengthens the task cluster according to an instruction given by the task resetting logic to obtain a final identification chain, and sends an identification chain computing result to the operation and maintenance execution unit through a data interface. The identification chain contains all identification information of an operation and maintenance file related to the operation and maintenance system. The safety protection pipeline can be added with a protection execution task after the second task protection calculation stage, and the protection execution task comprises a file segmentation scanning sub-module, a white list filtering sub-module, a sandbox calling sub-module and the like according to different configurations of the safety protection pipeline, so that different operation and maintenance files are subjected to safety detection.
The file segmentation scanning submodule segments the confidential file in advance and stores the confidential file in the storage module of the transmission monitoring unit in advance to obtain a transmission confidential file block. Along with the transmission of the operation and maintenance file, the file segmentation scanning sub-module segments the operation and maintenance file, compares the operation and maintenance file with the confidential file blocks stored in the storage module, and realizes the comparison between the operation and maintenance file and the confidential file blocks, thereby confirming whether the operation and maintenance file is transmitted illegally.
And the white list filtering submodule filters the files needing to be transmitted, so that the confidential information is prevented from being transmitted. The sandbox calling submodule operates the control instruction in the operation and maintenance file in the sandbox to obtain a simulation result, so that whether the operation and maintenance file carries viruses or a BUG exists is judged, and the operation and maintenance assets in the operation and maintenance system are prevented from being damaged.
The operation and maintenance execution unit comprises an account management module and a verification module, and the in-vitro asset receiving unit can start to receive in-vitro operation and maintenance files after the in-vitro asset receiving unit interacts with the in-vitro asset receiving unit through the account management module and the verification module. The operation and maintenance execution unit further comprises an operation and maintenance distribution module, a database module, a monitoring module, an operation and maintenance display module and an operation and maintenance warning module, as shown in fig. 5. And the operation and maintenance distribution module adds the operation and maintenance asset information to the database according to the identification chain with the identification information and the safely processed operation and maintenance file corresponding to the identification chain, and creates an operation and maintenance task corresponding to the asset. The monitoring module is used for monitoring the operation and maintenance of each operation and maintenance asset to realize the operation and maintenance of each asset. And the operation and maintenance display module is used for displaying the operation and maintenance condition of each operation and maintenance asset by the operation and maintenance system. The abnormal conditions of the operation and maintenance units corresponding to the operation and maintenance assets in the operation and maintenance are sent to the operation and maintenance warning module, and the operation and maintenance warning module warns and reminds the abnormal conditions of the operation and maintenance.
The operation and maintenance warning module preferably adopts a new logic mode for notifying the abnormal operation and maintenance requests so as to improve the notification feedback rate of the operation and maintenance warning. Firstly, the operation and maintenance warning module establishes a notification architecture diagram, which can be in a shape of a Chinese character 'jin', from the top layer to the bottom layer, and comprises an alarm point and a notification executor connected with the alarm point, as shown in fig. 6; each alarm point comprises a fixed threshold number of notification executors and an alarm point notifier list, and a plurality of alarm points are connected according to an incidence relation; and the notification execution of the alarm points is artificially fixed by a threshold number and is selected from a notifier list. The notification list stores various completion conditions such as feedback time, execution speed and completion condition of the notifier for executing the task, and carries out comprehensive scoring. And the notification executor selects the notifier with high comprehensive score from the notifier list to fill up the notifier so as to improve the efficiency of notification execution and facilitate subsequent feedback performance statistics. In addition, the comprehensive score informing the executor influences the connection length of the alarm point nodes, and if the comprehensive score of the second-level alarm point executor is lower than a first threshold, the alarm information of the second-level alarm point is reported to the first-level alarm point connected with the second-level alarm point, so that the alarm level of the alarm is improved.
A method for file security exchange in an operation and maintenance scene is applied to an operation and maintenance system comprising an external asset receiving unit, a transmission supervision unit and an operation and maintenance execution unit, wherein the three operation and maintenance systems are physically separated and provided with independent central processing units, are connected through a physical interface and establish a file security protection pipeline through upstream and downstream data transmission; the method specifically comprises the following steps as shown in fig. 7:
the method comprises the following steps: the in-vitro asset receiving unit performs unified format conversion on each received operation and maintenance file, unique file identification is set for the operation and maintenance file after format conversion, and operation and maintenance information contained in each operation and maintenance file corresponds to a plurality of identification information;
step two: configuring the type of identification information and establishing an identification core, wherein the identification core comprises a file identification and a plurality of identification information associated with the file identification; the operation and maintenance file and the identification core after format conversion are sent to a transmission monitoring unit through a physical interface;
step three: the transmission monitoring unit comprises a central processing unit and an image processor, and executes a file safety protection pipeline by using the parallel processing technology of the image processor to obtain an identification chain corresponding to the operation and maintenance file;
step four: and the operation and maintenance execution unit adds the operation and maintenance asset information to the database according to the identification chain, creates an operation and maintenance task corresponding to the asset and completes the operation and maintenance task corresponding to the identification chain.
Other steps of the operation and maintenance method for realizing the file security exchange are described in detail in the system and are not repeated herein.
The operation and maintenance system and the method for realizing the safe exchange of the files identify the operation and maintenance files outside the operation and maintenance system, the in-vitro asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit of the operation and maintenance system are physically independent and are used for the respective independent central processing units, and the in-vitro asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit are connected through physical interfaces, so that the operation and maintenance files can be safely processed by different physical computing parts of the operation and maintenance system conveniently, and the processing speed is improved. The in-vitro asset receiving unit filters part of abnormal contents through the unified format conversion of the operation and maintenance file; in addition, the operation and maintenance files are managed in a unified mode through file identification and identification information; and finally, calculating the management relation of the identification information in the pipeline starting module to form an identification cluster of the operation and maintenance file, and sending the identification cluster to the transmission monitoring unit. The transmission monitoring unit lengthens or prunes the identification cluster by using the safety protection pipeline operated by the image processor, in the process, the task resetting logic switch is used for adjusting different task prevention calculation stages of the safety protection pipeline, data are interacted among different safety protection pipelines, and therefore an identification chain corresponding to the operation and maintenance file outside the operation and maintenance system is obtained, namely all management labels associated with the operation and maintenance file are associated in the identification chain, and the operation and maintenance execution unit is convenient to finish the operation and maintenance task corresponding to the operation and maintenance file outside the body. The invention also avoids the virus carried by the received file, damages the operation and maintenance assets in the operation and maintenance system, and prevents the illegal transmission of the operation and maintenance file.
The above description is provided for the purpose of illustrating the preferred embodiments of the present invention and will assist those skilled in the art in more fully understanding the technical solutions of the present invention. However, these examples are merely illustrative, and the embodiments of the present invention are not to be considered as being limited to the description of these examples. For those skilled in the art to which the invention pertains, several simple deductions and changes can be made without departing from the inventive concept, and all should be considered as falling within the protection scope of the invention.

Claims (10)

1. An operation and maintenance system for realizing the safe exchange of files is characterized in that,
the system comprises an external asset receiving unit, a transmission monitoring unit and an operation and maintenance execution unit, wherein the external asset receiving unit, the transmission monitoring unit and the operation and maintenance execution unit are physically separated and provided with independent central processing units, are connected through a physical interface and establish a file safety protection pipeline through upstream and downstream data transmission;
the in-vitro asset receiving unit comprises a format conversion module, an identification adding module and a pipeline starting module;
the format conversion module performs unified format conversion on each received operation and maintenance file, and sets a unique file identifier for the operation and maintenance file after format conversion through the identifier adding module, wherein the operation and maintenance information contained in each operation and maintenance file corresponds to a plurality of identifier information;
the pipeline starting module is used for configuring the type of the identification information and establishing an identification core, and the identification core comprises a file identification and a plurality of identification information associated with the file identification; the pipeline starting module sends the operation and maintenance file and the identification core after format conversion to a transmission monitoring unit through a physical interface;
the transmission monitoring unit comprises a central processing unit and an image processor, and executes a file safety protection pipeline by using the parallel processing technology of the image processor to obtain an identification chain corresponding to the operation and maintenance file;
and the operation and maintenance execution unit adds the operation and maintenance asset information to the database according to the identification chain, creates an operation and maintenance task corresponding to the asset and completes the operation and maintenance task corresponding to the identification chain.
2. The operation and maintenance system for realizing the secure exchange of the files according to claim 1, wherein the transmission monitoring unit comprises an operation and maintenance identification cluster creation module, configured to receive the identification cores sent by the pipeline starting module, calculate identification information and an identification information sequence associated with the identification cores, and obtain, according to the calculation, an identification cluster formed by the identification information and the identification information sequence corresponding to the file identification.
3. The operation and maintenance system for realizing the safe exchange of the files according to claim 2, wherein the operation and maintenance identification cluster creating module creates different safety protection pipelines for the image processor to process according to the attributes of the created identification clusters; the attribute of the identification cluster comprises a log file, a content file and an instruction file according to the difference of the operation and maintenance files.
4. The system according to claim 3, wherein the operation and maintenance identification cluster creation module sends the calculated identification cluster and the file security protection pipeline corresponding to the identification cluster to the graphics processor, and executes a plurality of file security protection pipelines through parallel operations of the graphics processor.
5. The operation and maintenance system for realizing the secure exchange of the files according to claim 4, wherein a plurality of file security protection pipelines are executed through the parallel operation of the graphics processor, the security protection pipeline includes a first protection task computing stage, the first protection task computing stages of the plurality of file security protection pipelines are respectively connected to a task resetting logic switch, and the task resetting logic switch is connected to the cache of the graphics processor.
6. The operation and maintenance system for realizing secure exchange of files according to claim 5, wherein the task reset logic switch performs dynamic switching of task logic according to the first calculation result values of the plurality of identified clusters: the method comprises the steps of calculating correlation operations among a plurality of identification clusters, calculating a numerical value sent to a safety protection pipeline by the identification clusters, and sending the calculated identification clusters to a second protection task calculation stage of the corresponding safety protection pipeline, or sending the calculated identification clusters to a first protection task calculation stage of the corresponding safety protection pipeline in a backflow mode.
7. The operation and maintenance system for realizing the secure exchange of the files according to claim 6, wherein the task of the task reset logic switch further comprises an instruction operation for combining calculation and performing security detection.
8. The operation and maintenance system for implementing secure exchange of files according to claim 7, wherein the task reset logic switch is connected to a cache of the graphics processor, and the computation data completed in the first protection task computation stage of each secure protection pipeline is stored in the cache; and the task resetting logic switch reads the calculation results of the first protection task calculation stage at different times from the cache according to the calculation results or the setting, and performs fusion calculation on the data at the time T and the data before the time T1.
9. The operation and maintenance system for realizing the secure exchange of the files according to claim 8, wherein the second protection task computing stage overhauls or lengthens the task cluster according to the instruction given by the task reset logic switch to obtain a final identification chain, and sends the calculation result of the identification chain to the operation and maintenance execution unit through the data interface.
10. An operation and maintenance method for realizing file safety exchange is applied to an operation and maintenance system comprising an external asset receiving unit, a transmission monitoring unit and an operation and maintenance execution unit, wherein the three operation and maintenance systems are physically separated and provided with independent central processing units, are connected through a physical interface and establish a file safety protection pipeline through upstream and downstream data transmission; the method specifically comprises the following steps:
the method comprises the following steps: the in-vitro asset receiving unit performs unified format conversion on each received operation and maintenance file, unique file identification is set for the operation and maintenance file after format conversion, and operation and maintenance information contained in each operation and maintenance file corresponds to a plurality of identification information;
step two: configuring the type of identification information and establishing an identification core, wherein the identification core comprises a file identification and a plurality of identification information associated with the file identification; the operation and maintenance file and the identification core after format conversion are sent to a transmission monitoring unit through a physical interface;
step three: the transmission monitoring unit comprises a central processing unit and an image processor, and executes a file safety protection pipeline by using the parallel processing technology of the image processor to obtain an identification chain corresponding to the operation and maintenance file;
step four: and the operation and maintenance execution unit adds the operation and maintenance asset information to the database according to the identification chain, creates an operation and maintenance task corresponding to the asset and completes the operation and maintenance task corresponding to the identification chain.
CN202111365947.9A 2021-11-18 2021-11-18 Operation and maintenance system and method for realizing file secure exchange Active CN113792018B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210195988.6A CN114741693B (en) 2021-11-18 2021-11-18 Operation and maintenance system and method for safety protection
CN202111365947.9A CN113792018B (en) 2021-11-18 2021-11-18 Operation and maintenance system and method for realizing file secure exchange

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111365947.9A CN113792018B (en) 2021-11-18 2021-11-18 Operation and maintenance system and method for realizing file secure exchange

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202210195988.6A Division CN114741693B (en) 2021-11-18 2021-11-18 Operation and maintenance system and method for safety protection

Publications (2)

Publication Number Publication Date
CN113792018A true CN113792018A (en) 2021-12-14
CN113792018B CN113792018B (en) 2022-01-21

Family

ID=78877349

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202210195988.6A Active CN114741693B (en) 2021-11-18 2021-11-18 Operation and maintenance system and method for safety protection
CN202111365947.9A Active CN113792018B (en) 2021-11-18 2021-11-18 Operation and maintenance system and method for realizing file secure exchange

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202210195988.6A Active CN114741693B (en) 2021-11-18 2021-11-18 Operation and maintenance system and method for safety protection

Country Status (1)

Country Link
CN (2) CN114741693B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129277A1 (en) * 2001-03-12 2002-09-12 Caccavale Frank S. Using a virus checker in one file server to check for viruses in another file server
CN107577588A (en) * 2017-09-26 2018-01-12 北京中安智达科技有限公司 A kind of massive logs data intelligence operational system
CN111061555A (en) * 2019-12-22 2020-04-24 济南浪潮数据技术有限公司 Operation and maintenance method based on infrastructure and related device
CN111754359A (en) * 2020-05-22 2020-10-09 江南大学 Safety monitoring method and system for intelligent manufacturing industrial big data processing platform
CN111800277A (en) * 2020-09-10 2020-10-20 浙江浙能技术研究院有限公司 Serialization method of binary file penetration reverse isolation device
CN112416872A (en) * 2020-06-05 2021-02-26 山西云时代技术有限公司 Cloud platform log management system based on big data
CN112560051A (en) * 2020-11-27 2021-03-26 北京明朝万达科技股份有限公司 Industrial data security management method and device, electronic equipment and storage medium
WO2021061715A1 (en) * 2019-09-25 2021-04-01 Shift5, Inc. Passive monitoring and prevention of unauthorized firmware or software upgrades between computing devices

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030041097A1 (en) * 2001-07-11 2003-02-27 Alexander Tormasov Distributed transactional network storage system
US8706745B1 (en) * 2008-05-30 2014-04-22 Symantec Corporation Systems and methods for determining a file set
US10606844B1 (en) * 2015-12-04 2020-03-31 Ca, Inc. Method and apparatus for identifying legitimate files using partial hash based cloud reputation
EP3788488A1 (en) * 2018-04-30 2021-03-10 Dover Microsystems, Inc. Systems and methods for checking safety properties
CN112579387A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Business system monitoring method and device, storage medium and equipment
US11531757B2 (en) * 2019-12-12 2022-12-20 Mcafee, Llc Ransomware detection and mitigation

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129277A1 (en) * 2001-03-12 2002-09-12 Caccavale Frank S. Using a virus checker in one file server to check for viruses in another file server
CN107577588A (en) * 2017-09-26 2018-01-12 北京中安智达科技有限公司 A kind of massive logs data intelligence operational system
WO2021061715A1 (en) * 2019-09-25 2021-04-01 Shift5, Inc. Passive monitoring and prevention of unauthorized firmware or software upgrades between computing devices
CN111061555A (en) * 2019-12-22 2020-04-24 济南浪潮数据技术有限公司 Operation and maintenance method based on infrastructure and related device
CN111754359A (en) * 2020-05-22 2020-10-09 江南大学 Safety monitoring method and system for intelligent manufacturing industrial big data processing platform
CN112416872A (en) * 2020-06-05 2021-02-26 山西云时代技术有限公司 Cloud platform log management system based on big data
CN111800277A (en) * 2020-09-10 2020-10-20 浙江浙能技术研究院有限公司 Serialization method of binary file penetration reverse isolation device
CN112560051A (en) * 2020-11-27 2021-03-26 北京明朝万达科技股份有限公司 Industrial data security management method and device, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
马英: "智能制造信息系统工控安全的研究与应用", 《仪器仪表用户》 *

Also Published As

Publication number Publication date
CN114741693A (en) 2022-07-12
CN113792018B (en) 2022-01-21
CN114741693B (en) 2022-11-15

Similar Documents

Publication Publication Date Title
JP6568654B2 (en) System and method for identifying compromised devices in an industrial control system
CN111756601B (en) Microservice architecture monitoring method and device, computer equipment and readable storage medium
CN109164780A (en) A kind of industrial field device control method based on edge calculations, apparatus and system
CN111708749A (en) Operation log recording method and device, computer equipment and storage medium
CN101321084A (en) Method and apparatus for generating configuration rules for computing entities within a computing environment using association rule mining
US11263266B2 (en) Traffic anomaly sensing device, traffic anomaly sensing method, and traffic anomaly sensing program
EP4028915A1 (en) Inferring security incidents from observational data
JP2016505981A (en) Real-time representation of security-related system status
JPWO2013140608A1 (en) Method and system for supporting analysis of root cause of event
CN112527534A (en) Service processing method, device, equipment and storage medium based on message queue
JP2022118108A (en) Log auditing method, device, electronic apparatus, medium and computer program
WO2017080161A1 (en) Alarm information processing method and device in cloud computing
JP2023550974A (en) Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same
CN113792018B (en) Operation and maintenance system and method for realizing file secure exchange
CN103824017A (en) Method and platform for monitoring rogue programs
CN111899018B (en) Order data processing method, device, server and storage medium
JP5949785B2 (en) Information processing method, apparatus and program
CN114553682A (en) Real-time alarm method, system, computer equipment and storage medium
CN114503132A (en) Debugging and profiling of machine learning model training
US11709723B2 (en) Cloud service framework
JP2019049802A (en) Failure analysis supporting device, incident managing system, failure analysis supporting method, and program
CN114679295B (en) Firewall security configuration method and device
CN113626147B (en) Ocean platform computer control method and system based on virtualization technology
CN114138615A (en) Service alarm processing method, device, equipment and storage medium
CN105743667B (en) A kind of access management-control method, apparatus and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant