CN114363018B - Industrial data transmission method, device, equipment and storage medium - Google Patents
Industrial data transmission method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114363018B CN114363018B CN202111566410.9A CN202111566410A CN114363018B CN 114363018 B CN114363018 B CN 114363018B CN 202111566410 A CN202111566410 A CN 202111566410A CN 114363018 B CN114363018 B CN 114363018B
- Authority
- CN
- China
- Prior art keywords
- industrial
- message
- data transmission
- white list
- value range
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Selective Calling Equipment (AREA)
Abstract
The invention discloses an industrial data transmission method, an industrial data transmission device, industrial data transmission equipment and an industrial data storage medium, and belongs to the technical field of industrial control. The invention checks the first message according to the industrial white list by receiving the first message issued by the control center, and issues the first message which can meet the industrial white list to the remote control system, thereby ensuring legal compliance transmission of remote data and achieving effective monitoring and control of the remote control system by the control center.
Description
Technical Field
The present invention relates to the field of industrial control technologies, and in particular, to an industrial data transmission method, apparatus, device, and storage medium.
Background
In industrial environments such as smart fields, smart grids, environmental detection, etc., tens of thousands of remote control Systems (RTUs) are used, and communication between these RTUs and a control center relies on a device known as a remote Data Transfer Unit (DTU). The main function of the DTU is to convert serial data of the remote control system into IP messages, and communicate with the control center in a wireless mode to achieve the monitoring and control of the control center on the remote control system. The use of DTU is becoming more and more widespread today, where the internet is growing. It provides help for various industries and information and industry fusion among various industries.
The DTU products in the current market only solve the communication problems of serial data and control centers of remote equipment, and have no safety protection effect on a remote control system (RTU). Meanwhile, the DTU equipment is not protected by any safety means. For the problem that the DTU of the remote control system cannot defend against attacks, once an attacker attacks the DTU, a control center can lose monitoring and control of the remote control system, industrial production efficiency can be directly affected, and even enterprises stop producing.
Disclosure of Invention
The invention mainly aims to provide an industrial data transmission method, an industrial data transmission device, industrial data transmission equipment and an industrial data storage medium, and aims to solve the problem that the industrial data transmission safety cannot be guaranteed in the prior art.
To achieve the above object, the present invention provides an industrial data transmission method comprising the steps of:
acquiring a first message issued by a control center;
detecting whether the first message meets a preset industrial white list or not;
and if the first message meets the industrial white list, the first message is issued to a remote control system.
Optionally, the step of setting the industrial whitelist includes:
recording a normal function code and a normal value range received by normal operation in preset time of an industrial system;
and deploying the normal function code and the normal value range into a white list rule to obtain a corresponding industrial white list.
Optionally, the step of setting the industrial whitelist includes:
acquiring a preset function code and a preset value range of a target industrial environment;
and deploying the preset instruction and the preset value range into a white list rule to obtain a corresponding industrial white list.
Optionally, the step of obtaining the first message sent by the control center includes:
receiving a network message sent by a control center, and confirming a transmission protocol corresponding to the network message;
and analyzing the network message according to the transmission protocol to obtain a target message.
Optionally, the first message includes: the step of detecting whether the first message meets a preset industrial white list comprises the following steps:
confirming whether the target function code exists in the industrial white list;
confirming whether the target data value exceeds a value range in the industrial whitelist;
and if the target function code exists in the industrial white list and the target data value does not exceed the value range, the first message meets the industrial white list.
Optionally, after the step of detecting whether the first message meets a preset industrial white list, the method further includes:
and if the first message does not meet the industrial white list, blocking and alarming the target message.
Optionally, the step of sending the target message to a remote control system includes:
acquiring data transmission setting data of the target message;
and according to the data transmission setting data, the target message is issued to a corresponding remote control system.
Optionally, the industrial data transmission method further comprises the following steps:
receiving a second message sent by the remote control system;
detecting whether the second message meets a preset value range or not;
and if the second message does not meet the preset value range, sending a warning to the control center.
In addition, to achieve the above object, the present invention also provides an industrial data transmission apparatus, including:
the acquisition module is used for acquiring a first message issued by the control center;
the detection module is used for detecting whether the first message meets a preset industrial white list or not;
and the sending module is used for sending the first message to a remote control system if the first message meets the industrial white list.
Optionally, the detection module is further configured to:
recording a normal function code and a normal value range received by normal operation in preset time of an industrial system;
and deploying the normal instruction and the normal value range into a white list rule to obtain a corresponding industrial white list.
Optionally, the detection module is further configured to:
acquiring a preset function code and a preset value range of a target industrial environment;
and deploying the preset instruction and the preset value range into a white list rule to obtain a corresponding industrial white list.
Optionally, the acquiring module is further configured to:
receiving a network message sent by a control center, and confirming a transmission protocol corresponding to the network message;
and analyzing the network message according to the transmission protocol to obtain a first message.
Optionally, the detection module is further configured to:
confirming whether the target function code exists in the industrial white list;
confirming whether the target data value exceeds a value range in the industrial whitelist;
and if the target function code exists in the industrial white list and the target data value does not exceed the value range, the first message meets the industrial white list.
Optionally, the detection module is further configured to:
and if the first message does not meet the industrial white list, blocking and alarming the first message.
Optionally, the device further comprises an early warning module, wherein the early warning module is used for:
receiving a second message sent by the remote control system;
detecting whether the second message meets a preset value range or not;
and if the second message does not meet the preset value range, sending a warning to the control center.
In addition, to achieve the above object, the present invention also provides an industrial data transmission apparatus, comprising: a memory, a processor and an industrial data transmission program stored on the memory and executable on the processor, the industrial data transmission program being configured to implement the steps of the industrial data transmission method as described above.
In addition, in order to achieve the above object, the present invention also provides a storage medium, wherein an industrial data transmission program is stored on the storage medium, and the industrial data transmission program when executed by a processor implements the steps of the industrial data transmission method as described above.
According to the industrial data transmission method, device, system and storage medium, whether the function code and the data value in the first message meet a preset industrial white list is detected by acquiring the first message, and if the first message meets the industrial white list, the first message is sent to a remote control system. The method and the device realize detection of the first message sent by the control center through the industrial white list, and ensure legal and compliant transmission of remote data.
Drawings
FIG. 1 is a schematic diagram of an industrial data transmission device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flow chart of a first embodiment of an industrial data transmission method according to the present invention;
FIG. 3 is a schematic diagram of a refinement flow of the industrial whitelist setting step of the industrial data transmission method of FIG. 3;
FIG. 4 is a diagram of an industrial data transmission device with respect to an industrial whitelist command level;
FIG. 5 is a flow chart of a fourth embodiment of the industrial data transmission method of the present invention;
FIG. 6 is a schematic diagram of an industrial data transmission method of the present invention;
fig. 7 is a schematic diagram of functional modules of an embodiment of an industrial data transmission method according to the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an industrial data transmission device of a hardware operation environment according to an embodiment of the present invention.
As shown in fig. 1, the industrial data transmission apparatus may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM) Memory or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
It will be appreciated by those skilled in the art that the structure shown in fig. 1 is not limiting of an industrial data transmission device and may include more or fewer components than shown, or certain components may be combined, or a different arrangement of components.
As shown in fig. 1, an operating system, a data storage module, a network communication module, a user interface module, and an industrial data transmission program may be included in the memory 1005 as one type of storage medium.
In the industrial data transmission device shown in fig. 1, the network interface 1004 is mainly used for data communication with other devices; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the industrial data transmission apparatus of the present invention may be provided in an industrial data transmission apparatus which invokes an industrial data transmission program stored in the memory 1005 through the processor 1001 and performs the industrial data transmission method provided by the embodiment of the present invention.
An embodiment of the present invention provides an industrial data transmission method, and referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of an industrial data transmission method according to the present invention.
In this embodiment, the industrial data transmission method includes the following steps:
step S10, a first message issued by a control center is obtained;
step S20, detecting whether the first message meets a preset industrial white list;
step S30, if the first message meets the industrial white list, the first message is issued to a remote control system.
In this embodiment, an industrial data transmission method is provided, which is used in an industrial data transmission device to detect the security of a message transmitted from a control center and transmit the message. In industrial remote control, an operator transmits a control instruction to a near-end controller (generally a programmable controller PLC) through a communication network by using remote control equipment such as a computer, a mobile phone and the like, and the PLC receives the control instruction and converts the instruction into a machine language instruction through an internal programmable memory, so that the equipment is controlled, and the purposes of remote monitoring, remote control and remote equipment maintenance are achieved. In the process of issuing control instructions to an industrial controller or an industrial remote control system, the control instructions are transmitted through a remote data transmission device, and then the remote data transmission device plays a role of a 'transfer station'. For data sent to the remote control system by the control center, the current remote data transmission device (Distribution Terminal Unit, DTU) does not detect compliance and legitimacy of the data, and validity protection of the remote control system is not achieved. Therefore, the industrial remote transmission device of the invention has the added function of detecting the received message so as to ensure the safety of the remote control system executing the instruction.
The following will explain each step in detail:
step S10, a first message issued by a control center is obtained;
in one embodiment, a first message from a control center is obtained. Firstly, acquiring a message issued by a control center to a remote control system, further checking the issued first message, and particularly, all messages issued by the control center pass through the industrial data transmission device, so that the industrial data transmission device can acquire the first message, and then the first message is issued by the device to the remote control system.
Step S20, detecting whether the first message meets a preset industrial white list;
in an embodiment, the obtained first message is detected, and whether a preset industrial white list is met is judged. The industrial remote control transmission device analyzes the first message, only the data of the industrial protocol is remained, and the data is transmitted to the industrial white list detection function to detect the data, including the detection of protocol compliance and the instruction detection of the issued message. The industrial white list is a rule which is set in advance and legal and compliance, different functional codes represent different instructions in industrial data, and whether the instructions are legal and compliance can be judged by detecting whether the functional codes in the first message are specified in the white list or not through specifying the legal functional codes.
Further, in an embodiment, after the step of detecting whether the first message meets a preset industrial white list, the method further includes:
and S21, blocking and alarming the first message if the first message does not meet the industrial white list.
In an embodiment, if the first message does not meet the industrial white list, blocking and alarming the first message. It will be appreciated that, through learning or manual deployment, the industrial whitelist module has obtained the function codes and range of values commonly used between the remote data transmission device and the remote control system. Before the function code and the data value which are not in the white list appear and are sent to the remote control system, the industrial white list in the remote data transmission device can block and alarm the function code and the data value, so that the function of protecting the industrial control unit can be achieved.
Step S30, if the first message meets the industrial white list, the first message is issued to a remote control system.
In one embodiment, if the first message satisfies the industry whitelist, a message indicating compliance may be issued to the remote control system. The first message satisfies the industrial white list, that is, the data in the message is recorded in the white list, so that the white list is set based on the normal operation of industrial production, and if the instruction in the first message does not exceed the range of the white list, the instruction is normal operation and can be issued to the remote control system for execution.
According to the embodiment, the first message issued by the control center is acquired and the white list detection is carried out, and the compliant message is issued to the remote control system, so that the remote control system associated with the industrial data transmission device can be protected by network security, illegal operation instructions and abnormal data are intercepted, the illegal operation instructions and the abnormal data are prevented from being attacked and damaged, and the stable operation of the industrial system is guaranteed.
Further, based on the first embodiment of the industrial data transmission method of the present invention, a second embodiment of the industrial data transmission method of the present invention is proposed.
Referring to fig. 3, fig. 3 is a detailed flow chart of an industrial whitelist setting step of the industrial data transmission method according to the present invention, and in a second embodiment, the industrial whitelist setting step includes:
step S22, recording a normal function code and a normal value range received by normal operation of the industrial system in preset time;
and S23, deploying the normal function code and the normal value range into a white list rule to obtain a corresponding industrial white list.
In one embodiment, a normal function code, normal value range received by an industrial system during normal operation is recorded. Specifically, in normal production operation, there are instructions and value fields to be executed, these data will flow through the device, the device learns these data, and it can see what protocol is the protocol that receives the first message, then can analyze this protocol, after learning the protocol, it can see which function codes are running in this time, and the writing operation and the reading operation have which values, these values and function codes are recorded, because these data are all data collected in industrial production, if industrial production accident is caused by which function codes or data values, these values cannot be added to the white list. The preset time may be a production cycle, a month, or other preset time set according to practical situations. Therefore, the technical scheme forms a white list rule by acquiring the normal function code and the normal value range, and then obtains the corresponding industrial white list.
Further, in an embodiment, the setting step of the industrial whitelist includes:
step S24, obtaining a preset function code and a preset value range of a target industrial environment;
step S25, deploying the preset instruction and the preset value range into a white list rule, so as to obtain a corresponding industrial white list.
In an embodiment, by directly acquiring the preset function code and the preset value field of the target industrial environment, such as an operator on an industrial site, which is familiar with the industrial environment, learning is not needed, the function code and the value field which can be applied in the scene are directly deployed, it can be understood that when a professional knows what operation is needed in the target industrial scene, knows whether the industrial unit needs to perform operations such as reading, writing, switching and the like, learning is not needed, the preset function code and the preset value field of the operator can be directly deployed, but for the operation which is not familiar with the industrial site and the industrial control unit, a white list can be obtained through learning, and a specific mode is selected to set the white list according to actual conditions.
Further, in an embodiment, the target message includes: the step of detecting whether the first message meets a preset industrial white list comprises the following steps:
step S26, confirming whether the target function code exists in the industrial white list;
step S27, confirming whether the target data value exceeds a value range in the industrial white list;
step S28, if the target function code exists in the industrial whitelist and the target data value does not exceed the value range, the first message satisfies the industrial whitelist.
In this embodiment, the target message includes a target function code and a target data value, and whether the target message satisfies a preset industrial whitelist is determined by determining whether the target function code exists in the industrial whitelist and determining whether the target data value exceeds a value range in the industrial whitelist.
The following will explain each step in detail:
step S26, confirming whether the target function code exists in the industrial white list;
in one embodiment, it is determined whether the target function code in the first message is present in the industrial whitelist. It will be appreciated that when the master device sends information to the slave device, the function code will tell the slave device which actions need to be performed, e.g. to read the incoming switch state, read the data content of a set of registers, etc. Specifically, when the communication protocol is Modbus, the function code is used to indicate the use of a Modbus information frame, for example, function code 01 is a read coil state, and 02 is a read input state. Thus, the detection of the target function, i.e. the action that the detection control center requires the remote control system to perform, if the target function is not present in the industrial whitelist, i.e. the operation to be performed has not been performed before or is an operation that is not compliant.
Step S27, confirming whether the target data value exceeds a value range in the industrial white list;
in one embodiment, it is determined whether the target data value exceeds a value range specified in the industry whitelist. It will be appreciated that, for example, a write operation may be performed on the industrial control unit, and the write operation may be writing a value, and then the value has a normal working range, for example, from 0 to 100, and if the value exceeds the normal working range, damage to the control unit or damage to the environment of industrial production may be caused, so that the industrial white list value range is set. Thus, it is confirmed whether the data value of the instruction in the first message exceeds the value range specified in the industrial whitelist. The value range may be set according to a specific industrial scenario.
Step S28, if the target function code exists in the industrial whitelist and the target data value does not exceed the value range, the first message satisfies a preset industrial whitelist.
In one embodiment, the industrial whitelist is considered to be satisfied if the target function code in the first message is present in the industrial whitelist and the target data value does not exceed the value range. It will be appreciated that, for both the occurrence of an abnormal function code and an abnormal data value, it is possible to affect the normal operation of the remote control system, and therefore, if either the target function code or the target data value does not meet the condition, it is considered that the preset industrial whitelist is not met, and the first message cannot be allowed to be issued.
Referring to fig. 4, fig. 4 is a configuration diagram of an industrial whitelist instruction level in the industrial data transmission device according to the present invention, and the configuration interface of the industrial whitelist instruction level as shown in the figure is normally written, and a user can input corresponding information according to a configuration column displayed in the configuration interface and click to determine when configuring, so that the device receives the configuration information and performs an operation according to the configuration information. Wherein the address codes are specified by different protocols; function code: when the master device sends information to the slave device, the function code will tell the slave device which actions need to be performed; start address: an address from which the instruction is issued. It should be noted that, in the figure, the function code input 1 is shown, and in the figure, the function code input write_single_coil (Write Single Coil register) is shown, and the start address input 1 is only an example. The following table shows the configuration of the industrial whitelist in the industrial data transmission device according to the present invention:
as shown in the above table, 9 parts of rule group name, access control list, rule number, learning switch, learning condition, increment learning, deployment switch, work mode, operation are configured. And configuring the access control list according to the white list configuration, learning which message flows, displaying the rule number after learning, and then, deploying the white list into the device by a point deployment switch. Wherein, rule group name: the descriptive name of the rule is customized, not less than 2 characters, and a rule group needs to be configured with at least 2 rules. Access control list: which messages are detected, such as incoming IP messages, may be set 192.168.2 according to the access control list. Rule number: the rule group contains the number of rules. Learning switch: after the configuration, whether to start learning or not. Learning conditions: learning progress. Incremental learning: whether incremental learning is required. The deployment switch: whether or not to be deployed into a device. Working mode: whether a learning state or a deployment state is currently in progress. The operation is as follows: deletion or modification of deployment rules. It should be noted that the configuration in the above table is only one configuration method of the industrial whitelist of the present invention, and is not limited to only such configuration.
The embodiment provides two modes of learning and manual deployment to obtain the industrial white list, is applicable to different scenes, and realizes the detection of validity, compliance and effectiveness of function codes and data values in serial data interacted between a control center and a remote control system by taking the industrial white list as a base line after the industrial white list is deployed.
Further, based on the foregoing embodiment of the industrial data transmission method of the present invention, a third embodiment of the industrial data transmission method of the present invention is provided, and in this embodiment, the step of obtaining the first packet sent by the control center includes:
step S11, receiving a network message issued by a control center, and confirming a transmission protocol corresponding to the network message;
and step S12, analyzing the network message according to the transmission protocol to obtain a first message.
In this embodiment, a network packet sent from a control center is received, and a transmission protocol of the use of the network packet is confirmed, and according to the transmission protocol, the network packet is firstly parsed to obtain a first packet, so that the content of the packet is conveniently detected later.
The following will explain each step in detail:
step S11, receiving a network message issued by a control center, and confirming a transmission protocol corresponding to the network message;
in this embodiment, a network message is received, and a transmission protocol of the use of the network message is confirmed. The transmission protocol, i.e. the industrial communication protocol, refers to rules and conventions that must be followed by two entities in the industrial control field to complete communication or service. There are many industrial protocols, such as modbus communication protocol, RS-232 communication protocol, RS-485 communication protocol, OPC communication protocol, and different protocols applied in each industrial scenario, and we support the analysis of multiple protocols. When a network message is received, the protocol of the application layer of the scene is modbus, the network message is analyzed to obtain a first message, and then detection is performed.
And step S12, analyzing the network message according to the transmission protocol to obtain a first message.
In an embodiment, after indicating which protocol is used for the data carried by the network message, parsing is performed to obtain a first message that can be identified by the remote control system. The network message, i.e. the IP message, is a data unit transmitted at the network layer. The industrial data transmission device receives the IP message, and transmits the serial data to the remote control system, wherein the IP message and the serial message are messages in two different operation modes, one is a serial data message, the other is a network data message, and the industrial remote control system can only recognize the serial data, so that the industrial data transmission device cannot directly transmit the serial data, and therefore the IP message transmitted from the wireless network card is received to be converted into the serial data and then transmitted to the RTU. Specifically, the IP packet is generally formed by multiple layers, and generally includes: the data link layer, the IP layer, the transmission layer and the application layer generally operate in the application layer, after the IP message is taken, the data head is required to be stripped off, only the data of the application layer is left, the data of the application layer can be identified to the industrial control unit, and the data of the application layer is taken as a first message.
In the embodiment, the serial message which can be identified by the remote control system is obtained by detecting and analyzing the transmission protocol of the first message, and the industrial data transmission device supports the analysis of various transmission protocols so as to realize the data transmission of the control center and the remote control system and the detection of the safety and rationality of the message data.
Further, based on the previous embodiment of the industrial data transmission method of the present invention, a fourth embodiment of the industrial data transmission method of the present invention is proposed.
Referring to fig. 5, fig. 5 is a schematic flow chart of a fourth embodiment of the industrial data transmission method according to the present invention, wherein the fourth embodiment of the industrial data transmission method according to the present invention is different from the previous embodiment of the industrial data transmission method in that the industrial data transmission method further comprises the following steps:
step S40, receiving a second message sent by the remote control system;
step S50, detecting whether the second message meets a preset value range;
and step S60, if the second message does not meet the preset value range, a warning is sent to the control center.
According to the embodiment, the second message sent by the remote control system is received, the second message is detected, and when the value exceeding the preset value range appears in the second message, an alarm is sent to the control center, so that the industrial remote control system can acquire data to monitor, abnormal values can be early-warned, and the safe operation of an industrial production line and industrial equipment is ensured.
The following will explain each step in detail:
step S40, receiving a second message sent by the remote control system;
in one embodiment, a second message from the remote control system is received. It will be appreciated that the remote control system collects data according to instructions from the remote control center, for example: the different systems are not identical for collecting temperature, humidity, liquid level, etc. After collection, the data needs to be sent back to the control center for storage or analysis. In order to avoid acquisition of some error data or abnormal data in the acquired data, the second message is acquired first so as to further detect the second message.
Step S50, detecting whether the second message meets a preset value range;
in an embodiment, it is determined whether the second message meets a preset value range, that is, whether the data collected in the message exceeds the preset value range. The checking value range set for the data collected by the remote control system is set in two modes, namely through learning for a period of time and is set empirically.
Step S60, if the second message does not meet the preset value range, a warning is sent to the control center.
In one embodiment, a warning is issued to the control center if the second message does not satisfy the value range. It can be understood that if the data in the second message exceeds the value of the preset value range, a warning needs to be sent to the control center, and if no problem is confirmed, the value range can be expanded, and the preset value range can be adjusted. If the second message meets the preset value range, converting the second message into a network message and sending the network message back to the control center.
It should be noted that, because the network message and the serial message cannot be directly transmitted, and similarly, when the serial data is sent out through the wireless network card, the serial data needs to be converted into the network message first, so that the industrial data transmission device supports the mutual conversion between the network message and the serial message. When a second message sent by the remote control system is received, detection is firstly carried out, and if the preset value range is met, the second message is converted into a network message and sent to the control center.
Referring to fig. 6, fig. 6 is a schematic diagram of an industrial data transmission method according to the present invention, which is described, the industrial data transmission apparatus according to the present invention can detect data from a control center and a remote control system and perform conversion between serial data and IP messages. After receiving the IP message from the wireless network card, converting the IP message into RS485 serial data through analysis, correspondingly acquiring the setting data of a data transmission device in the IP message, screening the serial data through an industrial white list, and transmitting the RS485 serial data to a remote control system after screening. When RS485 serial data sent by the industrial control system is received, the RS485 serial data is checked according to a preset value field (industrial protocol white list), and then converted into a network message to be sent to the wireless network card. The screening of data transmission data at the two ends of the control center and the remote control system is realized, so that the stable operation of the industrial system is ensured.
In the first embodiment, step S40, step S50, and step S60 may be performed before, after, or simultaneously with step S10, step S20, and step S30.
According to the embodiment, the second message sent by the remote control system is obtained, whether the second message meets the preset value range is detected, if the second message does not meet the preset value range, a warning is sent to the control center, and the control center can be prevented from obtaining wrong remote control system data or alarming the wrong remote control system data, so that the remote control system is protected.
Referring to fig. 7, fig. 7 is a schematic diagram of functional modules of an embodiment of an industrial data transmission method according to the present invention. The industrial data transmission device of the present invention comprises:
in addition, to achieve the above object, the present invention also provides an industrial data transmission apparatus, including:
the acquisition module is used for acquiring a first message issued by the control center;
the detection module is used for detecting whether the first message meets a preset industrial white list or not;
and the sending module is used for sending the first message to a remote control system if the first message meets the industrial white list.
Optionally, the detection module is further configured to:
recording a normal function code and a normal value range received by normal operation in preset time of an industrial system;
and deploying the normal instruction and the normal value range into a white list rule to obtain a corresponding industrial white list.
Optionally, the detection module is further configured to:
acquiring a preset function code and a preset value range of a target industrial environment;
and deploying the preset instruction and the preset value range into a white list rule to obtain a corresponding industrial white list.
Optionally, the acquiring module is further configured to:
receiving a network message sent by a control center, and confirming a transmission protocol corresponding to the network message;
and analyzing the network message according to the transmission protocol to obtain a first message.
Optionally, the detection module is further configured to:
confirming whether the target function code exists in the industrial white list;
confirming whether the target data value exceeds a value range in the industrial whitelist;
and if the target function code exists in the industrial white list and the target data value does not exceed the value range, the first message meets the industrial white list.
Optionally, the detection module is further configured to:
and if the first message does not meet the industrial white list, blocking and alarming the target message.
Optionally, the device further comprises an early warning module, wherein the early warning module is used for:
receiving a second message sent by the remote control system;
detecting whether the second message meets a preset value range or not;
and if the second message does not meet the preset value range, sending a warning to the control center.
In addition, the embodiment of the invention also provides a storage medium. The storage medium of the present invention stores thereon an industrial data transmission program which, when executed by a processor, implements the steps of the industrial data transmission method as described above.
The method implemented when the industrial data transmission program running on the processor is executed may refer to various embodiments of the industrial data transmission method of the present invention, which are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (9)
1. An industrial data transmission method, characterized in that the industrial data transmission method comprises the following steps:
acquiring a first message issued by a control center;
detecting whether the first message meets a preset industrial white list or not;
if the first message meets the industrial white list, the first message is issued to a remote control system;
receiving a second message sent by the remote control system;
detecting whether the second message meets a preset value range or not;
if the second message does not meet the preset value range, a warning is sent to the control center;
if the second message meets the preset value range, converting the second message into a network message, and sending the network message to the control center;
the configuration method of the industrial white list comprises the following steps:
receiving configuration information input by a user at a configuration interface of an industrial whitelist instruction level, and configuring the industrial whitelist according to the configuration information, wherein the configuration interface of the industrial whitelist instruction level comprises: rule group name, access control list, rule number, learning switch, learning condition, incremental learning, deployment switch, working mode and operation;
the method comprises the steps that a rule group name is a name of a custom rule group, the rule group configures a plurality of rules, a message is included in an access control list, the number of the rules is the number of the rules contained in the rule group, a learning switch is a rule for starting learning configuration after rule configuration, the learning condition is a learning progress, a deployment switch is whether to deploy the rules into an industrial data transmission device, the working mode is a learning state or a deployment state, and the operation is to delete or change the deployed rules.
2. The industrial data transmission method according to claim 1, wherein the setting step of the industrial whitelist includes:
recording a normal function code and a normal value range received by normal operation in preset time of an industrial system;
and deploying the normal function code and the normal value range into a white list rule to obtain a corresponding industrial white list.
3. The industrial data transmission method according to claim 1, wherein the setting step of the industrial whitelist includes:
acquiring a preset function code and a preset value range of a target industrial environment;
and deploying the preset instruction and the preset value range into a white list rule to obtain a corresponding industrial white list.
4. The industrial data transmission method according to claim 1, wherein the step of obtaining the first message sent by the control center includes:
receiving a network message sent by a control center, and confirming a transmission protocol corresponding to the network message;
and analyzing the network message according to the transmission protocol to obtain a first message.
5. The industrial data transmission method of claim 1, wherein the first message comprises: the step of detecting whether the first message meets a preset industrial white list comprises the following steps:
confirming whether the target function code exists in the industrial white list;
confirming whether the target data value exceeds a value range in the industrial whitelist;
and if the target function code exists in the industrial white list and the target data value does not exceed the value range, the first message meets the industrial white list.
6. The industrial data transmission method according to claim 1, wherein after the step of detecting whether the first message meets a preset industrial whitelist, the method further comprises:
and if the first message does not meet the industrial white list, blocking and alarming the first message.
7. An industrial data transmission device, the device comprising:
the acquisition module is used for acquiring the target message;
the detection module is used for detecting whether the target message meets a preset industrial white list or not;
the sending module is used for sending the target message to a remote control system if the target message meets the industrial white list;
the detection module is further used for receiving a second message sent by the remote control system;
detecting whether the second message meets a preset value range or not;
if the second message does not meet the preset value range, a warning is sent to a control center;
if the second message meets the preset value range, converting the second message into a network message, and sending the network message to the control center;
the detection module is further configured to receive configuration information input by a user at a configuration interface of an industrial whitelist instruction level, and configure the industrial whitelist according to the configuration information, wherein the configuration interface of the industrial whitelist instruction level includes: rule group name, access control list, rule number, learning switch, learning condition, incremental learning, deployment switch, working mode and operation;
the detection module is further configured to be used for configuring a plurality of rules, the access control list comprises a message, the number of the rules is the number of the rules contained in the rule group, the learning switch is a rule for starting to learn configuration after the rule configuration, the learning condition is a learning progress, the deployment switch is a rule deployment device for deploying the rule into the industrial data transmission device, the working mode is a learning state or a deployment state, and the operation is to delete or change the deployed rule.
8. An industrial data transmission device, the device comprising: a memory, a processor and an industrial data transmission program stored on the memory and executable on the processor, the industrial data transmission program being configured to implement the steps of the industrial data transmission method according to any one of claims 1 to 6.
9. A storage medium having stored thereon an industrial data transmission program which, when executed by a processor, implements the steps of the industrial data transmission method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111566410.9A CN114363018B (en) | 2021-12-20 | 2021-12-20 | Industrial data transmission method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111566410.9A CN114363018B (en) | 2021-12-20 | 2021-12-20 | Industrial data transmission method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363018A CN114363018A (en) | 2022-04-15 |
| CN114363018B true CN114363018B (en) | 2023-09-22 |
Family
ID=81101727
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111566410.9A Active CN114363018B (en) | 2021-12-20 | 2021-12-20 | Industrial data transmission method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363018B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115186255B (en) * | 2022-09-13 | 2022-11-29 | 北京六方云信息技术有限公司 | Industrial host white list extraction method and device, terminal device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106888185A (en) * | 2015-12-15 | 2017-06-23 | 北京网御星云信息技术有限公司 | A kind of industrial network security means of defence based on serial link |
| CN110825040A (en) * | 2019-10-22 | 2020-02-21 | 中国科学院信息工程研究所 | Process control attack detection method and device for industrial control system |
| CN112468488A (en) * | 2020-11-25 | 2021-03-09 | 杭州安恒信息技术股份有限公司 | Industrial anomaly monitoring method and device, computer equipment and readable storage medium |
| WO2021253366A1 (en) * | 2020-06-16 | 2021-12-23 | 北京京投信安科技发展有限公司 | Switch encryption system |
-
2021
- 2021-12-20 CN CN202111566410.9A patent/CN114363018B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106888185A (en) * | 2015-12-15 | 2017-06-23 | 北京网御星云信息技术有限公司 | A kind of industrial network security means of defence based on serial link |
| CN110825040A (en) * | 2019-10-22 | 2020-02-21 | 中国科学院信息工程研究所 | Process control attack detection method and device for industrial control system |
| WO2021253366A1 (en) * | 2020-06-16 | 2021-12-23 | 北京京投信安科技发展有限公司 | Switch encryption system |
| CN112468488A (en) * | 2020-11-25 | 2021-03-09 | 杭州安恒信息技术股份有限公司 | Industrial anomaly monitoring method and device, computer equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363018A (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ahmed et al. | Programmable logic controller forensics | |
| EP2162867B1 (en) | Protection of control networks using a one-way link | |
| KR101977731B1 (en) | Apparatus and method for detecting anomaly in a controller system | |
| CN102890481B (en) | There is the handheld field maintenance tool in procedure communication tunnel | |
| EP3820108B1 (en) | Security detection method, apparatus and device | |
| US20130245793A1 (en) | Anomaly detection system, anomaly detection method, and program for the same | |
| CN113098846A (en) | Industrial control flow monitoring method, equipment, storage medium and device | |
| WO2014155650A1 (en) | Information controller, information control system, and information control method | |
| RU2535630C2 (en) | Method and apparatus for collecting mobile communication data | |
| CN110311990A (en) | A kind of configurable internet of things data acquisition system and configuration method | |
| CN114363018B (en) | Industrial data transmission method, device, equipment and storage medium | |
| KR101083925B1 (en) | Apparatus and Method for defending against security threats, and Recording medium thereof | |
| CN102083091A (en) | Network management alarm managing method and system, and alarm collecting server | |
| JP2006338305A (en) | Monitor and monitoring program | |
| US20240056463A1 (en) | Method and system to detect abnormal message transactions on a network | |
| WO2018193571A1 (en) | Device management system, model learning method, and model learning program | |
| JP2005293600A (en) | Maintenance support system and its server | |
| CN111935085A (en) | Method and system for detecting and protecting abnormal network behaviors of industrial control network | |
| CN113645241B (en) | Intrusion detection method, device and equipment for industrial control proprietary protocol | |
| CN113330381A (en) | Control system | |
| CN116668259A (en) | Method and apparatus for detecting anomalies in infrastructure in a network | |
| EP3078167B1 (en) | Method, secure element and system for monitoring controller area network devices | |
| CN114520749B (en) | Modbus data monitoring method and system based on cloud platform deployment object model | |
| CN114244686A (en) | Communication fault detection method, device and system | |
| CN114157456A (en) | EtherCAT safety monitoring device and method suitable for control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |