CN114363026A - White list-based industrial control network intelligent control management method and system - Google Patents
White list-based industrial control network intelligent control management method and system Download PDFInfo
- Publication number
- CN114363026A CN114363026A CN202111613143.6A CN202111613143A CN114363026A CN 114363026 A CN114363026 A CN 114363026A CN 202111613143 A CN202111613143 A CN 202111613143A CN 114363026 A CN114363026 A CN 114363026A
- Authority
- CN
- China
- Prior art keywords
- access
- industrial
- white list
- industrial control
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 101
- 238000000034 method Methods 0.000 claims abstract description 29
- 230000006870 function Effects 0.000 claims description 10
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 230000002776 aggregation Effects 0.000 claims 1
- 238000004220 aggregation Methods 0.000 claims 1
- 239000002699 waste material Substances 0.000 abstract description 4
- 238000004519 manufacturing process Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003912 environmental pollution Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides an industrial control network intelligent control management method and system based on a white list, wherein the method comprises the following steps: setting a learning management task of industrial control; analyzing corresponding learning task industrial control management protocols from all industrial control management protocols in the jurisdiction range; storing the information into a network protocol white list; and judging whether the industrial access application data is in the network protocol white list, if not, executing the industrial access application data according to the instruction of an administrator, recording the corresponding industrial access request data, and simultaneously generating an access log. By the method and the system, the waste of time and labor caused by manually inputting the management protocol data in the traditional management system is avoided, and meanwhile, the high-risk network protocol access data is recorded, so that the subsequent direct tracing of the generated problems is facilitated.
Description
Technical Field
The application relates to the technical field of industrial control safety, in particular to an industrial control network intelligent control management method and system based on a white list.
Background
Today, the business of enterprises has been changed with the advent and development of the internet and its related technologies, which enables information communication to be spread around the whole social life and to be spread over a wide range, and there is an industrial control network in civilized places in the world. In the manufacturing process industry, open, transparent business operations are the direction of new technology development based on the internet. Information technology has shown an overall faster and faster trend in the development of applications in enterprises over the last decades. Protocol technology is widely adopted in industrial control networks, and the connection between the network and an enterprise management network is more and more tight.
Industrial control equipment (such as numerical control machine tool) extensively serves the mill product processing field, and it is higher to security, stability requirement, along with industrial control system management and control integration trend strengthens gradually, make industrial control system and information management system and internet be linked together, and industrial control system is complicated day by day simultaneously, has begun to adopt general software, general hardware and general protocol in a large number, and this makes the traditional confined industrial control system progressively expose, directly faces the various threats that come from external network, has increased industrial control system's potential safety hazard. The security threat of cyberspace has rapidly extended from the virtual space of the traditional internet, computers, etc. to the industrial control systems of the physical world. That is, "computer virus" can cause production interruption, pipeline leakage, environmental pollution, equipment damage, even disaster accidents by controlling the industrial control system under the condition of not damaging the industrial control system, so that the production safety can be greatly threatened. Industrial control systems have become new battlefields where cyber-space security is increasingly important.
Under the industrial control scene, various industrial control protocols are various, and each protocol has different standards, so that the whole safety protection is difficult to achieve. In a general industrial system safety protection management system, in order to ensure safety, a large amount of manual work is used for manually inputting a management method for operation, and time and labor are wasted.
Disclosure of Invention
The application provides an industrial control network intelligent control management method and system based on a white list, which aims to solve the problem of time and labor waste caused by manual input of management protocol data in a management system in the prior art, record high-risk network protocol access data and facilitate subsequent direct tracing of problems.
In one aspect, the present application provides a white list-based intelligent control management method for an industrial control network, including:
setting a learning management task of industrial control;
analyzing a corresponding learning task industrial control management protocol from all industrial control management protocols in the jurisdiction range according to the learning management task;
storing the learning task industrial control management protocol to a network protocol white list;
judging whether the industrial access application data is in the network protocol white list or not according to the acquired industrial access request data;
if the industrial access request data is not in the network protocol white list and the industrial access request data is executed according to the instruction of an administrator, recording the corresponding industrial access request data as non-network protocol white list access data;
and generating an access log according to the non-network protocol white list access data.
Optionally, the method further includes:
and generating an access report by a convergence method according to the access log.
Optionally, in the method, the generating an access report by a convergence method according to the access log is as follows:
creating three data links for respectively storing a source IP, a destination IP and a protocol;
finding out a source IP, a destination IP and a protocol at preset time in the access log;
respectively sequencing the source IP, the target IP and the protocol, and respectively selecting a plurality of source IPs, target IPs and protocols which are ranked at the top;
and cross-comparing a plurality of source IPs, destination IPs and protocols which are ranked at the top, and analyzing to obtain an access report.
Optionally, the method further includes:
and establishing a user portrait according to the access report.
Optionally, the method includes:
storing the access log, the access report, and the user representation on a local area network.
Optionally, the network protocol white list at least includes: source IP, destination IP, function code, start address, end address and protocol.
On the other hand, the application also provides another industrial control network intelligent control management system based on the white list, and the method comprises the following steps:
the learning management task module is used for setting an industrial control learning management task;
the searching module is used for analyzing the corresponding learning task industrial control management protocol from all industrial control management protocols in the jurisdiction range according to the learning management task;
establishing a white list module, and storing the learning task industrial control management protocol into the network protocol white list;
the judging access data module is used for judging whether the industrial access application data is in the network protocol white list or not according to the industrial access request data;
a dangerous data recording module, which records corresponding industrial access request data as non-network protocol white list access data if the industrial access request data is not in the network protocol white list and the industrial access request data is executed according to the instruction of an administrator;
and the access log module is used for accessing the data according to the non-network protocol white list to generate an access log.
Optionally, the system further includes:
and the access report module is used for generating an access report through a convergence method according to the access log.
Optionally, the system further includes:
and the user portrait module is used for establishing a user portrait according to the access report.
Optionally, the system further includes:
and the offline module stores the access log, the access report and the user portrait in a local area network.
According to the technical scheme, the application provides an industrial control network intelligent control management method and system based on a white list, and the method comprises the following steps: setting a learning management task of industrial control; analyzing corresponding learning task industrial control management protocols from all industrial control management protocols in the jurisdiction range; storing the information into a network protocol white list; and judging whether the industrial access application data is in the network protocol white list, if not, executing the industrial access application data according to the instruction of an administrator, recording the corresponding industrial access request data, and simultaneously generating an access log. By configuring the industrial control white list learning task, the corresponding management protocol can be searched and analyzed, and the problem of waste of a large amount of time and labor caused by manually inputting the industrial control management protocol into the network protocol white list in the traditional industrial control management system is solved; in addition, when the network request of the non-network protocol white list is allowed by an administrator, an access log can be automatically generated, and high-risk access data are directly and intensively locked, so that the follow-up tracing can be performed after safety problems are generated, and the safety of the jurisdiction area is improved.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an intelligent control management method for an industrial control network based on a white list according to the present application;
fig. 2 is a structural diagram of an industrial control network intelligent control management system based on a white list provided in the present application;
FIG. 3 is a structural diagram of another white list-based industrial control network intelligent control management system provided in the present application;
FIG. 4 is a structural diagram of another white list-based industrial control network intelligent control management system provided in the present application;
fig. 5 is a structural diagram of another white list-based industrial control network intelligent control management system provided by the present application.
Detailed Description
Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following examples do not represent all embodiments consistent with the present application. But merely as exemplifications of systems and methods consistent with certain aspects of the application, as recited in the claims.
Referring to fig. 1, fig. 1 is a flowchart of an intelligent control management method for an industrial control network based on a white list according to the present application. As shown in fig. 1, the method comprises the following steps:
and step 10, setting an industrial control learning management task.
In step 10, the administrator may set and specify to learn network data within a certain ip or port range, and set the learning management task to include a series of parameters such as a source of learning, a destination ip access, a protocol of learning, and a learning period. The parameter may be, for example, udp or tcp, and the learning period is set to 3600 seconds. It should be noted that, this step does not limit the number of learning management tasks, and one or several sets of parameters may be set at a time as the learning management tasks, so as to maximize the efficiency.
And 20, analyzing the corresponding learning task industrial control management protocol from all industrial control management protocols in the jurisdiction range according to the learning management task.
In step 20, according to various specific parameters of the learning management task set in S10, all industrial control management messages in the ip range that satisfy the condition are analyzed, that is, all industrial control management protocols in the jurisdiction range are searched and analyzed, and network management data written in the industrial control network protocol is obtained.
And step 30, storing the learning task industrial control management protocol to a network protocol white list.
In step 30 the concept of white-listing is introduced as a basis on which a pass can be performed in a subsequent step. And (4) putting the data of the learning task industrial control management protocol analyzed in the step (20) into a white list. It should be noted that the whitelists of the network protocol may be pre-designed with structures to be read and written, that is, a set of parameters to be filled in each whitelist, such as access purpose, function code, start address of operation, end address of operation, function code, and transport layer protocol. For security, each network protocol white list needs to have at least six items of content, including source ip, destination ip, function code, start address, end address and protocol.
In addition, in order to better manage the network protocol white lists, the number of the network protocol white lists can be set, for example, ten thousand white lists are supported at the maximum. By setting the upper limit of the white list, fine management can be facilitated.
Further, the network protocol white list can also be manually configured by an administrator, so as to increase the flexibility of the method.
In steps 10 to 30, the method is used for solving the problem that in the traditional engineering management, a manager needs to consume a large amount of time and a large number of managers need to input management rules, and the effect of rapid supervision is achieved. For example, an industrial group has subsidiary plants a and subsidiary plants B subordinate thereto. Under certain scenarios, subsidiary plant A and subsidiary plant B need to access communication interworking. It is desirable for the subsidiary factory B to allow industrial access to the requested data of the subsidiary factory a, but the specific business model of the subsidiary factory a is not well understood by the administrator. Under the background, an administrator of the subsidiary factory B can rapidly configure the network protocol white list and learn the flow of the subsidiary factory A, namely, the subsidiary factory B directly copies each authorized network protocol white list, so that a large amount of cost is saved, and the efficiency is greatly improved.
And step 40, judging whether the industrial access application data is in the network protocol white list or not according to the acquired industrial access request data.
In step 40, it is determined whether the industrial access request data can be executed by comparing whether the industrial access request data is in the network protocol whitelist. It should be noted that, when the industrial access request data is judged to match the network protocol white list, the industrial access request data is executed.
And step 50, if the industrial access request data is not in the network protocol white list and the industrial access request data is executed according to the instruction of the administrator, recording the corresponding industrial access request data as non-network protocol white list access data.
In step 50, if the industrial access request data is not in the network protocol white list, an administrator is required to give an instruction, and if the instruction given by the administrator is not allowed, the industrial access request data is not executed; if the indication given by the administrator is permission, the piece of industrial access request data is executed. The industrial access request data is not in the preset network protocol white list, but is manually allowed to pass by an administrator, namely the non-network protocol white list access data is allowed to be executed, the industrial access request data is regarded as a high-risk access, and is likely to cause safety hidden danger, so that the industrial access request data is subjected to key analysis in subsequent steps.
And step 60, generating an access log according to the non-network protocol white list access data.
In step 60, the access log for the non-network protocol white list access data, i.e. the high risk access data, is generated for the following tracing of the security problem. In an advantageous embodiment, a time period is preset as a period. After a period, an access log is automatically generated, wherein the period can be one hour, one day, one week or one month, the access log is regularly sorted, and the access log is prevented from being too messy and tedious. Specifically, at least the source IP, the destination IP, the protocol, and the access time are stored in the log.
Furthermore, an access report can be generated by a convergence method according to the access log. Specifically, three data links are created for respectively storing a source IP, a destination IP and a protocol; finding out a source IP, a destination IP and a protocol at preset time in the access log; respectively sequencing the source IP, the target IP and the protocol, and respectively selecting a plurality of source IPs, target IPs and protocols which are ranked at the top; and cross-comparing a plurality of source IPs, destination IPs and protocols which are ranked at the top, and analyzing to obtain an access report.
Three most critical data, namely a source IP, a destination IP and a protocol, are mastered to serve as the most basic information for tracing. Meanwhile, suspicious and high-risk access data can be presented by using a ranking mode. These statistics are ranked out as a TOP table. And counting the occurrence times of the IP of each source, and performing TOP ranking according to the times, wherein one IP corresponds to one country or region, so that one ranking of the country or region to which the attack source belongs can be obtained. Counting the occurrence frequency of each IP, making a TOP ranking according to the frequency, wherein the target IPs all belong to the production administration environment, and the administrator holds the TOP table of the target IP, so that the suspicious situation of the attack on which region or local point of the production environment is suffered can be visually seen. And counting the occurrence times of each protocol, and performing TOP ranking according to the times, so that the method can be visually displayed, and the industrial scenes are most likely to be attacked and suspicious.
Further, a user representation is created based on the access report.
Specifically, the access report at least provides information according to source ip, industrial protocol, access time and operation instruction. These key elements can effectively present relevant information. The country and the region can be identified according to the source ip; the industrial protocol can identify a main service model, and attack or normal production time can be acquired through access time; the operation instructions may identify whether to distinguish between a control class or a query class. User portrayal is an important application of big data technology, and the goal is to establish descriptive tag attributes for users in many dimensions, so that the real personal characteristics of the users in various aspects are outlined by the tag attributes. The method introduces the concept of the user portrait into engineering management, and the user portrait is carved out through the elements to serve as an important clue, so that an administrator can visually analyze each condition of normal production or attack. And each key access data element is formed into a label, and the labels are utilized to embody the abstract image of the high-risk industrial access request data.
Further, storing the access log, the access report, and the user representation on a local area network.
The data is stored in the local area network, the running state can be kept in the network offline state, and all traceable data can be stored when the network transmission is unsafe. In a complex industrial control scene, replacing network security equipment is expensive and tedious, the problem can be solved by supporting offline data playback analysis, and industrial control service or abnormal attack in a production scene can be realized under the condition of not replacing the equipment.
A specific embodiment is that, firstly, an industrial control learning management task is set, and a source and a destination ip access which need to be learned, a learning protocol and a learning time period are configured.
And analyzing the messages meeting the ip range in the learning condition in all industrial control management protocols in the jurisdiction range through the learning source, the target ip access, the learning protocol and the learning time period, and identifying and analyzing the modbus protocol according to ports and other characteristics.
Defining a modbus white list structure body, wherein the modbus white list structure body comprises variables srcip, dstip, func _ code, start _ addr, end _ addr and protocol, and the corresponding parameter explanation: modbus white name single source ip, modbus white name list destination ip, modbus function code, modbus operation start address, modbus operation end address and transport layer protocol.
And after the configured learning time period is ended, stopping analyzing the messages, and analyzing a plurality of modbus white list structural bodies.
And storing the modbus white list structure body in the network protocol white list, wherein the structure of the modbus white list structure body is stored in a binary tree structure.
Acquiring industrial access request data, and before judging whether the industrial access application data is in the network protocol white list, also analyzing field information related to a message: source, destination ip, function code, start address, end address and protocol.
And traversing the source ip, the destination ip, the function code, the starting address, the ending address and the protocol which are analyzed from the industrial access request data, sequentially comparing the source ip, the destination ip, the function code, the starting address, the ending address and the protocol which are stored in a memory according to matching conditions, and considering that the strategy is matched on the basis of 2 to control the data message.
If any of the network protocol white lists are matched, the industrial access request data is put through.
If no network protocol white list is matched, two processing modes are available, namely, the industrial access request data is executed or blocked according to the actual situation by an administrator.
When the administrator executes the industrial access request data, data is written to the access log.
The process of writing data to the access log is as follows: a 1024 byte log _ buff is defined, the type of which is a pointer.
For example: char log _ buff [1024] ═ 0}
And storing the source, the destination ip, the function code, the initial address, the end address and the protocol in the original message data in a defined log _ buff, and storing the log in a database and simultaneously supporting outgoing.
The administrator then sets the period of access to the log records, which may be 1 hour, 1 day, one week, or one month.
Three data links are created, a source IP, a destination IP and a protocol are respectively stored, and the specific structure is defined as follows:
analyzing all the access logs in the log period, and counting all the source IPs, all the destination IPs and all the protocols. Three connections of source IP, destination IP, protocol in quick sort 4 are used for sorting, and the top10 of each is recorded. And cross-comparing the tops of the three dimensions, outputting a report by combining with the actual situation, specifically showing the types of abnormal access and the attack source in the actual generation environment, and enabling an administrator to perform corresponding treatment according to the actual situation.
Referring to fig. 2, fig. 2 is a structural diagram of an intelligent control management system of an industrial control network based on a white list according to the present application. As shown in fig. 2, the system includes a learning management task module, a search module, a white list building module, an access data judging module, and an access log module, wherein:
the learning management task module is used for setting an industrial control learning management task;
the searching module is used for analyzing the corresponding learning task industrial control management protocol from all industrial control management protocols in the jurisdiction range according to the learning management task;
establishing a white list module, and storing the learning task industrial control management protocol into the network protocol white list;
the judging access data module is used for judging whether the industrial access application data is in the network protocol white list or not according to the industrial access request data;
a dangerous data recording module, wherein if the industrial access request data is not in the network protocol white list and the industrial access request data is executed according to the instruction of an administrator, the corresponding industrial access request data is recorded and is used as non-network protocol white list access data;
and the access log module is used for accessing the data according to the non-network protocol white list to generate an access log.
Optionally, as shown in fig. 3, the industrial control network intelligent control management system based on the white list further includes:
and the access report module is used for generating an access report through a convergence method according to the access log.
Optionally, as shown in fig. 4, an industrial control network intelligent control management system based on a white list includes:
and the user portrait module is used for establishing a user portrait according to the access report.
Optionally, as shown in fig. 5, the industrial control network intelligent control management system based on the white list further includes:
and the offline module stores the access log, the access report and the user portrait in a local area network.
The application provides an industrial control network intelligent control management method and system based on a white list, wherein the method comprises the following steps: setting a learning management task of industrial control; analyzing corresponding learning task industrial control management protocols from all industrial control management protocols in the jurisdiction range; storing the information into a network protocol white list; and judging whether the industrial access application data is in the network protocol white list, if not, executing the industrial access application data according to the instruction of an administrator, recording the corresponding industrial access request data, and simultaneously generating an access log. By configuring the industrial control white list learning task, the corresponding management protocol can be searched and analyzed, and the problem of waste of a large amount of time and labor caused by manually inputting the industrial control management protocol into the network protocol white list in the traditional industrial control management system is solved; in addition, when the network request of the non-network protocol white list is allowed by an administrator, an access log can be automatically generated, and high-risk access data are directly and intensively locked, so that the follow-up tracing can be performed after safety problems are generated, and the safety of the jurisdiction area is improved; each key access data element is formed into a label, a user portrait is generated, and the labels are utilized to abstract and materialize high-risk industrial access request data, so that managers can analyze high-risk access records visually.
The embodiments provided in the present application are only a few examples of the general concept of the present application, and do not limit the scope of the present application. Any other embodiments extended according to the scheme of the present application without inventive efforts will be protected by the present application for a person skilled in the art.
Claims (10)
1. A white list-based industrial control network intelligent control management method is characterized by comprising the following steps:
setting a learning management task of industrial control;
analyzing a corresponding learning task industrial control management protocol from all industrial control management protocols in the jurisdiction range according to the learning management task;
storing the learning task industrial control management protocol to a network protocol white list;
judging whether the industrial access application data is in the network protocol white list or not according to the acquired industrial access request data;
if the industrial access request data is not in the network protocol white list, executing the industrial access request data according to the instruction of an administrator; recording corresponding industrial access request data as non-network protocol white list access data;
and generating an access log according to the non-network protocol white list access data.
2. The intelligent control management method for industrial control networks based on the white list as claimed in claim 1, wherein the method further comprises:
and generating an access report by a convergence method according to the access log.
3. The intelligent control and management method for industrial control networks based on the white list as claimed in claim 2, wherein the method for generating the access report by the aggregation method according to the access log comprises the following steps:
creating three data links for respectively storing a source IP, a destination IP and a protocol;
finding out a source IP, a destination IP and a protocol at preset time in the access log;
respectively sequencing the source IP, the target IP and the protocol, and respectively selecting a plurality of source IPs, target IPs and protocols which are ranked at the top;
and cross-comparing a plurality of source IPs, destination IPs and protocols which are ranked at the top, and analyzing to obtain an access report.
4. The intelligent control management method for industrial control networks based on the white list as claimed in claim 2, wherein the method further comprises:
and establishing a user portrait according to the access report.
5. The intelligent control management method for industrial control networks based on the white list as claimed in claim 4, wherein the method comprises:
storing the access log, the access report, and the user representation on a local area network.
6. The intelligent control and management method for industrial control networks based on the white list as claimed in claim 1, wherein the network protocol white list at least includes: source IP, destination IP, function code, start address, end address and protocol.
7. An industrial control network intelligent control management system based on a white list is characterized in that the method comprises the following steps:
the learning management task module is used for setting an industrial control learning management task;
the searching module is used for analyzing the corresponding learning task industrial control management protocol from all industrial control management protocols in the jurisdiction range according to the learning management task;
a white list establishing module used for storing the learning task industrial control management protocol into the network protocol white list;
the judging access data module is used for judging whether the industrial access application data is in the network protocol white list or not according to the industrial access request data;
the dangerous data recording module is used for recording corresponding industrial access request data as non-network protocol white list access data if the industrial access request data is not in the network protocol white list and the industrial access request data is executed according to the instruction of an administrator;
and the access log module is used for accessing the data according to the non-network protocol white list to generate an access log.
8. The intelligent white-list-based industrial control network control management system according to claim 1, further comprising:
and the access report module is used for generating an access report through a convergence method according to the access log.
9. The intelligent white-list-based industrial control network control management system according to claim 8, further comprising:
and the user portrait module is used for establishing a user portrait according to the access report.
10. The intelligent white-list-based industrial control network control management system according to claim 9, further comprising:
and the offline module stores the access log, the access report and the user portrait in a local area network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111613143.6A CN114363026B (en) | 2021-12-27 | 2021-12-27 | Industrial control network intelligent control management method and system based on white list |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111613143.6A CN114363026B (en) | 2021-12-27 | 2021-12-27 | Industrial control network intelligent control management method and system based on white list |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363026A true CN114363026A (en) | 2022-04-15 |
| CN114363026B CN114363026B (en) | 2024-05-24 |
Family
ID=81102013
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111613143.6A Active CN114363026B (en) | 2021-12-27 | 2021-12-27 | Industrial control network intelligent control management method and system based on white list |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363026B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115051845A (en) * | 2022-06-08 | 2022-09-13 | 北京启明星辰信息安全技术有限公司 | Suspicious traffic identification method, device, equipment and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104702584A (en) * | 2013-12-10 | 2015-06-10 | 中国科学院沈阳自动化研究所 | Modbus communication access control method based on rule self-learning |
| WO2017084535A1 (en) * | 2015-11-20 | 2017-05-26 | 英赛克科技(北京)有限公司 | Method for trusted protocol conversion and system |
| CN107066538A (en) * | 2017-03-06 | 2017-08-18 | 北京安博通科技股份有限公司 | A kind of method and device of data statistics |
| CN107682323A (en) * | 2017-09-20 | 2018-02-09 | 东北大学 | A kind of industrial control system network-access security early warning system and method |
| KR101992963B1 (en) * | 2018-11-20 | 2019-06-26 | 주식회사 넷앤드 | An automatic generation system for the whitelist command policy using machine learning |
| CN111614674A (en) * | 2020-05-21 | 2020-09-01 | 四川英得赛克科技有限公司 | Abnormal access behavior detection method, system, medium and equipment thereof |
| CN111935061A (en) * | 2019-12-26 | 2020-11-13 | 长扬科技(北京)有限公司 | Industrial control host and network security protection implementation method thereof |
| CN112260885A (en) * | 2020-09-22 | 2021-01-22 | 武汉思普崚技术有限公司 | Industrial control protocol automatic test method, system, device and readable storage medium |
| CN112383538A (en) * | 2020-11-11 | 2021-02-19 | 西安热工研究院有限公司 | Hybrid high-interaction industrial honeypot system and method |
| CN112468488A (en) * | 2020-11-25 | 2021-03-09 | 杭州安恒信息技术股份有限公司 | Industrial anomaly monitoring method and device, computer equipment and readable storage medium |
| CN112995192A (en) * | 2021-03-16 | 2021-06-18 | 深圳融安网络科技有限公司 | White list generation method, system, device and storage medium |
-
2021
- 2021-12-27 CN CN202111613143.6A patent/CN114363026B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104702584A (en) * | 2013-12-10 | 2015-06-10 | 中国科学院沈阳自动化研究所 | Modbus communication access control method based on rule self-learning |
| WO2017084535A1 (en) * | 2015-11-20 | 2017-05-26 | 英赛克科技(北京)有限公司 | Method for trusted protocol conversion and system |
| CN107066538A (en) * | 2017-03-06 | 2017-08-18 | 北京安博通科技股份有限公司 | A kind of method and device of data statistics |
| CN107682323A (en) * | 2017-09-20 | 2018-02-09 | 东北大学 | A kind of industrial control system network-access security early warning system and method |
| KR101992963B1 (en) * | 2018-11-20 | 2019-06-26 | 주식회사 넷앤드 | An automatic generation system for the whitelist command policy using machine learning |
| CN111935061A (en) * | 2019-12-26 | 2020-11-13 | 长扬科技(北京)有限公司 | Industrial control host and network security protection implementation method thereof |
| CN111614674A (en) * | 2020-05-21 | 2020-09-01 | 四川英得赛克科技有限公司 | Abnormal access behavior detection method, system, medium and equipment thereof |
| CN112260885A (en) * | 2020-09-22 | 2021-01-22 | 武汉思普崚技术有限公司 | Industrial control protocol automatic test method, system, device and readable storage medium |
| CN112383538A (en) * | 2020-11-11 | 2021-02-19 | 西安热工研究院有限公司 | Hybrid high-interaction industrial honeypot system and method |
| CN112468488A (en) * | 2020-11-25 | 2021-03-09 | 杭州安恒信息技术股份有限公司 | Industrial anomaly monitoring method and device, computer equipment and readable storage medium |
| CN112995192A (en) * | 2021-03-16 | 2021-06-18 | 深圳融安网络科技有限公司 | White list generation method, system, device and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 胡朝辉;王方立;: "电力监控系统通信安全技术研究", 电子技术应用, no. 03 * |
| 胡朝辉;王方立;: "电力监控系统通信安全技术研究", 电子技术应用, no. 03, 6 March 2017 (2017-03-06) * |
| 郑文奇;钟晨;申屠久洪;章维;: "工业控制系统信息安全评估和改造", 自动化应用, no. 11 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115051845A (en) * | 2022-06-08 | 2022-09-13 | 北京启明星辰信息安全技术有限公司 | Suspicious traffic identification method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363026B (en) | 2024-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | A network gene-based framework for detecting advanced persistent threats | |
| CN106778253A (en) | Threat context aware information security Initiative Defense model based on big data | |
| CN112468347B (en) | Security management method and device for cloud platform, electronic equipment and storage medium | |
| CN108183897B (en) | Safety risk assessment method for information physical fusion system | |
| Habrat | Legal challenges of digitalization and automation in the context of Industry 4.0 | |
| CN114363026B (en) | Industrial control network intelligent control management method and system based on white list | |
| Jiang | Application of Artificial Intelligence in Computer Network Technology in big data era | |
| CN112468457A (en) | Event handling method and device, electronic equipment and readable storage medium | |
| CN116415203A (en) | Government information intelligent fusion system and method based on big data | |
| Dietz et al. | Harnessing digital twin security simulations for systematic cyber threat intelligence | |
| Chen et al. | Automatic generation of attack strategy for multiple vulnerabilities based on domain knowledge graph | |
| Ehrlich et al. | Investigation of resource constraints for the automation of industrial security risk assessments | |
| Mondek et al. | Security analytics in the big data era | |
| Kreppein et al. | Novel maturity model for cybersecurity evaluation in industry 4.0 | |
| CN113407495A (en) | SIMHASH-based file similarity determination method and system | |
| CN112631222B (en) | Processing method and system of Internet industrial control system and computing equipment | |
| Xiao | Exploration of network information security technology and prevention in the digital age | |
| CN114844765B (en) | Network security monitoring method, terminal equipment and storage medium | |
| Nelufule et al. | An Adaptive Digital Forensic Framework for the Evolving Digital Landscape in Industry 4.0 and 5.0 | |
| Gao et al. | An Intelligent Threat-Detection Method for Power Monitoring System Based on Attack Chain Knowledge | |
| Wang et al. | Intrusion detection in network security | |
| US11563759B2 (en) | Methods and systems for cyber-monitoring and visually depicting cyber-activities | |
| Chen | Research on the application of artificial intelligence in computer network technology based on the era of big data | |
| CN115048062B (en) | Mobile storage device management system based on hierarchical management and control | |
| CN117278287A (en) | Network security event response method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |