CN114637898A - Data monitoring system and method based on industrial internet - Google Patents
Data monitoring system and method based on industrial internet Download PDFInfo
- Publication number
- CN114637898A CN114637898A CN202210259703.0A CN202210259703A CN114637898A CN 114637898 A CN114637898 A CN 114637898A CN 202210259703 A CN202210259703 A CN 202210259703A CN 114637898 A CN114637898 A CN 114637898A
- Authority
- CN
- China
- Prior art keywords
- data
- industrial internet
- sensitive
- internet data
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/904—Browsing; Visualisation therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/906—Clustering; Classification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a data monitoring system and method based on an industrial internet. The system is characterized in that a data acquisition module, a data processing module, a data analysis module and an analysis result display module are arranged in a data monitoring system of the industrial Internet, the data acquisition module acquires industrial Internet traffic data packets and sends the industrial Internet traffic data packets to the data processing module to extract industrial Internet data and preprocess the data, the processed industrial Internet data are sent to the data analysis module to screen sensitive data, the screened sensitive industrial Internet data and the processed industrial Internet data are subjected to situation analysis, and situation analysis results are displayed to a user in a visual chart mode through the analysis result display module. The technical scheme of the embodiment of the invention provides a data monitoring mode based on the industrial Internet, which realizes the abnormal flow monitoring of the industrial Internet data and enhances the effect of the data security of the industrial Internet.
Description
Technical Field
The embodiment of the invention relates to computer technology, in particular to a data monitoring system and method based on industrial internet.
Background
The potential safety risk of industrial internet data is increasingly highlighted. The industrial internet system naturally has the characteristics of complex connection service, various connection devices, various data formats and the like, and each layer of the industrial internet system faces direct security risks. On the other hand, data resources acquired, stored and utilized by the industrial internet system have the characteristics of large data volume, multiple types, strong relevance, uneven value distribution, large data protection difference in different fields and the like, and have the problems of fuzzy responsibility main body boundaries, high classification and grading protection difficulty, difficult event tracking and tracing and the like in the aspect of data security.
In the process of implementing the invention, the inventor finds that the prior art mainly has the following defects: the industrial internet data has safety risks, and the monitoring and protection difficulty is large due to the huge amount of industrial internet data.
Disclosure of Invention
The embodiment of the invention provides a data monitoring system and method based on an industrial internet, which are used for realizing abnormal flow monitoring of industrial internet data and enhancing the effect of industrial internet data safety.
In a first aspect, an embodiment of the present invention provides an industrial internet-based data monitoring system, where the system includes:
the device comprises a data acquisition module, a data processing module, a data analysis module and an analysis result display module;
the data acquisition module is used for acquiring an industrial internet traffic data packet of a node to be monitored and sending the industrial internet traffic data packet to the data processing module;
the data processing module is used for extracting industrial internet data from the industrial internet traffic data packet sent by the data acquisition module; carrying out data preprocessing on the industrial internet data, and sending the processed industrial internet data to the data analysis module;
the data analysis module is used for screening the processed industrial internet data sent by the data processing module according to a preset sensitive data screening rule to obtain sensitive industrial internet data; performing situation analysis processing on the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module;
and the analysis result display module is used for generating a visual chart for displaying the situation analysis result and providing the visual chart for a target user.
In a second aspect, an embodiment of the present invention further provides an industrial internet-based data monitoring method, which is applied to a data processing module in the industrial internet-based data monitoring system according to any embodiment of the present invention, and the method includes:
extracting industrial internet data from an industrial internet flow data packet sent by a data acquisition module;
and carrying out data preprocessing on the industrial internet data, and sending the processed industrial internet data to the data analysis module.
In a third aspect, an embodiment of the present invention further provides an industrial internet-based data monitoring method, which is applied to a data analysis module in the industrial internet-based data monitoring system according to any embodiment of the present invention, and the method includes:
screening the processed industrial internet data sent by the data processing module according to a preset sensitive data screening rule to obtain sensitive industrial internet data;
and analyzing and processing the situation of the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module.
The embodiment of the invention realizes the abnormal flow monitoring of the industrial internet data by arranging a data acquisition module, a data processing module, a data analysis module and an analysis result display module in a data monitoring system of the industrial internet, acquiring an industrial internet flow data packet by the data acquisition module, sending the industrial internet flow data packet to the data processing module for industrial internet data extraction and data preprocessing, sending the obtained processed industrial internet data to the data analysis module for sensitive data screening, carrying out situation analysis on the screened sensitive industrial internet data and the processed industrial internet data, displaying the situation analysis result to a user in a visual chart form by the analysis result display module, creatively providing a data monitoring mode based on the industrial internet, and utilizing the technical means of active monitoring, flow analysis and data situation analysis, and the data security effect of the industrial internet is enhanced.
Drawings
Fig. 1 is a schematic structural diagram of an industrial internet-based data monitoring system according to an embodiment of the present invention;
fig. 1a is a schematic diagram of a specific architecture of an industrial internet-based data monitoring system according to an embodiment of the present invention;
fig. 1b is a schematic diagram illustrating a functional design of a sensitive data recognition and analysis subsystem according to an embodiment of the present invention;
fig. 1c is a schematic diagram of a functional design of a data situation analysis subsystem according to an embodiment of the present invention:
fig. 1d is a schematic diagram of a functional design of a data management subsystem according to an embodiment of the present invention;
fig. 2 is a flowchart of a data monitoring method based on the industrial internet according to a second embodiment of the present invention;
fig. 3 is a flowchart of another industrial internet-based data monitoring method according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data monitoring apparatus based on the industrial internet according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of another industrial internet-based data monitoring device according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a schematic structural diagram of a data monitoring system based on an industrial internet according to an embodiment of the present invention, which is applicable to monitoring a flow of the industrial internet. Referring to fig. 1, the system may include:
a data acquisition module 110, a data processing module 120, a data analysis module 130 and an analysis result display module 140;
the data acquisition module 110 is configured to acquire an industrial internet traffic data packet of a node to be monitored, and send the industrial internet traffic data packet to the data processing module;
the data processing module 120 is configured to extract industrial internet data from the industrial internet traffic data packet sent by the data acquisition module; carrying out data preprocessing on the industrial internet data, and sending the processed industrial internet data to the data analysis module;
the data analysis module 130 is configured to screen the processed industrial internet data sent by the data processing module according to a preset sensitive data screening rule to obtain sensitive industrial internet data; performing situation analysis processing on the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module;
the analysis result display module 140 is configured to generate a visual chart for displaying the situation analysis result, and provide the visual chart to the target user.
The nodes to be monitored can be corresponding nodes of an important network access, a provincial flow access, an industrial internet platform side, an industrial internet enterprise side and the like.
The industrial internet traffic data packet may be a data packet in traffic obtained from a node to be monitored. The industrial internet data may be data parsed from an industrial internet traffic packet.
The sensitive data screening rule may refer to a custom rule for screening sensitive industrial internet data from industrial internet data.
Sensitive industrial internet data may include data relating to privacy, data relating to confidentiality, and the like.
The situation analysis result may be a result obtained by analyzing aspects such as a general situation, an operation situation, a security situation, and a flow path of real-time data traffic of the industrial internet data, for example, a macro situation analysis result of the industrial internet data, an industrial internet industry analysis result, and a key event situation analysis result related to sensitive industrial internet data.
The visual chart can be a concrete display form of the situation analysis result, such as a bar chart, a line chart and the like.
In the embodiment of the invention, the data acquisition module can be used for acquiring the industrial internet traffic data packets from the nodes to be monitored, the data processing module is used for extracting the industrial internet data from the acquired industrial internet traffic data packets, and the industrial internet data is preprocessed to obtain the processed industrial internet data. Therefore, sensitive industrial internet data are screened from the processed industrial internet data according to the sensitive data screening rule, and the processed industrial internet data and the sensitive industrial internet data are subjected to macroscopic situation analysis, industrial internet industry analysis, key event situation analysis and the like. And then displaying the situation analysis result in a visual chart form through an analysis result display module.
Optionally, the system may further include: and the data management module is used for acquiring data management information input by a user and managing the industrial internet data and the system data according to the data management information.
The data management information may refer to the information of addition, deletion, modification and check input by the user, which is not limited in this embodiment. The system data may be user data, role data, organizational data, menu data, log data, and the like.
Specifically, the industrial internet data and the system data can be managed in the data management module through data management information such as addition, deletion, modification, retrieval and the like input by the user. For example, the monitoring rules, the evaluation rules, the early warning rules, the treatment rules and the like are flexibly configured and managed for increasing and reducing the check.
The technical scheme of the embodiment of the invention is that a data acquisition module, a data processing module, a data analysis module and an analysis result display module are arranged in a data monitoring system of the industrial internet, an industrial internet flow data packet is acquired by the data acquisition module and is sent to the data processing module for industrial internet data extraction and data preprocessing, the obtained processed industrial internet data is sent to the data analysis module for sensitive data screening, the screened sensitive industrial internet data and the processed industrial internet data are subjected to situation analysis, the situation analysis result is displayed to a user in a visual chart form by the analysis result display module, a data monitoring mode based on the industrial internet is creatively provided, and the abnormal flow monitoring of the industrial internet data is realized by using the technical means of active monitoring, flow analysis and data situation analysis, and the data security effect of the industrial internet is enhanced.
In order to make those skilled in the art better understand the industrial internet-based data monitoring system according to the embodiment of the present invention, a specific example is described below, and referring to fig. 1a, the system includes: the data acquisition layer, the data convergence layer, the data identification and analysis layer and the visual display layer are arranged on the data acquisition layer, the data convergence layer, the data identification and analysis layer and the visual display layer, wherein the data analysis and identification layer comprises a sensitive data identification and analysis subsystem, a data situation analysis subsystem and a data management subsystem.
A data acquisition layer: the device can be deployed at the platform side, the enterprise side, the important network access monitoring nodes and the important enterprise and platform monitoring nodes to acquire industrial internet flow.
A data convergence layer: accurate identification and screening of industrial internet data, resolution through IT (Information Technology) network-related protocols, OT (Operational Technology) network-related protocols, industrial internet-related protocols; and extracting and analyzing key contents of various types of data such as industrial data related office documents, pictures, audios and videos. And collecting state data, transmission data, industrial internet security threat data and security event information of an industrial internet platform and an industrial enterprise. The data identification, classification, collection, storage and safety exchange functions are integrated, and key asset data of a typical industrial Internet platform and key industrial enterprises are collected. The method is used for carrying out full data identification for important network entrances and exits, key upgrading nodes, key platforms and enterprises, and carrying out data cleaning and analysis by utilizing a big data analysis technology.
Data recognition and analysis layer: the sensitive data identification and analysis subsystem, the data situation analysis subsystem, the data management subsystem and the like are integrated with various service analysis engines, such as an industrial internet protocol analysis engine, to perform service analysis. Through the cooperative work of all the systems, the industrial internet asset detection and cross-border data identification capabilities are jointly supported and intensively formed.
Visual display layer: by analyzing the overall situation of industrial internet data, multi-dimensional display of industrial internet cross-border data operation conditions and the like is provided, and the multi-dimensional display comprises units such as industrial internet data security situations, real-time data flow, flow path display, data classification display (according to data sensitivity), system management, system performance index display and the like.
Illustratively, referring to FIG. 1b, the sensitive data recognition analysis subsystem is functionally designed as follows: the method comprises the following steps of working cooperatively according to various engines such as a protocol analysis engine, an industrial data screening engine, a sensitive data discovery engine, a threat information analysis engine, a supply chain reduction engine and the like, and realizing the functions of data content extraction, data flow monitoring, data statistics and the like.
Referring to FIG. 1c, the data situation analysis subsystem is functionally designed as follows: the data distribution condition of the data actively monitored by the system is monitored by macroscopic dimensionality, units or the affiliated industries are used as visual angles, the cross-border path condition, the safety state and the like of the industrial internet in the monitoring range are monitored, and situation analysis is achieved. And integrating a user-defined scene component, a data drilling component, a map component and a statistical analysis chart component, and performing visual processing on a situation analysis result. And presenting the overall situation of the industrial internet data in the monitoring range through dimensional analysis of the cross-border path transmission situation of the industrial internet, the safety situation analysis situation, the key event situation and the like.
Referring to FIG. 1d, the data management subsystem is functionally designed as follows: the method is used for managing industrial internet data such as industrial enterprise information, cross-border industrial data, cross-border black and white lists, industrial monitoring rule information and the like, custom rule data such as system monitoring rules, evaluation rules, early warning rules, disposal rules and the like, and management operations such as adding, deleting, modifying, checking and the like of system data such as system users, log management, backup management and the like.
Example two
Fig. 2 is a flowchart of a data monitoring method based on the industrial internet according to a second embodiment of the present invention, where this embodiment is applicable to a case of processing industrial internet data, and the method may be applied to a data processing module in a data monitoring system based on the industrial internet according to any embodiment of the present invention, and the method may be executed by a data monitoring device based on the industrial internet, and the device may be implemented by software and/or hardware, and is generally integrated in a server. Referring to fig. 2, the method specifically includes the following steps:
s210, extracting industrial Internet data from the industrial Internet traffic data packet sent by the data acquisition module.
In an optional implementation manner of this embodiment, industrial internet data is extracted from an industrial internet traffic data packet sent by a data acquisition module, and a network protocol matched with the industrial internet traffic data packet may be specifically obtained; and extracting industrial Internet data from the industrial Internet traffic data packet according to the network protocol.
The network protocol may be, for example, an IT network-related protocol, an OT network-related protocol, an industrial internet-related protocol, and the like.
Specifically, the matched network protocol can be determined by identifying the industrial internet traffic data packet, and the industrial internet data can be extracted by analyzing the industrial internet traffic data packet through the network protocol.
S220, data preprocessing is carried out on the industrial internet data, and the processed industrial internet data are sent to the data analysis module.
In the embodiment of the invention, the extracted industrial internet data can be subjected to preprocessing operations such as cleaning, classification, normalization, merging, aggregation and the like, so that the processed industrial internet data is sent to the data analysis module to be subjected to specific analysis operation.
In an optional implementation manner of this embodiment, the performing data preprocessing on the industrial internet data, and sending the processed industrial internet data to the data analysis module may include:
performing at least one-stage classification processing on the industrial internet data according to the data description information of the industrial internet data to obtain classified industrial internet data; and carrying out normalization processing, merging processing, aggregation processing and/or structure conversion processing on the classified industrial internet data to obtain processed industrial internet data, and sending the processed industrial internet data to the data analysis module.
The data description information may refer to information describing data contents of the industrial internet.
For example, the classified industrial internet data may be internet of vehicles industrial asset information, data transmission information, industrial asset operation state information, and the like. Wherein the Internet of vehicles industrial asset information may include: unit related data, website related data, IP, industrial asset data, and industry sensitive data, among others. The data transmission information may include: industrial data-related office documents, pictures, audios, videos and other types of data. The industrial asset operational status information may include: the system comprises information such as operation state data of infrastructures at a network gateway, a provincial traffic gateway, a platform side, an enterprise side and the like, event handling results formed by each technical support unit, and daily network operation state data of the network infrastructures.
Specifically, the specific content of the industrial internet data can be identified according to the data description information of the industrial internet data, so that at least one stage of classification processing is performed on the industrial internet data, and the classified industrial internet data is subjected to normalization processing, merging processing, aggregation processing and/or structure conversion processing, so that the unification of data formats is ensured, and the subsequent data analysis is convenient to use.
Further, after the processed industrial internet data is obtained, the processed industrial internet data can be stored according to the classification result, and a category identifier corresponding to the processed industrial internet data is established.
The classification result may be a result of performing at least one stage of classification processing on the industrial internet. The category identification may refer to a content identification corresponding to each category of industrial internet data.
Specifically, the processed industrial internet data can be stored according to the classification result, and the matched class identifier can be established for the processed industrial internet data.
According to the technical scheme of the embodiment of the invention, industrial internet data are extracted from the industrial internet traffic data packet sent by the data acquisition module; the industrial internet data are subjected to data preprocessing, the processed industrial internet data are sent to the data analysis module, the problem that the disordered formats of the industrial internet data acquired from the nodes to be monitored are not uniform, so that the industrial internet data are inconvenient to use directly is solved, and the effect of effectively managing the quality of the acquired industrial internet data is achieved.
EXAMPLE III
Fig. 3 is a flowchart of another industrial internet-based data monitoring method according to a third embodiment of the present invention, where this embodiment is applicable to a case of analyzing industrial internet data, and the method may be applied to a data analysis module in an industrial internet-based data monitoring system according to any embodiment of the present invention, and the method may be executed by an industrial internet-based data monitoring apparatus, and the apparatus may be implemented by software and/or hardware, and is generally integrated in a server. Referring to fig. 3, the method specifically includes the following steps:
s310, screening the processed industrial Internet data sent by the data processing module according to a preset sensitive data screening rule to obtain sensitive industrial Internet data.
In the embodiment of the invention, the sensitive data screening rule can be customized according to the processed industrial internet data which are stored in a classified mode, and the sensitive industrial internet data can be screened from the processed industrial internet data.
In an optional implementation manner of this embodiment, the processed industrial internet data sent by the data processing module is screened according to a preset sensitive data screening rule to obtain sensitive industrial internet data, and the category identification and the data content of the processed industrial internet data may be identified; and screening the processed industrial internet data according to the category identification, the data content and a preset sensitive data screening rule to obtain the sensitive industrial internet data.
Specifically, the category identification and the specific data content of the processed industrial internet data can be identified, and the sensitive data screening rule is customized under different scenes, so that the sensitive industrial internet data is obtained.
In the process of obtaining sensitive industrial internet data, the data content and the category identification can be used as a basis, different data values are distinguished through the identification of the data content, the data in actual use are compared through the category identifications established for different data categories, the classification (grading) membership of the detected data is judged according to the comparison result, and then the specific protection mode of the data is determined through the value difference of the classification (grading) categories; the method realizes the differential protection of different value data and realizes the differential identification of different data.
For example, if the customized sensitive data filtering rule is "data related to user privacy is sensitive data", then the data with the category identification of "fingerprint" may be filtered out as sensitive industrial internet data.
S320, performing situation analysis processing on the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module.
In an optional implementation manner of this embodiment, the performing a situation analysis process on the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module may include:
performing situation analysis on the processed industrial internet data according to the data content, the industry and the importance level of the processed industrial internet data to obtain a first situation analysis result; grading the sensitive industrial internet data according to the sensitivity degree of the sensitive industrial internet data to obtain a grading result of the sensitive industrial internet data; acquiring cross-border sensitive industrial internet data according to the source internet protocol address and the target internet protocol address of the sensitive industrial internet data; performing situation analysis on the sensitive industrial internet data according to the grading result of the sensitive industrial internet data and the cross-border path of the cross-border sensitive industrial internet data to obtain a second situation analysis result; and sending the first situation analysis result and the second situation analysis result to the analysis result display module.
The first situation analysis result may refer to the situation analysis of the processed industrial internet data, and may include macro situation analysis, industrial internet industry analysis, major event analysis, and the like. The macroscopic situation analysis can be used for collecting information of integrally monitored industrial internet data from a macroscopic angle and evaluating the state of the industrial internet data. The industrial internet industry analysis can be used for analyzing and displaying industrial internet industry distribution conditions and safety status situations from industry dimensions, and can comprise quantity statistical ranking of industrial internet which exposes and reflects industry attributes in a designated area, quantity ratio of industrial protocols which reflect the industry attributes in different types of areas, statistical ratio of industrial conventional services, industrial sensitive data industry distribution and the like. The analysis of the key event situation can be to analyze and display the security events (data leakage) and hot events which are intensively outburst or focused in the field of the industrial internet, track and display the situation of the key events by means of correlation analysis and the like, effectively perform regression analysis and prospect prediction on the events, help the director of the industrial internet to grasp the development situation of the events and obtain scientific conclusions.
The cross-border sensitive industrial internet data can refer to data of which an outbound internet protocol address exists in a source internet protocol address or a destination internet protocol address of the industrial internet data.
The second situation analysis result can be a situation analysis for sensitive industrial internet data, such as the number of sensitive industrial internet data, the number of cross-border sensitive industrial internet data, and the occupation ratio of different sensitive events (such as data leakage, data impersonation, data loss and data tampering).
Specifically, the situation analysis can be performed on the processed industrial internet data according to the data content, the industry and the importance level of the processed industrial internet data, so as to obtain a first situation analysis result. In the process of analyzing the situation of the sensitive industrial internet data, grading treatment can be carried out according to the sensitivity degree of the sensitive industrial internet data. After the sensitive industrial internet data are obtained through screening, the data flow path of the sensitive industrial internet data can be monitored, and cross-border sensitive industrial internet data are obtained according to the source internet protocol address and the target internet protocol address. And obtaining a second state potential analysis result of the sensitive industrial internet data according to the grading result of the sensitive industrial internet data and the cross-border path of the cross-border sensitive industrial internet data. And then the first state analysis result and the second state analysis result are sent to an analysis result display module.
Optionally, in addition to monitoring and counting cross-border sensitive industrial internet data, other cross-border industrial internet data may be counted and displayed from different dimensions, for example, the displayed dimensions may include: event level, event type, industry involved, affected units, affected internet protocol addresses, attack sources, and the like.
Optionally, a management rule matched with the sensitive industrial internet data may be determined according to a grading result of the sensitive industrial internet data. The grading result is determined according to the sensitivity degree of the sensitive industrial internet data, so that corresponding management rules can be matched for data with different sensitivity levels. For example, after determining the classification result for various types of sensitive industrial internet data, the supervision department determines whether to perform decryption or desensitization processing on the sensitive industrial internet data according to the opening and sharing requirements of the sensitive industrial internet data and the distribution range of the sensitive industrial internet data.
According to the technical scheme of the embodiment of the invention, the processed industrial internet data sent by the data processing module is screened according to a preset sensitive data screening rule to obtain sensitive industrial internet data; the method comprises the steps of carrying out situation analysis processing on processed industrial internet data and sensitive industrial internet data to generate a situation analysis result, sending the situation analysis result to an analysis result display module, providing a mode for analyzing and processing the industrial internet data, and effectively monitoring the sensitive industrial internet data and the cross-border industrial internet data by presenting the overall situation of the industrial internet through dimensions such as cross-border path transmission conditions of the industrial internet data, security situation analysis conditions and key event situations.
Example four
Fig. 4 is a schematic structural diagram of a data monitoring apparatus based on industrial internet according to a fourth embodiment of the present invention, where the apparatus may be applied to a data processing module in a data monitoring system based on industrial internet according to any embodiment of the present invention, and the apparatus includes: an industrial internet data extraction module 410 and an industrial internet data transmission module 420. Wherein:
the industrial internet data extraction module 410 is used for extracting industrial internet data from the industrial internet traffic data packet sent by the data acquisition module;
and the industrial internet data sending module 420 is configured to perform data preprocessing on the industrial internet data and send the processed industrial internet data to the data analysis module.
According to the technical scheme of the embodiment of the invention, industrial internet data are extracted from the industrial internet traffic data packet sent by the data acquisition module; the industrial internet data are subjected to data preprocessing, the processed industrial internet data are sent to the data analysis module, the problem that the disordered formats of the industrial internet data acquired from the nodes to be monitored are not uniform, so that the industrial internet data are inconvenient to use directly is solved, and the effect of effectively managing the quality of the acquired industrial internet data is achieved.
In the above apparatus, optionally, the industrial internet data extraction module 410 may be specifically configured to:
acquiring a network protocol matched with the industrial internet traffic data packet;
and extracting industrial Internet data from the industrial Internet traffic data packet according to the network protocol.
In the foregoing apparatus, optionally, the industrial internet data sending module 420 may be specifically configured to:
performing at least one-stage classification processing on the industrial internet data according to the data description information of the industrial internet data to obtain classified industrial internet data;
and carrying out normalization processing, merging processing, aggregation processing and/or structure conversion processing on the classified industrial internet data to obtain processed industrial internet data, and sending the processed industrial internet data to the data analysis module.
In the above apparatus, optionally, the apparatus further includes a category identifier creating module, configured to, after obtaining the processed industrial internet data:
and storing the processed industrial internet data according to the classification result, and establishing a category identifier corresponding to the processed industrial internet data.
The industrial internet-based data monitoring device provided by the embodiment of the invention can execute the industrial internet-based data monitoring method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
Fig. 5 is a schematic structural diagram of another industrial internet-based data monitoring apparatus according to a fifth embodiment of the present invention, which can be applied to a data analysis module in an industrial internet-based data monitoring system according to any embodiment of the present invention, and the apparatus includes: a sensitive industrial internet data acquisition module 510 and a situation analysis result sending module 520. Wherein:
the sensitive industrial internet data acquisition module 510 is configured to screen the processed industrial internet data sent by the data processing module according to a preset sensitive data screening rule to obtain sensitive industrial internet data;
and a situation analysis result sending module 520, configured to perform situation analysis processing on the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and send the situation analysis result to the analysis result display module.
According to the technical scheme of the embodiment of the invention, the processed industrial internet data sent by the data processing module is screened according to a preset sensitive data screening rule to obtain sensitive industrial internet data; the method comprises the steps of carrying out situation analysis processing on processed industrial internet data and sensitive industrial internet data to generate a situation analysis result, sending the situation analysis result to an analysis result display module, providing a mode for analyzing and processing the industrial internet data, and effectively monitoring the sensitive industrial internet data and the cross-border industrial internet data by presenting the overall situation of the industrial internet through dimensions such as cross-border path transmission conditions of the industrial internet data, security situation analysis conditions and key event situations.
In the foregoing apparatus, optionally, the sensitive industrial internet data obtaining module 510 may be specifically configured to:
identifying the category identification and the data content of the processed industrial internet data;
and screening the processed industrial internet data according to the category identification, the data content and a preset sensitive data screening rule to obtain the sensitive industrial internet data.
In the above apparatus, optionally, the situation analysis result sending module 520 may be specifically configured to:
performing situation analysis on the processed industrial internet data according to the data content, the industry and the importance level of the processed industrial internet data to obtain a first situation analysis result;
grading the sensitive industrial internet data according to the sensitivity degree of the sensitive industrial internet data to obtain a grading result of the sensitive industrial internet data;
acquiring cross-border sensitive industrial internet data according to the source internet protocol address and the target internet protocol address of the sensitive industrial internet data;
performing situation analysis on the sensitive industrial internet data according to the grading result of the sensitive industrial internet data and the cross-border path of the cross-border sensitive industrial internet data to obtain a second situation analysis result;
and sending the first situation analysis result and the second situation analysis result to the analysis result display module.
In the above apparatus, optionally, the apparatus further includes a management rule determining module, configured to: and determining a management rule matched with the sensitive industrial internet data according to the grading result of the sensitive industrial internet data.
The industrial internet-based data monitoring device provided by the embodiment of the invention can execute the industrial internet-based data monitoring method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE six
Fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention, as shown in fig. 6, the electronic device includes a processor 610, a memory 620, an input device 630, and an output device 640; the number of processors 610 in the device may be one or more, and one processor 610 is taken as an example in fig. 6; the processor 610, the memory 620, the input device 630 and the output device 640 in the apparatus may be connected by a bus or other means, and fig. 6 illustrates an example of a connection by a bus.
The memory 620 serves as a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the industrial internet-based data monitoring method in the embodiment of the present invention (for example, the industrial internet data extraction module 410, the industrial internet data transmission module 420, the sensitive industrial internet data acquisition module 510, and the situation analysis result transmission module 520 in the industrial internet-based data monitoring apparatus). The processor 610 executes software programs, instructions and modules stored in the memory 620 so as to execute various functional applications and data processing of the device, that is, the method for monitoring industrial internet-based data is implemented in a data processing module in an industrial internet-based data monitoring system according to any embodiment of the present invention, and the method may include:
extracting industrial internet data from an industrial internet flow data packet sent by a data acquisition module;
and carrying out data preprocessing on the industrial internet data, and sending the processed industrial internet data to the data analysis module.
The industrial internet-based data monitoring method is applied to a data analysis module in the industrial internet-based data monitoring system according to any embodiment of the invention, and the method may include:
screening the processed industrial internet data sent by the data processing module according to a preset sensitive data screening rule to obtain sensitive industrial internet data;
and analyzing and processing the situation of the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module.
The memory 620 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 620 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 620 can further include memory located remotely from the processor 610, which can be connected to devices through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input means 630 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function controls of the device. The output device 640 may include a display device such as a display screen.
EXAMPLE seven
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is used to execute a method for monitoring data based on an industrial internet when executed by a computer processor, and is applied to a data processing module in a data monitoring system based on the industrial internet according to any embodiment of the present invention, where the method includes:
extracting industrial internet data from an industrial internet flow data packet sent by a data acquisition module;
and carrying out data preprocessing on the industrial internet data, and sending the processed industrial internet data to the data analysis module.
The industrial internet-based data monitoring method is applied to a data analysis module in the industrial internet-based data monitoring system according to any embodiment of the invention, and the method may include:
screening the processed industrial internet data sent by the data processing module according to a preset sensitive data screening rule to obtain sensitive industrial internet data;
and analyzing and processing the situation of the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module.
Of course, the embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program is not limited to the method operations described above, and may also perform related operations in the industrial internet-based data monitoring method provided in any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the data monitoring device based on the industrial internet, the included units and modules are only divided according to functional logic, but are not limited to the above division, as long as the corresponding functions can be realized; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. An industrial internet-based data monitoring system, comprising:
the device comprises a data acquisition module, a data processing module, a data analysis module and an analysis result display module;
the data acquisition module is used for acquiring an industrial internet traffic data packet of a node to be monitored and sending the industrial internet traffic data packet to the data processing module;
the data processing module is used for extracting industrial internet data from the industrial internet traffic data packet sent by the data acquisition module; carrying out data preprocessing on the industrial internet data, and sending the processed industrial internet data to the data analysis module;
the data analysis module is used for screening the processed industrial internet data sent by the data processing module according to a preset sensitive data screening rule to obtain sensitive industrial internet data; performing situation analysis processing on the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module;
and the analysis result display module is used for generating a visual chart for displaying the situation analysis result and providing the visual chart for a target user.
2. The system of claim 1, further comprising:
and the data management module is used for acquiring data management information input by a user and managing the industrial internet data and the system data according to the data management information.
3. An industrial internet-based data monitoring method applied to the data processing module in the industrial internet-based data monitoring system as claimed in claim 1, comprising:
extracting industrial internet data from an industrial internet flow data packet sent by a data acquisition module;
and carrying out data preprocessing on the industrial internet data, and sending the processed industrial internet data to the data analysis module.
4. The method of claim 3, wherein extracting industrial internet data from industrial internet traffic data packets sent by a data collection module comprises:
acquiring a network protocol matched with the industrial internet traffic data packet;
and extracting industrial Internet data from the industrial Internet traffic data packet according to the network protocol.
5. The method of claim 3, wherein the pre-processing the industrial internet data and sending the processed industrial internet data to the data analysis module comprises:
performing at least one-stage classification processing on the industrial internet data according to the data description information of the industrial internet data to obtain classified industrial internet data;
and carrying out normalization processing, merging processing, aggregation processing and/or structure conversion processing on the classified industrial internet data to obtain processed industrial internet data, and sending the processed industrial internet data to the data analysis module.
6. The method of claim 5, further comprising, after obtaining the processed industrial internet data:
and storing the processed industrial internet data according to the classification result, and establishing a category identifier corresponding to the processed industrial internet data.
7. An industrial internet-based data monitoring method applied to the data analysis module in the industrial internet-based data monitoring system as claimed in claim 1, comprising:
screening the processed industrial internet data sent by the data processing module according to a preset sensitive data screening rule to obtain sensitive industrial internet data;
and analyzing and processing the situation of the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module.
8. The method according to claim 7, wherein the step of screening the processed industrial internet data sent by the data processing module according to a preset sensitive data screening rule to obtain the sensitive industrial internet data comprises:
identifying the category identification and the data content of the processed industrial internet data;
and screening the processed industrial internet data according to the category identification, the data content and a preset sensitive data screening rule to obtain the sensitive industrial internet data.
9. The method according to claim 7, wherein the performing situation analysis processing on the processed industrial internet data and the sensitive industrial internet data to generate a situation analysis result, and sending the situation analysis result to the analysis result display module includes:
performing situation analysis on the processed industrial internet data according to the data content, the industry and the importance level of the processed industrial internet data to obtain a first situation analysis result;
grading the sensitive industrial internet data according to the sensitivity degree of the sensitive industrial internet data to obtain a grading result of the sensitive industrial internet data;
acquiring cross-border sensitive industrial internet data according to the source internet protocol address and the target internet protocol address of the sensitive industrial internet data;
performing situation analysis on the sensitive industrial internet data according to the grading result of the sensitive industrial internet data and the cross-border path of the cross-border sensitive industrial internet data to obtain a second situation analysis result;
and sending the first situation analysis result and the second situation analysis result to the analysis result display module.
10. The method of claim 9, further comprising: and determining a management rule matched with the sensitive industrial internet data according to the grading result of the sensitive industrial internet data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210259703.0A CN114637898A (en) | 2022-03-16 | 2022-03-16 | Data monitoring system and method based on industrial internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210259703.0A CN114637898A (en) | 2022-03-16 | 2022-03-16 | Data monitoring system and method based on industrial internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114637898A true CN114637898A (en) | 2022-06-17 |
Family
ID=81949223
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210259703.0A Pending CN114637898A (en) | 2022-03-16 | 2022-03-16 | Data monitoring system and method based on industrial internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114637898A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115766138A (en) * | 2022-11-03 | 2023-03-07 | 国家工业信息安全发展研究中心 | Industrial internet enterprise network security grading evaluation method and system |
-
2022
- 2022-03-16 CN CN202210259703.0A patent/CN114637898A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115766138A (en) * | 2022-11-03 | 2023-03-07 | 国家工业信息安全发展研究中心 | Industrial internet enterprise network security grading evaluation method and system |
| CN115766138B (en) * | 2022-11-03 | 2023-08-01 | 国家工业信息安全发展研究中心 | Industrial Internet enterprise network security grading evaluation method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113098892B (en) | Data leakage prevention system and method based on industrial Internet | |
| CN112651006B (en) | Power grid security situation sensing system | |
| CN112995196B (en) | Method and system for processing situation awareness information in network security level protection | |
| CN103026345B (en) | For the dynamic multidimensional pattern of event monitoring priority | |
| CN112039862B (en) | Multi-dimensional stereo network-oriented security event early warning method | |
| JP2002521748A (en) | Information security analysis system | |
| EP2747365A1 (en) | Network security management | |
| CN113642023A (en) | Data security detection model training method, data security detection device and equipment | |
| CN115001934A (en) | Industrial control safety risk analysis system and method | |
| CN116361784A (en) | Data detection method and device, storage medium and computer equipment | |
| CN112445870A (en) | Knowledge graph string parallel case analysis method based on mobile phone evidence obtaining electronic data | |
| CN114637898A (en) | Data monitoring system and method based on industrial internet | |
| CN112953952A (en) | Industrial security situation awareness method, platform, electronic device and storage medium | |
| CN117220957A (en) | Attack behavior response method and system based on threat information | |
| CN111581371A (en) | Network security analysis method and device based on outbound data network flow | |
| CN111901199A (en) | Mass data-based quick early warning matching implementation method | |
| CN113079148B (en) | Industrial Internet safety monitoring method, device, equipment and storage medium | |
| CN115567258A (en) | Network security situation awareness method, system, electronic device and storage medium | |
| CN114579636A (en) | Data security risk prediction method, device, computer equipment and medium | |
| CN114584391A (en) | Method, device, equipment and storage medium for generating abnormal flow processing strategy | |
| CN114021032B (en) | Network crime information mining method, system and storage medium | |
| CN111314308A (en) | System security check method and device based on port analysis | |
| Ouiazzane et al. | Toward a network intrusion detection system for geographic data | |
| Zabri et al. | Analyzing network intrusion behavior of packet capture using association rules technique: an initial framework | |
| KR102471618B1 (en) | Netflow based large-scale service network aceess tracking method and device and system therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |