CN115081498A - Industrial data processing method and device and industrial gateway - Google Patents
Industrial data processing method and device and industrial gateway Download PDFInfo
- Publication number
- CN115081498A CN115081498A CN202110261130.0A CN202110261130A CN115081498A CN 115081498 A CN115081498 A CN 115081498A CN 202110261130 A CN202110261130 A CN 202110261130A CN 115081498 A CN115081498 A CN 115081498A
- Authority
- CN
- China
- Prior art keywords
- industrial data
- classification
- industrial
- data processing
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The disclosure discloses an industrial data processing method, an industrial data processing device and an industrial gateway, and relates to the technical field of network security. The method comprises the following steps: determining a classification result and a classification result corresponding to the industrial data according to the classification characteristic of the industrial data and a set classification rule; determining a disposal strategy corresponding to the industrial data according to the classification result and the grading result corresponding to the industrial data; and processing the industrial data according to the disposal strategy corresponding to the industrial data. The method and the system meet the national supervision requirement of classified management of industrial data under the condition of not building a virtual private network or other gateways.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to an industrial data processing method, an apparatus, and an industrial gateway.
Background
The industrial internet opens the protection boundary of industrial enterprises, and production and operation data flow in enterprise parks, private data centers, public clouds and industrial supervision mechanisms, so that an effective supervision mechanism is lacked.
In the related art, 5GUPF (User Plane Function) shunts data based on quintuple group, and the classification method is few and does not meet the safety requirement; an operator needs to configure or build a virtual private network, and the management is complex; in addition, the scheme can only shunt, and if other operations are needed, other network elements need to be connected in series, which reduces the security and reliability of data. And the SDN service chain is mainly used in cloud and wide area networks, is distributed and deployed, and is not suitable for enterprise export protection.
Disclosure of Invention
The technical problem to be solved by the present disclosure is to provide an industrial data processing method, apparatus and industrial gateway, which can meet the national regulatory requirement of hierarchical classification management on industrial data without building a virtual private network or other gateways.
According to an aspect of the present disclosure, an industrial data processing method is provided, including: determining a classification result and a classification result corresponding to the industrial data according to the classification characteristics of the industrial data and a set classification rule; determining a disposal strategy corresponding to the industrial data according to the classification result and the grading result corresponding to the industrial data; and processing the industrial data according to the disposal strategy corresponding to the industrial data.
In some embodiments, the industrial data is analyzed based on a Deep Packet Inspection (DPI) technology to obtain at least one of quintuple information and business behavior of the industrial data; and determining classification and grading characteristics of the industrial data according to one or more of quintuple information, time information, external environment characteristics and business behaviors of the industrial data.
In some embodiments, classification rules and handling policies corresponding to industrial data of a business are preconfigured.
In some embodiments, the handling policy comprises: encrypting the industrial data, decrypting the industrial data, discarding the industrial data, recording the industrial data, high priority forwarding the industrial data, signing the industrial data, redirecting the industrial data, tunneling the industrial data.
In some embodiments, the classification rules include two or three of a production category, an operations category, and a management category; and the classification rule includes two or three of a general level, an enterprise confidentiality level, and a national confidentiality level.
In another aspect of the present disclosure, a service data processing apparatus is further provided, including: the data classification and grading module is configured to determine a classification result and a grading result corresponding to the industrial data according to the classification and grading characteristics of the industrial data and a set classification and grading rule; the strategy implementation module is configured to determine a disposal strategy corresponding to the industrial data according to the classification result and the grading result corresponding to the industrial data; and the data processing module is configured to process the industrial data according to the disposal strategy corresponding to the industrial data.
In some embodiments, the industrial data processing apparatus further comprises: the data acquisition unit is configured to acquire industrial data based on a Deep Packet Inspection (DPI) technology and determine classification and classification characteristics of the industrial data according to one or more of quintuple information, time information, external environment characteristics and business behaviors of the industrial data.
In some embodiments, the industrial data processing apparatus further comprises: a policy configuration storage module configured to pre-configure classification rules and handling policies corresponding to the industrial data of the business.
According to another aspect of the present disclosure, there is also provided an industrial data processing apparatus comprising: a memory; and a processor coupled to the memory, the processor configured to perform the industrial data processing method as described above based on instructions stored in the memory.
In accordance with another aspect of the present disclosure, there is also provided an industrial gateway, including: the industrial data processing device is described above.
According to another aspect of the present disclosure, a non-transitory computer-readable storage medium is also proposed, on which computer program instructions are stored, which instructions, when executed by a processor, implement the industrial data processing method described above.
In the embodiment of the disclosure, after the classification result and the classification result corresponding to the classification characteristic of the industrial data are determined according to the classification rule, the corresponding processing strategy is determined and processed. The national supervision requirement of classified management of industrial data is met without building a virtual private network or other gateways.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a schematic flow diagram of some embodiments of industrial data processing methods of the present disclosure.
FIG. 2 is a schematic flow diagram of further embodiments of industrial data processing methods of the present disclosure.
FIG. 3 is a schematic flow diagram of further embodiments of industrial data processing methods of the present disclosure.
Fig. 4 is a schematic structural diagram of some embodiments of the service data processing apparatus of the present disclosure.
Fig. 5 is a schematic structural diagram of another embodiment of the service data processing apparatus according to the present disclosure.
Fig. 6 is a schematic structural diagram of another embodiment of the service data processing apparatus according to the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
Fig. 1 is a schematic flow diagram of some embodiments of industrial data processing methods of the present disclosure. The embodiment is performed by an industrial gateway or an industrial data processing device located at an industrial gateway.
In step 110, a classification result and a classification result corresponding to the industrial data are determined according to the classification and classification characteristics of the industrial data and the set classification and classification rules.
In some embodiments, classification rules and handling policies corresponding to industrial data of a business are preconfigured. After the classification and classification characteristics of the industrial data are obtained, the classification result and the classification result corresponding to the industrial data can be determined by searching the classification and classification rule.
In step 120, a disposal strategy corresponding to the industrial data is determined according to the classification result and the classification result corresponding to the industrial data.
In some embodiments, different handling strategies are implemented on industrial data belonging to different classification results and ranking results. For example, encrypting the industrial data, decrypting the industrial data, discarding the industrial data, recording the industrial data, high priority forwarding the industrial data, signing the industrial data, redirecting the industrial data, tunneling the industrial data, and the like.
In step 130, the industrial data is processed according to the disposal policy corresponding to the industrial data.
In the above embodiment, after the classification result and the classification result corresponding to the classification characteristic of the industrial data are determined according to the classification rule, the corresponding processing strategy is determined and processed. The national supervision requirement of classified management of industrial data is met without building a virtual private network or other gateways.
FIG. 2 is a schematic flow diagram of further embodiments of industrial data processing methods of the present disclosure. This embodiment is performed by an industrial gateway.
At step 210, classification rules and disposal policies corresponding to the industrial data of the business are preconfigured.
In some embodiments, classification rules and disposal policies for industrial data corresponding to the business are configured through a WEB management interface of the industrial gateway or TR069 remote management capability.
In some embodiments, the classification rules include production categories, business categories, management categories, and the like, and the classification rules include general levels, enterprise confidentiality levels, national confidentiality levels, and the like.
At step 220, industrial data is obtained via the industrial gateway.
In step 230, the industrial data is analyzed based on a Deep Packet Inspection (DPI) technique to obtain at least one of quintuple information and business behavior of the industrial data, and the classification and classification characteristics of the industrial data are determined according to one or more of the quintuple information, time information, external environment characteristics, and business behavior of the industrial data.
In some embodiments, the external environmental characteristic includes a security posture level.
In some embodiments, the business behavior includes determination of user misoperation behavior, user violation, illegal device access, network attack, and the like.
In step 240, according to the classification and classification characteristics of the industrial data, a classification result and a classification result corresponding to the industrial data are determined by searching a classification and classification rule.
In some embodiments, data traffic within all local area networks is analyzed.
In some embodiments, the returned traffic is also processed in reverse.
In step 250, a disposal strategy corresponding to the industrial data is determined according to the classification result and the grading result corresponding to the industrial data.
At step 260, the industrial data is processed according to the disposal policy corresponding to the industrial data.
In the above embodiment, after the industrial data is classified and classified according to the preconfigured classification and classification rules and the disposal policy, the industrial data is subjected to different real-time processing policies according to the classification and classification results, so that the data can be classified and protected and processed while the data security and reliability are improved.
FIG. 3 is a schematic flow diagram of further embodiments of industrial data processing methods of the present disclosure.
At step 310, the industrial gateway receives an internal data forwarding request.
At step 320, it is determined whether a classification rule is triggered, if so, step 330 is performed, otherwise, step 360 is performed.
In step 330, the classification and classification result of the data is determined according to the classification and classification characteristics of the data.
In some embodiments, as shown in table 1, network packets are set according to five-tuple information in the data, and a timestamp is matched to increase the traffic limit, so as to implement classification and classification of steady-state data in an enterprise.
TABLE 1
In step 340, a disposal policy corresponding to the data is searched.
At step 350, the processing action is performed in accordance with the disposition policy.
For example, when the security situation level of the data transmitted from the production data to the data center is level 1 at a fixed time point, the limit of the traffic is below 10K, and the data needs to be encrypted and transmitted.
At step 360, data forwarding is completed.
In the embodiment, the data flowing out of the industrial enterprise can be managed and controlled according with the national regulatory requirements.
Fig. 4 is a schematic structural diagram of some embodiments of the service data processing apparatus of the present disclosure. The device includes: a data classification ranking module 410, a policy enforcement module 420, and a data processing module 430.
The data classification and classification module 410 is configured to determine a classification result and a classification result corresponding to the industrial data according to the classification and classification characteristics of the industrial data and the set classification and classification rules.
In some embodiments, the data is classified into a production category, an administration category, a management category, and the like.
In some embodiments, the data is classified into a general level, an enterprise confidentiality level, a national confidentiality level, and the like, according to the confidentiality level.
The policy enforcement module 420 is configured to determine a disposal policy corresponding to the industrial data according to the classification result and the classification result corresponding to the industrial data.
In some embodiments, the handling policy comprises: encrypting industrial data, decrypting industrial data, discarding industrial data, recording industrial data, high priority forwarding industrial data, signing industrial data, redirecting industrial data, tunneling encapsulated industrial data, and the like.
The data processing module 430 is configured to process the industrial data according to a disposal policy corresponding to the industrial data.
In the above embodiment, after the classification result and the classification result corresponding to the classification and classification feature of the industrial data are determined according to the classification and classification rule, the corresponding processing policy is determined and processed. The national supervision requirement of classified management of industrial data is met without building a virtual private network or other gateways.
In other embodiments of the present disclosure, as shown in fig. 5, the apparatus further includes a data obtaining unit 510 configured to analyze the industrial data based on a DPI technology to obtain at least one of quintuple information and business behavior of the industrial data, and determine a classification and classification characteristic of the industrial data according to one or more of the quintuple information, time information, external environment characteristic, and business behavior of the industrial data.
In the embodiment, the DPI technology can be used for dynamically acquiring industrial data, network grouping is set according to the quintuple, a timestamp is matched, the flow limit can be increased, and classification of steady-state data in an enterprise are realized.
In still other embodiments of the present disclosure, as shown in fig. 5, the apparatus further includes a policy configuration storage module 520 configured to pre-configure classification rules and disposal policies of the industrial data corresponding to the business.
In some embodiments, the data classification rules, handling policies corresponding to the traffic are configured through a WEB management interface of the industrial gateway or TR069 remote management capability.
In some embodiments, the device can also receive disposal strategies issued by other control platforms.
Fig. 6 is a schematic structural diagram of another embodiment of the service data processing apparatus according to the present disclosure. The apparatus 600 includes a memory 610 and a processor 620. Wherein: memory 610 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used to store instructions in the embodiments corresponding to fig. 1-3. Processor 620 is coupled to memory 610 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 620 is configured to execute instructions stored in the memory.
In some embodiments, processor 620 is coupled to memory 610 through a BUS BUS 630. The apparatus 600 may also be coupled to an external storage system 650 via a storage interface 640 for external data retrieval, and may also be coupled to a network or another computer system (not shown) via a network interface 660. And will not be described in detail herein.
In the embodiment, the data instruction is stored in the memory, and the instruction is processed by the processor, so that the national supervision requirement of hierarchical classification management on industrial data is met under the condition that a virtual private network or other gateways do not need to be built.
In other embodiments of the present disclosure, an industrial gateway is protected, where the industrial gateway is a device capable of performing network connection and is used in an industrial control application scenario, and is capable of implementing functions such as data acquisition, protocol conversion, and data forwarding. An industrial data processing device is added in the industrial gateway, and management and control which meet the national regulatory requirements are implemented on data flowing out of an industrial enterprise based on the classification and classification characteristics of the data and the pre-configured classification and classification rules and treatment strategies of the industrial data corresponding to the business. The method collects centralized deployment, is flexible in classification and classification strategies, processes and classifies the same node, and is safer and more efficient.
In other embodiments, a computer-readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the embodiments corresponding to fig. 1-3. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (11)
1. An industrial data processing method, comprising:
determining a classification result and a classification result corresponding to the industrial data according to the classification characteristics of the industrial data and a set classification rule;
determining a disposal strategy corresponding to the industrial data according to a classification result and a grading result corresponding to the industrial data; and
and processing the industrial data according to a disposal strategy corresponding to the industrial data.
2. The industrial data processing method of claim 1, further comprising:
analyzing the industrial data based on a Deep Packet Inspection (DPI) technology to obtain at least one of quintuple information and business behavior of the industrial data; and
and determining classification and grading characteristics of the industrial data according to one or more of quintuple information, time information, external environment characteristics and business behaviors of the industrial data.
3. The industrial data processing method of claim 1, further comprising:
classification rules and disposal policies corresponding to industrial data of the business are pre-configured.
4. The industrial data processing method of any one of claims 1 to 3, wherein the disposition policy comprises: one or more of encrypting the industrial data, decrypting the industrial data, discarding the industrial data, recording the industrial data, high priority forwarding the industrial data, signing the industrial data, redirecting the industrial data, tunneling the industrial data.
5. The industrial data processing method according to any one of claims 1 to 3,
the classification rules comprise two or three of a production category, an operation category and a management category; and
the classification rules include two or three of a general level, an enterprise confidentiality level, and a national confidentiality level.
6. A service data processing apparatus, comprising:
the data classification and classification module is configured to determine a classification result and a classification result corresponding to the industrial data according to classification and classification characteristics of the industrial data and a set classification and classification rule;
the policy implementation module is configured to determine a disposal policy corresponding to the industrial data according to a classification result and a grading result corresponding to the industrial data; and
the data processing module is configured to process the industrial data according to a disposal strategy corresponding to the industrial data.
7. The industrial data processing apparatus of claim 6, further comprising:
the data acquisition unit is configured to analyze the industrial data based on a Deep Packet Inspection (DPI) technology to obtain at least one of quintuple information and business behavior of the industrial data, and determine classification and classification characteristics of the industrial data according to one or more of the quintuple information, time information, external environment characteristics and the business behavior of the industrial data.
8. The industrial data processing device of claim 6 or 7, further comprising:
a policy configuration storage module configured to pre-configure classification rules and handling policies corresponding to the industrial data of the business.
9. An industrial data processing apparatus comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the industrial data processing method of any of claims 1 to 5 based on instructions stored in the memory.
10. An industrial gateway, comprising:
an industrial data processing device according to any one of claims 6 to 9.
11. A non-transitory computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the industrial data processing method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110261130.0A CN115081498A (en) | 2021-03-10 | 2021-03-10 | Industrial data processing method and device and industrial gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110261130.0A CN115081498A (en) | 2021-03-10 | 2021-03-10 | Industrial data processing method and device and industrial gateway |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115081498A true CN115081498A (en) | 2022-09-20 |
Family
ID=83240958
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110261130.0A Pending CN115081498A (en) | 2021-03-10 | 2021-03-10 | Industrial data processing method and device and industrial gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115081498A (en) |
-
2021
- 2021-03-10 CN CN202110261130.0A patent/CN115081498A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107683597B (en) | Network behavior data collection and analysis for anomaly detection | |
| EP3304822B1 (en) | Method and apparatus for grouping features into classes with selected class boundaries for use in anomaly detection | |
| US9275224B2 (en) | Apparatus and method for improving detection performance of intrusion detection system | |
| EP3266156B1 (en) | Network infrastructure device to implement pre-filter rules | |
| Hatef et al. | HIDCC: A hybrid intrusion detection approach in cloud computing | |
| US20130054619A1 (en) | Method and apparatus for identifying application protocol | |
| DE112012002624T5 (en) | Regex compiler | |
| CN106357470B (en) | One kind threatening method for quickly sensing based on SDN controller network | |
| CN109286511B (en) | Data processing method and device | |
| CN108040055A (en) | A kind of fire wall combined strategy and safety of cloud service protection | |
| CN105051696A (en) | An improved streaming method and system for processing network metadata | |
| EP3192226B1 (en) | Device and method for controlling a communication network | |
| Dao et al. | Adaptive suspicious prevention for defending DoS attacks in SDN-based convergent networks | |
| CN112688932A (en) | Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium | |
| CN112333191A (en) | Illegal network asset detection and access blocking method, device, equipment and medium | |
| Zvabva et al. | Evaluation of industrial firewall performance issues in automation and control networks | |
| Chomsiri et al. | Hybrid tree-rule firewall for high speed data transmission | |
| Wang et al. | Efficient network security policy enforcement with policy space analysis | |
| Holik et al. | Industrial network protection by SDN-based IPS with AI | |
| CN112468464A (en) | State machine integrity verification system and method based on service chain | |
| Affinito et al. | Spark-based port and net scan detection | |
| Nakahara et al. | Malware Detection for IoT Devices using Automatically Generated White List and Isolation Forest. | |
| CN115081498A (en) | Industrial data processing method and device and industrial gateway | |
| Leghris et al. | Improved security intrusion detection using intelligent techniques | |
| Bolodurina et al. | Development and Investigation of Multi-Cloud Platform Network Security Algorithms Based on the Technology of Virtualization Network Functions 1 The research work was funded by RFBR, according to the research projects No. 16-37-60086 mol_a_dk, 16-07-01004, 18-07-01446, 18-47-560016 and the President of the Russian Federation within the grant for state support of young Russian scientists (MK-1624.2017. 9) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |