CN115380505A - 工业网络行为分析方法、装置、系统和计算机可读介质 - Google Patents

工业网络行为分析方法、装置、系统和计算机可读介质 Download PDF

Info

Publication number
CN115380505A
CN115380505A CN202080099460.8A CN202080099460A CN115380505A CN 115380505 A CN115380505 A CN 115380505A CN 202080099460 A CN202080099460 A CN 202080099460A CN 115380505 A CN115380505 A CN 115380505A
Authority
CN
China
Prior art keywords
time window
control
time
control instruction
executed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080099460.8A
Other languages
English (en)
Inventor
郭代飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of CN115380505A publication Critical patent/CN115380505A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
    • G05B19/4185Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM] characterised by the network communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/23Pc programming
    • G05B2219/23317Safe mode, secure program, environment in case of error, intrusion

Abstract

一种工业网络行为分析方法、装置、系统和计算机可读介质,该工业网络行为分析方法包括:针对目标工业控制系统确定至少一个第一时间窗(101);分别确定每一个第一时间窗内目标工业控制器中各控制指令的执行概率偏差(102);采集目标工业控制系统中被执行的控制指令(103);根据采集到的控制指令,确定至少一个第二时间窗(104);计算该控制指令在第二时间窗内的被执行概率(105);判断该控制指令的被执行概率是否满足目标执行概率偏差(106);如果是则确定该控制指令为合法控制指令(107),否则确定该控制指令为可疑控制指令(108)。

Description

PCT国内申请,说明书已公开。

Claims (15)

  1. PCT国内申请,权利要求书已公开。
CN202080099460.8A 2020-04-30 2020-04-30 工业网络行为分析方法、装置、系统和计算机可读介质 Pending CN115380505A (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/088460 WO2021217636A1 (zh) 2020-04-30 2020-04-30 工业网络行为分析方法、装置、系统和计算机可读介质

Publications (1)

Publication Number Publication Date
CN115380505A true CN115380505A (zh) 2022-11-22

Family

ID=78331656

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080099460.8A Pending CN115380505A (zh) 2020-04-30 2020-04-30 工业网络行为分析方法、装置、系统和计算机可读介质

Country Status (4)

Country Link
US (1) US11829122B2 (zh)
EP (1) EP4131881A4 (zh)
CN (1) CN115380505A (zh)
WO (1) WO2021217636A1 (zh)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2299650A1 (de) 2009-09-21 2011-03-23 Siemens Aktiengesellschaft Verfahren zur Anomalie-Erkennung in einem Kontrollnetzwerk
CN103235882B (zh) 2013-04-23 2016-04-20 湖南工学院 核电厂数字化主控室操作员监视行为可靠性判定方法
US10536530B2 (en) 2016-03-02 2020-01-14 Dig.Y.Sol Llc Networked gate machines gaging the condition of unmanned platforms
CN109144023A (zh) 2017-06-27 2019-01-04 西门子(中国)有限公司 一种工业控制系统的安全检测方法和设备
CN110224970B (zh) * 2018-03-01 2021-11-23 西门子公司 一种工业控制系统的安全监视方法和装置
EP3588206B1 (en) * 2018-06-21 2024-01-10 Siemens Aktiengesellschaft A safe guard detection for unexpected operations in a mes system

Also Published As

Publication number Publication date
EP4131881A4 (en) 2024-01-10
US11829122B2 (en) 2023-11-28
US20230119829A1 (en) 2023-04-20
EP4131881A1 (en) 2023-02-08
WO2021217636A1 (zh) 2021-11-04

Similar Documents

Publication Publication Date Title
CN106828362B (zh) 汽车信息的安全测试方法及装置
KR101538709B1 (ko) 산업제어 네트워크를 위한 비정상 행위 탐지 시스템 및 방법
CN109684833B (zh) 使程序危险行为模式适应用户计算机系统的系统和方法
CN111600880A (zh) 异常访问行为的检测方法、系统、存储介质和终端
CN112114995A (zh) 基于进程的终端异常分析方法、装置、设备及存储介质
CN111970229B (zh) 一种针对多种攻击方式的can总线数据异常检测方法
CN113032792A (zh) 系统业务漏洞检测方法、系统、设备及存储介质
RU2587429C2 (ru) Система и способ оценки надежности правила категоризации
CN113114690A (zh) 威胁事件识别方法、装置、设备及存储介质
CN112565278A (zh) 一种捕获攻击的方法及蜜罐系统
CN109743339B (zh) 电力厂站的网络安全监测方法和装置、计算机设备
CN111800432A (zh) 一种基于日志分析的防暴力破解方法及装置
CN114329452A (zh) 一种异常行为检测方法、装置及相关设备
US11539730B2 (en) Method, device, and computer program product for abnormality detection
CN107463493B (zh) 一种面向主机防病毒产品的测试系统和测试方法
CN113556335A (zh) 车载总线安全测试方法和系统
CN117240522A (zh) 基于攻击事件模型的漏洞智能挖掘方法
CN112182579A (zh) 进程名单生成方法及装置、异常进程检测方法及装置
CN115380505A (zh) 工业网络行为分析方法、装置、系统和计算机可读介质
CN111651760A (zh) 一种设备安全状态综合分析的方法及计算机可读存储介质
CN112578694A (zh) 针对一个工业控制器的监测系统、方法、装置和计算机可读介质
CN114205146B (zh) 一种多源异构安全日志的处理方法及装置
KR101621959B1 (ko) 로그패턴추출장치, 로그패턴분석장치 및 그 방법
CN111935089B (zh) 基于大数据和边缘计算的数据处理方法及人工智能服务器
US11843639B2 (en) Industrial control system security analysis method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination